Annotation of embedaddon/sudo/ChangeLog, revision 1.1.1.4
1.1.1.4 ! misho 1: 2013-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
1.1.1.3 misho 2:
1.1.1.4 ! misho 3: * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
! 4: Fix typo; bug 605
! 5: [41f7b46a6e51]
! 6:
! 7: 2013-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
! 8:
! 9: * src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo,
! 10: src/po/tr.mo:
! 11: Regen .mo files that were out of date.
! 12: [9e25a254f9db]
! 13:
! 14: 2013-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
! 15:
! 16: * NEWS, configure, configure.in:
! 17: On Solaris 11 and higher, tag binaries for ASLR if supported by the
! 18: linker.
! 19: [a2a6cafa3e60]
! 20:
! 21: * mkpkg:
! 22: No longer need to disable PIE on Solaris.
! 23: [cf90019ae67e]
! 24:
! 25: 2013-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
! 26:
! 27: * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING:
! 28: Restrict default creation of PIE binaries (-fPIE and -pie) to Linux.
! 29: OpenBSD also supports PIE but enables it by default so we don't need
! 30: to do anything. This fixes problems on systems with a version of
! 31: GNU ld that accepts -pie but where the run-time linker doesn't
! 32: actually support PIE. Also verify that a trivial PIE binary works
! 33: unless PIE is explicitly enabled.
! 34: [3c5f125efeb1]
! 35:
! 36: 2013-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
! 37:
! 38: * aclocal.m4, configure, configure.in:
! 39: Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld
! 40: where we can end up crashing due to malloc() failures. Sems OK when
! 41: Using Sun as and ld.
! 42: [b8ba412102ab]
! 43:
! 44: * NEWS:
! 45: Update with final changes.
! 46: [78ff6d2ed47a]
! 47:
! 48: 2013-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
! 49:
! 50: * configure, configure.in:
! 51: Add -fPIE to PIE_LDFLAGS as per gcc manual.
! 52: [fe900cbb0780]
! 53:
! 54: 2013-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
! 55:
! 56: * common/Makefile.in, compat/Makefile.in:
! 57: Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs
! 58: [f84bc7482b78]
! 59:
! 60: * MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c,
! 61: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
! 62: plugins/sudoers/regress/visudo/test4.out.ok,
! 63: plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c:
! 64: Replace sequence number-based cycle detection in visudo with a
! 65: "used" flag in struct alias. The caller is required to call
! 66: alias_put() when it is done with the alias. Inspired by a patch
! 67: from Daniel Kopecek.
! 68: [0bdbac1b3b39]
! 69:
! 70: 2013-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
! 71:
! 72: * plugins/sudoers/iolog.c:
! 73: Eliminate a few relocations related to sudoers_io.
! 74: [18e9e2cc3367]
! 75:
! 76: * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po:
! 77: Sync with translationproject.org
! 78: [f38cc128a2ad]
! 79:
! 80: 2013-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
! 81:
! 82: * src/ttyname.c:
! 83: Clarify a comment.
! 84: [7a045ee06e95]
! 85:
! 86: 2013-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
! 87:
! 88: * src/ttyname.c:
! 89: Handle d_type == DT_UNKNOWN when resolving the device to a name and
! 90: sprinkle some more debugging.
! 91: [8774133747d9]
! 92:
! 93: 2013-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
! 94:
! 95: * doc/TROUBLESHOOTING:
! 96: Add message about disabling PIE if sudo gets SIGSEGV.
! 97: [c786af2a6751]
! 98:
! 99: * plugins/sudoers/check.h, plugins/sudoers/timestamp.c:
! 100: No longer store the ctime of a devpts tty. The handling of ctime on
! 101: devpts in Linux has been changed to conform to POSIX. As a result
! 102: we can no longer assume that the ctime will stay unchanged
! 103: throughout the life of the session. We store the session ID in the
! 104: time stamp file so there is a much smaller chance of the time stamp
! 105: file being reused by a new login. While here, store the uid/gid in
! 106: the timestamp file too for good measure.
! 107: [7028b21f7a9b]
! 108:
! 109: * configure, configure.in:
! 110: PIE is broken on FreeBSD/arm
! 111: [f232c60d6229]
! 112:
! 113: * mkpkg:
! 114: Add explicit sendmail path for Linux since we may not have sendmail
! 115: installed in the build chroot.
! 116: [1ba2f84f4ff0]
! 117:
! 118: 2013-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
! 119:
! 120: * common/sudo_debug.c, plugins/sudoers/iolog.c,
! 121: plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c:
! 122: Quiet a few -Wunused-result compiler warnings.
! 123: [ef12afb61423]
! 124:
! 125: 2013-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
! 126:
! 127: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
! 128: Mention what SHA-2 formats are supported.
! 129: [bf298d0fdf8a]
! 130:
! 131: * doc/CONTRIBUTORS:
! 132: List code and translations separately.
! 133: [826547bc1295]
! 134:
! 135: 2013-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
! 136:
! 137: * MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
! 138: plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
! 139: plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po:
! 140: Sync with translationproject.org
! 141: [9499a6f438b8]
! 142:
! 143: * plugins/sudoers/po/sudoers.pot:
! 144: regen
! 145: [cce449e284a6]
! 146:
! 147: * Makefile.in:
! 148: Fix c-format for fatal/fatalx
! 149: [4ad81d3faaeb]
! 150:
! 151: 2013-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
! 152:
! 153: * Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
! 154: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
! 155: plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h:
! 156: Change some error/errorx -> fatal/fatalx in comments and xgettext
! 157: flags.
! 158: [9d9b64fa2ec9]
! 159:
! 160: * NEWS:
! 161: There is now a Turkish translation of sudoers.
! 162: [701c5af6aa76]
! 163:
! 164: * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
! 165: plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
! 166: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
! 167: plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
! 168: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
! 169: plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
! 170: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
! 171: plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
! 172: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
! 173: Updated translations from translationproject.org including new
! 174: Turkish translation.
! 175: [9cedbb50d90f]
! 176:
! 177: 2013-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
! 178:
! 179: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
! 180: Document that sudoers will re-use existing I/O log paths unless they
! 181: are mktemp-style with trailing X's.
! 182: [4f43bd13d9e7]
! 183:
! 184: * NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat,
! 185: doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
! 186: doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c,
! 187: plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
! 188: Allow ldap_conf and ldap_secret to be specified as plugin arguments
! 189: in sudo.conf
! 190: [37c6c425b565]
! 191:
! 192: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
! 193: doc/sudoers.ldap.mdoc.in:
! 194: sudoers_debug is now deprecated in favor of the sudo debugging
! 195: framework.
! 196: [1195be1ec254]
! 197:
! 198: * plugins/sudoers/ldap.c:
! 199: Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use
! 200: SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the
! 201: debug file with the ldap subsystem. The sudoers_debug setting in
! 202: ldap.conf is still honored for now but will be removed in a future
! 203: release.
! 204: [cfa42b4b913e]
! 205:
! 206: 2013-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
! 207:
! 208: * plugins/sudoers/sudoers2ldif:
! 209: Add support for converting sudoers files with SHA-2 command digests.
! 210: [dc0d03485946]
! 211:
! 212: * doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg,
! 213: plugins/sudoers/sudoers2ldif:
! 214: Add copyright notice to scripts
! 215: [5e8bd4e6083f]
! 216:
! 217: * MANIFEST, plugins/sudoers/regress/sudoers/test14.in,
! 218: plugins/sudoers/regress/sudoers/test14.out.ok,
! 219: plugins/sudoers/regress/sudoers/test14.toke.ok:
! 220: Add regress for SHA-2 digests.
! 221: [0b258c2a2a95]
! 222:
! 223: * compat/getgrouplist.c:
! 224: Solaris maps negative gids to GID_NOBODY.
! 225: [57050e5c750f]
! 226:
! 227: * plugins/sudoers/visudo.c:
! 228: Clear up an llvm checker warning which appears to be a false
! 229: positive and fix an old XXX while I'm at it.
! 230: [9ee13133e596]
! 231:
! 232: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
! 233: doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
! 234: Correct last change date
! 235: [3bc1fa5b0f76]
! 236:
! 237: * plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c:
! 238: No need to translate this error message.
! 239: [4d9941970a26]
! 240:
! 241: * doc/UPGRADE:
! 242: Mention .sl vs. .so extension handling on HP-UX Mention group
! 243: membership changes Fix typos
! 244: [40ac0efbdb2b]
! 245:
! 246: * aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c,
! 247: common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c,
! 248: common/setgroups.c, common/term.c, common/ttysize.c,
! 249: compat/Makefile.in, compat/dlopen.c, compat/endian.h,
! 250: compat/getline.c, compat/getprogname.c, compat/isblank.c,
! 251: compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c,
! 252: compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
! 253: compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
! 254: compat/strsignal.c, compat/utimes.c, doc/Makefile.in,
! 255: include/Makefile.in, include/alloc.h, include/fileops.h,
! 256: include/gettext.h, include/lbuf.h, include/missing.h,
! 257: include/sudo_plugin.h, pathnames.h.in,
! 258: plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
! 259: plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in,
! 260: plugins/sudoers/alias.c, plugins/sudoers/audit.c,
! 261: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
! 262: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
! 263: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
! 264: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
! 265: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
! 266: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
! 267: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c,
! 268: plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
! 269: plugins/sudoers/defaults.h, plugins/sudoers/env.c,
! 270: plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
! 271: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
! 272: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
! 273: plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
! 274: plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c,
! 275: plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c,
! 276: plugins/sudoers/logging.h, plugins/sudoers/match.c,
! 277: plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
! 278: plugins/sudoers/parse.h, plugins/sudoers/prompt.c,
! 279: plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c,
! 280: plugins/sudoers/redblack.h,
! 281: plugins/sudoers/regress/check_symbols/check_symbols.c,
! 282: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
! 283: plugins/sudoers/regress/logging/check_wrap.c,
! 284: plugins/sudoers/regress/parser/check_addr.c,
! 285: plugins/sudoers/regress/parser/check_fill.c,
! 286: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
! 287: plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h,
! 288: plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
! 289: plugins/sudoers/toke.h, plugins/sudoers/toke.l,
! 290: plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c,
! 291: plugins/sudoers/visudo.c, plugins/system_group/Makefile.in,
! 292: plugins/system_group/system_group.c, src/Makefile.in,
! 293: src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c,
! 294: src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c,
! 295: src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h,
! 296: src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c,
! 297: src/utmp.c:
! 298: Update copyright years.
! 299: [5c6d72661bad]
! 300:
! 301: * plugins/sudoers/mon_systrace.h:
! 302: Systrace support was removed long ago.
! 303: [10a038a2da77]
! 304:
! 305: 2013-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
! 306:
! 307: * MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok,
! 308: plugins/sudoers/regress/sudoers/test9.toke.out.ok:
! 309: Remove some files that were mistakenly added.
! 310: [833502da26de]
! 311:
! 312: * common/sudo_debug.c, config.h.in, configure, configure.in,
! 313: plugins/sudoers/boottime.c, plugins/sudoers/iolog.c,
! 314: plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
! 315: plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c:
! 316: Use time(&now) instead of now = time(NULL) when storing the current
! 317: time in a time_t (better compiler error checking). Better parsing
! 318: and printing of 64-bit time_t on 32-bit platforms.
! 319: [c227dc72c04e]
! 320:
! 321: 2013-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
! 322:
! 323: * src/ttyname.c:
! 324: Don't check the tty of the parent process. Now that we get the
! 325: controlling tty device number from the kernel there is no need. If
! 326: the process has really disassociated from the tty then reporting
! 327: "unknown" is appropriate.
! 328: [62fb66e565db]
! 329:
! 330: 2013-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
! 331:
! 332: * common/error.c:
! 333: Use EXIT_FAILURE instead of 1 as the fatal() exit value.
! 334: [ed94c2c5e88a]
! 335:
! 336: * src/sesh.c:
! 337: Change remaining errorx -> fatalx
! 338: [3f6d70e19303]
! 339:
! 340: 2013-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
! 341:
! 342: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
! 343: plugins/sudoers/sudoers.h:
! 344: Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an
! 345: error if the entry already exists in the cache.
! 346: [94d45970400a]
! 347:
! 348: * plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot:
! 349: Change "foo: failed" to just "foo" since we print the string form of
! 350: errno. Gets rids of some useless translations.
! 351: [476f37349dbc]
! 352:
! 353: 2013-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
! 354:
! 355: * plugins/sudoers/match.c:
! 356: Fix pasto in debug_decl
! 357: [08650186a239]
! 358:
! 359: * plugins/sudoers/Makefile.in:
! 360: regen
! 361: [acf4c34fba2c]
! 362:
! 363: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
! 364: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
! 365: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c,
! 366: plugins/sudoers/logging.h, plugins/sudoers/parse.c,
! 367: plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
! 368: Rename log_error() -> log_warning() for consistency with
! 369: warning()/fatal()
! 370: [474ed5a0e335]
! 371:
! 372: * plugins/sudoers/auth/API:
! 373: The NO_EXIT flag was removed a while ago.
! 374: [e0a4be270226]
! 375:
! 376: * common/aix.c, common/alloc.c, common/error.c, include/error.h,
! 377: plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
! 378: plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c,
! 379: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
! 380: plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
! 381: plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
! 382: plugins/sudoers/pwutil.c,
! 383: plugins/sudoers/regress/check_symbols/check_symbols.c,
! 384: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
! 385: plugins/sudoers/regress/logging/check_wrap.c,
! 386: plugins/sudoers/regress/parser/check_addr.c,
! 387: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
! 388: plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
! 389: plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c,
! 390: src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c,
! 391: src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c,
! 392: src/utmp.c:
! 393: Rename error/errorx -> fatal/fatalx and remove the exit value as it
! 394: was always 1.
! 395: [ea66f58c4da5]
! 396:
! 397: * NEWS:
! 398: digests are supported in sudoers ldap too
! 399: [77d6c25f7653]
! 400:
! 401: * plugins/sudoers/regress/check_symbols/check_symbols.c:
! 402: Print test failures to stdout like the final count so the outputis
! 403: not displayed out of order.
! 404: [f541b78ecb93]
! 405:
! 406: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
! 407: plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo,
! 408: plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo,
! 409: src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po,
! 410: src/po/it.po, src/po/tr.po:
! 411: Sync with translationproject.org
! 412: [cbd70678b99f]
! 413:
! 414: * Makefile.in:
! 415: Check for any uncommitted changes in dist target and add force-dist
! 416: target that omit check-dist.
! 417: [78dc3f41e37e]
! 418:
! 419: 2013-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
! 420:
! 421: * src/regress/ttyname/check_ttyname.c:
! 422: Fix logic bug when checking tty via ttyname().
! 423: [279aee076194]
! 424:
! 425: * compat/endian.h:
! 426: Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and
! 427: __BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX)
! 428: [fe35e0b04502]
! 429:
! 430: * plugins/sudoers/po/sudoers.pot:
! 431: regen
! 432: [0ddebccd3045]
! 433:
! 434: * NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat,
! 435: doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
! 436: doc/sudoers.man.in, doc/sudoers.mdoc.in:
! 437: Document digest support.
! 438: [d794c7b9a7bc]
! 439:
! 440: * MANIFEST, plugins/sudoers/Makefile.in,
! 441: plugins/sudoers/regress/parser/check_base64.c:
! 442: Simple bas64 decode unit test.
! 443: [344b0df0fe50]
! 444:
! 445: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c,
! 446: plugins/sudoers/match.c, plugins/sudoers/parse.h:
! 447: Move base64_decode into its own source file.
! 448: [30497e7f88bc]
! 449:
! 450: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
! 451: Only check year against 2038 if time_t is 32-bit.
! 452: [9c1f2e3fc3ba]
! 453:
! 454: 2013-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
! 455:
! 456: * plugins/sudoers/ldap.c, plugins/sudoers/parse.h,
! 457: plugins/sudoers/sssd.c:
! 458: Add digest support for sudoers in ldap and sss.
! 459: [314937b5e59e]
! 460:
! 461: * INSTALL, configure, configure.in:
! 462: Error out in configure if the compiler doesn't support "long long".
! 463: [d3645c1d50d1]
! 464:
! 465: * plugins/sudoers/match.c, plugins/sudoers/toke.c,
! 466: plugins/sudoers/toke.l:
! 467: Include stdint.h or inttypes.h before sha2.h
! 468: [20ad1c20313d]
! 469:
! 470: * common/lbuf.c:
! 471: Simplify lbuf append functions by moving the realloc code into
! 472: lbuf_expand(). We now expand as needed each time bytes need to be
! 473: written to the lbuf. Also handle a NULL pointer being passed in for
! 474: paranoia's sake.
! 475: [6283ee562ef4]
! 476:
! 477: * plugins/sudoers/iolog.c:
! 478: Zero out struct iolog_details early to avoid a potential (though
! 479: unlikely) dereference of stack garbage if we hit a fatal error
! 480: before iolog_deserialize_info() is called.
! 481: [2eeca8be05fb]
! 482:
! 483: 2013-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
! 484:
! 485: * sudo.pp:
! 486: Update copyright year.
! 487: [b843c6a43238]
! 488:
! 489: * plugins/sudoers/sudoers_version.h:
! 490: Bump SUDOERS_GRAMMAR_VERSION for new digest support.
! 491: [188556fb8156]
! 492:
! 493: * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
! 494: plugins/sudoers/gram.y, plugins/sudoers/match.c,
! 495: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 496: Sanity check digest in parser so visudo can catch errors. Add base64
! 497: support
! 498: [b8586d5cc7ed]
! 499:
! 500: * MANIFEST, compat/endian.h, config.h.in, configure, configure.in,
! 501: plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c:
! 502: For big endian architectures just use memcpy() instead of BE macros
! 503: in a loop.
! 504: [c71a0f4a8a8e]
! 505:
! 506: 2013-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
! 507:
! 508: * MANIFEST, config.h.in, configure, configure.in,
! 509: plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
! 510: plugins/sudoers/gram.h, plugins/sudoers/gram.y,
! 511: plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c,
! 512: plugins/sudoers/match.c, plugins/sudoers/parse.h,
! 513: plugins/sudoers/regress/parser/check_digest.c,
! 514: plugins/sudoers/regress/parser/check_digest.out.ok,
! 515: plugins/sudoers/sha2.h, plugins/sudoers/sssd.c,
! 516: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
! 517: plugins/sudoers/toke_util.c:
! 518: Initial implementation of checksum support in sudoers. Currently
! 519: supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format
! 520: validation in parser and base64 support. checksum support for
! 521: ldap sudoers
! 522: [b8f196346eca]
! 523:
! 524: 2013-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
! 525:
! 526: * doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h:
! 527: SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public
! 528: domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai
! 529: respectively.
! 530: [7511d07c0a83]
! 531:
! 532: 2013-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
! 533:
! 534: * NEWS:
! 535: Add sudo 1.8.6p8
! 536: [0666fd0321ae]
! 537:
! 538: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot:
! 539: Add missing "not" in error message when mixing standalone and non-
! 540: standalone authentication methods.
! 541: [7eba4439db73]
! 542:
! 543: * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c:
! 544: Check for crypt() returning NULL. Traditionally, crypt() never
! 545: returned NULL but newer versions of eglibc have a crypt() that does.
! 546: Bug #598
! 547: [887b9df243df]
! 548:
! 549: * plugins/sudoers/auth/pam.c:
! 550: Better PAM error messages
! 551: [fd7eda53cdd7]
! 552:
! 553: * plugins/sudoers/auth/kerb5.c:
! 554: Better error messages
! 555: [98142874a2f4]
! 556:
! 557: * plugins/sudoers/bsm_audit.c:
! 558: Use same error message for getauid() failure.
! 559: [07f0d88cb1df]
! 560:
! 561: * plugins/sudoers/sssd.c:
! 562: Start warning with a lower case letter for consistency and to match
! 563: existing translated strings.
! 564: [b719ac52c9e3]
! 565:
! 566: 2013-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
! 567:
! 568: * mkpkg:
! 569: Disable PIE on Solaris where it is not really supported.
! 570: [c36c84cdcc7a]
! 571:
! 572: * src/ttyname.c:
! 573: AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit
! 574: before we try to match it against st_rdev.
! 575: [5dab449fb962]
! 576:
! 577: * src/ttyname.c:
! 578: Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes
! 579: a problem finding the tty name when it is not in /dev/pts.
! 580: [6c205d087fa0]
! 581:
! 582: * compat/snprintf.c:
! 583: Support %lld and %llu
! 584: [feabfa06c954]
! 585:
! 586: * .hgignore, MANIFEST, src/Makefile.in,
! 587: src/regress/ttyname/check_ttyname.c:
! 588: Add ttyname test.
! 589: [e987038f8c07]
! 590:
! 591: 2013-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
! 592:
! 593: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
! 594: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
! 595: plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
! 596: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
! 597: plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
! 598: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
! 599: src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po,
! 600: src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
! 601: src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po,
! 602: src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
! 603: Sync with translationproject.org
! 604: [4d7b73b22079]
! 605:
! 606: * plugins/sudoers/timestamp.c:
! 607: Log timestampfile to debug file.
! 608: [e997281146c0]
! 609:
! 610: * plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot:
! 611: Don't add the "Password: " string we look up in the PAM text domain
! 612: to the sudoers.pot file.
! 613: [771b52244abf]
! 614:
! 615: 2013-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
! 616:
! 617: * plugins/sudoers/po/sudoers.pot:
! 618: Synce with regcomp() error message change.
! 619: [fc6d3dfb8eb8]
! 620:
! 621: * plugins/sudoers/sudoreplay.c:
! 622: Be consistent with error message when regcomp() fails.
! 623: [de6c69ba04e4]
! 624:
! 625: 2013-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
! 626:
! 627: * plugins/sudoers/regress/testsudoers/test5.out.ok,
! 628: plugins/sudoers/regress/testsudoers/test5.sh:
! 629: Use group -1 instead of 1 as the invalid group since the running
! 630: user might have group 1 as their default group.
! 631: [71404a9fa75d]
! 632:
! 633: * plugins/sudoers/Makefile.in:
! 634: PWD may be a shell builtin, use CWD instead.
! 635: [c443105c5091]
! 636:
! 637: 2013-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
! 638:
! 639: * plugins/sudoers/check.c:
! 640: Split up check_user().
! 641: [ce7cc0767589]
! 642:
! 643: 2013-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
! 644:
! 645: * config.h.in, configure.in:
! 646: Cosmetic fixes in the comments.
! 647: [640abee43c14]
! 648:
! 649: 2013-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
! 650:
! 651: * configure, configure.in:
! 652: Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status
! 653: message for visibility checks when the test fails.
! 654: [99665477ee55]
! 655:
! 656: * config.h.in:
! 657: regen
! 658: [00c22606719a]
! 659:
! 660: * configure, configure.in:
! 661: We no longer use mbr_check_membership() and setrlimit64() is AIX-
! 662: specific.
! 663: [43caf685a1f1]
! 664:
! 665: * Makefile.in:
! 666: The first (all) target must be by itself or some makes will choose
! 667: the run the entire target list.
! 668: [16cf3def49f5]
! 669:
! 670: * configure, configure.in:
! 671: Do exec_prefix expansion when enable_shared even if noexec is not
! 672: enabled.
! 673: [7ed28cb32d8d]
! 674:
! 675: * compat/getgrouplist.c:
! 676: Use free() not efree() since we don't include alloc.h here
! 677: [1a008737be24]
! 678:
! 679: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
! 680: regen
! 681: [b939f941346f]
! 682:
! 683: * plugins/sudoers/regress/testsudoers/test2.sh,
! 684: plugins/sudoers/regress/testsudoers/test3.sh,
! 685: plugins/sudoers/regress/testsudoers/test5.sh:
! 686: Pass in expected gid to testsudoers in addition to the uid that
! 687: matches the test sudoers files.
! 688: [6a1710e8cac1]
! 689:
! 690: 2013-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
! 691:
! 692: * include/missing.h:
! 693: Tru64 5.x does declare innetgr() and getdomainname().
! 694: [c75598e69c7e]
! 695:
! 696: * plugins/sudoers/match.c:
! 697: Fix compilation when getdomainame() is not present.
! 698: [e831b017a962]
! 699:
! 700: * config.h.in, configure.in, include/missing.h:
! 701: Move SET/CLR/ISSET from config.h.in to missing.h
! 702: [3a3dd29fd7f0]
! 703:
! 704: * configure, configure.in:
! 705: Fix getgrouplist() check.
! 706: [12a2adf60e98]
! 707:
! 708: * MANIFEST:
! 709: No more timestamp.h
! 710: [5677e26afc0f]
! 711:
! 712: * plugins/sudoers/check.c:
! 713: Neded sys/time.h for struct timeval in struct sudo_tty_info.
! 714: [aceaadd8c400]
! 715:
! 716: * plugins/sudoers/Makefile.in:
! 717: regen depends
! 718: [21675a8b67e5]
! 719:
! 720: * NEWS:
! 721: Mention libibmldap on HP-UX
! 722: [75b4e4b22950]
! 723:
! 724: * NEWS, plugins/sudoers/match.c:
! 725: Instead of checking the domain name explicitly for "(none)", just
! 726: check for illegal characters.
! 727: [ce35dda811db]
! 728:
! 729: * plugins/sudoers/visudo.c:
! 730: Only warn once when we are unable to open the sudoers file.
! 731: [9e27e3aa5b10]
! 732:
! 733: * plugins/sudoers/sudoers.c:
! 734: Fall back to opening /dev/tty to determine whether there is a tty if
! 735: the system doesn't have kernel support for determing the tty.
! 736: [2775bcf9a9b5]
! 737:
! 738: * compat/getprogname.c:
! 739: Update guard to take __progname into account
! 740: [60eae3f20232]
! 741:
! 742: * compat/snprintf.c:
! 743: Some older systems have inttypes.h but not stdint.h
! 744: [ed1ef160015f]
! 745:
! 746: * compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c,
! 747: compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c,
! 748: compat/getline.c, compat/getprogname.c, compat/glob.c,
! 749: compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
! 750: compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
! 751: compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
! 752: compat/strsignal.c, compat/utimes.c:
! 753: Add guards in compat source files. Not really needed since we only
! 754: include them in the Makefile if they are needed but should not hurt
! 755: either.
! 756: [8cbd3b4595b9]
! 757:
! 758: 2013-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
! 759:
! 760: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
! 761: Don't include gram.h in gram.y, its contents are already included.
! 762: Move sudoerserror to the end of gram.y so COMMENT is declared when
! 763: we need to use it.
! 764: [7d72ebdd7222]
! 765:
! 766: 2013-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
! 767:
! 768: * config.h.in, configure.in:
! 769: Remove some pre-ANSI cruft.
! 770: [6a95704b2116]
! 771:
! 772: * plugins/sudoers/match.c:
! 773: Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h
! 774: when it is set.
! 775: [da40c550ffed]
! 776:
! 777: * NEWS, plugins/sudoers/iolog_path.c:
! 778: We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but
! 779: just leave it as-is.
! 780: [9a22de140d28]
! 781:
! 782: 2013-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
! 783:
! 784: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
! 785: Add missing semicolon in rule.
! 786: [817d3f1b2a21]
! 787:
! 788: * plugins/sudoers/sudoers.c:
! 789: Now that we can determine the terminal even when file descriptors
! 790: are redirected we can check user_ttypath rather than opening
! 791: /dev/tty when enforcing requiretty.
! 792: [56a28bc09041]
! 793:
! 794: * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
! 795: plugins/sudoers/sudoers.h:
! 796: Stash umask in struct sudo_user so we don't need to look it up
! 797: later.
! 798: [9f85749199dc]
! 799:
! 800: * plugins/sudoers/sudoers.c:
! 801: Minor cosmetic change
! 802: [c373e106ed49]
! 803:
! 804: * plugins/sudoers/regress/parser/check_addr.c:
! 805: No longer need to declare interfaces
! 806: [d7ff7e579557]
! 807:
! 808: * plugins/sudoers/logging.c:
! 809: Fix compilation in SUDOERS_NO_SEQ case
! 810: [9a6db9247534]
! 811:
! 812: * plugins/sudoers/regress/parser/check_addr.c:
! 813: No longer need to define sudo_printf
! 814: [578ad13c3546]
! 815:
! 816: * plugins/sudoers/check.c, plugins/sudoers/check.h,
! 817: plugins/sudoers/timestamp.c:
! 818: Pass auth_pw to the timestamp functions.
! 819: [f603649177d6]
! 820:
! 821: * plugins/sudoers/iolog_path.c:
! 822: Fix SUDOERS_NO_SEQ
! 823: [17881f9bcd68]
! 824:
! 825: * plugins/sudoers/locale.c:
! 826: Don't need all of sudoers.h in here
! 827: [c518150c6483]
! 828:
! 829: * plugins/sudoers/sudoers.c:
! 830: Don't need to include sudoers_version.h here.
! 831: [8abb31102119]
! 832:
! 833: 2013-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
! 834:
! 835: * plugins/sudoers/check.c:
! 836: DEFAULT_LECTURE is no longer used.
! 837: [f565c00a68c1]
! 838:
! 839: * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
! 840: Move sudo_conv into policy.c
! 841: [f699aee7136b]
! 842:
! 843: * plugins/sudoers/pwutil.c:
! 844: cosmetic fixes
! 845: [930e60389ca8]
! 846:
! 847: * plugins/sudoers/match.c:
! 848: RHEL (and perhaps other Linux distros) use the string "(none)"
! 849: instead of an empty string when there is no actual NIS-style domain
! 850: name. Bug #596
! 851: [11aec11489ac]
! 852:
! 853: * plugins/sudoers/match.c:
! 854: Fix return values when NAME_MATCH is defined.
! 855: [ce030be9ccef]
! 856:
! 857: 2013-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
! 858:
! 859: * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h:
! 860: Update copyright year.
! 861: [7e4b8d49addd]
! 862:
! 863: * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
! 864: plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h:
! 865: Add sudo_set_grlist(), currently unused by the back end.
! 866: [b37ac1d0e8fc]
! 867:
! 868: * plugins/sudoers/pwutil.c:
! 869: Remove unused macros, fix a debug_decl
! 870: [6136fb4a0d3b]
! 871:
! 872: * include/missing.h:
! 873: Tru64 Unix doesn't prototype innetgr() or getdomainname().
! 874: [585ac1874dfe]
! 875:
! 876: * include/missing.h:
! 877: Whitespace fixes
! 878: [0bb28cd91d97]
! 879:
! 880: * common/error.c:
! 881: Don't need to include setjmp.h here, error.h already includes it.
! 882: [fd05ab00e186]
! 883:
! 884: 2013-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
! 885:
! 886: * compat/Makefile.in, plugins/sudoers/Makefile.in:
! 887: regen depends
! 888: [57991f5e16b4]
! 889:
! 890: * plugins/sudoers/check.h:
! 891: Rename guard define.
! 892: [ccf4dba241d6]
! 893:
! 894: * plugins/sudoers/check.c, plugins/sudoers/check.h,
! 895: plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
! 896: Move contents of timestamp.h into check.h.
! 897: [c139757a9283]
! 898:
! 899: * plugins/sudoers/sudoers.h:
! 900: expand_prompt() is now in prompt.c sudo_printf extern is now in
! 901: error.h
! 902: [219bd74ca62b]
! 903:
! 904: * plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h,
! 905: plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h,
! 906: plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h,
! 907: plugins/sudoers/insults.h, plugins/sudoers/interfaces.h,
! 908: plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
! 909: plugins/sudoers/parse.h, plugins/sudoers/pwutil.h,
! 910: plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
! 911: plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h,
! 912: plugins/sudoers/toke.h:
! 913: Change multiple inclusion guards to be _SUDOERS_FOO_H
! 914: [faace6d55e78]
! 915:
! 916: 2013-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
! 917:
! 918: * MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
! 919: src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po:
! 920: New Dutch translation for sudo and sudoers New Turkish translation
! 921: for sudo From translationproject.org
! 922: [bc918b7b23a4]
! 923:
! 924: 2013-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
! 925:
! 926: * config.h.in, configure, configure.in:
! 927: Fix a typo in a comment and make sure we don't mistakenly include
! 928: _PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in
! 929: [694d12ac70ec]
! 930:
! 931: 2013-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
! 932:
! 933: * plugins/sudoers/Makefile.in:
! 934: Don't build check_symbols if we are linking sudoers in statically.
! 935: [f6602723bab7]
! 936:
! 937: * configure, configure.in:
! 938: Use $host_os not $host when we only care about the os name and
! 939: version.
! 940: [05e4f4fcba06]
! 941:
! 942: * aclocal.m4, configure, configure.in:
! 943: Suppress duplicate -L and -I flags.
! 944: [228f2f581aed]
! 945:
! 946: * common/Makefile.in, compat/regress/fnmatch/fnm_test.c:
! 947: Fix regress tests on non-OpenBSD platforms.
! 948: [9d91bc859c50]
! 949:
! 950: * configure, configure.in:
! 951: If we find sasl/sasl.h there's no need to check for sasl.h too
! 952: [889efaa86012]
! 953:
! 954: * aclocal.m4, configure, configure.in:
! 955: Add -R flags at the very end after configure link tests are done
! 956: since we can only count on libtool to accept -R, the compiler front
! 957: end may not. Also unify the libldap and libibmldap tests using
! 958: AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by
! 959: libibmldap (but is not an explicit dependency).
! 960: [ab1451894351]
! 961:
! 962: 2013-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
! 963:
! 964: * configure, configure.in:
! 965: Back out changes that broke detection of skey, opie and ldap
! 966: libraries.
! 967: [ffa82b8f8641]
! 968:
! 969: * plugins/sudoers/regress/testsudoers/test1.sh,
! 970: plugins/sudoers/regress/testsudoers/test2.sh,
! 971: plugins/sudoers/regress/testsudoers/test3.sh,
! 972: plugins/sudoers/regress/testsudoers/test4.sh,
! 973: plugins/sudoers/regress/testsudoers/test5.sh,
! 974: plugins/sudoers/regress/visudo/test1.sh,
! 975: plugins/sudoers/regress/visudo/test2.sh,
! 976: plugins/sudoers/regress/visudo/test3.sh:
! 977: Add explicit "exit 0" to prevent the check target from ending
! 978: prematurely.
! 979: [cca411b492bd]
! 980:
! 981: * plugins/sudoers/Makefile.in:
! 982: Fix exit values in check target so we don't have to ignore errors.
! 983: [cbc429c409e9]
! 984:
! 985: * plugins/sudoers/Makefile.in:
! 986: Fail a test if there is unexpected stderr output.
! 987: [4fc24d536bec]
! 988:
! 989: * MANIFEST:
! 990: Fix path to sudo.conf manuals; remove non-existant test2.err.ok
! 991: [6b8bcd60dd85]
! 992:
! 993: * src/load_plugins.c:
! 994: Fix compilation in dynamic mode.
! 995: [679856fa0774]
! 996:
! 997: * configure, configure.in:
! 998: On HP-UX, libibmldap has a hidden dependency on libCsup
! 999: [22994709d77c]
! 1000:
! 1001: * compat/dlopen.c:
! 1002: Pass BIND_VERBOSE to shl_load()
! 1003: [0060b9cfa9ab]
! 1004:
! 1005: * configure, configure.in:
! 1006: Only create static helper libs when --disable-shared is specified.
! 1007: [1fcdb1a437e0]
! 1008:
! 1009: * src/load_plugins.c:
! 1010: Ubreak static build.
! 1011: [4ac9f96be285]
! 1012:
! 1013: * INSTALL, aclocal.m4, configure, configure.in:
! 1014: Replace --with-rpath and --with-blibpath with --disable-rpath. Now
! 1015: that we use libtool for linking we can just use the -R flag and have
! 1016: libtool translate it to the proper linker flag.
! 1017: [09798fad6888]
! 1018:
! 1019: 2013-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
! 1020:
! 1021: * src/exec_pty.c:
! 1022: Bump I/O buffer size 32K
! 1023: [4ef793225309]
! 1024:
! 1025: 2013-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
! 1026:
! 1027: * configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
! 1028: doc/sudo.conf.mdoc.in:
! 1029: Document sesh Path setting.
! 1030: [34b0b903b4f8]
! 1031:
! 1032: * src/exec.c, src/exec_common.c:
! 1033: Move exec_cmnd to exec.c to fix a compilation issue with sesh.c
! 1034: [06aa1956f38d]
! 1035:
! 1036: * common/sudo_conf.c, configure, configure.in, include/sudo_conf.h,
! 1037: src/selinux.c:
! 1038: Make sesh path configurable in sudo.conf
! 1039: [91d331f273b7]
! 1040:
! 1041: * configure, configure.in:
! 1042: Use -fno-pie and -nopie if supported when --disable-pie is
! 1043: specified.
! 1044: [777138c04dcc]
! 1045:
! 1046: 2013-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
! 1047:
! 1048: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
! 1049: Document direct execution of the command if the policy plugin has no
! 1050: close function.
! 1051: [6a14145c6e80]
! 1052:
! 1053: 2013-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
! 1054:
! 1055: * plugins/sudoers/auth/pam.c:
! 1056: Only delete creds if we actually established them. Print an error if
! 1057: pam_setcred() fails and we actually authenticated.
! 1058: [1e015314903b]
! 1059:
! 1060: * common/Makefile.in, plugins/group_file/Makefile.in:
! 1061: regen
! 1062: [dd8cee2a5e1b]
! 1063:
! 1064: * common/alloc.c, include/alloc.h:
! 1065: Convert efree() to a macro that just casts to void * and does
! 1066: free(). If the system free() can't handle free(NULL) this may crash
! 1067: but C89 was a long time ago.
! 1068: [efd0ff9270fb]
! 1069:
! 1070: * configure, configure.in:
! 1071: Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS.
! 1072: Fixes a problem with errno sometimes not being set on error on HP-
! 1073: UX.
! 1074: [54b419d58320]
! 1075:
! 1076: * common/sudo_debug.c:
! 1077: Fix debug logging from the plugin when there is no error number.
! 1078: This was broken in the big debugging reorg for 1.8.7.
! 1079: [2ea7e145e928]
! 1080:
! 1081: 2013-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
! 1082:
! 1083: * configure, configure.in, plugins/group_file/Makefile.in,
! 1084: plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
! 1085: plugins/system_group/Makefile.in, src/load_plugins.c:
! 1086: Always install plugins with a .so extension regardless of what
! 1087: extension the system uses for shared libraries. That way the
! 1088: group_plugin sudoers setting can be shared between heterogenous
! 1089: systems.
! 1090: [a7e6ecff6fdf]
! 1091:
! 1092: * plugins/sudoers/match.c:
! 1093: Mac OS X has netgroup functions in netdb.h.
! 1094: [243881a974aa]
! 1095:
! 1096: * plugins/sudoers/parse.h:
! 1097: Tags in struct cmndtag can be set to IMPLIED as well.
! 1098: [cb6926988cc8]
! 1099:
! 1100: * plugins/sudoers/parse.c:
! 1101: Quiet a compiler warning.
! 1102: [14e608c2001d]
! 1103:
! 1104: * plugins/sudoers/testsudoers.c:
! 1105: Quiet an llvm checker warning.
! 1106: [2eeb9f3d08f3]
! 1107:
! 1108: * plugins/sudoers/parse.c:
! 1109: Quiet gcc -Wuninitialized false positive
! 1110: [643ad987503d]
! 1111:
! 1112: 2013-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
! 1113:
! 1114: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
! 1115: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
! 1116: doc/sudoers.mdoc.in:
! 1117: Document group_file and system_group plugins.
! 1118: [b56511e79230]
! 1119:
! 1120: * NEWS:
! 1121: Sudo 1.8.7
! 1122: [e95183b8fa27]
! 1123:
! 1124: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
! 1125: Try to clarify that sudoedit in sudoers should not include a leading
! 1126: pathname.
! 1127: [7b2beac92a9c]
! 1128:
! 1129: * plugins/sudoers/pwutil_impl.c:
! 1130: Make sure groupname_len is at least 32 just to be on the safe side.
! 1131: It is better to allocate a little extra and not need it than to have
! 1132: to reallocate and start over.
! 1133: [6d3e1ba47de9]
! 1134:
! 1135: * include/alloc.h, include/missing.h:
! 1136: Add __malloc_like macro to apply __malloc__ attribute to emalloc,
! 1137: ecalloc and estrdup. It cannot be applied to realloc since that may
! 1138: return the same pointer.
! 1139: [8d70cb81d1f1]
! 1140:
! 1141: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 1142: Fix potential double free in an error path.
! 1143: [657573feb6a4]
! 1144:
! 1145: * src/exec_pty.c:
! 1146: When running the command in a pty, defer the call to exec_setup()
! 1147: until just before we exec the command. This is consistent with the
! 1148: non-pty path. As a side effect, the monitor process runs as root
! 1149: and not the runas user.
! 1150: [e2a7f8c7ee4c]
! 1151:
! 1152: 2013-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
! 1153:
! 1154: * compat/closefrom.c:
! 1155: Update copyright year.
! 1156: [9b652af4dfc0]
! 1157:
! 1158: 2013-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
! 1159:
! 1160: * compat/closefrom.c:
! 1161: Use pst_highestfd from pstat_getproc() on HP-UX.
! 1162: [09f3fea46a3d]
! 1163:
! 1164: 2013-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
! 1165:
! 1166: * Makefile.in, common/Makefile.in, doc/Makefile.in,
! 1167: plugins/sudoers/Makefile.in:
! 1168: Clean up generated test files and other minor housekeeping.
! 1169: [f5f4fdd908e1]
! 1170:
! 1171: * plugins/sudoers/iolog.c:
! 1172: Add back gettimeofday() call inadvertantly removed in e1abb9810a83
! 1173: [675cce8401ae]
! 1174:
! 1175: * config.h.in, configure, configure.in, src/ttyname.c:
! 1176: Use pstat() on HP-UX to determine the tty device.
! 1177: [2884af22a9df]
! 1178:
! 1179: * plugins/sudoers/auth/pam.c:
! 1180: Fix PAM compilation: def_pam_session, not just pam_session.
! 1181: [5417d7acc6ea]
! 1182:
! 1183: * doc/fixmdoc.sh:
! 1184: Don't remove the -S option description when trimming out selinux.
! 1185: Bug #592
! 1186: [8a94f2cfa0a0]
! 1187:
! 1188: 2013-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
! 1189:
! 1190: * NEWS:
! 1191: Update for Sudo 1.8.6p7
! 1192: [0858a73e9c40]
! 1193:
! 1194: 2013-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
! 1195:
! 1196: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
! 1197: Document when sudo may exec the command directly instead of forking.
! 1198: [da41951edc28]
! 1199:
! 1200: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
! 1201: doc/sudo_plugin.mdoc.in:
! 1202: Document that close and version be NULL for plugin API >= 1.3 and
! 1203: that sudo may execute the command directly if there is no close, or
! 1204: pty or timeout needed.
! 1205: [e5f929ddeaf8]
! 1206:
! 1207: * plugins/sudoers/auth/sudo_auth.c:
! 1208: Fix debug_decl for sudo_auth_begin_session and
! 1209: sudo_auth_end_session.
! 1210: [58243392c0df]
! 1211:
! 1212: * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
! 1213: doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
! 1214: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
! 1215: plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
! 1216: Add pam_session sudoers option.
! 1217: [d994465db9f1]
! 1218:
! 1219: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c,
! 1220: plugins/sudoers/sudoers.h:
! 1221: Dummy out close function if there is no end_session for the auth
! 1222: method and the front-end can handle a NULL close function. Avoids
! 1223: the extra sudo process when we don't actually need it.
! 1224: [74886d5b0fb6]
! 1225:
! 1226: 2013-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
! 1227:
! 1228: * Makefile.in, aclocal.m4:
! 1229: Add m4/ to paths m4_include parameters so we don't need to use
! 1230: autoconf's -I flag.
! 1231: [4fd86e7a84f3]
! 1232:
! 1233: * src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h,
! 1234: src/sudo_plugin_int.h:
! 1235: If the policy plugin does not provide a close function, there is no
! 1236: command timeout and no pty is required, skip the event loop and just
! 1237: exec the command directly.
! 1238: [ad532f107170]
! 1239:
! 1240: * src/sudo.c:
! 1241: Do not crash if the plugin close and version functions are not
! 1242: defined. If there is no policy close function, simply print a
! 1243: warning that the command was not found.
! 1244: [c789a9dd54e8]
! 1245:
! 1246: 2013-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
! 1247:
! 1248: * plugins/sudoers/parse.c:
! 1249: Fix typos in selinux/solaris privs specific code.
! 1250: [9af3999361b4]
! 1251:
! 1252: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
! 1253: doc/sudo_plugin.mdoc.in, src/parse_args.c:
! 1254: Pass the default plugin directory to the plugin via the settings
! 1255: list. Could be used by a stacking plugin.
! 1256: [688e771fc145]
! 1257:
! 1258: * plugins/sudoers/timestamp.c:
! 1259: Completely ignore time stamp file if it is set to the epoch,
! 1260: regardless of what gettimeofday() returns.
! 1261: [df58842af660]
! 1262:
! 1263: * doc/CONTRIBUTORS:
! 1264: Add Nikolai Kondrashov
! 1265: [df59791438f9]
! 1266:
! 1267: * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
! 1268: Use userpw_matches() for username matching so #uid works for
! 1269: sudoRunAsUser.
! 1270: [a124062334df]
! 1271:
! 1272: * plugins/sudoers/sssd.c:
! 1273: Avoid calling realloc3() with a zero size parameter when all
! 1274: retrieved sssd rules fail. Otherwise we'll get a run-time error due
! 1275: to malloc(0) checking.
! 1276: [84dfcb73ebd7]
! 1277:
! 1278: * plugins/sudoers/sssd.c:
! 1279: Do not send error mail if a user is not found in SSSD. Local users
! 1280: can run sudo too. From Nikolai Kondrashov
! 1281: [3d2ae99ee468]
! 1282:
! 1283: 2013-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
! 1284:
! 1285: * MANIFEST, common/regress/sudo_conf/test4.in,
! 1286: common/regress/sudo_conf/test4.out.ok:
! 1287: Test setting disable_coredump to illegal value.
! 1288: [3c71c6c49027]
! 1289:
! 1290: * common/sudo_conf.c:
! 1291: Fix atobool() usage.
! 1292: [d40c9f4d06b0]
! 1293:
! 1294: * common/regress/sudo_conf/conf_test.c:
! 1295: Remove unused variable.
! 1296: [328b524b365b]
! 1297:
! 1298: * plugins/sudoers/sudoers.c:
! 1299: Make "sudo -l non_existent_command" warn that non_existent_command
! 1300: doesn't exist, not the "list" pseudo-command.
! 1301: [9dc0388fc4f3]
! 1302:
! 1303: * plugins/sudoers/parse.c:
! 1304: Make sudoers file long list output better match the format used by
! 1305: ldap sudoers. Tags are now converted to options and there is a
! 1306: single command per line.
! 1307: [6e6dc3f20d84]
! 1308:
! 1309: * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
! 1310: doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
! 1311: Use the correct the sudoers policy symbol names and undo an editor
! 1312: goof committed when adding max_groups to sudo.conf.
! 1313: [2a6f7ddf5cc3]
! 1314:
! 1315: * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
! 1316: For "sudo -l" start a new line if the runas list changes to make the
! 1317: output easier to read.
! 1318: [7dc3d724c924]
! 1319:
! 1320: 2013-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
! 1321:
! 1322: * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
! 1323: For "sudo -l" and "sudo -ll" only print the runas info for
! 1324: subsequent commands in a list if the runas info has changed. If we
! 1325: have new runas info, print out the tags again so as to be less
! 1326: confusing to the user. For "sudo -ll" set the line continuation
! 1327: indent to 8.
! 1328: [b5ec02fe7fc1]
! 1329:
! 1330: 2013-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
! 1331:
! 1332: * MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat,
! 1333: doc/sudoers.man.in, doc/sudoers.mdoc.in,
! 1334: plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
! 1335: plugins/group_file/group_file.c, plugins/group_file/group_file.exp,
! 1336: plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in,
! 1337: plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
! 1338: plugins/sample_group/sample_group.c,
! 1339: plugins/sample_group/sample_group.exp:
! 1340: Rename sample_group plugin to group_file. Install group_file and
! 1341: system_group plugins by default.
! 1342: [951b3e446fae]
! 1343:
! 1344: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
! 1345: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
! 1346: plugins/sudoers/def_data.in, plugins/sudoers/iolog.c,
! 1347: plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
! 1348: plugins/sudoers/sudoers.h:
! 1349: Add maxseq sudoers option to limit the max number of I/O log files.
! 1350: [e1abb9810a83]
! 1351:
! 1352: 2013-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
! 1353:
! 1354: * plugins/sudoers/iolog.c:
! 1355: Log lines and columns in the iolog file.
! 1356: [03adb6230e05]
! 1357:
! 1358: 2013-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
! 1359:
! 1360: * MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c,
! 1361: common/regress/sudo_conf/test1.in,
! 1362: common/regress/sudo_conf/test1.out.ok,
! 1363: common/regress/sudo_conf/test2.in,
! 1364: common/regress/sudo_conf/test2.out.ok,
! 1365: common/regress/sudo_conf/test3.in,
! 1366: common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c,
! 1367: include/sudo_conf.h, plugins/sudoers/sudoreplay.c,
! 1368: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c,
! 1369: src/sudo.c:
! 1370: Add simple regress tests for sudo.conf parsing.
! 1371: [3c36b61bf61c]
! 1372:
! 1373: * src/sudo.c:
! 1374: Always display the I/O plugin version as long as its open functions
! 1375: doesn't return an error. Previously it was only displayed if the
! 1376: plugin open returned 1.
! 1377: [4b0277db3f8c]
! 1378:
! 1379: * plugins/sudoers/pwutil_impl.c:
! 1380: Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead
! 1381: of poking around in struct utmpx.
! 1382: [2c0cc5c42958]
! 1383:
! 1384: * plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c:
! 1385: #include "sudo_usage.h" not <sudo_usage.h> so we get the one in the
! 1386: build directory and not the src dir when using a separate build
! 1387: directory.
! 1388: [1fcb7ba13018]
! 1389:
! 1390: 2013-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
! 1391:
! 1392: * common/fileops.c:
! 1393: If a line was longer that 0x80000000 the bit hack to round to the
! 1394: next power of two would roll over to zero.
! 1395: [f4f729cf6f0f]
! 1396:
! 1397: * plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c,
! 1398: plugins/sudoers/sudoers.h, src/sudo.c:
! 1399: Use max_groups in front-end and plugin.
! 1400: [bf1e74166831]
! 1401:
! 1402: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
! 1403: doc/sudo_plugin.mdoc.in, src/parse_args.c:
! 1404: Pass max_groups to plugin in settings list.
! 1405: [d7d76e8651f4]
! 1406:
! 1407: * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
! 1408: doc/sudo.conf.mdoc.in, include/sudo_conf.h:
! 1409: Add max_groups setting to sudo.conf (currently unused) and remove
! 1410: unused return value from setters.
! 1411: [f6494f71e1f0]
! 1412:
! 1413: 2013-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
! 1414:
! 1415: * INSTALL:
! 1416: Reorganize configure options
! 1417: [23475de8039f]
! 1418:
! 1419: 2013-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
! 1420:
! 1421: * NEWS:
! 1422: Add Sudo 1.8.6p7
! 1423: [5192fc511cbe]
! 1424:
! 1425: 2013-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
! 1426:
! 1427: * INSTALL.configure:
! 1428: Sync with autoconf 2.68
! 1429: [985e5c8efa4e]
! 1430:
! 1431: * INSTALL, README:
! 1432: Remove obsolete OS notes and move build requirements to INSTALL.
! 1433: [bf0dd53ca164]
! 1434:
! 1435: 2013-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
! 1436:
! 1437: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
! 1438: doc/sudo_plugin.mdoc.in:
! 1439: Sort elements of the settings, user_info and command_info lists.
! 1440: [663062ada5b7]
! 1441:
! 1442: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
! 1443: Remove trailing white space
! 1444: [027916a6c8e7]
! 1445:
! 1446: * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
! 1447: plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
! 1448: Store the session ID in the tty ticket file too. A tty may only be
! 1449: in one session at a time so if the session ID doesn't match we
! 1450: ignore the ticket.
! 1451: [4eb2cb8df48b]
! 1452:
! 1453: 2013-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
! 1454:
! 1455: * plugins/sudoers/sudoers.c, src/sudo.c:
! 1456: Move tzset() call from sudoers plugin to sudo front end.
! 1457: [3c058dad8772]
! 1458:
! 1459: * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
! 1460: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
! 1461: doc/sudoers.ldap.mdoc.in:
! 1462: Mention line continuation
! 1463: [399873f8c805]
! 1464:
! 1465: * MANIFEST, common/Makefile.in, common/fileops.c,
! 1466: common/regress/sudo_parseln/parseln_test.c,
! 1467: common/regress/sudo_parseln/test1.in,
! 1468: common/regress/sudo_parseln/test1.out.ok,
! 1469: common/regress/sudo_parseln/test2.in,
! 1470: common/regress/sudo_parseln/test2.out.ok,
! 1471: common/regress/sudo_parseln/test3.in,
! 1472: common/regress/sudo_parseln/test3.out.ok,
! 1473: common/regress/sudo_parseln/test4.in,
! 1474: common/regress/sudo_parseln/test4.out.ok,
! 1475: common/regress/sudo_parseln/test5.in,
! 1476: common/regress/sudo_parseln/test5.out.ok,
! 1477: common/regress/sudo_parseln/test6.in,
! 1478: common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c,
! 1479: include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c,
! 1480: plugins/sudoers/sudo_nss.c:
! 1481: Add line continuation support to sudo_parseln() and make it use
! 1482: getline() instead of fgets() internally.
! 1483: [d02bf3973fc5]
! 1484:
! 1485: 2013-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
! 1486:
! 1487: * plugins/sample/sample_plugin.c:
! 1488: Fix memory leak in error path; found by llvm checker
! 1489: [d090c26a5b00]
! 1490:
! 1491: * plugins/sudoers/sudoreplay.c:
! 1492: Remove useless store detected by llvm checker.
! 1493: [12a4db91651a]
! 1494:
! 1495: * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in,
! 1496: src/load_plugins.c, sudo.pp:
! 1497: Sudo now stores its libexec files in a "sudo" subdirectory instead
! 1498: of in libexec itself. For backwards compatibility, if the plugin is
! 1499: not found in the default plugin directory, sudo will check the
! 1500: parent directory default directory ends in "/sudo".
! 1501: [5de67de76489]
! 1502:
! 1503: * plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c,
! 1504: plugins/system_group/system_group.c:
! 1505: Add missing __dso_public to plugin structs so they are exported.
! 1506: [dde703577621]
! 1507:
! 1508: * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
! 1509: Mention that sudoers has its own plugins too.
! 1510: [0a6c6203b512]
! 1511:
! 1512: 2013-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
! 1513:
! 1514: * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
! 1515: Correct last change date.
! 1516: [45894291d792]
! 1517:
! 1518: * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
! 1519: doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
! 1520: doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
! 1521: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
! 1522: doc/sudoers.mdoc.in:
! 1523: Remove duplicated sudo.conf info in the sudo, sudoers and
! 1524: sudo_plugin manuals and cross-reference the new sudo.conf manual.
! 1525: [b808ba29cf3a]
! 1526:
! 1527: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
! 1528: Fix typos
! 1529: [0e70964150c6]
! 1530:
! 1531: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
! 1532: doc/sudoers.ldap.mdoc.in:
! 1533: Fix some typos.
! 1534: [94ae045cfbc6]
! 1535:
! 1536: * MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
! 1537: doc/sudo.conf.mdoc.in:
! 1538: Add standalone sudo.conf manual page.
! 1539: [d64d949b700c]
! 1540:
! 1541: * doc/sample.sudo.conf:
! 1542: add group_source example
! 1543: [118c1ba1c014]
! 1544:
! 1545: * configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in,
! 1546: doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
! 1547: doc/sudoers.man.in, doc/sudoers.mdoc.in:
! 1548: Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf.
! 1549: [f5bd6006dc1c]
! 1550:
! 1551: * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo,
! 1552: src/po/it.po:
! 1553: Sync with translationproject.org
! 1554: [a6f2b9aac371]
! 1555:
! 1556: 2013-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
! 1557:
! 1558: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
! 1559: plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo,
! 1560: src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo,
! 1561: src/po/vi.po:
! 1562: Sync with translationproject.org
! 1563: [ba546666969d]
! 1564:
! 1565: 2013-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
! 1566:
! 1567: * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo,
! 1568: plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po,
! 1569: src/po/es.po, src/po/gl.po:
! 1570: Sync with translationproject.org
! 1571: [cdc454e34c03]
! 1572:
! 1573: 2013-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
! 1574:
! 1575: * NEWS:
! 1576: Clarify ttyname changes.
! 1577: [cbf2f80fe582]
! 1578:
! 1579: * NEWS:
! 1580: Add 1.8.6p6
! 1581: [3aa591e98b3b]
! 1582:
! 1583: * src/ttyname.c:
! 1584: Remove ttyname() fall back code on systems where we can query the
! 1585: kernel for the tty device via /proc or sysctl(). If there is no
! 1586: controlling tty, it is better to just treat the tty as unknown
! 1587: rather than to blindly use what is hooked up to std{in,out,err}.
! 1588: [b2bd3005d2e4]
! 1589:
! 1590: 2013-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
! 1591:
! 1592: * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c:
! 1593: Add group_source setting in sudo.conf to allow the admin to specify
! 1594: how a user's groups are looked up. Legal values are static (just
! 1595: the kernel list from getgroups), dynamic (whatever the group
! 1596: database includes) and adaptive (only use group db if kernel group
! 1597: list is full).
! 1598: [87a5b02e22ad]
! 1599:
! 1600: * plugins/sudoers/policy.c:
! 1601: Pass back exec_background to front end if it is enabled in sudoers.
! 1602: [8230e1cd0bbd]
! 1603:
! 1604: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
! 1605: Mention that exec_background is for 1.8.7 and higher only.
! 1606: [fdf0d5a3e182]
! 1607:
! 1608: 2013-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
! 1609:
! 1610: * MANIFEST:
! 1611: Add missing test files.
! 1612: [1165389aa5e6]
! 1613:
! 1614: * plugins/sudoers/regress/visudo/test3.err.ok,
! 1615: plugins/sudoers/regress/visudo/test3.out.ok,
! 1616: plugins/sudoers/regress/visudo/test3.sh:
! 1617: Add regress test for bug 361
! 1618: [54c7fb61b82d]
! 1619:
! 1620: * plugins/sudoers/iolog.c:
! 1621: Add __dso_public to extern declaration of declaration to match
! 1622: actual definition.
! 1623: [4695ded501e6]
! 1624:
! 1625: * NEWS:
! 1626: Add 1.8.6p5
! 1627: [b07b28c5c4d7]
! 1628:
! 1629: 2013-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
! 1630:
! 1631: * MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok,
! 1632: plugins/sudoers/regress/visudo/test2.out.ok,
! 1633: plugins/sudoers/regress/visudo/test2.sh:
! 1634: Add test for visudo cycle check core dump; test case from Daniel
! 1635: Kopecek
! 1636: [41074541147a]
! 1637:
! 1638: * plugins/sudoers/visudo.c:
! 1639: Fix potential stack overflow due to infinite recursion in alias
! 1640: cycle detection. From Daniel Kopecek.
! 1641: [d7e018a87434]
! 1642:
! 1643: * common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c:
! 1644: Ignore duplicate entries in sudo.conf and report the line number
! 1645: when there is an error. Warn, don't abort if there is more than one
! 1646: policy plugin.
! 1647: [dfcb5a698f0a]
! 1648:
! 1649: * plugins/sudoers/tsgetgrpw.c:
! 1650: Use strtoul() not atoi().
! 1651: [58a52cf9b6b8]
! 1652:
! 1653: 2013-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
! 1654:
! 1655: * compat/Makefile.in:
! 1656: regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo
! 1657: [9b44e9d26d16]
! 1658:
! 1659: * compat/nss_dbdefs.h:
! 1660: Fix typo that breaks the build on HP-UX.
! 1661: [b9ab6ba23485]
! 1662:
! 1663: * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in,
! 1664: configure, configure.in:
! 1665: Use nss_search() to implement getgrouplist() where available.
! 1666: Tested on Solaris and HP-UX. We need to include a compatibility
! 1667: header for HP-UX which uses the Solaris nsswitch implementation but
! 1668: doesn't ship nss_dbdefs.h.
! 1669: [d29dbc4dc06d]
! 1670:
! 1671: 2013-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
! 1672:
! 1673: * src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h:
! 1674: Remove extra flag to sudo_sigaction(). We want to trap the signal
! 1675: regardless of whether or not it is ignored by the underlying command
! 1676: since there's no way to know what signal handlers the command will
! 1677: install. Now we just use sudo_sigaction() to set a flag in
! 1678: saved_signals[] to indicate whether a signal needs to be restored
! 1679: before exec.
! 1680: [c042d52c7192]
! 1681:
! 1682: 2013-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
! 1683:
! 1684: * compat/getgrouplist.c, config.h.in, configure, configure.in:
! 1685: Use _getgroupsbymember() on Solaris to get the groups list. Fixes
! 1686: performance problems with the getgroupslist() compat on Solaris
! 1687: systems with network-based group databases.
! 1688: [287d3ae2ce8d]
! 1689:
! 1690: 2013-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
! 1691:
! 1692: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
! 1693: doc/sudo_plugin.mdoc.in:
! 1694: Document signal handler behavior in plugin API 1.3
! 1695: [20dc9d1c105f]
! 1696:
! 1697: * MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c,
! 1698: src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h:
! 1699: Move signal code into its own source file and add sudo_sigaction()
! 1700: wrapper that has an extra flag to check the saved_signals list to
! 1701: only install the handler if the signal is not already ignored. Bump
! 1702: plugin API version for the new front-end signal behavior.
! 1703: [5d2f27a1b404]
! 1704:
! 1705: * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h,
! 1706: src/sudo_exec.h:
! 1707: Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute
! 1708: the command. If we get SIGINT or SIGQUIT, call the plugin close()
! 1709: functions as if the command was interrupted. If we get SIGTSTP,
! 1710: uninstall the handler and deliver SIGTSTP to ourselves.
! 1711: [332baf3a81b7]
! 1712:
! 1713: * src/exec.c, src/exec_pty.c:
! 1714: Rename handle_signals() to dispatch_signals(). Block other signals
! 1715: in handler() so we don't have to worry about the write() being
! 1716: interrupted.
! 1717: [666e95c9a0f1]
! 1718:
! 1719: 2013-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
! 1720:
! 1721: * src/tgetpass.c:
! 1722: Rename signal handler to avoid name clash with one in exec.c
! 1723: [8913101a29b6]
! 1724:
! 1725: 2013-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
! 1726:
! 1727: * src/sudo.c:
! 1728: Add missing call to save_signals().
! 1729: [47d075d7326b]
! 1730:
! 1731: 2013-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
! 1732:
! 1733: * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
! 1734: Fill in the comment block at the top of the .pot files and preserve
! 1735: it when regenerating them.
! 1736: [6449497b76db]
! 1737:
! 1738: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
! 1739: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
! 1740: doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
! 1741: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
! 1742: plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
! 1743: Add exec_background option in plugin command info and a sudoers
! 1744: option to match. When set, commands are started in the background
! 1745: and automatically foregrounded as needed. There are issues with
! 1746: some ill-mannered programs (like Linux su) so this is not the
! 1747: default.
! 1748: [c0b32b0938f2]
! 1749:
! 1750: * common/Makefile.in:
! 1751: regen
! 1752: [2b2b220e7aea]
! 1753:
! 1754: * src/Makefile.in:
! 1755: Add SESH_OBJS variable for sesh object files.
! 1756: [d3e04ae8fd1f]
! 1757:
! 1758: * configure.in, doc/LICENSE, plugins/sudoers/redblack.c:
! 1759: Update copyright year.
! 1760: [61a0f0cedb13]
! 1761:
! 1762: * src/exec_pty.c:
! 1763: Always resume the command in the foreground if sudo itself is the
! 1764: foreground process. This helps work around poorly behaved programs
! 1765: that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At
! 1766: worst, sudo will go into the background but upon resume the command
! 1767: will be runnable. Otherwise, we can get into a situation where the
! 1768: command will immediately suspend itself.
! 1769: [c368ac3eb2e4]
! 1770:
! 1771: * configure, configure.in:
! 1772: Use -fstack-protector-all in preference to -fstack-protector where
! 1773: supported.
! 1774: [f930c95ceb51]
! 1775:
! 1776: 2013-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
! 1777:
! 1778: * configure, configure.in:
! 1779: Only test for -fstack-protector and -fvisibility=hidden on GNU
! 1780: compatible compilers.
! 1781: [796f4696d863]
! 1782:
! 1783: 2013-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
! 1784:
! 1785: * NEWS:
! 1786: Add Sudo 1.8.6p4
! 1787: [8a928de8e717]
! 1788:
! 1789: * common/Makefile.in, compat/Makefile.in, configure, configure.in,
! 1790: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
! 1791: plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
! 1792: src/Makefile.in:
! 1793: Break out stack smashing protector options into SSP_CFLAGS and
! 1794: SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
! 1795: [01be114fc9fb]
! 1796:
! 1797: 2013-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
! 1798:
! 1799: * doc/CONTRIBUTORS, plugins/sudoers/redblack.c:
! 1800: In rbrepair(), make sure we never try to change the color of the
! 1801: sentinel node, which is the first entry, not the root. From Michael
! 1802: King
! 1803: [3fc4dc4004ec]
! 1804:
! 1805: 2012-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
! 1806:
! 1807: * src/exec_pty.c:
! 1808: No need to restore default signal handler for SIGSTOP as it is not
! 1809: catchable. Attempting to do so is harmless but sigaction() will
! 1810: fail and set errno to EINVAL which makes it looks like there is an
! 1811: error.
! 1812: [be7c0b759e9a]
! 1813:
! 1814: * src/exec.c:
! 1815: Print SIGCONT_FG and SIGCONT_BG properly in debug output.
! 1816: [93e59e301c8f]
! 1817:
! 1818: 2012-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
! 1819:
! 1820: * configure, configure.in:
! 1821: Disable PIE on FreeBSD/ia64, otherwise sudo will segfault.
! 1822: [9ed48f696595]
! 1823:
! 1824: 2012-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
! 1825:
! 1826: * include/missing.h:
! 1827: Add howmany() macro since some systems have this in sys/param.h
! 1828: which we no longer include.
! 1829: [2c5efaa16c45]
! 1830:
! 1831: 2012-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
! 1832:
! 1833: * plugins/sudoers/regress/sudoers/test11.toke.out.ok:
! 1834: Remove errant file.
! 1835: [a91699beffc6]
! 1836:
! 1837: 2012-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
! 1838:
! 1839: * plugins/sudoers/regress/check_symbols/check_symbols.c,
! 1840: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
! 1841: plugins/sudoers/regress/logging/check_wrap.c,
! 1842: plugins/sudoers/regress/parser/check_addr.c,
! 1843: plugins/sudoers/regress/parser/check_fill.c:
! 1844: Remove obsolete sudoers_cleanup() stubs.
! 1845: [89153025a2ae]
! 1846:
! 1847: * common/alloc.c, common/atobool.c, common/fileops.c,
! 1848: common/fmt_string.c, common/lbuf.c, common/secure_path.c,
! 1849: common/sudo_conf.c, common/sudo_debug.c, common/term.c,
! 1850: compat/closefrom.c, compat/getcwd.c, compat/glob.c,
! 1851: compat/snprintf.c, include/missing.h,
! 1852: plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
! 1853: plugins/sample_group/plugin_test.c,
! 1854: plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
! 1855: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
! 1856: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
! 1857: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
! 1858: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
! 1859: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
! 1860: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
! 1861: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
! 1862: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
! 1863: plugins/sudoers/env.c, plugins/sudoers/find_path.c,
! 1864: plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
! 1865: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
! 1866: plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c,
! 1867: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
! 1868: plugins/sudoers/logging.c, plugins/sudoers/match.c,
! 1869: plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
! 1870: plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
! 1871: plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
! 1872: plugins/sudoers/redblack.c,
! 1873: plugins/sudoers/regress/parser/check_addr.c,
! 1874: plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
! 1875: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
! 1876: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
! 1877: plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
! 1878: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
! 1879: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
! 1880: plugins/system_group/system_group.c, src/conversation.c, src/exec.c,
! 1881: src/exec_common.c, src/exec_pty.c, src/get_pty.c,
! 1882: src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c,
! 1883: src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c:
! 1884: Don't include <sys/param.h>. We only needed it for MAXPATHLEN,
! 1885: MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and
! 1886: HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
! 1887: MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
! 1888: [f4807d46f504]
! 1889:
! 1890: * include/missing.h, plugins/sudoers/match.c,
! 1891: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
! 1892: Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN
! 1893: (sys/param.h or netdb.h).
! 1894: [2544f5e306dd]
! 1895:
! 1896: 2012-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
! 1897:
! 1898: * plugins/sudoers/logging.c:
! 1899: Move debug_decl() in log_failure() to be after the variable
! 1900: declarations for C89.
! 1901: [f48d2035ab44]
! 1902:
! 1903: 2012-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
! 1904:
! 1905: * common/error.c, include/error.h, plugins/sudoers/iolog.c,
! 1906: plugins/sudoers/logging.c, plugins/sudoers/policy.c,
! 1907: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
! 1908: Cannot wrap sigsetjmp() or we end up returning to the wrong place.
! 1909: Use a macro instead.
! 1910: [749ee6acdad8]
! 1911:
! 1912: 2012-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
! 1913:
! 1914: * plugins/sudoers/policy.c:
! 1915: Fix return in sudoers_policy_open that should be debug_return.
! 1916: [a78b795b6846]
! 1917:
! 1918: 2012-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
! 1919:
! 1920: * src/ttyname.c:
! 1921: Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case
! 1922: too.
! 1923: [acfa891c229e]
! 1924:
! 1925: * src/solaris.c:
! 1926: Quiet a gcc warning and add comment about needing to keep the handle
! 1927: open.
! 1928: [f954f228960f]
! 1929:
! 1930: 2012-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
! 1931:
! 1932: * INSTALL:
! 1933: mention --disable-shared
! 1934: [6954d39e2d0f]
! 1935:
! 1936: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
! 1937: doc/sudo_plugin.mdoc.in:
! 1938: Add missing command_info argument in I/O plugin open() prototype.
! 1939: Bug #579
! 1940: [72beb07aba0e]
! 1941:
! 1942: 2012-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
! 1943:
! 1944: * plugins/sudoers/gram.c:
! 1945: Regen for proper line numbers.
! 1946: [6cf6e132e764]
! 1947:
! 1948: * configure, configure.in:
! 1949: Add locale_stub.o to SUDO_OBJS, not locale_stub.lo.
! 1950: [d604dc8ca38a]
! 1951:
! 1952: * common/sudo_printf.c:
! 1953: Include missing.h for __printflike.
! 1954: [a33640600faf]
! 1955:
! 1956: * plugins/sudoers/iolog.c:
! 1957: Saner loop invariant in io_mkdirs (cosmetic only).
! 1958: [dc30274afe38]
! 1959:
! 1960: * MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c,
! 1961: configure, configure.in, include/error.h, mkdep.pl,
! 1962: plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
! 1963: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
! 1964: plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
! 1965: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
! 1966: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
! 1967: src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c,
! 1968: src/sesh.c:
! 1969: Move warn/error into common and make static builds work.
! 1970: [4d3f374f4e4c]
! 1971:
! 1972: * MANIFEST, common/Makefile.in, common/sudo_debug.c,
! 1973: common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in,
! 1974: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
! 1975: plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
! 1976: plugins/sudoers/policy.c,
! 1977: plugins/sudoers/regress/check_symbols/check_symbols.c,
! 1978: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
! 1979: plugins/sudoers/regress/logging/check_wrap.c,
! 1980: plugins/sudoers/regress/parser/check_addr.c,
! 1981: plugins/sudoers/regress/parser/check_fill.c,
! 1982: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
! 1983: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
! 1984: src/Makefile.in, src/conversation.c, src/sesh.c:
! 1985: Move _sudo_printf from src/conversation.c to common/sudo_printf.c.
! 1986: Add sudo_printf function pointer that is initialized to
! 1987: _sudo_printf() instead of requiring a sudo_conv function pointer
! 1988: everywhere. The plugin will reset sudo_printf to point to the
! 1989: version passed in via the plugin open function. Now plugin_error.c
! 1990: can just call sudo_printf in all cases. The sudoers binaries no
! 1991: longer need their own version of sudo_printf.
! 1992: [9b09d3f63790]
! 1993:
! 1994: * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
! 1995: plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
! 1996: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
! 1997: Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't
! 1998: need error_jmp to be extern. Also add plugin_clearjmp() that clears
! 1999: a flag so error()/errorx() knows when to call exit() vs. longjmp().
! 2000: [5a4617148e70]
! 2001:
! 2002: * plugins/sudoers/set_perms.c:
! 2003: Let warning() call gettext() for us.
! 2004: [ab8d502ba4ac]
! 2005:
! 2006: * include/error.h, plugins/sudoers/plugin_error.c, src/error.c:
! 2007: Do locale swapping in the warning()/error() macros themselves
! 2008: instead of in the underlying functions.
! 2009: [4cd205540e17]
! 2010:
! 2011: * common/alloc.c, common/list.c, include/error.h,
! 2012: plugins/sudoers/env.c, plugins/sudoers/plugin_error.c,
! 2013: plugins/sudoers/regress/check_symbols/check_symbols.c,
! 2014: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
! 2015: src/hooks.c:
! 2016: Rename warning2()/error2() -> warning_nodebug()/error_nodebug().
! 2017: [48346393634d]
! 2018:
! 2019: * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
! 2020: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
! 2021: plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c,
! 2022: plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
! 2023: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
! 2024: plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
! 2025: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
! 2026: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
! 2027: plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c,
! 2028: src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
! 2029: src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
! 2030: src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
! 2031: Call gettext() on parameters for warning()/warningx() instead of
! 2032: having warning() do it for us.
! 2033: [c71088bc9d3e]
! 2034:
! 2035: * Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c,
! 2036: plugins/sudoers/gram.y, plugins/sudoers/toke.c,
! 2037: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
! 2038: Call gettext() in sudoerserror() in the user's locale and pass the
! 2039: untranslated string to it.
! 2040: [cdbfc231b848]
! 2041:
! 2042: * plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
! 2043: plugins/sudoers/logging.h, plugins/sudoers/sudoers.c,
! 2044: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
! 2045: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
! 2046: Allow sudoers programs (visudo, sudoreplay, visudo) to use
! 2047: plugin_error.c instead of the error.c from the front-end. This
! 2048: means sudoers_setlocale() needs to be independent of the sudo_user
! 2049: struct and the defaults table. The sudoers locale is now updated
! 2050: via a callback.
! 2051: [e356f5f8cd6a]
! 2052:
! 2053: * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
! 2054: plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
! 2055: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
! 2056: Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c
! 2057: Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers
! 2058: warning/error functions work when sudo_conv is NULL
! 2059: [7365ee24a779]
! 2060:
! 2061: * src/error.c:
! 2062: No need to change locale in front-end warning()/error().
! 2063: [23dc1df7f93b]
! 2064:
! 2065: * plugins/sudoers/tsgetgrpw.c:
! 2066: Ignore bad lines in passwd/group file instead if stopping processing
! 2067: when we hit one.
! 2068: [79b790559075]
! 2069:
! 2070: * plugins/sudoers/regress/testsudoers/test2.sh,
! 2071: plugins/sudoers/regress/testsudoers/test3.sh,
! 2072: plugins/sudoers/regress/testsudoers/test5.sh:
! 2073: Bash doesn't let you set UID to use MYUID instead.
! 2074: [5be56335f059]
! 2075:
! 2076: * plugins/sudoers/visudo.c:
! 2077: Avoid NULL deref for unknown Defaults in strict mode.
! 2078: [545c21c1e7d6]
! 2079:
! 2080: * common/sudo_conf.c, common/sudo_debug.c:
! 2081: See DEFAULT_TEXT_DOMAIN
! 2082: [3d723e1d27db]
! 2083:
! 2084: 2012-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
! 2085:
! 2086: * .hgignore:
! 2087: Add signame.c and mksigname.
! 2088: [d59bbf423f00]
! 2089:
! 2090: * plugins/sudoers/Makefile.in:
! 2091: Fold preinstall into install-plugin and pass the path to the plugin
! 2092: binary to the preinstall command.
! 2093: [2c2205af8bb7]
! 2094:
! 2095: * pp:
! 2096: sync with upstream
! 2097: [a4b7336b3256]
! 2098:
! 2099: * src/sudo.h:
! 2100: repair spacing
! 2101: [f5c1255ce514]
! 2102:
! 2103: 2012-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
! 2104:
! 2105: * common/sudo_debug.c:
! 2106: Set group on sudo_debug when creating it to gid 0 so systems without
! 2107: BSD group semantics don't get the invoking user's group.
! 2108: [7dda01196554]
! 2109:
! 2110: * plugins/sudoers/iolog.c:
! 2111: Rename mkdir_parents() io_mkdirs() and add a flag to specify whether
! 2112: path is a temporary, in which case the final component is created
! 2113: via mkdtemp() instead of mkdir().
! 2114: [79c0c4e7ed58]
! 2115:
! 2116: * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h:
! 2117: For PERM_ROOT set egid to 0 so log files are not created with the
! 2118: gid of the user.
! 2119: [5b964ea43474]
! 2120:
! 2121: * plugins/sudoers/logging.c:
! 2122: Add calls to set_perms(PERM_ROOT) becore logging to a file. We
! 2123: should already be root but since we cache the current permission
! 2124: status it is basically free. That way, if more of sudoers runs as
! 2125: non-root in the future logging will still work correctly.
! 2126: [c591d4973f41]
! 2127:
! 2128: * common/sudo_conf.c, config.h.in, configure, configure.in,
! 2129: include/gettext.h, plugins/sudoers/locale.c,
! 2130: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
! 2131: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
! 2132: src/error.c, src/exec.c, src/sesh.c, src/sudo.c:
! 2133: #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it.
! 2134: [41f6bb4926f4]
! 2135:
! 2136: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
! 2137: doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
! 2138: doc/sudo_plugin.mdoc.in:
! 2139: Mention that sudo.conf is parsed in the C locale.
! 2140: [f711c416e30c]
! 2141:
! 2142: * common/sudo_conf.c:
! 2143: Parse sudo.conf in the "C" locale.
! 2144: [776658f651ea]
! 2145:
! 2146: * plugins/sudoers/locale.c, plugins/sudoers/logging.h,
! 2147: plugins/sudoers/sudoers.h:
! 2148: Fix compilation on systems w/o setlocale()
! 2149: [6940d1c1c1ce]
! 2150:
! 2151: * doc/TROUBLESHOOTING:
! 2152: Sudo now includes a workaround for the Solaris 11 locale issue.
! 2153: [ab93787a552c]
! 2154:
! 2155: 2012-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
! 2156:
! 2157: * include/gettext.h, plugins/sudoers/iolog_path.c,
! 2158: plugins/sudoers/locale.c,
! 2159: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
! 2160: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
! 2161: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
! 2162: src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h:
! 2163: Always include locale.h from gettext.h so we no longer need to
! 2164: include locale.h from the .c files.
! 2165: [93d39182ccfa]
! 2166:
! 2167: * MANIFEST, config.h.in, configure, configure.in, mkdep.pl,
! 2168: plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c,
! 2169: src/solaris.c, src/sudo.c, src/sudo.h:
! 2170: Add os-specific initialization functions for solaris (workaround
! 2171: setuid locale problem in Solaris 11) and openbsd (set malloc_options
! 2172: if SUDO_DEVEL). Also move set_project() to solaris.c.
! 2173: [1d6581afbaf4]
! 2174:
! 2175: 2012-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
! 2176:
! 2177: * plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
! 2178: plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
! 2179: plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
! 2180: Avoid strerror() when possible and just rely on warning/error to
! 2181: handle errno in the proper locale.
! 2182: [bf612caae97c]
! 2183:
! 2184: * plugins/sudoers/logging.c:
! 2185: Set sudoers locale in log_allowed()
! 2186: [2dd0ac704cae]
! 2187:
! 2188: * plugins/sudoers/check.c:
! 2189: Make the sudo lecture translatable.
! 2190: [3cdfc183d72d]
! 2191:
! 2192: * Makefile.in:
! 2193: Add the values of badpass_message, passprompt and mailsub to
! 2194: sudoers.pot so they can be translated.
! 2195: [51cbe8adcb94]
! 2196:
! 2197: * plugins/sudoers/logging.c:
! 2198: Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked
! 2199: up by xgettext.
! 2200: [c5b74115caf0]
! 2201:
! 2202: 2012-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
! 2203:
! 2204: * plugins/sudoers/check.c, plugins/sudoers/prompt.c,
! 2205: plugins/sudoers/sudoers.h:
! 2206: Make expand_prompt() args const and free the prompt when we are done
! 2207: with it.
! 2208: [995ef8519fe6]
! 2209:
! 2210: * plugins/sudoers/policy.c:
! 2211: Fix cut and pasto
! 2212: [e002921c1d15]
! 2213:
! 2214: * plugins/sudoers/defaults.c, plugins/sudoers/logging.c:
! 2215: Expand def_mailsub in the sudoers locale, not the user's.
! 2216: [a4775f2fb385]
! 2217:
! 2218: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
! 2219: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
! 2220: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
! 2221: plugins/sudoers/env.c, plugins/sudoers/iolog.c,
! 2222: plugins/sudoers/locale.c, plugins/sudoers/logging.c,
! 2223: plugins/sudoers/logging.h, plugins/sudoers/parse.c,
! 2224: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
! 2225: plugins/sudoers/timestamp.c:
! 2226: Call gettext inside log_error et al instead of having the caller do
! 2227: it. This way we can display any messages to the user in their own
! 2228: locale but log in the sudoers local.
! 2229: [286e0444f785]
! 2230:
! 2231: * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
! 2232: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
! 2233: plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
! 2234: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
! 2235: plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
! 2236: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
! 2237: plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
! 2238: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
! 2239: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
! 2240: plugins/sudoers/visudo.c, src/error.c, src/exec.c,
! 2241: src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
! 2242: src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
! 2243: src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
! 2244: Display warning/error messages in the user's locale.
! 2245: [00a04165c0cf]
! 2246:
! 2247: * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c,
! 2248: plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
! 2249: audit_failure() now calls gettext itself using the sudoers locale.
! 2250: [d77f1d78799a]
! 2251:
! 2252: * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
! 2253: plugins/sudoers/sudoers.c:
! 2254: Convert setlocale() to sudoers_setlocale() in the sudoers module.
! 2255: This only converts existing uses, there are more places where we
! 2256: need to sprinkle sudoers_setlocale() calls.
! 2257: [8ee0cbf0d0a9]
! 2258:
! 2259: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
! 2260: plugins/sudoers/locale.c, plugins/sudoers/logging.h,
! 2261: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
! 2262: Add simple locale switching to make it easy to switch from the
! 2263: user's locale to the sudoers locale without making excessive
! 2264: setlocale() calls when we don't need to.
! 2265: [5c61582fdeee]
! 2266:
! 2267: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
! 2268: plugins/sudoers/plugin_error.c, src/error.c:
! 2269: Add variants of warn/error and sudo_debug_printf that take a va_list
! 2270: instead of a variable number of args.
! 2271: [00392bdc063c]
! 2272:
! 2273: * INSTALL, doc/TROUBLESHOOTING:
! 2274: Document Solaris 11 locale issues and workarounds.
! 2275: [05f7d34af3ae]
! 2276:
! 2277: * Makefile.in, configure, configure.in:
! 2278: Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8
! 2279: locales. Make links from localdir/lang -> localdir/lang.UTF-8
! 2280: [5ca9326480e2]
! 2281:
! 2282: 2012-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
! 2283:
! 2284: * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
! 2285: plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
! 2286: Do not inform the user that the command was not permitted by the
! 2287: policy if they do not successfully authenticate. This is a
! 2288: regression introduced in sudo 1.8.6.
! 2289: [c1279df08bfb]
! 2290:
! 2291: * plugins/sudoers/Makefile.in:
! 2292: Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup
! 2293: the rpath in HP-UX SOM shared libraries for the LDAP libs.
! 2294: [b07185657b42]
! 2295:
! 2296: * src/parse_args.c:
! 2297: The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A.
! 2298: [22c73cbe3ff9]
! 2299:
! 2300: 2012-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
! 2301:
! 2302: * INSTALL, configure, configure.in:
! 2303: Allow the user to specify and alternate libtool
! 2304: [c9d6fc9521fd]
! 2305:
! 2306: 2012-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
! 2307:
! 2308: * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c:
! 2309: Allow sudo to be build with sss support without also including ldap
! 2310: support. From Stephane Graber.
! 2311: [b992a80ebea1]
! 2312:
! 2313: 2012-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
! 2314:
! 2315: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c,
! 2316: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
! 2317: plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
! 2318: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
! 2319: plugins/sudoers/visudo.c:
! 2320: Refactor policy plugin interface code from sudoers.c into policy.c
! 2321: [393e62910b8a]
! 2322:
! 2323: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
! 2324: Refactor command_info setting into its own function.
! 2325: [a952b948324c]
! 2326:
! 2327: * plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
! 2328: plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c,
! 2329: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
! 2330: Make interfaces pointer private to interfaces.c and add
! 2331: get_interfaces() accessor.
! 2332: [b69b9334ed3c]
! 2333:
! 2334: 2012-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
! 2335:
! 2336: * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
! 2337: plugins/sudoers/sudoers.h:
! 2338: Make user_cwd const since it is either a string literal or passed in
! 2339: from the front-end.
! 2340: [90751b81e8bc]
! 2341:
! 2342: * configure, configure.in:
! 2343: sudo 1.8.7
! 2344: [bf727adb8af0]
! 2345:
! 2346: * plugins/sudoers/sudoers.c:
! 2347: Avoid nested strtok() calls.
! 2348: [9d9f22ab52a9]
! 2349:
! 2350: 2012-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
! 2351:
! 2352: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
! 2353: plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h:
! 2354: Move expand_prompt() into its own source file for easier unit
! 2355: testing.
! 2356: [b419b48a436f]
! 2357:
! 2358: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
! 2359: plugins/sudoers/check.h, plugins/sudoers/sudoers.h,
! 2360: plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
! 2361: Make check.c independent of the underlying timestamp implementation.
! 2362: [895071bd6065]
! 2363:
! 2364: * plugins/sudoers/iolog_path.c:
! 2365: Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled.
! 2366: [8ac38f02dd6d]
! 2367:
! 2368: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
! 2369: Use a list for the possible values of Tag_Spec with a minimal indent
! 2370: to improve readability. In the pod version, these were =head3. Also
! 2371: use .St -p1003.1 instead of just POSIX when talking about glob() and
! 2372: fnmatch().
! 2373: [361a6f7a5c44]
! 2374:
! 2375: 2012-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
! 2376:
! 2377: * src/ttyname.c:
! 2378: sudo_ttyname_dev() is unused if there is no /proc or sysctl().
! 2379: [6598dbf81e16]
! 2380:
! 2381: * compat/mksiglist.c, compat/mksigname.c,
! 2382: compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c,
! 2383: plugins/sample_group/plugin_test.c,
! 2384: plugins/sudoers/regress/check_symbols/check_symbols.c,
! 2385: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
! 2386: plugins/sudoers/regress/logging/check_wrap.c,
! 2387: plugins/sudoers/regress/parser/check_addr.c,
! 2388: plugins/sudoers/regress/parser/check_fill.c,
! 2389: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
! 2390: plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c:
! 2391: Explicitly mark main() as public in executables to avoid an HP-UX ld
! 2392: warning.
! 2393: [72a40ce218be]
! 2394:
! 2395: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
! 2396: Remove grep from SEE ALSO section.
! 2397: [c7cafee1621f]
! 2398:
! 2399: * common/alloc.c:
! 2400: If vasprintf() fails, just use the errno it sets instead of assuming
! 2401: ENOMEM.
! 2402: [1be5bfdc0cab]
! 2403:
! 2404: 2012-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
! 2405:
! 2406: * doc/TROUBLESHOOTING:
! 2407: Mention HP-UX pam.conf settings.
! 2408: [8b8e745b49fd]
! 2409:
! 2410: 2012-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
! 2411:
! 2412: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
! 2413: plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c,
! 2414: plugins/sudoers/timestamp.h:
! 2415: Split off timestamp functions into their own source file.
! 2416: [d5833332511d]
! 2417:
! 2418: 2012-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
! 2419:
! 2420: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
! 2421: Mention how !foo is not the same as ALL,!foo
! 2422: [51f8e470757d]
! 2423:
! 2424: 2012-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
! 2425:
! 2426: * src/exec_pty.c:
! 2427: Start commands in the background when I/O logging is enabled. We
! 2428: can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2)
! 2429: which returns EINTR on signal instead of restarting automatically.
! 2430: [83b1d59146f7]
! 2431:
! 2432: * src/exec_pty.c:
! 2433: Handle SIGCONT_FG and SIGCONT_BG when converting signal number to
! 2434: string in deliver_signal().
! 2435: [2cefea7a976e]
! 2436:
! 2437: 2012-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
! 2438:
! 2439: * src/exec_pty.c:
! 2440: Fix running commands that need the terminal in the background when
! 2441: I/O logging is enabled. E.g. "sudo vi &". When the command is
! 2442: foregrounded, it will now resume properly.
! 2443: [0bc13a253429]
! 2444:
! 2445: * plugins/sudoers/match.c:
! 2446: Add rudimentary support for name-based matching as a compile-time
! 2447: option. This unsafe when used in conjunction with the '!' operator.
! 2448: [f93bc8e6db15]
! 2449:
! 2450: 2012-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
! 2451:
! 2452: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c,
! 2453: plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c:
! 2454: Split out implementation-specific back end code out of pwutil.c into
! 2455: pwutil_impl.c. This will allow the main pwutil code to be used for
! 2456: lookup methods other than getpw* and getgr*.
! 2457: [999c2dde60e4]
! 2458:
! 2459: 2012-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
1.1.1.3 misho 2460:
2461: * NEWS, configure, configure.in:
2462: sudo 1.8.6p3
2463: [97fef3d9ed65]
2464:
2465: 2012-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
2466:
2467: * doc/fixman.sh:
2468: Don't use embedded newline when matching, use \n. This got expanded
2469: at some point. Bug #573
2470: [6652f834b8f5]
2471:
1.1.1.4 ! misho 2472: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
! 2473: Rename yyerror() to sudoerserror() to match yacc prefix changes. Not
! 2474: really needed due to the #defines that yacc makes but it is less
! 2475: confusing this way as the lexer calls sudoerserror().
! 2476: [a0577be6527d]
! 2477:
! 2478: * common/alloc.c, plugins/sample_group/plugin_test.c,
! 2479: plugins/sudoers/env.c, plugins/sudoers/toke.c,
! 2480: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
! 2481: src/exec_common.c, src/parse_args.c, src/sudo.c:
! 2482: No need to translate "unable to allocate memory" when we can just
! 2483: use the system translation via strerror().
! 2484: [377499e5827c]
! 2485:
1.1.1.3 misho 2486: * plugins/sudoers/sudoreplay.c:
2487: Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not
2488: all file systems support d_type. Bug #572
2489: [8b861c62945f]
2490:
2491: * plugins/sudoers/sudoreplay.c:
2492: Avoid calling fclose(NULL) in the error path when we cannot open an
2493: I/O log file.
2494: [9401d5c4bb05]
2495:
2496: 2012-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
2497:
2498: * NEWS, configure, configure.in:
2499: Sudo 1.8.6p2
2500: [6e32496280f2]
2501:
2502: * src/exec.c:
2503: When setting the signal handler for SIGTSTP to the default value in
2504: non-I/O log mode, store the old handler value for when we restore it
2505: after resume.
2506: [242628694e42]
2507:
1.1.1.4 ! misho 2508: * plugins/sudoers/env.c:
! 2509: Replace the guts of sudo_setenv_nodebug() with our old setenv.c
! 2510: which supports non-standard BSD and glibc semantics. sudo_setenv()
! 2511: now simply calls sudo_setenv2().
! 2512: [57ffb6c9efaa]
! 2513:
! 2514: 2012-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
! 2515:
! 2516: * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
! 2517: doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in:
! 2518: Document non-Unix group support in LDAP sudoers.
! 2519: [33c89f3aeee6]
! 2520:
! 2521: * plugins/sudoers/ldap.c:
! 2522: Enable non-Unix group support for LDAP sudoers. We now check for
! 2523: non-Unix groups and netgroups with the same query in the second
! 2524: pass. Bug #571
! 2525: [eb98fdff54d9]
! 2526:
! 2527: 2012-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
! 2528:
! 2529: * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
! 2530: plugins/sudoers/gram.h, plugins/sudoers/parse.c,
! 2531: plugins/sudoers/regress/parser/check_fill.c,
! 2532: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
! 2533: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
! 2534: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
! 2535: plugins/sudoers/visudo.c:
! 2536: Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers.
! 2537: [cb6c0d93215e]
! 2538:
1.1.1.3 misho 2539: 2012-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
2540:
2541: * NEWS:
2542: Mention support for SUCCESS=return in /etc/nsswitch.conf
2543: [ef1f35aa0863]
2544:
2545: * NEWS, configure, configure.in:
2546: sudo 1.8.6p1
2547: [73a5e1f004b3]
2548:
2549: 2012-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
2550:
2551: * plugins/sudoers/env.c:
2552: Avoid setting LOGNAME, USER and USERNAME variables twice when
2553: set_logname is enabled.
2554: [0de4f5fbd1d4]
2555:
2556: * plugins/sudoers/env.c:
2557: Fix duplicate detection in sudo_putenv(), do not prune out the
2558: variable we just set when overwriting an existing instance. Fixes
2559: bug #570
2560: [854ee714c831]
2561:
2562: * plugins/sudoers/env.c:
2563: Add some debuggging
2564: [a25cd3305823]
2565:
2566: 2012-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
2567:
2568: * plugins/sudoers/sudo_nss.c:
2569: Disable word wrap in list mode when stdout is a pipe to make "sudo
2570: -l | grep ..." more useful. Adapted from a diff by Daniel Kopecek.
2571: [65ade04511fd]
2572:
2573: * common/lbuf.c:
2574: Print a trailing newline in lbuf_print() when there is not enough
2575: space to do word wrapping and the lbuf does not end with a newline.
2576: [c0200e19cd09]
2577:
2578: * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
2579: Add support for [SUCCESS=return] in nsswitch.conf; from Daniel
2580: Kopecek
2581: [5c480316e3ce]
2582:
2583: * MANIFEST:
2584: Add sssd.c
2585: [9cadd014ef97]
2586:
2587: 2012-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
2588:
2589: * plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo,
2590: plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo,
2591: plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo,
2592: src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo:
2593: regen .po files
2594: [62423d4d143d]
2595:
2596: * MANIFEST, plugins/sudoers/po/vi.mo:
2597: Add Vietnamese sudoers translation from translationproject.org
2598: [33666a605525]
2599:
2600: * NEWS:
2601: mention PIE
2602: [05032e5304c6]
2603:
2604: * MANIFEST, plugins/sudoers/po/vi.po:
2605: Add Vietnamese sudoers translation from translationproject.org
2606: [015c2204bae2]
2607:
2608: 2012-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
2609:
2610: * Makefile.in, compat/Makefile.in, mkdep.pl:
2611: Add missing signame dependency
2612: [e493bfb01929]
2613:
2614: * src/exec.c, src/ttyname.c:
2615: Silence compiler warnings.
2616: [1c5374b66d9b]
2617:
2618: * MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c,
2619: config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
2620: src/exec.c, src/exec_pty.c:
2621: Replace strsigname() with sig2str(), emulating it as needed.
2622: [1e348cca1fa6]
2623:
2624: * config.h.in, configure, configure.in, src/utmp.c:
2625: Use fseeko() for legacy utmp handling if available.
2626: [b4bbd8d2c0e9]
2627:
2628: 2012-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
2629:
2630: * compat/strsigname.c, config.h.in, configure, configure.in:
2631: Detect sys_sigabbrev[] and use it in place of sys_signame[] if
2632: present. For some reason glibc does not declare sys_sigabbrev so we
2633: must add an extern definition of our own.
2634: [b38f3fbd7078]
2635:
2636: * compat/strsignal.c, compat/strsigname.c:
2637: Handle NULL entries in sys_siglist and sys_signame.
2638: [a388959d9654]
2639:
2640: * compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c,
2641: compat/mksigname.h, compat/strsignal.c, compat/strsigname.c:
2642: Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name}
2643: [711e41aba59a]
2644:
2645: 2012-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
2646:
2647: * NEWS:
2648: sync
2649: [5a2522488754]
2650:
2651: * src/exec.c:
2652: Pass on SIGTSTP to the command if it was sent by a user process (not
2653: the kernel or the terminal) when we are not I/O logging and set the
2654: default SIGTSTP handler when we re-send the signal to ourself,
2655: restoring our handler after we resume.
2656: [4259c47e31c0]
2657:
2658: * src/exec.c:
2659: Shells typically change their process group when they start up so
2660: that they can implement job control. Most well-behaved shells
2661: change the pgrp back to its original value before suspending so we
2662: must not try to restore in that case, lest we race with the child
2663: upon resume, potentially stopping sudo with SIGTTOU while the
2664: command continues to run. Some shells, such as pdksh, just suspend
2665: the shell by sending SIGSTOP to themselves without restoring the
2666: pgrp. In this case we need to change the pgrp back for them. Should
2667: fix bug #568
2668: [6ac6751ffd17]
2669:
2670: 2012-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
2671:
2672: * MANIFEST, compat/Makefile.in, compat/mksigname.c,
2673: compat/mksigname.h, compat/strsignal.c, compat/strsigname.c,
2674: config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
2675: src/exec.c, src/exec_pty.c:
2676: Use strsigname() to print signal names in the debug output. If the
2677: system has no strsigname(), use our own.
2678: [0735f18906b9]
2679:
2680: 2012-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
2681:
2682: * plugins/sudoers/regress/testsudoers/test5.inc,
2683: plugins/sudoers/regress/testsudoers/test5.sh:
2684: Remove generated file and change path for temporary include file.
2685: [4e9fa830c6b5]
2686:
2687: * plugins/sudoers/Makefile.in:
2688: When running regress tests, list pass/fail rate for each dir
2689: (testsudoers and visudo) instead of the total. Also prevent the
2690: result files from clobbering each other by keeping them in the
2691: relevant directories.
2692: [6aac53baff7d]
2693:
2694: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2695: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2696: Don't print an error message in yyerror() if open_sudoers() fails,
2697: we've already printed an error message. Also restore the check for
2698: sudoers_warnings in yyerror().
2699: [aa6036df5fb2]
2700:
2701: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2702: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
2703: plugins/sudoers/toke.l:
2704: Avoid printing the >>> parse error <<< message for testsudoers when
2705: the -t flag is specified.
2706: [76f3433c8992]
2707:
2708: 2012-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
2709:
2710: * plugins/sudoers/parse.c:
2711: Fix NULL deref when an entry has no Runas_Entry
2712: [4b14983ff6e7]
2713:
2714: * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
2715: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
2716: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
2717: src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po,
2718: src/po/zh_CN.mo, src/po/zh_CN.po:
2719: sync with translationproject.org
2720: [440e9c9b37de]
2721:
2722: * NEWS:
2723: sync
2724: [3142ba2dce60]
2725:
2726: * plugins/sudoers/check.c:
2727: Correct the check_user() comment header.
2728: [73da30308fff]
2729:
2730: * plugins/sudoers/auth/sudo_auth.c:
2731: Change a log_fatal() into log_error() when no auth methods are
2732: configured. The caller already checks the return value.
2733: [05f5c39793a7]
2734:
2735: * plugins/sudoers/logging.c:
2736: Add missing debug_return
2737: [3a76bb7c2fe7]
2738:
2739: 2012-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
2740:
2741: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
2742: doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
2743: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
2744: doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
2745: doc/sudoers.man.in, doc/sudoers.mdoc.in:
2746: Make the capitalization consistent for .Ss and .Sx
2747: [5c5735ee4b2f]
2748:
2749: * doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat,
2750: doc/sudo.man.in, doc/sudo.mdoc.in:
2751: Add COMMAND EXECUTION section that describes how sudo runs the
2752: command, the extra sudo processes and signal handling.
2753: [dff2d88e984e]
2754:
2755: 2012-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
2756:
2757: * Makefile.in:
2758: Happy Easter
2759: [4b9d697c6b83]
2760:
2761: 2012-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
2762:
2763: * compat/Makefile.in:
2764: Don't echo the awk command when building siglist.in
2765: [21daa72921e6]
2766:
2767: * doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
2768: doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2769: Cosmetic changes.
2770: [19259528e9ad]
2771:
2772: * doc/Makefile.in:
2773: The HISTORY, LICENSE and CONTRIBUTORS files are not longer
2774: generated.
2775: [ea6ac9e981e6]
2776:
2777: * MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po,
2778: plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo,
2779: plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po,
2780: plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po,
2781: src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po,
2782: src/po/uk.po, src/po/vi.po:
2783: Sync with translationproject.org and add Italian sudoers
2784: translation.
2785: [9276740aea59]
2786:
2787: 2012-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
2788:
2789: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2790: Expand description of fqdn to talk about systems where the hosts
2791: file is searched before DNS.
2792: [4ee812ca6116]
2793:
2794: 2012-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
2795:
2796: * doc/Makefile.in:
2797: For cat pages there is nothing to make unless DEVEL is set.
2798: [fab4a5b68708]
2799:
2800: * configure, configure.in, doc/Makefile.in:
2801: Always use mandoc to format cat pages and remove now-extraneous
2802: nroff configure tests.
2803: [5747f4ed5762]
2804:
2805: * pp:
2806: sync polypkg from git
2807: [89ddf6ea3e3f]
2808:
2809: * plugins/sudoers/sudoers.c:
2810: Use AI_FQDN instead of AI_CANONNAME if available since "canonical"
2811: is not always the same as "fully qualified".
2812: [7c1d9c098386]
2813:
2814: 2012-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
2815:
2816: * doc/sudoers.mdoc.in:
2817: Fix some typos. Describe error messages not related to policy
2818: permissions.
2819: [f5ebf9030d85]
2820:
2821: * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
2822: plugins/sudoers/visudo.c:
2823: Add new check_defaults() function to check (but not update) the
2824: Defaults entries. Visudo can now use this instead of
2825: update_defaults to check all the defaults regardless instead of just
2826: the global Defaults entries.
2827: [3fa879ce1b65]
2828:
2829: 2012-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
2830:
2831: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2832: Document sudoers log format.
2833: [08998a7061ab]
2834:
2835: * NEWS:
2836: Update for sudo 1.8.5p3
2837: [6e102a5d4e8d]
2838:
2839: * src/load_plugins.c:
2840: Add missing check for I/O plugin API version when checking for the
2841: presence of I/O plugin hooks.
2842: [ef05c7eeaf81]
2843:
2844: * src/hooks.c:
2845: Can't call debug code in the process_hooks_xxx functions() since
2846: ctime() may look up the timezone via the TZ environment variable.
2847: [2179fb26bd8e]
2848:
2849: 2012-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
2850:
2851: * src/exec_common.c, src/sesh.c, src/utmp.c:
2852: Include signal.h before sudo_exec.h since it uses sigset_t * in the
2853: fork_pty prototype.
2854: [94fc0d859600]
2855:
2856: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
2857: doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
2858: doc/visudo.man.in, doc/visudo.mdoc.in:
2859: Remove OPTIONS section; options now go inside DESCRIPTION
2860: [a619fc58a746]
2861:
2862: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2863: regen
2864: [44719d80bc06]
2865:
2866: * MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
2867: plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
2868: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
2869: plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
2870: plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
2871: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
2872: plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
2873: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
2874: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
2875: src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po,
2876: src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po:
2877: Sync with translationproject.org and add new Slovenian translation.
2878: [34b4b966bbac]
2879:
2880: * common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
2881: plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c,
2882: plugins/sudoers/testsudoers.c:
2883: Reduce the number of "internal error, foo overflow" messages that
2884: need to be translated.
2885: [93ffa2b3d53f]
2886:
2887: * NEWS:
2888: Mention HP-UX reboot fix.
2889: [1e39b5aa32ac]
2890:
2891: * INSTALL, NEWS, common/sudo_debug.c, configure, configure.in,
2892: doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in,
2893: plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c,
2894: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
2895: Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers
2896: data source. From Daniel Kopecek and Pavel Brezina.
2897: [3f85e95d6928]
2898:
2899: 2012-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
2900:
2901: * common/sudo_conf.c, src/load_plugins.c:
2902: If sudo.conf contains an I/O plugin but no policy plugin, use
2903: sudoers for the policy plugin. If a policy plugin is specified
2904: without an I/O plugin, only the policy plugin will be loaded.
2905: [ea192df2439d]
2906:
2907: * doc/Makefile.in, doc/sudoers.man.in:
2908: Do not modify the .Os section when building the .man.in file from
2909: .mdoc.in.
2910: [a9f9628e147f]
2911:
2912: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2913: Add a note about wildcards matching multiple words and include an
2914: example. Also mention that for sudoedit, a wildcard in command line
2915: args does not match a slash.
2916: [fcb9fbac14e0]
2917:
2918: 2012-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
2919:
2920: * src/exec_pty.c, src/sudo_exec.h:
2921: Fix a comment, update a variable name in a prototype; all cosmetic.
2922: [e89f10cbd6e1]
2923:
2924: * plugins/sudoers/iolog.c:
2925: Cast 2nd argument of lseek() to off_t if it is a constant for
2926: systems with 64-bit off_t but without a proper lseek() prototype.
2927: [d8779da135d0]
2928:
2929: * compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
2930: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2931: plugins/sudoers/visudo.c:
2932: Fix some warnings from clang checker-267
2933: [1e44ef7860b5]
2934:
2935: * plugins/sample/sample_plugin.c:
2936: Fix memory leak found by clang checker-267
2937: [f8a43617fdfb]
2938:
2939: 2012-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
2940:
2941: * src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h:
2942: If we receive a signal from the command we executed, do not forward
2943: it back to the command. This fixes a problem with BSD-derived
2944: versions of the reboot command which send SIGTERM to all other
2945: processes, including the sudo process. Sudo would then deliver
2946: SIGTERM to reboot which would die before calling the reboot() system
2947: call, effectively leaving the system in single user mode.
2948: [4ffab9ab9e98]
2949:
2950: 2012-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
2951:
2952: * doc/fixman.sh, doc/fixmdoc.sh:
2953: Remove section about Solaris 10 on other systems. Add missing
2954: sudoers.man.in bit to fixman.sh.
2955: [176559199ba7]
2956:
2957: 2012-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
2958:
2959: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2960: Expand section on Solaris privileges.
2961: [3a1bfa2f1743]
2962:
2963: * NEWS:
2964: Expand a bit on the Solaris priv set changes.
2965: [bffb78b4a520]
2966:
2967: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2968: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
2969: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
2970: The second argument to init_parser() is now bool.
2971: [fb727a4fb651]
2972:
2973: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
2974: Fix printing of parse error message to stderr.
2975: [dea6b420b84f]
2976:
2977: * plugins/sudoers/check.c, plugins/sudoers/defaults.c,
2978: plugins/sudoers/match.c, plugins/sudoers/parse.c,
2979: plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
2980: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
2981: If a command matches using an empty Runas_List (i.e. Runas_List is
2982: present but empty) and the -u option was not specified, set runas_pw
2983: to user_pw instead of using runas_default. This is intended to be
2984: used in conjunction with the Solaris Privilege Set support for rules
2985: that grant privileges without changing the user.
2986: [e84a081f3c11]
2987:
2988: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
2989: plugins/sudoers/gram.c, plugins/sudoers/gram.h,
2990: plugins/sudoers/gram.y, plugins/sudoers/match.c,
2991: plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h:
2992: Add support for parsing an empty Runas_List, which only allows the
2993: command to be run as the invoking user. This can be used in
2994: conjunction with the Solaris Privilege Set support to grant
2995: privileges without changing the user.
2996: [dc34373792fc]
2997:
2998: 2012-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
2999:
3000: * doc/fixman.sh:
3001: Fix HP-UX, just use ".TH name section" like the vendor manuals.
3002: [559738237c92]
3003:
3004: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3005: Fix compilation on Solaris
3006: [2d310302207c]
3007:
3008: * .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh,
3009: doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh,
3010: doc/sudoers.mdoc.sh:
3011: Generate a sed script file when munging *.mdoc or *.man instead of
3012: passing sed expressions on the command line. Older seds do not
3013: support \n in a replacement so generate and run a sed script
3014: instead.
3015: [0bcce3f1ca18]
3016:
3017: * doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in,
3018: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in,
3019: doc/visudo.man.in:
3020: Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION"
3021: [fe0f10b63776]
3022:
3023: 2012-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
3024:
3025: * src/exec.c:
3026: When checking whether a signal is user-generated, compare si_code
3027: against SI_USER instead of <= 0 since on HP-UX, terminal-related
3028: signals get a code of 0.
3029: [4e9021243343]
3030:
3031: * src/sudo.c:
3032: SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX
3033: interchangably. This causes problems when setting RLIMIT_NPROC to
3034: RLIM_INFINITY due to a bug in bash where bash tries to honor the
3035: value of _SC_CHILD_MAX but treats a value of -1 as an error, and
3036: uses a default value of 32 instead.
3037:
3038: Previously, we just checked RLIMIT_NPROC and, if it was unlimited,
3039: restored the previous value of RLIMIT_NPROC. However, that makes it
3040: impossible to set nproc to unlimited. We now only restore the nproc
3041: resource limit if sysconf(_SC_CHILD_MAX) is negative. In most
3042: cases, pam_limits will set RLIMIT_NPROC for us.
3043: [cb71cc8d0b08]
3044:
3045: 2012-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
3046:
3047: * plugins/sudoers/ldap.c:
3048: Active Directory apparently requires that tenths of a second be
3049: present in a date so append .0 to the "now" value in the time
3050: filter. Also remove space for the global AND from TIMEFILTER_LENGTH
3051: since it was not being used consistently. Buffers of
3052: TIMEFILTER_LENGTH now need to account for the terminating NUL byte.
3053: [d28619ff6e45]
3054:
3055: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3056: Fix SELinux build
3057: [cc0d1f4e851b]
3058:
3059: 2012-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
3060:
3061: * MANIFEST:
3062: Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
3063: were not being kept in sync.
3064: [fc3ad1847cb1]
3065:
3066: * doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod,
3067: doc/license.pod:
3068: Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
3069: were not being kept in sync.
3070: [950363dffe3a]
3071:
3072: 2012-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
3073:
3074: * plugins/sudoers/logging.c:
3075: Fix printing of the permission denied message to standard error when
3076: a user is not allowed to run a command. This got broken by the
3077: recent logging changes.
3078: [b7af63da3ca1]
3079:
3080: * plugins/sudoers/sudoers_version.h:
3081: Bump grammar version for Solaris privs.
3082: [2a2baf024477]
3083:
3084: * doc/schema.ActiveDirectory:
3085: Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder
3086: were added. From David Hicks.
3087: [3fc432a8edb4]
3088:
3089: 2012-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
3090:
3091: * plugins/sudoers/Makefile.in:
3092: Remove lex.yy.c when building toke.c
3093: [72bb9e62b289]
3094:
3095: * doc/Makefile.in:
3096: Fix building docs in a build dir.
3097: [7a6f435af022]
3098:
3099: * doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod,
3100: doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod,
3101: doc/sudoreplay.pod, doc/visudo.pod:
3102: Remove pod versions of the manual; we now use mdoc.
3103: [5c967d2dd5db]
3104:
3105: * MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh,
3106: doc/sudoers.man.sh, doc/sudoers.mdoc.sh:
3107: Add post-processing scripts to strip out login class, BSD auth,
3108: SELinux and privilege set bits when they are not supported.
3109: [d0d51f72f597]
3110:
3111: * NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in,
3112: doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in,
3113: doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod,
3114: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
3115: plugins/sudoers/def_data.in, plugins/sudoers/gram.c,
3116: plugins/sudoers/gram.h, plugins/sudoers/gram.y,
3117: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
3118: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
3119: plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
3120: plugins/sudoers/toke.l, src/sudo.c, src/sudo.h:
3121: Merge in Solaris privilege support by Darren Moffat and John
3122: Zolnowsky
3123: [3aa0a64f2f5c]
3124:
3125: 2012-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
3126:
3127: * doc/contributors.pod:
3128: Sync with CONTRIBUTORS file
3129: [9a0852306ad9]
3130:
3131: * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
3132: doc/sudoers.man.in, doc/sudoreplay.man.in:
3133: Regen .man.in files with my private mandoc.
3134: [dc3c9fc449eb]
3135:
3136: * doc/Makefile.in:
3137: add MANDOC variable
3138: [35527e66afc5]
3139:
3140: 2012-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
3141:
3142: * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
3143: doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in:
3144: Regen .man.in files with hacked mandoc to avoid issues with historic
3145: nroff.
3146: [d45cfa7d665f]
3147:
3148: 2012-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
3149:
3150: * doc/sudo.mdoc.in, doc/sudoers.mdoc.in:
3151: Fix groff warnings.
3152: [111d522ca807]
3153:
3154: * doc/Makefile.in:
3155: Fix dependencies for .man.in files.
3156: [aefeffe1af2b]
3157:
3158: * .hgignore:
3159: Add doc/*.mdoc to ignore file
3160: [1e4de6ef2ad8]
3161:
3162: * INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in,
3163: doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
3164: doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
3165: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
3166: doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
3167: doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
3168: doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
3169: doc/visudo.man.in, doc/visudo.mdoc.in:
3170: Build .man.in and .cat files from .mdoc.in files. Add new --with-man
3171: and --with-mdoc configure options.
3172: [c963fd7e8f80]
3173:
3174: 2012-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
3175:
3176: * doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in,
3177: doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
3178: Sudo manuals formatted in mdoc, to replace the pod versions.
3179: [e6dca4030451]
3180:
3181: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
3182: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
3183: doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod,
3184: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
3185: doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod:
3186: More minor costmetic fixes.
3187: [a7287a68385a]
3188:
3189: 2012-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
3190:
3191: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
3192: Minor cosmetic fixes.
3193: [9c48bdaf3946]
3194:
3195: 2012-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
3196:
3197: * plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot:
3198: Use "a password is required" instead of "password required" when the
3199: -n flag is used and we need to read a password.
3200: [a3c30fc41648]
3201:
3202: 2012-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
3203:
3204: * NEWS:
3205: Mention logging changes.
3206: [8238fd6e02e8]
3207:
3208: * plugins/sudoers/po/sudoers.pot:
3209: regen
3210: [e2cf634ba63b]
3211:
3212: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3213: Document that other mail_* flags have precedence over mail_badpass.
3214: [9f4cc9188f40]
3215:
3216: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
3217: plugins/sudoers/logging.c, plugins/sudoers/logging.h,
3218: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
3219: Move log_denial() calls and logic to log_failure(). Move
3220: authentication failure logging to log_auth_failure(). Both of these
3221: call audit_failure() for us.
3222:
3223: This subtly changes logging for commands that are denied by sudoers
3224: but where the user failed to enter the correct password.
3225: Previously, these would be logged as "N incorrect password attempts"
3226: but now are logged as "command not allowed". Fixes bug #563
3227: [cad35f0b3ad7]
3228:
3229: 2012-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
3230:
3231: * common/aix.c:
3232: Do not set a resource limit to zero when we are unable to fetch a
3233: value from /etc/security/limits.
3234: [62bfb0a7895e]
3235:
3236: 2012-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
3237:
3238: * sudo.pp:
3239: Add "Provides: sudo" to debian sudo-ldap package
3240: [beb8afa0beb2]
3241:
3242: 2012-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
3243:
3244: * configure, configure.in, zlib/Makefile.in:
3245: Define NO_VIZ for zlib when gcc doesn't support symbol visibility
3246: attributes.
3247: [9fdcbf526386]
3248:
3249: * configure, configure.in:
3250: Use the autoconf cache when checking for symbol export control
3251: support.
3252: [03c2cce8711f]
3253:
3254: * INSTALL, common/Makefile.in, compat/Makefile.in, configure,
3255: configure.in, mkpkg, plugins/sample/Makefile.in,
3256: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3257: plugins/system_group/Makefile.in, src/Makefile.in:
3258: Add configure check for building PIE executables instead of doing it
3259: in mkpkg.
3260: [02b5b78ef258]
3261:
3262: * sudo.pp:
3263: MacOS pp backend doesn't like modes longer than 4 characters.
3264: [01b49022bf01]
3265:
3266: 2012-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
3267:
3268: * configure, configure.in:
3269: Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding
3270: -fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool
3271: will strip -fstack-protector from the linker flags and we always
3272: link with libtool.
3273: [0a0a0250ac2b]
3274:
3275: 2012-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
3276:
3277: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
3278: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
3279: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
3280: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
3281: Regen for sudo 1.8.6
3282: [1657ee28b496]
3283:
3284: * NEWS, doc/sudoers.ldap.pod:
3285: Document improved Tivoli Directory Server support.
3286: [fb411edf4687]
3287:
3288: * config.h.in, configure, configure.in, plugins/sudoers/ldap.c:
3289: Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf
3290: option to specify Tivoli key db password. Allow TLS ciphers to be
3291: configured for Tivoli.
3292: [737e17c91e60]
3293:
3294: 2012-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
3295:
3296: * plugins/sudoers/ldap.c:
3297: Tivoli Directory Server 6.3 libs always return a (bogus) error when
3298: setting LDAP_OPT_CONNECT_TIMEOUT.
3299: [504406637c38]
3300:
3301: * NEWS:
3302: Update
3303: [687a755604e8]
3304:
3305: * plugins/sudoers/ldap.c:
3306: Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the
3307: same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a
3308: set an ldap option fatal.
3309: [17cf93ae3304]
3310:
3311: 2012-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
3312:
3313: * plugins/sudoers/sudoers.c:
3314: Zero pointers in sudo_user struct after freeing, just in case.
3315: [8eff1f80b943]
3316:
3317: * plugins/sudoers/sudoers.c:
3318: Free user_gids in close function if it has not already been freed.
3319: [cbce28877f37]
3320:
3321: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
3322: plugins/sudoers/sudoers.h:
3323: Defer group ID to name resolution until we actually need it.
3324: [463e75b81e89]
3325:
3326: * src/sudo.c:
3327: It is safe to read in sudo.conf before calling user_info().
3328: [3290b6434e3c]
3329:
3330: * plugins/sudoers/env.c, plugins/sudoers/ldap.c:
3331: Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to
3332: prevent potential truncation. Bug #562.
3333: [29d9fc4e0c4e]
3334:
3335: 2012-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
3336:
3337: * sudo.pp:
3338: If installing with installp, error out if there is already an
3339: instance of the rpm package installed.
3340: [ec24c6faba22]
3341:
3342: * mkpkg:
3343: Add --disable-nls for AIX
3344: [192ac2f7d65e]
3345:
3346: 2012-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
3347:
3348: * sudo.pp:
3349: Debian sudo-ldap packages should now depend on libldap-2.4-2, not
3350: libldap2.
3351: [cbcec71e6b58]
3352:
3353: 2012-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
3354:
3355: * sudo.pp:
3356: Add Homepage and Bugs to debian control file.
3357: [0f19d7d14e66]
3358:
3359: 2012-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
3360:
3361: * mkpkg:
3362: fix typo when setting aix_freeware
3363: [2fd6feb50195]
3364:
3365: * common/Makefile.in, compat/Makefile.in, configure, configure.in,
3366: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
3367: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3368: plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in:
3369: Don't run regress tests or sudoers sanity check (using the newly-
3370: built visudo) when cross compiling. Bug #560
3371: [0c4e3f68b2f5]
3372:
3373: * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
3374: plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map,
3375: plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in,
3376: plugins/sample_group/sample_group.exp,
3377: plugins/sample_group/sample_group.map,
3378: plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
3379: plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map,
3380: plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in,
3381: plugins/system_group/system_group.exp,
3382: plugins/system_group/system_group.map,
3383: plugins/system_group/system_group.sym:
3384: Rename foo.sym -> foo.exp Remove foo.map from the repo and generate
3385: it on demand Use a loader option file for HP-UX ld to explicitly
3386: export symbols
3387: [2402ff5302ab]
3388:
3389: * src/Makefile.in:
3390: Remove extraneous backslash
3391: [8ca054de138c]
3392:
3393: * plugins/sudoers/regress/check_symbols/check_symbols.c:
3394: Don't check for errorx as an exported symbols as it is now a macro.
3395: Check for user_in_group() instead.
3396: [7b02c8ecd3ea]
3397:
3398: 2012-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
3399:
3400: * configure, configure.in:
3401: Adjust ld map file support to use an anonymous scope to match the
3402: updated .map files.
3403: [49be44282d9e]
3404:
3405: 2012-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
3406:
3407: * config.h.in, configure, configure.in, include/gettext.h:
3408: Older versions of Solaris lack ngettext()
3409: [028af10dfa5f]
3410:
3411: * configure, configure.in:
3412: Move the check for -static-libgcc until after AC_LANG_WERROR has
3413: been called and use AX_CHECK_COMPILE_FLAG().
3414: [a7b09120e7ff]
3415:
3416: * include/gettext.h:
3417: Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H
3418: [3aa2780d4a4e]
3419:
3420: * include/error.h, include/sudo_debug.h:
3421: Fix gcc 2.x variant macro support.
3422: [8e71c2370997]
3423:
3424: * plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c:
3425: Fix compilation on gcc 2.95 and other compilers that only allow
3426: variable declarations at the beginning of a block.
3427: [9d80c802bb46]
3428:
3429: * configure, configure.in, plugins/sudoers/Makefile.in:
3430: Link check_symbols with SUDO_LIBS to make sure we link with the
3431: requisite libraries to successfully dlopen sudoers.so. This is
3432: needed on HP-UX where a program dlopen()ing a shared object that
3433: uses pthreads must also be linked with pthreads (and HP-UX LDAP uses
3434: pthreads).
3435: [b8961cd82337]
3436:
3437: * plugins/sudoers/regress/check_symbols/check_symbols.c:
3438: Add check for exported local symbols. This will cause a "make
3439: check" failure on systems where we don't support symbol hiding.
3440: [8aa549389bb1]
3441:
3442: * configure, configure.in:
3443: Additional ${foo} -> $(foo) Makefile tweaks.
3444: [046bbde18f52]
3445:
3446: * plugins/sample/sample_plugin.map,
3447: plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map,
3448: plugins/system_group/system_group.map:
3449: No need to provide a name for the scope in the map file since we
3450: don't use the it for versioning.
3451: [5ed4b997560d]
3452:
3453: 2012-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
3454:
3455: * MANIFEST, plugins/sudoers/Makefile.in,
3456: plugins/sudoers/regress/check_symbols/check_symbols.c:
3457: Add regress test for symbol visibility.
3458: [9adddd4e0518]
3459:
3460: 2012-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
3461:
3462: * NEWS, configure, configure.in:
3463: sudo 1.8.6
3464: [57008a7afb77]
3465:
3466: * configure, configure.in, include/missing.h:
3467: Add support for controlling symbol visibility using the HP and
3468: Solaris C compilers.
3469: [46d5b468979e]
3470:
3471: * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
3472: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
3473: plugins/sudoers/sudoers.h:
3474: Use the expanded io log dir when updating the sequence number.
3475: Includes a workaround for older versions of sudo where the sequence
3476: number was stored in the unexpanded io log dir.
3477: [210797dab9a8]
3478:
3479: 2012-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
3480:
3481: * src/parse_args.c:
3482: Simplify "sudo -s" argv rewriting.
3483: [7be143dae7c5]
3484:
3485: * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
3486: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3487: plugins/system_group/Makefile.in, src/Makefile.in,
3488: src/sudo_noexec.map:
3489: Don't use a map file for sudo_noexec.so since Solaris ld doesn't
3490: allow '*' in the global section. The libtool export flag is now
3491: added to LT_LDFLAGS instead of commenting/uncommenting lines.
3492: [38fc37a66b04]
3493:
3494: 2012-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
3495:
3496: * config.h.in, configure, configure.in, include/missing.h:
3497: The visibility attribute was actually added in gcc 3.3.x, not 4.0.
3498: Just assume that if -fvisibility=hidden works that the attribute is
3499: usable.
3500: [d3904d6faf14]
3501:
3502: * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
3503: plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
3504: plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
3505: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
3506: plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map,
3507: plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c,
3508: plugins/system_group/system_group.c:
3509: Export group cache from sudoers.so for system_group.so to use.
3510: [16695d207fc5]
3511:
3512: * MANIFEST, configure, configure.in, include/missing.h,
3513: plugins/sample/Makefile.in, plugins/sample/sample_plugin.map,
3514: plugins/sample_group/Makefile.in,
3515: plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in,
3516: plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
3517: plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in,
3518: plugins/system_group/system_group.map, src/sudo_noexec.c,
3519: src/sudo_noexec.map:
3520: Use gcc's visibility attribute to specify when symbols are visible
3521: or hidden, if available. If not available, use an ELF version
3522: script if it is supported. If all else fails, fall back to using
3523: libtool's -export-symbols.
3524: [64e889921727]
3525:
3526: 2012-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
3527:
3528: * sudo.pp:
3529: Add mode for installed locale files but leave the directories with
3530: default mode and owner.
3531: [142237dbb31f]
3532:
3533: 2012-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
3534:
3535: * mkpkg, sudo.pp:
3536: Install AIX packages under /opt/freeware with links in /usr/bin and
3537: /usr/sbin. This matches the layout of the sudo package from AIX
3538: freeware.
3539: [0b79d47bbe01]
3540:
3541: * Makefile.in, configure, configure.in, plugins/sample/Makefile.in,
3542: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3543: plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp:
3544: Install shared objects with mode 0644 except on HP-UX which needs
3545: the executable bit set.
3546: [ae416af0ba6c]
3547:
3548: * Makefile.in, doc/Makefile.in, include/Makefile.in,
3549: plugins/sudoers/Makefile.in, src/Makefile.in:
3550: Make installed file modes consistent with the file modes in the sudo
3551: package.
3552: [307386373289]
3553:
3554: 2012-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
3555:
3556: * doc/sudoers.pod:
3557: Add "%:" prefix when talking about QAS non-Unix group support.
3558: [7cb25f6861f8]
3559:
3560: * pp, sudo.pp:
3561: Fix packaging of symbolic links on HP-UX when the link source
3562: already exists in the filesystem.
3563: [c9bb48031596]
3564:
3565: * mkpkg:
3566: Only specify prefix if we are overriding the default value. Fixes
3567: the man dir (/usr/local/man vs. /usr/local/share/man).
3568: [65351b6c1697]
3569:
3570: * sudo.pp:
3571: Fix setting of sudoedit_man variable.
3572: [9beed9ae5bba]
3573:
3574: * doc/Makefile.in:
3575: Echo the command when linking the sudoedit manual.
3576: [6c83b5657b55]
3577:
3578: 2012-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
3579:
3580: * mkpkg, sudo.pp:
3581: Build .deb packages with selinux support.
3582: [3fd9cb1b4526]
3583:
3584: 2012-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
3585:
3586: * sudo.pp:
3587: Don't list paths for unstripped binaries in the lintial overrides.
3588: [4c8e16f1773b]
3589:
3590: * pp:
3591: Add support for Installed-Size header in control file, required by
3592: newer debian versions.
3593: [e97d76234bee]
3594:
3595: * pp:
3596: Fix extended description in .deb files.
3597: [d35e27ace146]
3598:
3599: * sudo.pp:
3600: Add Depends, Replaces and Conflicts headers for .deb packages.
3601: [76eb6c4b3278]
3602:
3603: 2012-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
3604:
3605: * plugins/sudoers/sudo_nss.c:
3606: If there are no privs to print, write the message to the lbuf
3607: instead of printing it directly.
3608: [ecd56226abb7]
3609:
3610: 2012-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
3611:
3612: * sudo.pp:
3613: Set -e in %pos and %preun for debian to quiet a lintian warning.
3614: [8bb908514df9]
3615:
3616: * doc/Makefile.in, src/Makefile.in, sudo.pp:
3617: Install sudoedit and the sudoedit manual as symbolic links, not hard
3618: links and package them as such.
3619: [f317ff3cf3e7]
3620:
3621: * sudo.pp:
3622: Make sudo binary permissions 755 instead of 111 Add lintian
3623: overrides file for .deb files.
3624: [991cd7d7f0e1]
3625:
3626: * configure, configure.in, doc/Makefile.in, mkpkg:
3627: Replace out of date MAN_POSTINSTALL with MANCOMPRESS and
3628: MANCOMPRESSEXT which can be used to compress the installed manual
3629: pages. Compress the man pages for .deb files to appease lintian.
3630: [4e34083b41d2]
3631:
3632: * sudo.pp:
3633: Debian fixes:
3634: * fix modes to be more in line with what Debian expects
3635: * add section
3636: * install LICENSE as copyright and ChangeLog as changelog
3637: * create stub changelog.debian
3638: [7f6c5647f588]
3639:
3640: * pp:
3641: Fix find command to properly skip files in the DEBIAN dir when
3642: building md5sums.
3643: [8918bde941fa]
3644:
3645: * pp, sudo.pp:
3646: Use a debian-compliant package maintainer field.
3647: [fc51a94170eb]
3648:
3649: 2012-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
3650:
3651: * plugins/sudoers/sudoreplay.c:
3652: No need to loop over atomic_writev(), it guarantees to write all
3653: data or return an error.
3654:
3655: Fix handling of stdout/stderr that contains "\r\n" and handle a
3656: "\r\n" pair that spans a buffer.
3657: [8aaf02d90c45]
3658:
3659: 2012-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
3660:
3661: * NEWS:
3662: Update for sudo 1.8.5p2
3663: [d369d4d40a19]
3664:
3665: * plugins/sudoers/sudoreplay.c:
3666: Instead of doing extra write()s when replaying stdout, build up a
3667: vector for writev() instead. This results in far fewer system
3668: calls.
3669: [303d866c025c]
3670:
3671: 2012-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
3672:
3673: * src/env_hooks.c, src/sudo.h, src/tgetpass.c:
3674: Provide unhooked version of getenv() and use it when looking up
3675: DISPLAY and SUDO_ASKPASS in the environment.
3676: [04dbdccf4a14]
3677:
3678: 2012-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
3679:
3680: * plugins/sudoers/sudoreplay.c:
3681: When replaying a log of stdout or stderr, do newline to carriage
3682: return + linefeed conversion. We cannot have termios do this for us
3683: since we've disabled output postprocessing (POST) when setting raw
3684: mode.
3685: [61352a7d996f]
3686:
3687: 2012-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
3688:
3689: * configure, configure.in:
3690: When checking for -fstack-protector, treat warnings as fatal errors.
3691: [4124cd12d511]
3692:
3693: 2012-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
3694:
3695: * configure, configure.in:
3696: Fix test for -z relro
3697: [548bdb6f5c4a]
3698:
3699: * MANIFEST:
3700: Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4
3701: [ed063264a2a1]
3702:
3703: * INSTALL, aclocal.m4, configure, configure.in,
3704: m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4:
3705: Build with -fstack-protector and link with -zrelo where supported.
3706: Added --disable-hardening option to disable hardening options.
3707: [0b6c1a1ceb03]
3708:
3709: 2012-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
3710:
3711: * plugins/sudoers/Makefile.in,
3712: plugins/sudoers/regress/testsudoers/test1.sh,
3713: plugins/sudoers/regress/testsudoers/test2.sh,
3714: plugins/sudoers/regress/testsudoers/test3.sh,
3715: plugins/sudoers/regress/testsudoers/test4.out.ok,
3716: plugins/sudoers/regress/testsudoers/test4.sh,
3717: plugins/sudoers/regress/testsudoers/test5.inc,
3718: plugins/sudoers/regress/testsudoers/test5.out.ok,
3719: plugins/sudoers/regress/testsudoers/test5.sh,
3720: plugins/sudoers/testsudoers.c:
3721: Add tests for sudoers mode, owner and group checks.
3722: [a7607443aba0]
3723:
3724: * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
3725: If sudoers_mode is group-readable but the actual sudoers file is
3726: not, open the file as uid 0, not uid 1. This fixes a problem when
3727: sudoers has a more restrictive mode than what sudo expects to find.
3728: In older versions, sudo would silently chmod the file to add the
3729: group-readable bit.
3730: [c056b6003e6f]
3731:
3732: * INSTALL, common/secure_path.c, config.h.in, configure, configure.in:
3733: No longer throw an error if sudoers is a symbolic link. Deprecated
3734: the --with-stow option as that is now (effectively) the default.
3735: [8ce783e54886]
3736:
3737: 2012-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
3738:
3739: * plugins/sudoers/Makefile.in,
3740: plugins/sudoers/regress/testsudoers/test2.inc,
3741: plugins/sudoers/regress/testsudoers/test2.out.ok,
3742: plugins/sudoers/regress/testsudoers/test2.sh,
3743: plugins/sudoers/regress/testsudoers/test3.d/root,
3744: plugins/sudoers/regress/testsudoers/test3.out.ok,
3745: plugins/sudoers/regress/testsudoers/test3.sh:
3746: Add basic tests for #include and #includedir
3747: [b303e4218951]
3748:
3749: * plugins/sudoers/testsudoers.c:
3750: Add -U sudoers_uid option to testsudoers.
3751: [3f8ed13501ba]
3752:
1.1.1.2 misho 3753: 2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
3754:
3755: * NEWS, configure, configure.in:
3756: Update for 1.8.5p1
3757: [c33c49bf5b4b]
3758:
3759: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3760: Fix #includedir; from Mike Frysinger
3761: [d4833d4e39a0]
3762:
3763: * plugins/sudoers/check.c:
3764: Don't prompt for a password if the user is in the exempt group, is
3765: root, or is running the command as themselves even if the -k option
3766: was specified. This makes "sudo -k command" consistent with the
3767: behavior one would get if the user ran "sudo -k" immediately before
3768: running the command.
3769: [632b3961df00]
3770:
3771: 2012-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
3772:
3773: * INSTALL:
3774: Fix capitalization
3775: [7258aa977caf]
3776:
3777: * mkpkg:
3778: Build PIE executable on Mac OS X 10.5 and above.
3779: [2a5c7ef92182]
3780:
3781: 2012-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
3782:
3783: * NEWS:
3784: Update for sudo 1.8.4p5
3785: [21164f508b68]
3786:
3787: * plugins/sudoers/match_addr.c:
3788: Add missing break between AF_INET and AF_INET6 in
3789: addr_matches_if_netmask()
3790: [672a4793931a]
3791:
3792: * plugins/sudoers/mon_systrace.c:
3793: Move systrace monitor code to the attic
3794: [d6faf4754e9c]
3795:
3796: 2012-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
3797:
3798: * src/exec.c:
3799: The pointer to the siginfo_t struct in a signal handler may be NULL.
3800: [41a4ee934b53]
3801:
3802: 2012-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
3803:
3804: * plugins/sudoers/pwutil.c:
3805: Fix an alignment problem on NetBSD systems with a 64-bit time_t and
3806: strict alignment. Based on a patch from Martin Husemann.
3807: [1e5ba3c18f17]
3808:
3809: * include/missing.h:
3810: Add offsetof macro for those without it.
3811: [e44cb51d2587]
3812:
3813: * MANIFEST:
3814: add system_group plugin
3815: [6169793b510c]
3816:
3817: 2012-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
3818:
3819: * compat/dlopen.c:
3820: Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX.
3821: [85bd03bc5d94]
3822:
3823: 2012-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
3824:
3825: * NEWS:
3826: Mention system_group plugin
3827: [05393dd4bdb8]
3828:
3829: * Makefile.in, plugins/sudoers/Makefile.in,
3830: plugins/system_group/Makefile.in:
3831: update depends
3832: [6feb0b824fc4]
3833:
3834: * plugins/system_group/system_group.c:
3835: Only call gr_delref() when use sudo's password caching functions.
3836: [1103442e21fa]
3837:
3838: * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in:
3839: Add missing dependency on libreplace.la
3840: [05bfd9d4657f]
3841:
3842: * compat/dlopen.c:
3843: Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and
3844: PROG_HANDLE.
3845: [2382d0693acc]
3846:
3847: * Makefile.in, configure, configure.in,
3848: plugins/system_group/Makefile.in,
3849: plugins/system_group/system_group.c,
3850: plugins/system_group/system_group.sym:
3851: Add group plugin that does lookups by name using the system group
3852: database.
3853: [2ddbb604112f]
3854:
3855: * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo,
3856: src/po/pl.po:
3857: sync with translationproject.org
3858: [4ef05df4226d]
3859:
3860: 2012-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
3861:
3862: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
3863: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
3864: plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
3865: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
3866: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
3867: src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po,
3868: src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
3869: src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po,
3870: src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
3871: src/po/zh_CN.mo, src/po/zh_CN.po:
3872: sync with translationproject.org
3873: [115c3f828fc5]
3874:
3875: 2012-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
3876:
3877: * sudo.pp:
3878: Add mode for docdir and use '-' (default) for localedir mode. Fixes
3879: a problem on Linux when building in a directory with the setgid bit
3880: set.
3881: [582279c8bcb1]
3882:
3883: 2012-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
3884:
3885: * pp:
3886: Match CentOS 6.0
3887: [1e99ef210f98]
3888:
3889: 2012-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
3890:
3891: * NEWS:
3892: Update with recent changes
3893: [c5fc220ba696]
3894:
3895: * pp:
3896: Fix version check on AIX
3897: [d272e39112f4]
3898:
3899: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
3900: regen
3901: [72b23509465a]
3902:
3903: * plugins/sudoers/ldap.c:
3904: Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP
3905: SDK.
3906: [87b685e70b9a]
3907:
3908: * plugins/sudoers/ldap.c:
3909: Fix printing of invalid uri
3910: [645aa53acdde]
3911:
3912: * plugins/sudoers/auth/pam.c:
3913: Pass PAM_SILENT when deleting creds to remove an annoying warning
3914: message on Solaris.
3915: [1dd0301ef293]
3916:
3917: 2012-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
3918:
3919: * src/utmp.c:
3920: Fix the setutxent and endutxent compatibility defines (this time
3921: correctly) when only setutent and endutent are available.
3922: [d136d2867db9]
3923:
3924: * plugins/sudoers/ldap.c:
3925: sudo_ldap_set_options_global() should not take an LDAP handle as an
3926: argument since the options affect the global settings.
3927: [1dc39b9d20f2]
3928:
3929: * mkpkg:
3930: Debian sudo has not been built with --with-exempt=sudo since 1.6.8.
3931: [c7716291a856]
3932:
3933: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
3934: plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c,
3935: src/sudo.h:
3936: Call the policy's init_session() function before we fork the child.
3937: That way, the session is created and destroyed in the same process,
3938: which is needed by some modules, such as pam_mount.
3939: [ece552ba002e]
3940:
3941: * doc/TROUBLESHOOTING:
3942: Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is
3943: not specified.
3944: [bd293e100b28]
3945:
3946: * plugins/sudoers/auth/pam.c:
3947: Delete creds after closing the PAM session.
3948: [5158d726d6a5]
3949:
3950: * plugins/sudoers/ldap.c:
3951: Provide a more useful error message if using a Mozilla-style LDAP
3952: SDK and you forgot to specify TLS_CERT in ldap.conf.
3953: [7cb78feb899c]
3954:
3955: * src/exec_pty.c:
3956: Add missing initialization of a sigaction structure when I/O
3957: logging. Fixes a potential problem when suspending the command.
3958: [f4480f2ba816]
3959:
3960: * plugins/sudoers/ldap.c:
3961: Split global and per-connection LDAP options into separate arrays.
3962: Set global LDAP options before calling ldap_initialize() or
3963: ldap_init(). After we have an LDAP handle, set the per-connection
3964: options. Fixes a problem with OpenLDAP using the nss crypto backend;
3965: bug #342
3966: [265c9d2dc12b]
3967:
3968: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
3969: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
3970: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
3971: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
3972: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
3973: src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po,
3974: src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
3975: sync with translationproject.org
3976: [6d7fe44be21e]
3977:
3978: 2012-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
3979:
3980: * src/sudo.c, src/sudo.h:
3981: Move struct passwd pointer into struct command details.
3982: [d6fb1eff2065]
3983:
3984: 2012-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
3985:
3986: * pp:
3987: Sync with upstream for Mac OS X (and other) fixes.
3988: [c2f4998d01b0]
3989:
3990: * mkpkg:
3991: Only built Mac intel universal binary on an intel machine.
3992: [0009e0b7e5a8]
3993:
3994: * src/Makefile.in:
3995: Do not pass libtool the -static-libtool-libs option when building
3996: sudo and sesh. Otherwise, libtool may prefer a static version of an
3997: installed library over a dynamic one when linking.
3998: [6fbac9adc885]
3999:
4000: 2012-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
4001:
4002: * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo,
4003: plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po:
4004: Add German translation for sudo Add Croatian translation for sudoers
4005: [fa4da1a6530c]
4006:
4007: * plugins/sudoers/iolog.c:
4008: typo fix in comment
4009: [abd721d1288e]
4010:
4011: 2012-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
4012:
4013: * NEWS:
4014: Update with recent changes
4015: [6fa11e8448b9]
4016:
4017: * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
4018: Sort xgettext output by file name.
4019: [f650841810f0]
4020:
4021: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
4022: Clarify what "sudoreplay -l" displays and mention that it is sorted.
4023: [84031c117bd6]
4024:
4025: * config.h.in, configure, configure.in, src/ttyname.c:
4026: Use AC_HEADER_MAJOR to determine where major/minor are defined.
4027: [3c949650a223]
4028:
4029: * config.h.in, configure, configure.in, src/ttyname.c:
4030: Include sys/mkdev.h if present instead of sys/sysmacros.h for
4031: minor(). This is needed on Solaris (at least) where the makedev
4032: macros in sysmacros.h are obsolete and library functions should be
4033: used instead.
4034: [343928acf81e]
4035:
4036: * mkpkg:
4037: When building on Mac OS X, only set SDK_FLAGS if specified osversion
4038: doesn't match host.
4039: [d84c6efac872]
4040:
4041: 2012-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
4042:
4043: * src/ttyname.c:
4044: Add back buf and tty variables for _ttyname() case that were
4045: inadvertantly removed.
4046: [a4a820b22a44]
4047:
4048: 2012-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
4049:
4050: * plugins/sudoers/po/sudoers.pot:
4051: regen
4052: [5446b12c1250]
4053:
4054: * configure, configure.in:
4055: Remove b8 from version number.
4056: [5adc4dcec061]
4057:
4058: * src/ttyname.c:
4059: remove some XXX
4060: [187579a5f593]
4061:
4062: * src/ttyname.c:
4063: When looking for a device match, do a breadth-first search instead
4064: of depth-first. We already special case /dev/pts/ so chances are
4065: good that if it is not a pseudo-tty it is in the base of /dev/. Also
4066: avoid a stat(2) when possible if struct dirent has d_type.
4067: [0183f8a1b278]
4068:
4069: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4070: src/sudo.c, src/sudo.h:
4071: Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list.
4072: [f0574d878491]
4073:
4074: * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo,
4075: src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo,
4076: src/po/vi.mo:
4077: sync with translationproject.org
4078: [4527ea78fbd5]
4079:
4080: * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po,
4081: src/po/hr.mo, src/po/hr.po:
4082: New Croatian and Galician translations from translationproject.org
4083: [ad4bd924b4de]
4084:
4085: * src/ttyname.c:
4086: Add depth-first traversal of /dev/ for the /proc case when not
4087: /dev/pts/N
4088: [499bd3456774]
4089:
4090: * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c:
4091: If struct dirent has d_type, use it to avoid an extra stat().
4092: [741dabbe4bcd]
4093:
4094: * plugins/sudoers/sudoreplay.c:
4095: Sort output of "sudoreplay -l"
4096: [c0615795bd4b]
4097:
4098: 2012-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
4099:
4100: * plugins/sudoers/sudoreplay.c:
4101: Fix duplicate free introduced in last rev
4102: [efdaabe69d75]
4103:
4104: 2012-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
4105:
4106: * plugins/sudoers/auth/pam.c:
4107: Instead of treating ^C from tgetpass() specially, always return
4108: AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL
4109: like PAM_AUTH_ERR which Mac OS X returns this when there is no tty.
4110: [a3b17298d4d0]
4111:
4112: * config.h.in, configure, configure.in, src/ttyname.c:
4113: Rototill code to determine the tty. For Linux, we now look up the
4114: tty device in /proc/pid/stat instead of trying to open
4115: /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given
4116: device number to a string. On BSD, we can use devname(). On
4117: Solaris, _ttyname_dev() does what we want. TODO: write /dev/
4118: traversal code for the generic sudo_ttyname_dev().
4119: [6b22be4d09f0]
4120:
4121: 2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
4122:
4123: * src/ttyname.c:
4124: Define PRNODEV for those w/o it.
4125: [f17290e64559]
4126:
4127: * config.h.in, configure, configure.in, src/ttyname.c:
4128: Check for SVR4-style struct psinfo.pr_ttydev and use that to
4129: determine the tty if std{in,out,err} are not ttys.
4130: [76ad33a91f4b]
4131:
4132: * src/ttyname.c:
4133: Better support for SVR4-style /proc entries where we can't use
4134: ttyname() on the /proc/pid/fd/[0-2] entries. We can, however,
4135: attempt to map the device number back to the correct pseudo-tty
4136: slave device.
4137: [4f9f48cc79eb]
4138:
4139: * src/ttyname.c:
4140: When trying to determine the tty name, check parent's stderr in
4141: addition to its stdin and stdout.
4142: [604644056c7d]
4143:
4144: * src/exec_pty.c:
4145: Treat a tty read failure like EOF as it usually means the pty has
4146: gone away. Handle write() on the tty returning EIO.
4147: [16957f4a706f]
4148:
4149: * src/exec.c, src/exec_pty.c:
4150: Linux select() may return ENOMEM if there is a kernel resource
4151: shortage. Older Solaris select() may return EIO instead of EBADF
4152: when the tty goes away. If we get an unhandled select() failure,
4153: kill the child and exit cleanly.
4154: [d93940a311ab]
4155:
4156: * src/ttyname.c:
4157: Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might
4158: block in open.
4159: [a9f809d09d52]
4160:
4161: 2012-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
4162:
4163: * plugins/sudoers/set_perms.c:
4164: Fix restoration of AIX permissions.
4165: [30c717115988]
4166:
4167: * src/parse_args.c:
4168: Allow the -k flag to be used along with the -i and -s flags.
4169: [0653b17c97f1]
4170:
4171: * plugins/sudoers/sudoreplay.c:
4172: Plug memory leak in parse_logfile() in the error path.
4173: [9cce86fa833b]
4174:
4175: * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
4176: src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po,
4177: src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po,
4178: src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
4179: src/po/zh_CN.mo, src/po/zh_CN.po:
4180: sync with translationproject.org
4181: [14af43d0b170]
4182:
4183: 2012-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
4184:
4185: * compat/regress/glob/globtest.c, config.h.in, configure,
4186: configure.in, plugins/sudoers/match.c:
4187: Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the
4188: glob() and fnmatch() results to be consistent.
4189: [4226750d73c2]
4190:
4191: 2012-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
4192:
4193: * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in,
4194: src/ttysize.c:
4195: Move ttysize.c to common so sudoreplay can use it.
4196: [b4a0aa514cd4]
4197:
4198: * plugins/sudoers/sudoreplay.c:
4199: If I/O log file includes rows + cols, warn if the user's tty is not
4200: big enough.
4201: [b980ef89efff]
4202:
4203: * plugins/sudoers/sudoreplay.c:
4204: Fix printing of TSID in "sudoreplay -l"
4205: [4221e3e108b4]
4206:
4207: * common/sudo_debug.c, include/sudo_debug.h,
4208: plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c,
4209: src/exec_pty.c:
4210: Log the process id in the debug file output. Since we don't want to
4211: keep calling getpid(), stash the value at init time and when we
4212: fork().
4213: [2782d30c024d]
4214:
4215: * src/exec_pty.c:
4216: Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It
4217: is better to receive EIO from read()/write() than to be suspended
4218: when we don't expect it. Fixes a problem when our terminal is
4219: revoked which can happen when, e.g. our sshd is killed
4220: unceremoniously. Also, only change the value of "alive" from true to
4221: false, never from false to true. It is possible for us to receive
4222: notification of the child having stopped after it is already dead.
4223: This does not mean it has risen from the grave.
4224: [26c9fe8ce0f9]
4225:
4226: * src/exec_pty.c:
4227: Distinguish between signals we received from the parent vs. those
4228: delivered explicitly to the monitor process in debugging info.
4229: [40716cb180e5]
4230:
4231: 2012-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
4232:
4233: * plugins/sudoers/check.c:
4234: In Solaris 11, /dev/pts under the "dev" filesystem, not "devices".
4235: Update tty_is_devpts() to match so we can determine when the tty has
4236: been reused.
4237: [2689665df027]
4238:
4239: * common/sudo_debug.c, include/error.h, include/sudo_debug.h:
4240: Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf()
4241: and use a new flag, SUDO_DEBUG_FILENO to specify when to use it.
4242: This allows consumers of sudo_debug_printf() to log that data
4243: without having to specify it manually.
4244: [7c94c4879208]
4245:
4246: * src/exec_pty.c:
4247: Make this compile after last change.
4248: [ee09034f3266]
4249:
4250: * src/exec_pty.c:
4251: Don't try to restore the terminal if we are not the foreground
4252: process. Otherwise, we may be stopped by SIGTTOU when we try to
4253: update the terminal settings when cleaning up.
4254: [c48b24335456]
4255:
4256: * src/exec.c:
4257: If select() return EBADF in the main event loop, one of the ttys
4258: must have gone away so perform any I/O we can and close the bad fds.
4259: [3bc8678c03ce]
4260:
4261: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
4262: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
4263: plugins/sudoers/toke.l:
4264: Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the
4265: function, file and line number in the debug log for warning() and
4266: error().
4267: [894cd131f11d]
4268:
4269: 2012-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
4270:
4271: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
4272: src/conversation.c:
4273: Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno.
4274: Use this flag when wrapping error() and warning() so the debug
4275: output includes the error string.
4276: [1e2c67adaf1f]
4277:
4278: 2012-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
4279:
4280: * NEWS:
4281: Update for sudo 1.8.5
4282: [7d2b62b823fe]
4283:
4284: * plugins/sudoers/po/sudoers.pot:
4285: regen
4286: [718ad9de92cd]
4287:
4288: * doc/CONTRIBUTORS:
4289: sync
4290: [f48013aea641]
4291:
4292: * plugins/sudoers/pwutil.c:
4293: Use ecalloc()
4294: [fabd23c1f271]
4295:
4296: * src/exec_pty.c:
4297: Don't need zero_bytes() after ecalloc()
4298: [1a9d95cd10ef]
4299:
4300: * config.h.in, configure, configure.in, src/sudo_noexec.c:
4301: Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to
4302: sudo_noexec.c.
4303: [cbaa1d4b0f8a]
4304:
4305: * src/utmp.c:
4306: Fix compat setutxent and endutxent macros for systems with
4307: setutent() but not setutxent(). From Gustavo Zacarias
4308: [d7ce622fc5f2]
4309:
4310: 2012-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
4311:
4312: * configure.in:
4313: Add ignore_result definition to AH_BOTTOM
4314: [8d4096838a98]
4315:
4316: * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c,
4317: plugins/sudoers/iolog.c, plugins/sudoers/toke.c,
4318: plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c,
4319: src/exec.c, src/exec_pty.c, src/tgetpass.c:
4320: Fix compiler warnings on some platforms and provide a better method
4321: of defeating gcc's warn_unused_result attribute.
4322: [9a8f804fcc75]
4323:
4324: * configure, configure.in:
4325: Fix building the builtin zlib from a build dir. When a zlib dir was
4326: specified, prepend its include path instead of appending so we get
4327: the right zlib headers.
4328: [5f61d591b186]
4329:
4330: * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h,
4331: zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c,
4332: zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h,
4333: zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in,
4334: zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
4335: Update zlib to version 1.2.6
4336: [173c4bc4d4fc]
4337:
4338: 2012-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
4339:
4340: * include/missing.h:
4341: g/c __unused which is no longer used
4342: [7ef3f23edcd6]
4343:
4344: * src/env_hooks.c:
4345: Fix compilation if RTLD_NEXT is not defined.
4346: [d5605f468b71]
4347:
4348: * src/po/sr.mo, src/po/sr.po:
4349: sync with translationproject.org
4350: [27d559f7985d]
4351:
4352: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
4353: doc/sudoers.man.in:
4354: regen
4355: [f9f63ce478b6]
4356:
4357: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
4358: regen
4359: [59035d82d15a]
4360:
4361: * Makefile.in:
4362: Ignore Project-Id-Version when comparing pot files.
4363: [22feb9ede46b]
4364:
4365: * plugins/sudoers/bsm_audit.c:
4366: Use error() instead of log_fatal()
4367: [54130bda4b50]
4368:
4369: * plugins/sudoers/env.c:
4370: Fix signedness of didvar in env_update_didvar()
4371: [77048a80b3e4]
4372:
4373: * plugins/sudoers/iolog.c:
4374: Quiet a compiler warning on some platforms.
4375: [8fdcaece0400]
4376:
4377: * compat/fnmatch.c:
4378: cast ctype(3) function/macro arguments from char to unsigned char to
4379: avoid potential negative subscripting.
4380: [bdcf7eef21ef]
4381:
4382: * common/setgroups.c:
4383: Quiet a warning on systems where the gids array in setgroups() is
4384: not prototyped as being const, even though it really is.
4385: [fdd758c6302d]
4386:
4387: * src/env_hooks.c:
4388: Quiet a compiler warning on systems where the argument to putenv(3)
4389: is const.
4390: [51bae2193b53]
4391:
4392: * plugins/sudoers/sudoreplay.c:
4393: Undo an incorrect int -> bool conversion.
4394: [b9a4ce320f14]
4395:
4396: * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
4397: src/po/sv.mo, src/po/sv.po:
4398: Add Swedish sudo and sudoers translations from
4399: translationproject.org
4400: [f7ce1de9073f]
4401:
4402: * plugins/sudoers/env.c:
4403: No need to preserve ODMDIR on AIX now that we always read
4404: /etc/environment.
4405: [4aa04b2f0125]
4406:
4407: 2012-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
4408:
4409: * doc/sudoers.pod, plugins/sudoers/env.c:
4410: When initializing the environment for env_reset, start out with the
4411: contents of /etc/environment on AIX and login.conf on BSD.
4412: [5717bdc321e2]
4413:
4414: * doc/TROUBLESHOOTING, src/sudo.c:
4415: If we are not running with an effective uid of 0, try to give the
4416: user enough information to debug the problem.
4417: [fa4894896d8a]
4418:
4419: * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
4420: Quiet a clang-analyzer false positive.
4421: [c4c0c1b9c8b0]
4422:
4423: * src/tgetpass.c:
4424: If there is nothing to read from the askpass program, set errno to
4425: EINTR. This makes the cancel button behave like the user entered ^C
4426: at the password prompt when PAM is used.
4427: [594302cb9caf]
4428:
4429: * src/sudo.h, src/tgetpass.c:
4430: Fetch the value of "askpass" from the sudo conf struct.
4431: [4593ee8f1bd3]
4432:
4433: * common/sudo_conf.c:
4434: Fix matching of "Path askpass" and "Path noexec"
4435: [4df28d62afb9]
4436:
4437: 2012-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
4438:
4439: * plugins/sudoers/visudo.c:
4440: Quiet a clang-analyzer dead store warning.
4441: [dd90bf385a3f]
4442:
4443: * plugins/sudoers/sudoers.c:
4444: If the "timestampowner" user cannot be resolved, use ROOT_UID
4445: instead of exiting with a fatal error.
4446: [8d62aae99715]
4447:
4448: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
4449: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
4450: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c,
4451: plugins/sudoers/check.c, plugins/sudoers/env.c,
4452: plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
4453: plugins/sudoers/logging.h, plugins/sudoers/parse.c,
4454: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
4455: Remove the NO_EXIT flag to log_error() and add a log_fatal()
4456: function that exits and is marked no_return. Fixes false positives
4457: from static analyzers and is easier for humans to read too.
4458: [a0fe785c2a3d]
4459:
4460: 2012-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
4461:
4462: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
4463: src/po/eo.po:
4464: sync with translationproject.org
4465: [df5e8777de13]
4466:
4467: 2012-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
4468:
4469: * src/po/da.mo, src/po/da.po:
4470: sync with translationproject.org
4471: [629d99548b78]
4472:
4473: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
4474: sync with translationproject.org
4475: [9d122a2860d6]
4476:
4477: 2012-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
4478:
4479: * src/po/it.mo, src/po/it.po:
4480: sync with translationproject.org
4481: [6397593b15cf]
4482:
4483: * common/sudo_conf.c, plugins/sudoers/alias.c,
4484: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
4485: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4486: plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c,
4487: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
4488: plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c,
4489: src/load_plugins.c:
4490: Use ecalloc() when allocating structs.
4491: [8b5888868db2]
4492:
4493: * common/alloc.c, include/alloc.h:
4494: Add ecalloc() and commented out recalloc(). Use inline strnlen()
4495: instead of strlen() in estrndup().
4496: [7fb9aa46c1e0]
4497:
4498: 2012-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
4499:
4500: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
4501: plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
4502: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
4503: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
4504: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
4505: src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
4506: src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
4507: src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
4508: src/po/zh_CN.mo, src/po/zh_CN.po:
4509: sync with translationproject.org
4510: [45a032c37334]
4511:
4512: 2012-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
4513:
4514: * plugins/sudoers/set_perms.c:
4515: Remove unused label
4516: [2660bb0c1313]
4517:
4518: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4519: Document what changed in each plugin API revision
4520: [59b30a6fc4d1]
4521:
4522: * plugins/sudoers/set_perms.c:
4523: Remove bogus optimization that could lead to a double free of the
4524: group list.
4525: [b0bfbd2a83a8]
4526:
4527: 2012-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
4528:
4529: * doc/TROUBLESHOOTING:
4530: Expand AIX /etc/security/privcmds entry.
4531: [9f3f072e034e]
4532:
4533: * NEWS:
4534: Update for sudo 1.8.5
4535: [086049011f25]
4536:
4537: * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat,
4538: doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
4539: doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat,
4540: doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h,
4541: include/sudo_plugin.h, src/load_plugins.c, src/sudo.c,
4542: src/sudo_plugin_int.h:
4543: Rename plugin "args" to "options"
4544: [f25624951bd2]
4545:
4546: * doc/CONTRIBUTORS:
4547: Add Lithuanian and Vietnamese translators
4548: [2b4c075b69e3]
4549:
4550: * Makefile.in:
4551: Ignore comments when comparing new and old pot files.
4552: [f872999347b3]
4553:
4554: * src/Makefile.in:
4555: regen
4556: [c8193b1b11c7]
4557:
4558: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in:
4559: regen
4560: [15e3c17e8a3a]
4561:
4562: * doc/sudo_plugin.pod, include/sudo_plugin.h,
4563: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
4564: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c,
4565: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c,
4566: src/sudo.c, src/sudo.h:
4567: Pass a pointer to user_env in to the init_session policy plugin
4568: function so session setup can modify the user environment as needed.
4569: For PAM authentication, merge the PAM environment with the user
4570: environment at init_session time. We no longer need to swap in the
4571: user_env for environ during session init, nor do we need to disable
4572: the env hooks at init_session time.
4573: [3f5277b359d8]
4574:
4575: * plugins/sample/sample_plugin.c:
4576: Add explicit NULL entries for init_session, register_hooks and
4577: deregister_hooks with appropriate comments.
4578: [727a57978b40]
4579:
4580: * compat/pw_dup.c:
4581: Quiet a gcc "used uninitialized in this function" false positive.
4582: [f14b68379ce9]
4583:
4584: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4585: We should always call warning() with a format string or a string
4586: literal. In this case, the argument (path) is not user-controlled.
4587: [e9ef51224024]
4588:
4589: 2012-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
4590:
4591: * src/selinux.c:
4592: Include sudo_exec.h for the sudo_execve() prototype.
4593: [769e58065edc]
4594:
4595: * config.h.in, configure, configure.in:
4596: Add check for pam_getenvlist()
4597: [36bde3f26c60]
4598:
4599: * common/sudo_conf.c:
4600: Set args to NULL in default plugin info struct when there is no
4601: Plugin line in sudo.conf.
4602: [93ec67708f01]
4603:
4604: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
4605: regen
4606: [a9287677795c]
4607:
4608: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
4609: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
4610: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
4611: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
4612: regen
4613: [a242769d7962]
4614:
4615: * configure, configure.in:
4616: Bump version to 1.8.5
4617: [e8618f0c2505]
4618:
4619: * doc/sudo_plugin.pod:
4620: Document hooks API
4621: [e6ad07d27958]
4622:
4623: 2012-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
4624:
4625: * sudo.pp:
4626: Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris.
4627: [fd72340042d3]
4628:
4629: * include/sudo_plugin.h:
4630: Use sudo_hook_fn_t in struct sudo_hook.
4631: [938f93112d6e]
4632:
4633: * doc/TROUBLESHOOTING:
4634: If cross compiling, --host must include the OS in the tuple. E.g.
4635: --host powerpc-unknown-linux
4636: [b8c010070c1e]
4637:
4638: 2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
4639:
4640: * plugins/sudoers/parse.c:
4641: Fix bogus int -> bool conversion; tags can have a value of -1.
4642: [e63d6434a303]
4643:
4644: * plugins/sudoers/env.c:
4645: Add env_should_keep() and env_should_delete() wrapper functions to
4646: simplify things a bit and hide the fact that matches_env_check() is
4647: not bool.
4648: [7a03d7a12b50]
4649:
4650: * sudo.pp:
4651: Fix application of debian-specific sudoers mods when building
4652: packages as non-root.
4653: [34bf4c52c425]
4654:
4655: * plugins/sudoers/env.c:
4656: matches_env_check() returns int, not boolean
4657: [0ad915b8d5cb]
4658:
4659: * src/sudo_edit.c:
4660: Fix compilation when seteuid() is not available.
4661: [8a722f998000]
4662:
4663: * src/ttyname.c:
4664: Simply move the free of ki_proc outside the realloc() loop.
4665: [217b786da760]
4666:
4667: * src/ttyname.c:
4668: Bring back the erealloc() for the ENOMEM loop and just zero the
4669: pointer after we free it.
4670: [29a016e45127]
4671:
4672: * src/ttyname.c:
4673: Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
4674: [266e08844065]
4675:
4676: 2012-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
4677:
4678: * plugins/sudoers/set_perms.c:
4679: Use normal error path if unable to set sudoers gid.
4680: [01c816918c99]
4681:
4682: * plugins/sudoers/set_perms.c:
4683: Make this work again on systems w/o seteuid().
4684: [2e67f7421e97]
4685:
4686: 2012-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
4687:
4688: * plugins/sudoers/set_perms.c:
4689: Fix compilation if no seteuid/setreuid/setresuid available.
4690: [d0b3c1f88eb4]
4691:
4692: * plugins/sudoers/set_perms.c:
4693: Better error messages, and added debugging throughout. Fixed
4694: seteuid() version of set_perms()/restore_perms(). Fixed logic bug in
4695: AIX version of restore_perms(). Added checks to avoid changing
4696: uid/gid when we don't have to. Never set gid/uid state to -1, use
4697: the old value instead.
4698: [29188d469b5c]
4699:
4700: * src/exec_pty.c, src/ttyname.c:
4701: Fix format string warning on Solaris with gcc 3.4.3.
4702: [d1eeb6e1dd0f]
4703:
4704: * src/sudo.c:
4705: Always declare environ now that we swap it around unilaterally.
4706: [aaa3e92e7d0d]
4707:
4708: * src/Makefile.in:
4709: Honor LDFLAGS when linking sesh; from Vita Cizek
4710: [498b41438f6e]
4711:
4712: * src/sesh.c:
4713: Include alloc.h for estrdup() prototype; from Vita Cizek
4714: [93203655a320]
4715:
4716: 2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
4717:
4718: * plugins/sudoers/sudoers.c:
4719: Don't read /etc/environment on Linux when using PAM, PAM should set
4720: the environment variables as needed via pam_env.
4721: [b1ef62cb2d40]
4722:
4723: * INSTALL:
4724: Fix editor goof.
4725: [0c3dd3bb8b57]
4726:
4727: * src/hooks.c, src/sudo.c, src/sudo.h:
4728: Disable environment hooks after we get user_env back to make sure a
4729: plugin can't to modify user_env after we "own" it. This is kind of
4730: a hack but we don't want the init_session plugin function to modify
4731: user_env.
4732: [8e6d119452a5]
4733:
4734: * src/hooks.c, src/sudo.c:
4735: Add support for deregistering hooks. If an I/O log plugin fails to
4736: initialize, deregister its hooks (if any).
4737: [ac00c93900c5]
4738:
4739: 2012-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
4740:
4741: * plugins/sudoers/sudoers.c, src/sudo.c:
4742: Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook
4743: setenv.
4744: [e75469dd9908]
4745:
4746: * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in,
4747: compat/setenv.c, compat/unsetenv.c, config.h.in, configure,
4748: configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl,
4749: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c,
4750: plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c,
4751: plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c,
4752: src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h,
4753: src/sudo_plugin_int.h:
4754: Initial cut at a hooks implementation. The plugin can register
4755: hooks for getenv, putenv, setenv and unsetenv. This makes it
4756: possible for the plugin to trap changes to the environment made by
4757: authentication methods such as PAM or BSD auth so that such changes
4758: are reflected in the environment passed back to sudo for execve().
4759: [61cffa06f863]
4760:
4761: 2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
4762:
4763: * MANIFEST, src/po/vi.mo, src/po/vi.po:
4764: Add Vietnamese sudo translation from translationproject.org
4765: [96df426790d5]
4766:
4767: 2012-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
4768:
4769: * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod,
4770: doc/sudoers.pod:
4771: List sudo_noexec.so not noexec.so in the sample sudo.conf
4772: [53844e190ec5]
4773:
4774: * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
4775: doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h,
4776: include/sudo_plugin.h, plugins/sample/sample_plugin.c,
4777: plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
4778: plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c,
4779: src/sudo_plugin_int.h:
4780: Add support for plugin args at the end of a Plugin line in
4781: sudo.conf. Bump the minor number accordingly and update the
4782: documentation. A plugin must check the sudo front end's version
4783: before using the plugin_args parameter since it is only supported
4784: for API version 1.2 and higher.
4785: [587f1f819536]
4786:
4787: 2012-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
4788:
4789: * plugins/sudoers/Makefile.in:
4790: update depends
4791: [6d2da44e11e5]
4792:
4793: * MANIFEST:
4794: secure_path.c is in common, not compat
4795: [619c4a663dde]
4796:
4797: * configure, configure.in:
4798: Add check for variadic macro support in cpp.
4799: [756854caf675]
4800:
4801: 2012-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
4802:
4803: * common/secure_path.c, common/sudo_conf.c, include/secure_path.h,
4804: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4805: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4806: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4807: Add type param to sudo_secure_path() and add sudo_secure_file() and
4808: sudo_secure_dir() wrappers which get by #includedir in sudoers.
4809: [2ec2d3d8df04]
4810:
4811: 2012-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
4812:
4813: * doc/visudo.pod, plugins/sudoers/visudo.c:
4814: Check the owner and mode in -c (check) mode unless the -f option is
4815: specified. Previously, the owner and mode were checked on the main
4816: sudoers file when the -s (strict) option was given, but this was not
4817: documented.
4818: [b2d6ee1e547a]
4819:
4820: * config.h.in, configure, configure.in, src/ttyname.c:
4821: Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some
4822: versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
4823: [159f6a50456a]
4824:
4825: 2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
4826:
4827: * doc/CONTRIBUTORS:
4828: Add Eric Lakin for patch in bug #538
4829: [490c29c234c6]
4830:
4831: * src/exec_pty.c:
4832: Fix typo in safe_close() made while converting to debug framework
4833: that prevented it from actually closing anything.
4834: [a66422a62afd]
4835:
4836: * src/exec_pty.c:
4837: Add some more debugging.
4838: [b5667947dda9]
4839:
4840: * common/Makefile.in, compat/Makefile.in, doc/Makefile.in,
4841: include/Makefile.in:
4842: We need sysconfdir in compat/Makfile to get the proper sudo.conf
4843: path. Add standard prefix and foodir expansion in all Makefiles to
4844: avoid this problem in the future.
4845: [62b6ce4ecae9]
4846:
4847: 2012-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
4848:
4849: * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po:
4850: New Lithuanian sudoers translation from translationproject.org
4851: [10436b649035]
4852:
4853: * plugins/sudoers/po/ja.po:
4854: Update from translationproject.org
4855: [acb8db5f8ef1]
4856:
4857: 2012-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
4858:
4859: * plugins/sudoers/ldap.c:
4860: When adding gids to the LDAP filter, only add the primary gid once.
4861: This is consistent with the space computation/allocation. From Eric
4862: Lakin
4863: [35d9d99c92c6]
4864:
4865: * doc/TROUBLESHOOTING:
4866: Add entry for AIX enhanced RBAC config.
4867: [5e10b6f8def7]
4868:
4869: * mkpkg:
4870: Target Mac OS X 10.5 when building packages.
4871: [06fce9bbebee]
4872:
4873: 2012-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
4874:
4875: * MANIFEST, common/Makefile.in, common/secure_path.c,
4876: common/sudo_conf.c, include/secure_path.h,
4877: plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c:
4878: Relax the user/group/mode checks on sudoers files. As long as the
4879: file is owned by the right user, not world-writable and not writable
4880: by a group other than the one specified at configure time (gid 0 by
4881: default), the file is considered OK. Note that visudo will still
4882: set the mode to the value specified at configure time.
4883: [241174babfcc]
4884:
4885: 2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
4886:
4887: * plugins/sudoers/set_perms.c:
4888: Add AIX-specific version of permission setting code to make sure
4889: that the saved uid gets restored properly.
4890: [9a6f5d22c301]
4891:
4892: * config.h.in, configure, configure.in, src/exec_common.c:
4893: Check for LD_PRELOAD variants in configure instead of checkign cpp
4894: symbols. In disable_execute(), compute the length of the new envp
4895: and allocate it once instead of reallocating on demand. Also append
4896: old value of LD_PRELOAD (if any) to the new value.
4897: [680266346917]
4898:
4899: * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
4900: Fix the description of noexec.
4901: [6a6d142f3c80]
4902:
4903: * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
4904: The "op" parameter to set_default() must be int, not bool since it
4905: is set to '+' or '-' for list add and subtract.
4906: [8da5b137bea2]
4907:
4908: * sudo.pp:
4909: Make sure sudoers is writable before calling ed script.
4910: [95352ab6336b]
4911:
4912: 2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
4913:
4914: * doc/CONTRIBUTORS, doc/contributors.pod:
4915: Update contributors. Now includes translators and authors of compat
4916: code.
4917: [4fb5b616b50a]
4918:
4919: 2012-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
4920:
4921: * src/po/sudo.pot:
4922: regen
4923: [2c86e2c328fe]
4924:
4925: * pp, sudo.pp:
4926: Build flat packages, not package bundles, on Mac OS X.
4927: [57bda3cd5520]
4928:
4929: 2012-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
4930:
4931: * sudo.pp:
4932: Move macos section to be with the other OS-specific sections.
4933: [51423bb2973a]
4934:
4935: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
4936: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
4937: Sync with translationproject.org
4938: [8ce41cbb8da0]
4939:
4940: * configure, configure.in:
4941: Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
4942: [fa979aa6fe7d]
4943:
4944: * sudo.pp:
4945: Add Mac OS X support, printing the latest chunk of the NEWS file and
4946: the license text in the installer.
4947: [ffeab72387c0]
4948:
4949: * sudo.pp:
4950: Add explicit file modes that match those used by "make install"
4951: [7eb37242c920]
4952:
4953: * pp:
4954: Sync with upstream for Mac OS X fixes.
4955: [97cba179041e]
4956:
4957: * plugins/sudoers/Makefile.in, src/Makefile.in:
4958: Got back to using "install-sh -M" for files installed as non-
4959: readable by owner. This fixes "make install" as non-root for
4960: package building.
4961: [967804ee77d6]
4962:
4963: 2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
4964:
4965: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
4966: plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
4967: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
4968: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
4969: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
4970: Sync with translationproject.org
4971: [0e53db12039a]
4972:
4973: * Makefile.in, doc/Makefile.in, include/Makefile.in,
4974: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
4975: plugins/sudoers/Makefile.in, src/Makefile.in:
4976: Use -m not -M for install-sh for everything except setuid. Install
4977: locale .mo files mode 0444, not 0644. If timedir parent doesn't
4978: exist, use default dir mode, not 0700.
4979: [8b6f64c92090]
4980:
4981: 2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
4982:
4983: * pp:
4984: Re-sync with upstream; no longer need a local patch.
4985: [97a2c7be5e59]
4986:
4987: * mkpkg:
4988: Add support for building Mac OS X packages.
4989: [94d49ac223a4]
4990:
4991: * pp:
4992: Sync with upstream
4993: [1c97654fc841]
4994:
4995: * src/Makefile.in:
4996: No longer need to define _PATH_SUDO_CONF here.
4997: [2560905b7482]
4998:
4999: * src/exec_common.c:
5000: Fix noexec for Mac OS X.
5001: [b7a744bca2c0]
5002:
5003: 2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
5004:
5005: * common/Makefile.in:
5006: Move _PATH_SUDO_CONF override to common to match sudo_debug.c
5007: [f0788972a63a]
5008:
5009: * plugins/sudoers/set_perms.c:
5010: More complete fix for LDR_PRELOAD on AIX. The addition of
5011: set_perm(PERM_ROOT) before calling the nss open functions (needed to
5012: avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
5013: and then real uid to 0 for PERM_ROOT works around the issue.
5014: [5888eda051af]
5015:
5016: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
5017: regen
5018: [997fe403e219]
5019:
5020: * src/sudo.c:
5021: Set real uid to root before calling sudo_edit() or run_command() so
5022: that the monitor process is owned by root and not by the user.
5023: Otherwise, on AIX at least, the monitor process shows up in ps as
5024: belonging to the user (and can be killed by the user).
5025: [d4772d7d2fc5]
5026:
5027: * plugins/sudoers/set_perms.c:
5028: For PERM_ROOT when using setreuid(), only set the euid to 0 prior to
5029: the call to setuid(0) if the current euid is non-zero. This
5030: effectively restores the state of things prior to rev 7bfeb629fccb.
5031: Fixes a problem on AIX where LDR_PRELOAD was not being honored for
5032: the command being executed.
5033: [b9b40325b4dc]
5034:
5035: * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in,
5036: include/missing.h, src/sudo.c:
5037: Make a copy of the struct passwd in exec_setup() to make sure
5038: nothing in the policy init modifies it.
5039: [b721261c921f]
5040:
5041: 2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
5042:
5043: * doc/sudoers.pod:
5044: update copyright
5045: [f9d229d1f65e]
5046:
5047: * common/sudo_debug.c, include/sudo_debug.h:
5048: g/c now-unused debug subsystems
5049: [8f21726e698f]
5050:
5051: * doc/sudo.pod, doc/sudoers.pod:
5052: Enumerate the debug subsystems used by sudo and sudoers.
5053: [ac4f84293d14]
5054:
5055: 2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
5056:
5057: * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
5058: include/sudo_conf.h, src/sudo.c:
5059: Normally, sudo disables core dumps while it is running. This
5060: behavior can now be modified at run time with a line in sudo.conf
5061: like "Set disable_coredumps false"
5062: [ad14e0508b0d]
5063:
5064: * NEWS:
5065: Mention Spanish translation
5066: [600f3205bd6e]
5067:
5068: * common/sudo_debug.c:
5069: Make sure we don't try to fall back to using the conversation
5070: function for debugging in the main sudo process if we are unable to
5071: open the debug file.
5072: [ffa329aa908c]
5073:
5074: * MANIFEST, src/po/es.mo, src/po/es.po:
5075: Add sudo Spanish translation from translationproject.org
5076: [c1906654e740]
5077:
5078: 2012-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
5079:
5080: * plugins/sudoers/iolog.c:
5081: Better debug subsystem usage
5082: [1a31f115743c]
5083:
5084: * src/sudo.c:
5085: Remove duplicate function prototypes
5086: [ae04b00532eb]
5087:
5088: 2012-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
5089:
5090: * configure, configure.in:
5091: Error out if user specified --with-pam but we can't find the headers
5092: or library. Also throw an error if the headers are present but the
5093: library is not and vice versa.
5094: [d6bf3e3d0aae]
5095:
5096: 2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
5097:
5098: * plugins/sudoers/sudoers.c:
5099: Fix the sudoers permission check when the expected sudoers mode is
5100: owner-writable.
5101: [8b0b7e770a22]
5102:
5103: 2012-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
5104:
5105: * configure, configure.in:
5106: Verify that we can link executables built with -D_FORTIFY_SOURCE
5107: before using it.
5108: [7578215d1a95]
5109:
5110: * src/exec_common.c:
5111: Fix potential off-by-one when making a copy of the environment for
5112: LD_PRELOAD insertion. Fixes bug #534
5113: [cc699cd551b6]
5114:
5115: * configure, configure.in:
5116: Add rudimentary check for _FORTIFY_SOURCE support by checking for
5117: __sprintf_chk, one of the functions used by gcc to support it.
5118: [a992673d2ef8]
5119:
5120: * compat/stdbool.h, config.h.in, configure, configure.in:
5121: Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves.
5122: [8ba1370884b3]
5123:
5124: 2012-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
5125:
5126: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
5127: regen
5128: [1e0b38397705]
5129:
5130: 2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
5131:
5132: * src/exec.c, src/sudo.c:
5133: The change in 818e82ecbbfc that caused to exit when the monitor dies
5134: created a race condition between the monitor exiting and the status
5135: being read. All we really want to do is make sure that select()
5136: notifies us that there is a status change when the monitor dies
5137: unexpectedly so shutdown the socketpair connected to the monitor for
5138: writing when it dies. That way we can still read the status that is
5139: pending on the socket and select() on Linux will tell us that the fd
5140: is ready.
5141: [7fb5b30ea48d]
5142:
5143: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
5144: src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h,
5145: src/sudo_exec.h:
5146: Refactor disable_execute() and my_execve() into exec_common.c for
5147: use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of
5148: disabling exec in exec_setup(), disable it immediately before
5149: executing the command. Adapted from a diff by Arno Schuring.
5150: [ec4d8b53db6b]
5151:
5152: 2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
5153:
5154: * aclocal.m4, configure, configure.in:
5155: Add custom version of AC_CHECK_LIB that uses the extra libs in the
5156: cache value name. With this we no longer need to rely on a modified
5157: version of autoconf.
5158: [1c3b1d482d6c]
5159:
5160: 2012-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
5161:
5162: * configure, configure.in:
5163: Better handling of network functions that need -lsocket -lnsl
5164: [cc386342ec2b]
5165:
5166: * src/sudo.c:
5167: When setting up the execution environment, set groups before
5168: gid/egid like sudo 1.7 did.
5169: [928e1c5fa6c1]
5170:
5171: * configure, configure.in:
5172: Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
5173: [84b23cdf138f]
5174:
5175: * plugins/sudoers/sudoers.c:
5176: For "sudo -g" prepend the specified group ID to the beginning of the
5177: groups list. This matches BSD convention where the effective gid is
5178: the first entry in the group list. This is required on newer
5179: FreeBSD where the effective gid is not tracked separately and thus
5180: setgroups() changes the egid if this convention is not followed.
5181: Fixes bug #532
5182: [782d6909108b]
5183:
5184: 2012-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
5185:
5186: * configure, configure.in:
5187: Fix sh warning; use "test" instead of "["
5188: [c6ee3407f65e]
5189:
5190: * src/exec.c:
5191: When not logging I/O, use a signal handler that only forwards
5192: SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
5193: Fixes a race in the non-I/O logging path where the command may
5194: receive two keyboard-generated signals; one from the kernel and one
5195: from the sudo process.
5196: [9638684e786a]
5197:
5198: * src/exec.c:
5199: Back out change that put the command in its own pgrp when not
5200: logging I/O. It causes problems with pipelines.
5201: [4fc9c6e1e770]
5202:
5203: 2012-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
5204:
5205: * compat/Makefile.in, configure, configure.in:
5206: Only run compat regress tests on compat objects we actually build.
5207: Fixes "make check" in the compat dir for systems that don't
5208: implement character classes in fnmatch() or glob(). Bug #531
5209: [a7addc305e83]
5210:
5211: 2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
5212:
5213: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
5214: Update po files from translationproject.org
5215: [5ea066af1356]
5216:
5217: 2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
5218:
5219: * sudo.pp:
5220: Include parent directories in case they don't already exist. This
5221: fixes a directory permissions problem with the AIX package when the
5222: /usr/local directories don't already exist.
5223: [a14f783dc827]
5224:
5225: * pp:
5226: sync with git version
5227: [2f79d0543661]
5228:
5229: * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
5230: regen dependencies
5231: [24c92ca6c64d]
5232:
5233: * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c:
5234: Move tty name lookup code to its own file.
5235: [58faf072cbf4]
5236:
5237: 2012-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
5238:
5239: * NEWS:
5240: Update with latest sudo 1.8.4 changes.
5241: [a4ffe4f42528]
5242:
5243: * config.h.in, configure, configure.in:
5244: Remove obsolete template for HAVE_TIMESPEC
5245: [75709007c906]
5246:
5247: * src/sudo.c:
5248: Add a check for devname() returning a fully-qualified pathname. None
5249: of the devname() implementations do this today but you never know
5250: when this might change.
5251: [16813ace38f9]
5252:
5253: 2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
5254:
5255: * plugins/sudoers/visudo.c:
5256: For "visudo -c" also list include files that were checked when
5257: everything is OK.
5258: [ad6f85b35c9c]
5259:
5260: * src/sudo.c:
5261: The device name returned by devname() does not include the /dev/
5262: prefix so we need to add it ourselves.
5263: [b55285abb7ed]
5264:
5265: * src/sudo.c:
5266: Add debug warning if KERN_PROC sysctl fails or devname() can't
5267: resolve the tty device to a name.
5268: [b5a23916ba3a]
5269:
5270: * common/sudo_debug.c:
5271: The result of writev() is never checked so just cast to NULL.
5272: [4be4e9b58d5b]
5273:
5274: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
5275: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
5276: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
5277: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
5278: Update Esperanto, Finnish, Polish and Ukrainian translations from
5279: translationproject.org.
5280: [bb91bc6ad7e9]
5281:
5282: 2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
5283:
5284: * config.h.in, configure, configure.in, src/sudo.c:
5285: Add support for determining tty via sysctl on other BSD variants.
5286: [fd15f63f719a]
5287:
5288: * configure, configure.in:
5289: Only check for struct kinfo_proc.ki_tdev on systems that support
5290: sysctl.
5291: [109b3f07a39d]
5292:
5293: * src/sudo.c:
5294: For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on
5295: ttyname() of std{in,out,err}.
5296: [95969b70bd68]
5297:
5298: 2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
5299:
5300: * config.h.in, configure, configure.in, src/sudo.c:
5301: On newer FreeBSD we can get the parent's tty name via sysctl().
5302: [3207290501ee]
5303:
5304: * plugins/sudoers/testsudoers.c:
5305: Include locale.h
5306: [a602cd0b8c2d]
5307:
5308: * src/sudo.c:
5309: Silence a gcc warning.
5310: [8c6d0e3cd534]
5311:
5312: * plugins/sudoers/bsm_audit.c:
5313: Need to include gettext.h and sudo_debug.h; from John Hein
5314: [447912aa7300]
5315:
5316: * plugins/sudoers/iolog.c:
5317: Initialize the debug framework from the I/O plugin too.
5318: [ce1bf44d96d2]
5319:
5320: 2012-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
5321:
5322: * plugins/sudoers/testsudoers.c:
5323: Enable debugging via sudo.conf.
5324: [d85669c749d0]
5325:
5326: 2012-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
5327:
5328: * plugins/sudoers/visudo.c:
5329: Use SUDO_DEBUG_ALIAS for alias checking functions.
5330: [fb84af30dc76]
5331:
5332: * configure, configure.in:
5333: More complete test for getaddrinfo() that doesn't rely on the
5334: network libraries already being added to LIBS.
5335: [cbaf2369f4f0]
5336:
5337: 2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
5338:
5339: * common/aix.c:
5340: Add debug support.
5341: [def1bdf24485]
5342:
5343: * configure, configure.in:
5344: Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
5345: [a2ea1c2eac61]
5346:
5347: * compat/getaddrinfo.c:
5348: Include errno.h and missing.h
5349: [7d15e17cc2f2]
5350:
5351: * .hgignore:
5352: ignore doc/varsub
5353: [417f9fc3231b]
5354:
5355: * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in,
5356: plugins/sudoers/gram.y, plugins/sudoers/match.c,
5357: plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c,
5358: src/parse_args.c, src/sudo.c, src/sudo.h:
5359: Update copyright year.
5360: [5d0ffc7dd567]
5361:
5362: * NEWS:
5363: Update for sudo 1.8.4
5364: [841e3eff9844]
5365:
5366: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
5367: regen pot files
5368: [c509cb45b66a]
5369:
5370: * plugins/sudoers/sudoreplay.c:
5371: Enable debugging via sudo.conf.
5372: [5087aaee8484]
5373:
5374: * plugins/sudoers/visudo.c:
5375: Enable debugging via sudo.conf.
5376: [04b067c16ed3]
5377:
5378: * plugins/sudoers/visudo.c:
5379: Allow "visudo -c" to work when we only have read-only access to the
5380: sudoers include files.
5381: [d8c6713fe5c1]
5382:
5383: * doc/sudo.pod, doc/visudo.pod:
5384: Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add
5385: HISTORY section in sudo that points to HISTORY file.
5386: [d1f1bcb051c5]
5387:
5388: * doc/sudo.pod, doc/sudo_plugin.pod:
5389: Document Debug setting in sudo.conf and debug_flags in plugin.
5390: [acfc505aa4a9]
5391:
5392: 2012-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
5393:
5394: * plugins/sudoers/match.c:
5395: Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a
5396: bug where a pattern like "/usr/*" include /usr/bin/ in the results,
5397: which would be incorrectly be interpreted as if the sudoers file had
5398: specified a directory. From Vitezslav Cizek.
5399: [0cdb6252188c]
5400:
5401: * INSTALL, config.h.in, configure, configure.in,
5402: plugins/sudoers/auth/kerb5.c:
5403: Add --enable-kerb5-instance configure option to allow people using
5404: Kerberos V authentication to use a custom instance. Adapted from a
5405: diff by Michael E Burr.
5406: [e83af8bb7aa7]
5407:
5408: * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h:
5409: Remove -D debug_level option.
5410: [cbcd05094347]
5411:
5412: * doc/LICENSE:
5413: Update copyright year.
5414: [9f43dd7aa852]
5415:
5416: 2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
5417:
5418: * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
5419: plugins/sudoers/visudo.c:
5420: parse_error is now bool, not int
5421: [5ea7fb6fda38]
5422:
5423: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5424: plugins/sudoers/parse.c:
5425: Print a more sensible error if yyparse() returns non-zero but
5426: yyerror() was not called.
5427: [d44ec88f1183]
5428:
5429: * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
5430: plugins/sudoers/gram.c:
5431: Replace y.tab.c with the correct filename in #line directives.
5432: [3c84fcb7e959]
5433:
5434: 2012-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 5435:
5436: * src/sudo.c:
1.1.1.2 misho 5437: When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2}
5438: if the main process's fds 0-2 are not hooked up to a tty. Adapted
5439: from a diff by Zdenek Behan.
5440: [b9dfce12af85]
5441:
5442: * src/exec.c:
5443: When not logging I/O, put command in its own pgrp and make that the
5444: controlling pgrp if the command is in the foreground. Fixes a race
5445: in the non-I/O logging path where the command may receive two
5446: keyboard-generated signals; one from the kernel and one from the
5447: sudo process.
5448: [d0e263ce496c]
5449:
5450: 2011-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
5451:
5452: * src/sudo_edit.c:
5453: Quiet a bogus gcc warning.
5454: [2009669e0608]
5455:
5456: * src/parse_args.c, src/sudo.h:
5457: Fix warnings related to sudo.conf accessors.
5458: [08ddc29ba50b]
5459:
5460: * common/sudo_conf.c, include/sudo_conf.h:
5461: Separate sudo.conf parsing from plugin loading and move the parse
5462: functions into the common lib so that visudo, etc. can use them.
5463: [f1fc659a8079]
5464:
5465: * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c,
5466: src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h:
5467: Separate sudo.conf parsing from plugin loading and move the parse
5468: functions into the common lib so that visudo, etc. can use them.
5469: [e1f2cf6bd57a]
5470:
5471: * doc/sudoers.pod, plugins/sudoers/def_data.c,
5472: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
5473: plugins/sudoers/sudoers.c, src/sudo.c:
5474: Remove support for noexec_file in sudoers and the plugin API
5475: [3e2fd58879b5]
5476:
5477: * plugins/sudoers/sudoers.c:
5478: Don't dump interfaces if there are none.
5479: [9081bb4d3e9e]
5480:
5481: * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
5482: Add missing %s printf escape to the group_plugin, iolog_dir and
5483: iolog_file descriptions.
5484: [7db03f2b737e]
5485:
5486: 2011-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
5487:
5488: * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c:
5489: Fix typo in visiblepw description; from Joel Pickett
5490: [2fb4b26d5c2c]
5491:
5492: 2011-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
5493:
5494: * MANIFEST, configure, configure.in, mkdep.pl,
5495: plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
5496: plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
5497: plugins/sudoers/sudoers.h, src/sudo.c:
5498: When running a login shell with a login_class specified, use
5499: LOGIN_SETENV instead of rolling our own login.conf setenv support
5500: since FreeBSD's login.conf has more than just setenv capabilities.
5501: This requires us to swap the plugin-provided envp for the global
5502: environ before calling setusercontext() and then stash the resulting
5503: environ pointer back into the command details, which is kind of a
5504: hack.
5505: [ad4f1190143b]
5506:
5507: * plugins/sudoers/Makefile.in:
5508: If srcdir is "." just use the basename of the yacc/lex file when
5509: generating the C version. This matches the generated files
5510: currently in the repo.
5511: [0b11c3df87a8]
5512:
5513: * doc/Makefile.in, plugins/sudoers/Makefile.in:
5514: Clean up the DEVEL noise
5515: [9de2afe457fd]
5516:
5517: * src/exec.c:
5518: Handle different Unix domain socket (actually socketpair) semantics
5519: in BSD vs. Linux. In BSD if one end of the socketpair goes away
5520: select() returns the fd as readable and the read will fail with
5521: ECONNRESET. This doesn't appear to happen on Linux so if we notice
5522: that the monitor process has died when I/O logging is enabled,
5523: behave like the command has exited. This means we log the wait
5524: status of the monitor, not the command, but there is nothing else we
5525: can do at that point. This should only be an issue if SIGKILL is
5526: sent to the monitor process.
5527: [818e82ecbbfc]
5528:
5529: * src/exec_pty.c:
5530: Catch common signals in the monitor process so they get passed to
5531: the command. Fixes a problem when the entire login session is
5532: killed when ssh is disconnected or the terminal window is closed.
5533: Previously, the monitor would exit and plugin's close method would
5534: not be called.
5535: [0e4658263138]
5536:
5537: * INSTALL, configure, configure.in:
5538: Mention how to configure pam_hpsec on HP-UX to play nicely with
5539: sudo.
5540: [a7294cd8ce98]
5541:
5542: 2011-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
5543:
5544: * plugins/sudoers/ldap.c:
5545: Escape values in the search expression as per RFC 4515.
5546: [c2adbc5db92b]
5547:
5548: * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
5549: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5550: src/Makefile.in:
5551: No need for install target to depend explicitly on install-dirs, the
5552: install-foo targets all depend on it.
5553: [62a36ed98279]
5554:
5555: 2011-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
5556:
5557: * .hgignore:
5558: ignore src/sesh
5559: [463d492f6782]
5560:
5561: * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl,
5562: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
5563: plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
5564: plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
5565: plugins/sudoers/sudoers.h, src/Makefile.in:
5566: Add support for setenv entries in login.conf. We can't use
5567: LOGIN_SETENV since the plugin sets up the envp the command is
5568: executed with. Also regen the Makefile.in files while here. Fixes
5569: bug #527
5570: [088d507926e2]
5571:
5572: 2011-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
5573:
5574: * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h,
5575: config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
5576: src/net_ifs.c:
5577: Add getaddrinfo() for those without it, written by Russ Allbery
5578: [4cf9ac831222]
5579:
5580: * doc/Makefile.in:
5581: Restore PACKAGE_TARNAME, it is used in docdir
5582: [9d65e893edb1]
5583:
5584: * MANIFEST, compat/stdbool.h:
5585: SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to
5586: the MANIFEST
5587: [e67700dc5621]
5588:
5589: * common/atobool.c, common/term.c, src/exec.c:
5590: Remove duplicate return statements.
5591: [48a20d5215fd]
5592:
5593: * plugins/sudoers/auth/bsdauth.c:
5594: Remove inaccurate comment
5595: [e7f0265cf657]
5596:
5597: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c:
5598: Fetch the login class for the user we authenticate specifically when
5599: using BSD authentication. That user may have a different login
5600: class than what we will use to run the command. When setting the
5601: login class for the command, use the target user's struct passwd,
5602: not the invoking user's. Fixes bug 526
5603: [21bf0af892f7]
5604:
5605: * compat/Makefile.in, configure, configure.in, doc/Makefile.in,
5606: plugins/sudoers/Makefile.in:
5607: Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1"
5608: [8ee6e0891f27]
5609:
5610: * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
5611: plugins/sudoers/regress/logging/check_wrap.c,
5612: plugins/sudoers/regress/parser/check_addr.c,
5613: plugins/sudoers/regress/parser/check_fill.c:
5614: Fix "make check" fallout from the sudo_conv changes in sudo_debug.
5615: [b0aaa63c9081]
5616:
5617: * common/fileops.c, common/sudo_debug.c, configure, configure.in,
5618: include/fileops.h, plugins/sample/Makefile.in,
5619: plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in,
5620: plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
5621: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
5622: plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
5623: plugins/sudoers/env.c, plugins/sudoers/find_path.c,
5624: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
5625: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
5626: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
5627: plugins/sudoers/ldap.c, plugins/sudoers/match.c,
5628: plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
5629: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
5630: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
5631: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
5632: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
5633: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
5634: plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c,
5635: src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h,
5636: src/sudo_plugin_int.h, src/utmp.c:
5637: Use stdbool.h instead of rolling our own TRUE/FALSE macros.
5638: [dcb0bbc42fc9]
5639:
5640: 2011-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
5641:
5642: * compat/stdbool.h, config.h.in, configure, configure.in:
5643: Add stdbool.h for systems without it.
5644: [18bd9dda1dcd]
5645:
5646: * aclocal.m4, config.h.in, configure, configure.in:
5647: No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
5648: includes have unistd.h in them. Add check for socklen_t for
5649: upcoming getaddrinfo compat.
5650: [d705465bef69]
5651:
5652: * common/fileops.c, compat/nanosleep.c, config.h.in, configure,
5653: configure.in, plugins/sudoers/interfaces.c,
5654: plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c,
5655: plugins/sudoers/sudoreplay.c, src/net_ifs.c:
5656: Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of
5657: HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
5658: [fa187c9bd2be]
5659:
5660: * src/sudo_noexec.c:
5661: No longer need to include time.h here as missing.h does not use
5662: time_t.
5663: [fa3a089bf5b1]
5664:
5665: 2011-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
5666:
5667: * plugins/sudoers/visudo.c:
5668: Fix mode on sudoers as needed when the -f option is not specified.
5669: [7a1c40b0dc03]
5670:
5671: * MANIFEST, src/po/sr.mo, src/po/sr.po:
5672: Add Serbian translation for sudo from translationproject.org
5673: [9a0c25e25cba]
5674:
5675: * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c,
5676: src/parse_args.c:
5677: No longer pass debug_file to plugin, plugins must now use
5678: CONV_DEBUG_MSG
5679: [810cda1abb0b]
5680:
5681: * mkpkg:
5682: Build PIE executables for newer Debian and Ubuntu
5683: [1c5f25f8904a]
5684:
5685: * common/sudo_debug.c:
5686: Include time.h for ctime() prototype.
5687: [10090cf3bca1]
5688:
5689: 2011-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
5690:
5691: * common/sudo_debug.c, include/sudo_debug.h, src/exec.c,
5692: src/exec_pty.c:
5693: Do not close error pipe or debug fd via closefrom() as we need them
5694: to report an exec error should one occur.
5695: [732f6587fafa]
5696:
5697: * doc/sudoers.ldap.pod:
5698: Document that a sudoUser may now be a group ID.
5699: [2fef46b9d3d3]
5700:
5701: * plugins/sudoers/ldap.c:
5702: Add support for permitting access by group ID in addition to group
5703: name.
5704: [b9450fdf1f69]
5705:
5706: * plugins/sudoers/ldap.c:
5707: Older Netscape LDAP SDKs don't prototype ldapssl_set_strength()
5708: [d62a1e7cff4f]
5709:
5710: * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE:
5711: Replace UCB fnmatch.c with a non-recursive version written by
5712: William A. Rowe Jr.
5713: [354d3384adb8]
5714:
5715: * plugins/sudoers/auth/pam.c:
5716: Fix typo, return_debug vs. debug_return
5717: [1b522efcbb0d]
5718:
5719: 2011-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
5720:
5721: * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
5722: Update Japanese sudoers translation from translationproject.org
5723: [ec0f2beaad36]
5724:
5725: * doc/sudoers.pod:
5726: Make the env_reset descriptions consistent.
5727: [41c056f02688]
5728:
5729: 2011-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
5730:
5731: * configure, configure.in:
5732: Do multiple expansion when expanding paths to the noexec file, sesh
5733: and the plugin directory. Adapted from a diff by Mike Frysinger
5734: [d7e16c876c66]
5735:
5736: * common/Makefile.in:
5737: regen
5738: [9d729e09c186]
5739:
5740: 2011-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
5741:
5742: * .hgignore:
5743: Add ignore file; from Mike Frysinger
5744: [1fa8d52425f8]
5745:
5746: * mkdep.pl:
5747: no longer save old Makefile.in to .old
5748: [378dd2395545]
5749:
5750: * plugins/sudoers/Makefile.in, src/Makefile.in:
5751: regen
5752: [769faf517720]
5753:
5754: * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4,
5755: m4/ltoptions.m4, m4/ltversion.m4:
5756: Update to libtool 2.4.2
5757: [9dac78d84b4f]
5758:
5759: 2011-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
5760:
5761: * plugins/sudoers/sudoers_version.h:
5762: Bump grammar version for #include and #includedir relative path
5763: support.
5764: [82a4f7cd8f71]
5765:
5766: 2011-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
5767:
5768: * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5769: Add support for relative paths in #include and #includedir
5770: [4d6e3bd0c24f]
5771:
5772: * plugins/sudoers/Makefile.in:
5773: Fix install-plugin when shared objects are unsupported or disabled.
5774: [cbdd770a7a1b]
5775:
5776: * plugins/sudoers/goodpath.c:
5777: Don't write to sbp if it is NULL
5778: [fc438f8e8570]
5779:
5780: 2011-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
5781:
5782: * Makefile.in:
5783: Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set,
5784: only install matching .mo files
5785: [c1dc30ab4ebc]
5786:
5787: 2011-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
5788:
5789: * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
5790: plugins/sudoers/sudoers.c, src/conversation.c:
5791: Fix non-dynamic (no dlopen) sudo build.
5792: [b0bd3fa925a3]
5793:
5794: * configure, configure.in:
5795: Don't error out if the user specified --disable-shared
5796: [cf035dd1e5cc]
5797:
5798: * common/sudo_debug.c, plugins/sudoers/sudoreplay.c,
5799: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
5800: src/conversation.c:
5801: Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to
5802: the debug file.
5803: [640c62f83251]
5804:
5805: * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
5806: plugins/sudoers/sudoers.h:
5807: Make sudo_goodpath() return value bolean
5808: [fea2d59a6e55]
1.1 misho 5809:
1.1.1.2 misho 5810: * INSTALL, MANIFEST, configure, configure.in, mkdep.pl,
5811: plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c:
5812: Remove obsolete securid auth method.
5813: [4e54f860214b]
5814:
5815: * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
5816: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
5817: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
5818: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
5819: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
5820: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
5821: plugins/sudoers/auth/sudo_auth.h:
5822: Prefix authentication functions with a "sudo_" prefix to avoid
5823: namespace problems.
5824: [581d74063ea1]
5825:
5826: * INSTALL, MANIFEST, config.h.in, configure, configure.in,
5827: doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in,
5828: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c,
5829: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c:
5830: Remove the old Kerberos IV support
5831: [2e4b4a44209d]
5832:
5833: 2011-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
5834:
5835: * plugins/sudoers/check.c:
5836: Don't print garbage at the end of the custom lecture.
5837: [44bb788fafaa]
5838:
5839: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5840: Add lexer tracing as debug@parser
5841: [d850f3f9d414]
5842:
5843: * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
5844: plugins/sudoers/defaults.h, plugins/sudoers/gram.c,
5845: plugins/sudoers/match.c, plugins/sudoers/parse.c,
5846: plugins/sudoers/regress/parser/check_fill.c,
5847: plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
5848: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
5849: plugins/sudoers/visudo.c:
5850: Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and
5851: <def_data.h> and not "def_data.h" when generating the parser in a
5852: build dir.
5853: [7da701def753]
5854:
5855: 2011-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
5856:
5857: * mkdep.pl, plugins/sudoers/Makefile.in:
5858: Better devdir support in mkdep.pl
5859: [7dcec57bd155]
5860:
5861: * plugins/sudoers/Makefile.in:
5862: Add devdir before srcdir in include path and fix up dependecies
5863: accordingly.
5864: [6e9958eca485]
5865:
5866: * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
5867: plugins/sudoers/defaults.h, plugins/sudoers/match.c,
5868: plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
5869: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
5870: plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
5871: #include "gram.h" not <gram.h> and "def_data.h" and not
5872: <def_data.h>.
5873: [003bdb078a15]
1.1 misho 5874:
5875: * sudo.pp:
1.1.1.2 misho 5876: Mark libexec files as optional. If we build without shared object
5877: support, libexec is not used.
5878: [4bffcf482219]
5879:
5880: * src/load_plugins.c:
5881: Change Debug sudo.conf setting to take a program name as the first
5882: argument. In the future, this will allow visudo and sudoreplay to
5883: use their own Debug entries.
5884: [cfb8f7e4867c]
5885:
5886: * src/sudo.c:
5887: fix sudo_debug_printf priority
5888: [dcb67e965609]
5889:
5890: * plugins/sudoers/sudoers.c:
5891: add missing debug_return_int
5892: [d88ec450c592]
5893:
5894: 2011-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
5895:
5896: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
5897: plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c:
5898: Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR
5899: [dcee8efc294f]
5900:
5901: * doc/UPGRADE:
5902: Add missing word in HOME security note.
5903: [fd844fdcc1ac]
5904:
5905: * plugins/sudoers/testsudoers.c:
5906: Prevent "testsudoers -d username" from trying to malloc(0).
5907: [839126e56e8c]
5908:
5909: 2011-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
5910:
5911: * plugins/sudoers/regress/sudoers/test10.in,
5912: plugins/sudoers/regress/sudoers/test10.out.ok,
5913: plugins/sudoers/regress/sudoers/test10.toke.ok,
5914: plugins/sudoers/regress/sudoers/test10.toke.out.ok,
5915: plugins/sudoers/regress/sudoers/test11.in,
5916: plugins/sudoers/regress/sudoers/test11.out.ok,
5917: plugins/sudoers/regress/sudoers/test11.toke.ok,
5918: plugins/sudoers/regress/sudoers/test11.toke.out.ok,
5919: plugins/sudoers/regress/sudoers/test12.in,
5920: plugins/sudoers/regress/sudoers/test12.out.ok,
5921: plugins/sudoers/regress/sudoers/test12.toke.ok,
5922: plugins/sudoers/regress/sudoers/test13.in,
5923: plugins/sudoers/regress/sudoers/test13.out.ok,
5924: plugins/sudoers/regress/sudoers/test13.toke.ok,
5925: plugins/sudoers/regress/sudoers/test9.in,
5926: plugins/sudoers/regress/sudoers/test9.out.ok,
5927: plugins/sudoers/regress/sudoers/test9.toke.ok,
5928: plugins/sudoers/regress/sudoers/test9.toke.out.ok:
5929: Tests for empty sudoers (should parse OK) and syntax errors within a
5930: line (should report correct line number) both with and without the
5931: trailing newline.
5932: [d57c879c4718]
5933:
5934: * plugins/sudoers/regress/sudoers/test4.out.ok,
5935: plugins/sudoers/regress/sudoers/test5.out.ok,
5936: plugins/sudoers/regress/sudoers/test7.out.ok,
5937: plugins/sudoers/regress/sudoers/test8.out.ok,
5938: plugins/sudoers/testsudoers.c:
5939: Print line number when there is a parser error.
5940: [5444ef6ac6dc]
5941:
5942: 2011-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
5943:
5944: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5945: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5946: Keep track of the last token returned. On error, if the last token
5947: was COMMENT, decrement sudolineno since the error most likely
5948: occurred on the preceding line. Previously we always uses
5949: sudolineno-1 which will give the wrong line number for errors within
5950: a line.
5951: [d661a03a64da]
5952:
5953: 2011-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
5954:
5955: * NEWS:
5956: update with sudo 1.8.3p1 info
5957: [0f79ff31f602]
5958:
5959: * plugins/sudoers/sudoers.c:
5960: Fix crash when "sudo -g group -i" is run. Fixes bug 521
5961: [a3087ae337c4]
5962:
5963: 2011-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
5964:
5965: * plugins/sudoers/visudo.c:
5966: Make alias_remove_recursive() return TRUE/FALSE as its callers
5967: expect and remove two unused arguments. Fixes bug 519.
5968: [2ee3b2882844]
5969:
5970: * plugins/sudoers/regress/visudo/test1.out.ok,
5971: plugins/sudoers/regress/visudo/test1.sh:
5972: Add regress test for bugzilla 519
5973: [48000ebedf97]
5974:
5975: * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
5976: plugins/sudoers/regress/logging/check_wrap.c,
5977: plugins/sudoers/regress/parser/check_addr.c,
5978: plugins/sudoers/regress/parser/check_fill.c:
5979: Disable warning/error wrapping in regress tests.
5980: [373c589ba561]
1.1 misho 5981:
5982: 2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
5983:
1.1.1.2 misho 5984: * Makefile.in:
5985: Do compile-po as part of sync-po so that the .mo files get rebuild
5986: automatically when we sync with translationproject.org
5987: [83f3cbfc2f33]
5988:
1.1 misho 5989: * plugins/sudoers/Makefile.in:
5990: check_addr needs to link with the network libraries on Solaris
5991: [322bd70e316e]
5992:
5993: * plugins/sudoers/match.c:
5994: When matching a RunasAlias for a runas group, pass the alias in as
5995: the group_list, not the user_list. From Daniel Kopecek.
5996: [766545edf141]
5997:
5998: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
5999: We need to init the auth system regardless of whether we need a
6000: password since we will be closing the PAM session in the monitor
6001: process. Fixes a crash in the monitor on Solaris; bugzilla #518
6002: [e82809f86fb3]
6003:
1.1.1.2 misho 6004: 2011-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 6005:
1.1.1.2 misho 6006: * src/exec.c:
6007: Get rid of done: label. If the child exits we still need to close
6008: the pty, update utmp and restore the SELinux tty context.
6009: [cc127bf48405]
6010:
6011: 2011-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
6012:
6013: * common/Makefile.in, common/atobool.c, common/fileops.c,
6014: common/fmt_string.c, common/lbuf.c, common/list.c,
6015: common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in,
6016: plugins/sudoers/alias.c, plugins/sudoers/audit.c,
6017: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
6018: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
6019: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
6020: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6021: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
6022: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
6023: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
6024: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
6025: plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
6026: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
6027: plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
6028: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
6029: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
6030: plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
6031: plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
6032: plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
6033: plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
6034: plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
6035: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
6036: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
6037: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6038: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
6039: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
6040: src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c,
6041: src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
6042: src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
6043: src/tgetpass.c, src/ttysize.c, src/utmp.c:
6044: Add debug_decl/debug_return (almost) everywhere. Remove old
6045: sudo_debug() and convert users to sudo_debug_printf().
6046: [8f3bbf907b67]
6047:
6048: * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c,
6049: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
6050: plugins/sudoers/visudo.c, src/error.c:
6051: Wrap error/errorx and warning/warningx functions with debug
6052: statements. Disable wrapping for standalone sudoers programs as well
6053: as memory allocation functions (to avoid infinite recursion).
6054: [562ed7b5ae8d]
6055:
6056: * README, config.h.in, configure, configure.in:
6057: Add checks for __func__ and __FUNCTION__ and mention that we now
6058: require a cpp that supports variadic macros.
6059: [314cfe4c5d23]
6060:
6061: * MANIFEST, common/Makefile.in, common/sudo_debug.c,
6062: include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c,
6063: src/load_plugins.c, src/parse_args.c, src/sudo.c,
6064: src/sudo_plugin_int.h:
6065: New debug framework for sudo and plugins using /etc/sudo.conf that
6066: also supports function call tracing.
6067: [cded741e9f10]
1.1 misho 6068:
1.1.1.2 misho 6069: 2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
6070:
6071: * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
6072: Update Japanese sudoers translation from translationproject.org
6073: [c24725775e32]
1.1 misho 6074:
6075: 2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
6076:
6077: * configure, configure.in:
6078: Override and ignore the --disable-static option. Sudo already runs
6079: libtool with -tag=disable-static where applicable and we need non-
6080: PIC objects to build the executables.
1.1.1.2 misho 6081: [aff1227b853a]
1.1 misho 6082:
6083: 2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
6084:
6085: * NEWS:
6086: Add sudoedit fix
1.1.1.2 misho 6087: [74655c7ccad1]
1.1 misho 6088:
6089: * plugins/sudoers/po/sudoers.pot:
6090: regen pot files
1.1.1.2 misho 6091: [28d89a831ed3]
1.1 misho 6092:
1.1.1.2 misho 6093: * plugins/sudoers/env.c:
6094: Ignore set_logname (which is now the default) for sudoedit since we
1.1 misho 6095: want the LOGNAME, USER and USERNAME environment variables to refer
6096: to the calling user since that is who the editor runs as. This
6097: allows the editor to find the user's startup files. Fixes bugzilla
6098: #515
1.1.1.2 misho 6099: [6c5dddf5ff05]
1.1 misho 6100:
1.1.1.2 misho 6101: * plugins/sudoers/pwutil.c:
6102: Instead of trying to grow the buffer in make_grlist_item(), simply
1.1 misho 6103: increase the total length, free the old buffer and allocate a new
6104: one. This is less error prone and saves us from having to adjust
6105: all the pointers in the buffer. This code path is only taken when
6106: there are groups longer than the length of the user field in struct
6107: utmp or utmpx, which should be quite rare.
1.1.1.2 misho 6108: [5587dc8cffaf]
1.1 misho 6109:
1.1.1.2 misho 6110: * src/po/it.mo:
6111: Add Italian translation for sudo from translationproject.org
6112: [1b3dd886e7e3]
1.1 misho 6113:
1.1.1.2 misho 6114: * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
6115: src/po/ja.mo, src/po/ja.po:
1.1 misho 6116: Japanese translation for sudo and sudoers from
6117: translationproject.org
1.1.1.2 misho 6118: [c06dd866be6e]
1.1 misho 6119:
6120: 2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
6121:
1.1.1.2 misho 6122: * plugins/sudoers/Makefile.in:
6123: sudoreplay depends on timestr.lo too; from Mike Frysinger
6124: [b9e73214b2f1]
1.1 misho 6125:
6126: 2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
6127:
6128: * plugins/sudoers/po/sudoers.pot:
6129: Regen sudoers pot file.
1.1.1.2 misho 6130: [019588bafdb3]
1.1 misho 6131:
6132: * NEWS:
6133: Update with latest sudo 1.8.3 news
1.1.1.2 misho 6134: [6868042a88e9]
1.1 misho 6135:
1.1.1.2 misho 6136: * plugins/sudoers/sudoers.c:
6137: It appears that LDAP or NSS may modify the euid so we need to be
6138: root for the open(). We restore the old perms at the end of
6139: sudoers_policy_open().
6140: [2da67a5497ef]
1.1 misho 6141:
1.1.1.2 misho 6142: * plugins/sudoers/set_perms.c:
6143: Better warning message on setuid() failure for the setreuid()
1.1 misho 6144: version of set_perms().
1.1.1.2 misho 6145: [07abcfe7bd9a]
1.1 misho 6146:
6147: 2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
6148:
1.1.1.2 misho 6149: * plugins/sudoers/check.c:
6150: Delref auth_pw at the end of check_user() instead of getting a ref
1.1 misho 6151: twice.
1.1.1.2 misho 6152: [cb665f55e6a5]
1.1 misho 6153:
1.1.1.2 misho 6154: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c:
6155: Make sudo_auth_{init,cleanup} return TRUE on success and check for
1.1 misho 6156: sudo_auth_init() return value in check_user().
1.1.1.2 misho 6157: [92631c919356]
1.1 misho 6158:
1.1.1.2 misho 6159: * plugins/sudoers/auth/sudo_auth.c:
6160: Do not return without restoring permissions.
6161: [59ef40b6696a]
1.1 misho 6162:
6163: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
6164: regen pot files
1.1.1.2 misho 6165: [9f320a340b7c]
1.1 misho 6166:
1.1.1.2 misho 6167: * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
6168: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
6169: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6170: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
6171: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
6172: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
6173: plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
6174: plugins/sudoers/sudoers.h:
6175: Modify the authentication API such that the init and cleanup
1.1 misho 6176: functions are always called, regardless of whether or not we are
6177: going to verify a password. This is needed for proper PAM session
6178: support.
1.1.1.2 misho 6179: [19a53f3fb596]
1.1 misho 6180:
1.1.1.2 misho 6181: * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
6182: Add missing dependency for getspwuid.lo and regen other depends.
6183: [f7f70eae819a]
1.1 misho 6184:
1.1.1.2 misho 6185: * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
6186: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c:
6187: Fix a PAM_USER mismatch in session open/close. We update PAM_USER
1.1 misho 6188: to the target user immediately before setting resource limits, which
6189: is after the monitor process has forked (so it has the old value).
6190: Also, if the user did not authenticate, there is no pamh in the
6191: monitor so we need to init pam here too. This means we end up
6192: calling pam_start() twice, which should be fixed, but at least the
6193: session is always properly closed now.
1.1.1.2 misho 6194: [fbc063a2a872]
1.1 misho 6195:
1.1.1.2 misho 6196: * src/utmp.c:
6197: Add check for old being NULL in utmp_setid(); from Steven McDonald
6198: [e87126442f2e]
1.1 misho 6199:
6200: 2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
6201:
1.1.1.2 misho 6202: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
6203: plugins/sudoers/sudoers.h:
6204: If the invoking user cannot be resolved by uid fake the struct
1.1 misho 6205: passwd and store it in the cache so we can delref it on exit.
1.1.1.2 misho 6206: [a27e2f8b9f5e]
1.1 misho 6207:
6208: 2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
6209:
1.1.1.2 misho 6210: * plugins/sudoers/sudoers.c:
6211: Don't error out if the group plugin cannot be loaded, just warn.
6212: [0fbfcd381e33]
1.1 misho 6213:
6214: 2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
6215:
1.1.1.2 misho 6216: * plugins/sudoers/sudoers.c:
6217: Quiet a false positive found by several static analysis tools. These
1.1 misho 6218: tools don't know that log_error() does not return (it longjmps to
6219: error_jmp which returns to the sudo front-end).
1.1.1.2 misho 6220: [33d0469df21b]
1.1 misho 6221:
6222: 2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
6223:
1.1.1.2 misho 6224: * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo,
6225: plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
6226: plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po:
6227: Add Italian translation for sudo from translationproject.org Regen
1.1 misho 6228: .mo files
1.1.1.2 misho 6229: [c3c888a82be6]
1.1 misho 6230:
6231: 2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
6232:
1.1.1.2 misho 6233: * doc/TROUBLESHOOTING:
6234: Update to current reality and add bit about ssh auth
6235: [184a1e7c2eeb]
1.1 misho 6236:
1.1.1.2 misho 6237: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
6238: Make "verbose" static; fixes a namespace clash with
1.1 misho 6239: pam_ssh_agent_auth (and it doesn't need to be extern these days).
1.1.1.2 misho 6240: [cc38d2eb2f4c]
1.1 misho 6241:
1.1.1.2 misho 6242: * config.h.in, configure, configure.in, src/get_pty.c:
1.1 misho 6243: FreeBSD has libutil.h not util.h
1.1.1.2 misho 6244: [dab4c94b6d4f]
1.1 misho 6245:
6246: * configure, configure.in:
6247: Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
1.1.1.2 misho 6248: [41c362f0a92a]
1.1 misho 6249:
1.1.1.2 misho 6250: 2011-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 6251:
1.1.1.2 misho 6252: * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po,
6253: plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po,
6254: plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po:
6255: Update po files from translationproject.org
6256: [1e99e147c7fa]
1.1 misho 6257:
1.1.1.2 misho 6258: 2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 6259:
1.1.1.2 misho 6260: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
1.1 misho 6261: Add support for DEREF in ldap.conf.
1.1.1.2 misho 6262: [3c1937a98547]
1.1 misho 6263:
6264: * Makefile.in:
6265: install target should depend on ChangeLog too, not just install-doc
1.1.1.2 misho 6266: [1a7c83941175]
1.1 misho 6267:
1.1.1.2 misho 6268: * doc/sudoers.pod:
1.1 misho 6269: Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
1.1.1.2 misho 6270: [0eca47d60a2c]
1.1 misho 6271:
1.1.1.2 misho 6272: * NEWS:
6273: Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes.
6274: [0501415cc5ff]
6275:
6276: * doc/UPGRADE:
6277: Document group lookup change and possible side effects.
6278: [585743e1ebf7]
1.1 misho 6279:
6280: * configure, configure.in:
6281: Fix some square brackets in case statements that needed to be
6282: doubled up. While here, use $OSMAJOR when it makes sense.
1.1.1.2 misho 6283: [8973343f4696]
1.1 misho 6284:
1.1.1.2 misho 6285: * plugins/sudoers/pwutil.c:
6286: Fix a crash in make_grlist_item() on 64-bit machines with strict
1.1 misho 6287: alignment.
1.1.1.2 misho 6288: [c89508c73c46]
1.1 misho 6289:
1.1.1.2 misho 6290: * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
6291: Remove list_options() function that is no longer used now that "sudo
1.1 misho 6292: -L" is gone.
1.1.1.2 misho 6293: [fcc6a776c135]
1.1 misho 6294:
6295: * configure, configure.in:
6296: Error message if user tries --with-CC
1.1.1.2 misho 6297: [ec5b478f813a]
1.1 misho 6298:
6299: * configure, configure.in:
6300: Check for -libmldap too when looking for ldap libs, which is the
6301: Tivoli Directory Server client library.
1.1.1.2 misho 6302: [bb3007a97206]
1.1 misho 6303:
6304: 2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
6305:
1.1.1.2 misho 6306: * plugins/sudoers/parse.c:
6307: Honor NOPASSWD tag for denied commands too.
6308: [8dd92656db92]
6309:
6310: 2011-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 6311:
6312: * INSTALL, configure, configure.in:
6313: Remove --with-CC option; it doesn't work correctly now that we use
6314: libtool. Users can get the same effect by setting the CC
6315: environment variable when running configure.
1.1.1.2 misho 6316: [ec22bd1a55e0]
1.1 misho 6317:
6318: 2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
6319:
1.1.1.2 misho 6320: * config.h.in, configure, configure.in, plugins/sudoers/visudo.c,
6321: src/sudo_edit.c:
1.1 misho 6322: Assume all modern systems support fstat(2).
1.1.1.2 misho 6323: [6a5a8985f6a0]
1.1 misho 6324:
6325: 2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
6326:
1.1.1.2 misho 6327: * compat/regress/glob/globtest.c, config.h.in, configure,
6328: configure.in, include/missing.h, plugins/sudoers/sudoers.h,
6329: src/sudo.h, src/sudo_noexec.c:
1.1 misho 6330: Add configure test for missing errno declaration and only declare it
6331: ourselves if it is missing.
1.1.1.2 misho 6332: [456e76c809a2]
1.1 misho 6333:
1.1.1.2 misho 6334: * plugins/sudoers/alias.c:
6335: Include errno.h before sudo.h to avoid conflicting with the system
1.1 misho 6336: definition of errno.
1.1.1.2 misho 6337: [d0b97e392512]
1.1 misho 6338:
6339: 2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
6340:
1.1.1.2 misho 6341: * plugins/sudoers/regress/parser/check_addr.c:
6342: Only print individual check status when there is a failure.
6343: [2ac704c91441]
6344:
6345: * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
6346: plugins/sudoers/regress/logging/check_wrap.c,
6347: plugins/sudoers/regress/parser/check_addr.c:
6348: Add calls to setprogname() for test programs.
6349: [a8d9b420e826]
1.1 misho 6350:
6351: * configure, configure.in:
6352: Add -Wall and -Werror after all tests so they don't cause failures.
1.1.1.2 misho 6353: [2661188ff3fa]
1.1 misho 6354:
1.1.1.2 misho 6355: * plugins/sudoers/Makefile.in:
6356: Actually run check_addr in the check target
6357: [0b2778bc86bf]
1.1 misho 6358:
1.1.1.2 misho 6359: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
6360: plugins/sudoers/match_addr.c,
6361: plugins/sudoers/regress/parser/check_addr.c,
6362: plugins/sudoers/regress/parser/check_addr.in:
6363: Split out address matching into its own file and add regression
1.1 misho 6364: tests for it.
1.1.1.2 misho 6365: [12b9a2bf8dba]
1.1 misho 6366:
6367: 2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
6368:
1.1.1.2 misho 6369: * plugins/sudoers/match.c:
6370: When matching an address with a netmask in sudoers, AND the mask and
6371: addr before checking against the local addresses.
6372: [9747bb6d7b1c]
1.1 misho 6373:
6374: 2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
6375:
1.1.1.2 misho 6376: * plugins/sudoers/match.c:
6377: Fix netmask matching.
6378: [a3c8f8cc1464]
6379:
6380: * plugins/sudoers/visudo.c:
6381: Don't assume all editors support the +linenumber command line
1.1 misho 6382: argument, use a whitelist of known good editors.
1.1.1.2 misho 6383: [21d43a91fd10]
1.1 misho 6384:
6385: 2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
6386:
1.1.1.2 misho 6387: * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c,
6388: src/exec_pty.c, src/sudo.c:
6389: Silence compiler warnings on Solaris with gcc 3.4.3
6390: [da620bae6fdb]
1.1 misho 6391:
1.1.1.2 misho 6392: * mkpkg:
6393: Fix building on RHEL 3
6394: [f3227fb2a252]
1.1 misho 6395:
6396: * INSTALL, configure, configure.in:
6397: Add --enable-werror configure option.
1.1.1.2 misho 6398: [fec2cdb95543]
1.1 misho 6399:
1.1.1.2 misho 6400: * common/setgroups.c:
6401: setgroups() proto lives in grp.h on RHEL4, perhaps others.
6402: [de91c0de5a98]
1.1 misho 6403:
6404: * configure, configure.in:
6405: Use PAM by default on AIX 6 and higher.
1.1.1.2 misho 6406: [e16493208e5f]
1.1 misho 6407:
6408: 2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
6409:
1.1.1.2 misho 6410: * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
6411: src/po/eo.mo, src/po/eo.po:
6412: Add new Esperanto translation from translationproject.org
6413: [0d9a59e04c64]
1.1 misho 6414:
6415: 2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
6416:
1.1.1.2 misho 6417: * plugins/sudoers/iolog_path.c:
6418: Quiet an innocuous valgrind warning.
6419: [0582b6027161]
1.1 misho 6420:
6421: 2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
6422:
1.1.1.2 misho 6423: * plugins/sudoers/iolog_path.c,
6424: plugins/sudoers/regress/iolog_path/data:
6425: Fix expansion of strftime() escapes in log_dir and add a regress
1.1 misho 6426: test that exhibited the problem.
1.1.1.2 misho 6427: [a5c7c1c4c589]
1.1 misho 6428:
1.1.1.2 misho 6429: * plugins/sudoers/Makefile.in:
1.1 misho 6430: Fix "make check" return value.
1.1.1.2 misho 6431: [33b58e175230]
1.1 misho 6432:
6433: 2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
6434:
1.1.1.2 misho 6435: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1.1 misho 6436: Regen pot files
1.1.1.2 misho 6437: [063841aac19b]
1.1 misho 6438:
6439: * Makefile.in:
6440: Fix logic inversion in pot file up to date check.
1.1.1.2 misho 6441: [f6a8ca8654df]
1.1 misho 6442:
6443: 2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
6444:
6445: * configure, configure.in:
6446: Add caching for gettext() checks.
1.1.1.2 misho 6447: [01b7200f6105]
1.1 misho 6448:
6449: * configure, configure.in:
6450: Better handling of libintl header and library mismatch.
1.1.1.2 misho 6451: [9a49b1d4db69]
1.1 misho 6452:
6453: 2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
6454:
1.1.1.2 misho 6455: * plugins/sudoers/sudoers.c:
6456: Also check sudoers gid if sudoers is group writable.
6457: [23ef96ca0d33]
1.1 misho 6458:
6459: 2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
6460:
6461: * configure, configure.in:
6462: If dlopen is present but libtool doesn't find it, error out since it
6463: probably means that libtool doesn't support the system.
1.1.1.2 misho 6464: [a9da0a5f7941]
1.1 misho 6465:
1.1.1.2 misho 6466: * mkpkg:
6467: configure args on the command line should override builtin defaults.
1.1 misho 6468: Disable NLS for non-Linux/Solaris unless explicitly enabled.
1.1.1.2 misho 6469: [b2fb05614504]
1.1 misho 6470:
1.1.1.2 misho 6471: * plugins/sudoers/auth/aix_auth.c:
6472: Fix loop that calls authenticate(). If there was an error message
1.1 misho 6473: from authenticate(), display it.
1.1.1.2 misho 6474: [063a0c4f0b9a]
1.1 misho 6475:
6476: 2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
6477:
1.1.1.2 misho 6478: * m4/libtool.m4, m4/ltversion.m4:
1.1 misho 6479: Update to autoconf 2.68 and libtool 2.4
1.1.1.2 misho 6480: [5a912a6eb67b]
1.1 misho 6481:
1.1.1.2 misho 6482: * config.guess, config.sub, configure, configure.in, ltmain.sh:
6483: Update to autoconf 2.68 and libtool 2.4
6484: [931ab56aecf6]
6485:
6486: * doc/sudoers.pod:
6487: Fix typo; OPT should be OTP
6488: [e97bd2e46544]
1.1 misho 6489:
1.1.1.2 misho 6490: * plugins/sudoers/Makefile.in:
6491: Rename libsudoers convenience library to libparsesudoers to avoid
1.1 misho 6492: libtool confusion.
1.1.1.2 misho 6493: [2a89a613f537]
1.1 misho 6494:
6495: 2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
6496:
1.1.1.2 misho 6497: * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
6498: Add Danish sudoers translation from translationproject.org
6499: [27b96e85eb13]
1.1 misho 6500:
1.1.1.2 misho 6501: * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
6502: Add dedicated callback function for runas_default sudoers setting
1.1 misho 6503: that only sets runas_pw if no runas user or group was specified by
6504: the user.
1.1.1.2 misho 6505: [b8382d8eea34]
1.1 misho 6506:
6507: 2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
6508:
1.1.1.2 misho 6509: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
6510: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
6511: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo,
6512: src/po/ru.po:
6513: Update Finish, Polish, Russian and Ukrainian translations from
1.1 misho 6514: translationproject.org.
1.1.1.2 misho 6515: [f9339aff664e]
1.1 misho 6516:
1.1.1.2 misho 6517: * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c,
6518: plugins/sudoers/testsudoers.c:
1.1 misho 6519: Go back to using a callback for runas_default to keep runas_pw in
6520: sync. This is needed to make per-entry runas_default settings work
6521: with LDAP-based sudoers. Instead of declaring it a callback in
6522: def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
6523: bit naughty, but avoids requiring stub functions in visudo and the
6524: tests.
1.1.1.2 misho 6525: [9aaefb908415]
1.1 misho 6526:
6527: 2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
6528:
6529: * Makefile.in:
6530: Add check for out of date message catalogs when doing "make dist".
1.1.1.2 misho 6531: [e45a29b612f4]
1.1 misho 6532:
6533: 2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
6534:
1.1.1.2 misho 6535: * configure:
6536: regen
6537: [d6f9ad26774a]
6538:
6539: * configure.in:
1.1 misho 6540: Make sure compiler supports static-libgcc before using it.
1.1.1.2 misho 6541: [b01bd9566e50]
1.1 misho 6542:
6543: 2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
6544:
1.1.1.2 misho 6545: * src/Makefile.in:
6546: Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
6547: [c99c7ab3edef]
1.1 misho 6548:
6549: 2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
6550:
1.1.1.2 misho 6551: * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
6552: plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo,
6553: plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po,
6554: src/po/zh_CN.mo:
6555: Add new Russian sudo translation from translationproject.org and
1.1 misho 6556: rebuild the other translation files.
1.1.1.2 misho 6557: [e20015459056]
1.1 misho 6558:
6559: 2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
6560:
1.1.1.2 misho 6561: * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po:
6562: Update Finish and Polish translations from translationproject.org
6563: [4e3dbba4a1de]
1.1 misho 6564:
1.1.1.2 misho 6565: * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:
6566: Go back to escaping the command args for "sudo -i" and "sudo -s"
1.1 misho 6567: before calling the plugin. Otherwise, spaces in the command args
6568: are not treated properly. The sudoers plugin will unescape non-
6569: spaces to make matching easier.
1.1.1.2 misho 6570: [dfa2c4636f33]
1.1 misho 6571:
6572: 2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
6573:
1.1.1.2 misho 6574: * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c,
6575: plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
6576: plugins/sudoers/set_perms.c, plugins/sudoers/toke.c,
6577: plugins/sudoers/toke.l:
6578: Fix some potential problems found by the clang static analyzer, none
1.1 misho 6579: serious.
1.1.1.2 misho 6580: [ff64aa74aae6]
1.1 misho 6581:
1.1.1.2 misho 6582: * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po,
6583: src/po/zh_CN.po:
6584: Updated Ukranian and Chinese (simplified) po files from
1.1 misho 6585: translationproject.org
1.1.1.2 misho 6586: [ec792becb48e]
1.1 misho 6587:
6588: 2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
6589:
1.1.1.2 misho 6590: * plugins/sudoers/po/pl.po:
6591: Updated Polish translation from translationproject.org
6592: [a3af53cb649c]
1.1 misho 6593:
6594: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
6595: Rebuild pot files
1.1.1.2 misho 6596: [c650524c0f0a]
1.1 misho 6597:
1.1.1.2 misho 6598: * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c:
6599: Don't try to audit failure if the runas user does not exist. We
1.1 misho 6600: don't have the user's command at this point so there is nothing to
6601: audit. Add a NULL check in audit_success() and audit_failure() just
6602: to be on the safe side.
1.1.1.2 misho 6603: [2a0007c2022f]
1.1 misho 6604:
1.1.1.2 misho 6605: * mkpkg:
6606: Add -g to CFLAG for PIE builds.
6607: [32a0a9693c9c]
1.1 misho 6608:
6609: 2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
6610:
1.1.1.2 misho 6611: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
6612: plugins/sudoers/sudoers.h, src/sudo.c:
6613: Remove fallback to per-group lookup when matching groups in sudoers.
1.1 misho 6614: The sudo front-end will now use getgrouplist() to get the user's
6615: list of groups if getgroups() fails or returns zero groups so we
6616: always have a list of the user's groups. For systems with
6617: mbr_check_membership() which support more that NGROUPS_MAX groups
6618: (Mac OS X), skip the call to getgroups() and use getgrouplist() so
6619: we get all the groups.
1.1.1.2 misho 6620: [51b3ed8c600b]
1.1 misho 6621:
6622: 2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
6623:
1.1.1.2 misho 6624: * common/setgroups.c:
6625: Fix setgroups() fallback code on EINVAL.
6626: [2b6faecd56a4]
1.1 misho 6627:
1.1.1.2 misho 6628: * plugins/sudoers/set_perms.c:
6629: Fix two PERM_INITIAL cases that were still using user_gids.
6630: [9680bab0acc6]
1.1 misho 6631:
1.1.1.2 misho 6632: * MANIFEST:
6633: Add Polish sudo message catalog
6634: [8bb40c3ba576]
1.1 misho 6635:
1.1.1.2 misho 6636: * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
6637: user_group is no longer used, remove it
6638: [9acede0fe6c5]
1.1 misho 6639:
1.1.1.2 misho 6640: 2011-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 6641:
1.1.1.2 misho 6642: * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po:
6643: Add Polish translation from translationproject.org
6644: [afac5c638573]
1.1 misho 6645:
1.1.1.2 misho 6646: * MANIFEST, common/Makefile.in, common/setgroups.c,
6647: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c,
6648: src/sudo.h, src/sudo_edit.c:
6649: Add a wrapper for setgroups() that trims off extra groups and
1.1 misho 6650: retries if setgroups() fails. Also add some missing addrefs for
6651: PERM_USER and PERM_FULL_USER.
1.1.1.2 misho 6652: [224dfd8aae5c]
1.1 misho 6653:
1.1.1.2 misho 6654: * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in,
6655: configure, configure.in, include/missing.h, mkdep.pl,
6656: plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
6657: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
6658: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c:
1.1 misho 6659: Instead of keeping separate groups and gids arrays, create struct
6660: group_info and use it to store both, along with a count for each.
6661: Cache group info on a per-user basis using getgrouplist() to get the
6662: groups. We no longer need special to special case the user or list
6663: user for user_in_group() and thus no longer need to reset the groups
6664: list when listing another user.
1.1.1.2 misho 6665: [0ad849a8b2d5]
6666:
6667: * src/preload.c:
6668: Don't rely on NULL since we don't include a header for it.
6669: [b40937f1890c]
1.1 misho 6670:
1.1.1.2 misho 6671: 2011-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 6672:
1.1.1.2 misho 6673: * doc/sudoers.pod:
6674: Fix typo
6675: [c1035360e169]
1.1 misho 6676:
1.1.1.2 misho 6677: 2011-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
6678:
6679: * plugins/sudoers/sudoers.c:
6680: Do not shadow global sudo_mode with a local variable in set_cmnd()
6681: [0c72969503ad]
1.1 misho 6682:
6683: 2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
6684:
1.1.1.2 misho 6685: * plugins/sudoers/sudoers.c:
6686: bash 2.x doesd not support the -l flag and exits with an error if it
1.1 misho 6687: is specified so use --login instead. This causes an error with bash
6688: 1.x (which uses -login instead) but this version is hopefully less
6689: used than 2.x.
1.1.1.2 misho 6690: [5c4c296e30e6]
1.1 misho 6691:
1.1.1.2 misho 6692: * src/po/pl.mo, src/po/pl.po:
6693: Add Polish translation from translationproject.org
6694: [48592dd6edcf]
1.1 misho 6695:
6696: 2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
6697:
1.1.1.2 misho 6698: * plugins/sudoers/set_perms.c:
6699: Make error strings translatable.
6700: [414c5c484768]
1.1 misho 6701:
1.1.1.2 misho 6702: * mkpkg:
6703: Only run configure with --with-pam-login for RHEL 5 and above.
6704: [6c16e4de4026]
1.1 misho 6705:
1.1.1.2 misho 6706: * sudo.pp:
6707: Fix typo in summary
6708: [9ac618c9a749]
1.1 misho 6709:
6710: 2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
6711:
1.1.1.2 misho 6712: * plugins/sudoers/logwrap.c:
6713: Add missing logwrap.c
6714: [c12a413ecc1d]
6715:
6716: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
6717: plugins/sudoers/logging.h,
6718: plugins/sudoers/regress/logging/check_wrap.c,
6719: plugins/sudoers/regress/logging/check_wrap.in,
6720: plugins/sudoers/regress/logging/check_wrap.out.ok:
6721: Split out log file word wrap code into its own file and add unit
1.1 misho 6722: tests. Fixes an off-by one in the word wrap when the log line
6723: length matches loglinelen.
1.1.1.2 misho 6724: [52ed277f6690]
1.1 misho 6725:
6726: 2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
6727:
1.1.1.2 misho 6728: * mkpkg:
6729: For SuSE, only use /usr/lib64 as libexec if generating 64-bit
1.1 misho 6730: binaries.
1.1.1.2 misho 6731: [645ab903cf77]
1.1 misho 6732:
1.1.1.2 misho 6733: * src/load_plugins.c, src/sudo.c:
6734: Fix build error when --without-noexec configure option is used.
6735: [b994f7b0d8b4]
1.1 misho 6736:
6737: * configure, configure.in:
6738: Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX
6739: 5.3 and above.
1.1.1.2 misho 6740: [c2a6f9b472f3]
1.1 misho 6741:
6742: 2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
6743:
1.1.1.2 misho 6744: * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
6745: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
6746: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
6747: Resolve the list of gids passed in from the sudo frontend (the
1.1 misho 6748: result of getgroups()) to names and store both the group names and
6749: ids in the sudo_user struct. When matching groups in the sudoers
6750: file, match based on the names in the groups list first and only do
6751: a gid-based match when we absolutely have to. By matching on the
6752: group name (as it is listed in sudoers) instead of id (which we
6753: would have to resolve) we save a lot of group lookups for sudoers
6754: files with a lot of groups in them.
1.1.1.2 misho 6755: [8dc19353f148]
1.1 misho 6756:
6757: 2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
6758:
1.1.1.2 misho 6759: * plugins/sudoers/sudoers.c:
6760: Workaround for "sudo -i command" and newer versions of bash which
1.1 misho 6761: don't go into login mode when -c is specified unless -l is too.
1.1.1.2 misho 6762: [9393762b80f3]
1.1 misho 6763:
6764: 2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
6765:
1.1.1.2 misho 6766: * plugins/sudoers/logging.c:
6767: Rewrite logfile word wrapping code to be more straight-forward and
1.1 misho 6768: actually wrap at the correct place.
1.1.1.2 misho 6769: [f712a0c90f55]
1.1 misho 6770:
6771: 2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
6772:
1.1.1.2 misho 6773: * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c:
6774: Set use_pty=true in command details when use_pty is set in sudoers.
1.1 misho 6775: From Ludwig Nussel
1.1.1.2 misho 6776: [8d95a163dfc1]
1.1 misho 6777:
6778: 2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
6779:
1.1.1.2 misho 6780: * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
6781: src/po/zh_CN.mo, src/po/zh_CN.po:
6782: Sync Chinese (simplified) PO files from translationproject.org
6783: [acce8eb7be18]
1.1 misho 6784:
6785: 2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
6786:
1.1.1.2 misho 6787: * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
6788: plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo:
6789: Add Danish translation from translationproject.org and add missing
1.1 misho 6790: Basque mo files.
1.1.1.2 misho 6791: [0c22bb21b9c4]
1.1 misho 6792:
6793: * Makefile.in, configure, configure.in:
6794: No longer need to specify LINGUAS in configure, "make install-nls"
6795: now just installs all the .mo files it finds.
1.1.1.2 misho 6796: [fcd45cf04885]
1.1 misho 6797:
6798: 2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
6799:
1.1.1.2 misho 6800: * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod:
6801: Build CONTRIBUTORS from newly-added contributors.pod
6802: [8b192f2720f4]
6803:
6804: * doc/CONTRIBUTORS:
6805: Rework the wording in the leading paragraph
6806: [312044145cdd]
1.1 misho 6807:
1.1.1.2 misho 6808: 2011-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 6809:
1.1.1.2 misho 6810: * MANIFEST, doc/CONTRIBUTORS:
6811: Add a CONTRIBUTORS file with the names of folks who have contributed
1.1 misho 6812: code or patches to sudo since I started maintaining it (plus the
6813: original authors).
1.1.1.2 misho 6814: [b8bdd8b59528]
1.1 misho 6815:
6816: 2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
6817:
1.1.1.2 misho 6818: * plugins/sudoers/env.c:
6819: Preserve SHELL variable for "sudo -s". Otherwise we can end up with
1.1 misho 6820: a situation where the SHELL variable and the actual shell being run
6821: do not match.
1.1.1.2 misho 6822: [b8b3974aee3e]
1.1 misho 6823:
6824: 2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
6825:
6826: * configure, configure.in:
6827: Only enable Solaris project support when setproject() is present in
6828: libproject.
1.1.1.2 misho 6829: [49ad7857ab89]
1.1 misho 6830:
1.1.1.2 misho 6831: * sudo.pp:
6832: Explicitly set mode and owner of /etc/sudoers instead of relying on
1.1 misho 6833: "cp -p" to work in the postinstall script. On AIX 6.1 at least the
6834: postinstall script runs before the final file permissions are set.
1.1.1.2 misho 6835: [e41ffc0212b2]
6836:
6837: 2011-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 6838:
1.1.1.2 misho 6839: * doc/sudo.pod, doc/sudoers.pod:
6840: Refer the user to the "Command Environment" section in description
1.1 misho 6841: of sudo's -i option.
1.1.1.2 misho 6842: [263cc3be7eef]
6843:
6844: * doc/sudo.pod:
6845: Fix typo
6846: [35dfac450f4d]
1.1 misho 6847:
1.1.1.2 misho 6848: 2011-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 6849:
1.1.1.2 misho 6850: * mkdep.pl:
6851: If there is no old dependency for an object file, use the MANIFEST
1.1 misho 6852: to find its source.
1.1.1.2 misho 6853: [d15e3b9899f9]
1.1 misho 6854:
1.1.1.2 misho 6855: * compat/Makefile.in:
6856: Remove dependency for getgrouplist.lo as we don't ship that source
1.1 misho 6857: file.
1.1.1.2 misho 6858: [312a6d5fe6b0]
1.1 misho 6859:
1.1.1.2 misho 6860: 2011-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
6861:
6862: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
6863: Do not declare yyparse() static as the actual function generated by
1.1 misho 6864: yacc is extern.
1.1.1.2 misho 6865: [9017b79dcf55]
6866:
6867: 2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 6868:
6869: * Makefile.in:
6870: Remove locale files in "make uninstall"
1.1.1.2 misho 6871: [201ff261ecbe]
1.1 misho 6872:
1.1.1.2 misho 6873: * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
6874: plugins/sudoers/po/uk.po, src/po/eu.po:
1.1 misho 6875: Add Basque translation and sync Finish and Ukranian translations.
1.1.1.2 misho 6876: [66d2c78c8a13]
1.1 misho 6877:
6878: * configure, configure.in:
6879: FreeBSD no longer needs the main sudo binary to link with -lpam now
6880: that plug-ins are loaded with RTLD_GLOBAL.
1.1.1.2 misho 6881: [96c710df2457]
1.1 misho 6882:
1.1.1.2 misho 6883: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
6884: Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
1.1 misho 6885: problems with pam modules not having access to symbols provided by
6886: libpam on some platforms. Affects FreeBSD and SLES 10 at least.
1.1.1.2 misho 6887: [0d016983ec84]
1.1 misho 6888:
6889: * Makefile.in:
6890: Move xgettext invocation out of update-po target into update-pot
1.1.1.2 misho 6891: [19a73c6d017c]
1.1 misho 6892:
6893: 2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
6894:
6895: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
6896: Regenerate .pot files for 1.8.2rc2
1.1.1.2 misho 6897: [c3037f591dd8]
1.1 misho 6898:
1.1.1.2 misho 6899: * Makefile.in, common/Makefile.in, compat/Makefile.in,
6900: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
6901: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6902: src/Makefile.in, zlib/Makefile.in:
1.1 misho 6903: Move nls targets to the top level Makefile so the paths in the pot
6904: file are saner
1.1.1.2 misho 6905: [65b9285cd8d9]
1.1 misho 6906:
1.1.1.2 misho 6907: * src/po/fi.mo:
6908: Add compiled version of sudo Finish translation
6909: [8f2405384ea3]
1.1 misho 6910:
1.1.1.2 misho 6911: * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo:
6912: Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
1.1 misho 6913: files
1.1.1.2 misho 6914: [a165e70fa9ec]
1.1 misho 6915:
1.1.1.2 misho 6916: * configure, configure.in, plugins/sudoers/po/fi.po:
1.1 misho 6917: Add Finish translation from translationproject.org
1.1.1.2 misho 6918: [4466f8a96ceb]
6919:
6920: 2011-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
6921:
6922: * doc/sudoers.pod:
6923: The group named by exempt_group should not have a % prefix.
6924: [df084d6b32c8]
6925:
6926: 2011-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 6927:
1.1.1.2 misho 6928: * doc/sudoers.pod:
6929: Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
6930: [5113699a3f8b]
1.1 misho 6931:
1.1.1.2 misho 6932: 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 6933:
1.1.1.2 misho 6934: * src/exec.c, src/exec_pty.c:
6935: Fix compressed io log corruption in background mode by using _exit()
1.1 misho 6936: instead of exit() to avoid flushing buffers twice.
6937:
6938: Improved background mode support. When not allocating a pty, the
6939: command is run in its own process group. This prevents write access
6940: to the tty. When running in a pty, stdin is not hooked up and we
6941: never read from /dev/tty, which results in similar behavior.
1.1.1.2 misho 6942: [87c15149894c]
1.1 misho 6943:
1.1.1.2 misho 6944: * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
6945: Clean up regress files Generate proper dependencies for regress objs
1.1 misho 6946: in compat
1.1.1.2 misho 6947: [88bfc728c1e7]
1.1 misho 6948:
1.1.1.2 misho 6949: * plugins/sudoers/Makefile.in:
6950: Add missing dependency for check_fill.o.
6951: [0bd6362e3e17]
1.1 misho 6952:
1.1.1.2 misho 6953: 2011-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 6954:
6955: * INSTALL, configure, configure.in:
6956: Add support for --enable-nls[=location]
1.1.1.2 misho 6957: [b90db44a050f]
1.1 misho 6958:
6959: 2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
6960:
1.1.1.2 misho 6961: * plugins/sudoers/linux_audit.c:
6962: Include gettext.h
6963: [7f909a6e48cb]
1.1 misho 6964:
1.1.1.2 misho 6965: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
6966: Quiet gcc warnings.
6967: [b41a6cdca583]
1.1 misho 6968:
6969: * configure, configure.in:
6970: Don't install .mo files if gettext was not found.
1.1.1.2 misho 6971: [1397b34cc165]
1.1 misho 6972:
6973: 2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
6974:
1.1.1.2 misho 6975: * src/exec.c:
6976: Always allocate a pty when running a command in the background but
1.1 misho 6977: call setsid() after forking to make sure we don't end up with a
6978: controlling tty.
1.1.1.2 misho 6979: [b6454ba172e8]
1.1 misho 6980:
1.1.1.2 misho 6981: * plugins/sudoers/iolog.c:
6982: Add missing space between command name and the first command line
1.1 misho 6983: argument.
1.1.1.2 misho 6984: [fe217f0a36d4]
1.1 misho 6985:
1.1.1.2 misho 6986: * plugins/sudoers/sudoreplay.c:
6987: Quiet a compiler warning on some platforms.
6988: [de9f2849f236]
1.1 misho 6989:
1.1.1.2 misho 6990: * plugins/sudoers/po/README, src/po/README:
6991: README file that directs people to translationproject.org
6992: [30c0fc323281]
6993:
6994: * plugins/sudoers/po/uk.po, src/po/fi.po:
6995: Sync translations with TP
6996: [1d7d64559cba]
1.1 misho 6997:
6998: * Makefile.in:
6999: Add 'sync-po' target to top-level Makefile to rsync the po files
7000: from translationproject.org.
1.1.1.2 misho 7001: [20508211aaa3]
1.1 misho 7002:
1.1.1.2 misho 7003: * plugins/sudoers/Makefile.in:
7004: install nls files from install target
7005: [5fc07b6cab38]
1.1 misho 7006:
1.1.1.2 misho 7007: * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp:
1.1 misho 7008: Include .mo files in sudo binary packags.
1.1.1.2 misho 7009: [278d4821a916]
1.1 misho 7010:
1.1.1.2 misho 7011: * configure, configure.in, plugins/sudoers/po/zh_CN.mo,
7012: plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po:
1.1 misho 7013: Add simplified chinese translation
1.1.1.2 misho 7014: [2b33ffc755b9]
1.1 misho 7015:
7016: 2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
7017:
1.1.1.2 misho 7018: * configure, configure.in, plugins/sudoers/po/uk.mo,
7019: plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po:
1.1 misho 7020: Add ukranian translation
1.1.1.2 misho 7021: [2d8102688e93]
1.1 misho 7022:
1.1.1.2 misho 7023: * compat/Makefile.in:
7024: refer to siglist.c, not ./siglist.c since not all makes will treat
1.1 misho 7025: foo and ./foo the same.
1.1.1.2 misho 7026: [6639d293ffba]
1.1 misho 7027:
1.1.1.2 misho 7028: * plugins/sudoers/sudoers.c:
7029: Set def_preserve_groups before searching for the command when the -P
1.1 misho 7030: flag is specified.
1.1.1.2 misho 7031: [0edc7942f875]
1.1 misho 7032:
1.1.1.2 misho 7033: * Makefile.in, compat/Makefile.in, mkdep.pl,
7034: plugins/sudoers/Makefile.in:
1.1 misho 7035: Add dependency for siglist.lo in compat. This is a generated file
7036: so "make depend" needs to depend on it.
1.1.1.2 misho 7037: [28d0932f8b50]
1.1 misho 7038:
1.1.1.2 misho 7039: * compat/Makefile.in:
7040: More dependency fixes.
7041: [aad0d05cd020]
1.1 misho 7042:
1.1.1.2 misho 7043: * compat/Makefile.in:
7044: Fix a few dependencies.
7045: [eb21aa35a032]
1.1 misho 7046:
1.1.1.2 misho 7047: * plugins/sudoers/Makefile.in, src/Makefile.in:
7048: Place compiled mo files in the src dir, not the build dir. When
1.1 misho 7049: installing compiled mo files, display a status message.
1.1.1.2 misho 7050: [e15634c29cd3]
1.1 misho 7051:
7052: 2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
7053:
1.1.1.2 misho 7054: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
7055: Tivoli Directory Server requires that seconds be present in a
1.1 misho 7056: timestamp, even though RFC 4517 states that they are optional.
1.1.1.2 misho 7057: [55fe23dd4ef9]
1.1 misho 7058:
1.1.1.2 misho 7059: * plugins/sudoers/sudo_nss.h:
7060: Add missing bit of copyright
7061: [d2eba3c364ca]
7062:
7063: * doc/visudo.pod:
7064: Mention cycle detection warnings
7065: [a76bef15ab67]
1.1 misho 7066:
1.1.1.2 misho 7067: * plugins/sudoers/visudo.c:
7068: When checking aliases, also check the contents of the alias in case
1.1 misho 7069: there are problems with an alias that is referenced inside another.
7070: Replace the self reference check with real alias cycle detection.
1.1.1.2 misho 7071: [a66c904cf53b]
1.1 misho 7072:
1.1.1.2 misho 7073: * plugins/sudoers/alias.c:
7074: Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
1.1 misho 7075: ENOENT in alias_find() and alias_remove() if the entry could not be
7076: found.
1.1.1.2 misho 7077: [b4f0b89e433c]
1.1 misho 7078:
1.1.1.2 misho 7079: * plugins/sudoers/visudo.c:
7080: Increment alias_seqno before calls to alias_remove_recursive() to
1.1 misho 7081: avoid false positives with the alias loop detection. Fixes spurious
7082: warnings about unused aliases when they are nested.
1.1.1.2 misho 7083: [a344483b8193]
1.1 misho 7084:
1.1.1.2 misho 7085: * MANIFEST:
7086: add mkdep.pl
7087: [86b7ed33eab2]
1.1 misho 7088:
1.1.1.2 misho 7089: * plugins/sudoers/Makefile.in:
7090: Add dependency on convenience libs to binaries
7091: [cd3078b3c997]
1.1 misho 7092:
7093: * Makefile.in:
7094: mkdep.pl only works when run from the src dir
1.1.1.2 misho 7095: [f35a5e47c944]
1.1 misho 7096:
1.1.1.2 misho 7097: * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl,
7098: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
7099: plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
1.1 misho 7100: Auto-generate Makefile dependencies with a perl script.
1.1.1.2 misho 7101: [a3e4afcd7975]
1.1 misho 7102:
7103: 2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
7104:
1.1.1.2 misho 7105: * plugins/sudoers/match.c:
7106: If the user specifies a runas group via sudo's -g option that
1.1 misho 7107: matches the runas user's group in the passwd database and that group
7108: is not denied in the Runas_Spec, allow it. Thus, if user root's gid
7109: in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
7110: no groups are present in the Runas_Spec.
1.1.1.2 misho 7111: [e3f9732dc564]
1.1 misho 7112:
7113: 2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
7114:
1.1.1.2 misho 7115: * plugins/sudoers/Makefile.in, src/Makefile.in:
7116: Add dependencies on gettext.h
7117: [a3a9dc51f78b]
1.1 misho 7118:
1.1.1.2 misho 7119: * plugins/sudoers/Makefile.in, src/Makefile.in:
7120: Fix install-nls target with HP-UX sh when gettext is not present.
7121: [0c6b9655cd41]
1.1 misho 7122:
7123: 2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
7124:
1.1.1.2 misho 7125: * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot,
7126: src/Makefile.in, src/po/sudo.pot:
1.1 misho 7127: regenerate .pot files for lbuf changes
1.1.1.2 misho 7128: [918ded125a0b]
1.1 misho 7129:
7130: * configure, configure.in:
7131: Add missing "checking" message for gettext when using the cache.
1.1.1.2 misho 7132: [9c21187ad1d2]
1.1 misho 7133:
1.1.1.2 misho 7134: * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c,
7135: plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c,
7136: src/parse_args.c:
7137: Add primitive format string support to the lbuf code to make
1.1 misho 7138: translations simpler.
1.1.1.2 misho 7139: [ee71c7ef5299]
1.1 misho 7140:
1.1.1.2 misho 7141: * MANIFEST, plugins/sudoers/Makefile.in,
7142: plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot:
7143: Add message catalog template files for sudo and the sudoers module.
7144: [f3f8acb1f014]
7145:
7146: * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c,
7147: config.h.in, configure.in, doc/Makefile.in, include/gettext.h,
7148: plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
7149: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
7150: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
7151: src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h:
1.1 misho 7152: Add gettext.h convenience header. This is similar to but distinct
7153: from the one included with the gettext package.
1.1.1.2 misho 7154: [930a0591f73c]
7155:
7156: 2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 7157:
7158: * configure, configure.in:
7159: Add checks for nroff -c and -Tascii flags
1.1.1.2 misho 7160: [19ca990b3149]
1.1 misho 7161:
7162: * configure, configure.in:
7163: Add check for HP bundled C Compiler (which cannot create shared
7164: libs)
1.1.1.2 misho 7165: [517716a7072d]
1.1 misho 7166:
1.1.1.2 misho 7167: * plugins/sudoers/sudoreplay.c:
7168: Fix C format warnings.
7169: [6514326013fa]
1.1 misho 7170:
1.1.1.2 misho 7171: * include/error.h:
7172: Add __printflike
7173: [e1749a30a406]
1.1 misho 7174:
1.1.1.2 misho 7175: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
7176: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c,
7177: plugins/sudoers/visudo.c, src/parse_args.c:
7178: Translate help / usage strings.
7179: [ee1cc9b1a8bd]
1.1 misho 7180:
1.1.1.2 misho 7181: * plugins/sudoers/Makefile.in, src/Makefile.in:
7182: Set --msgid-bugs-address to the bugzilla url
7183: [5a0aa250ca21]
1.1 misho 7184:
1.1.1.2 misho 7185: * Makefile.in, common/Makefile.in, compat/Makefile.in, configure,
7186: configure.in, doc/Makefile.in, include/Makefile.in,
7187: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
7188: plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
1.1 misho 7189: Add scaffolding to update .po files and install .mo files.
1.1.1.2 misho 7190: [f05f4eed1fe1]
1.1 misho 7191:
1.1.1.2 misho 7192: * doc/license.pod:
7193: update copyright year
7194: [fa0c62523875]
1.1 misho 7195:
1.1.1.2 misho 7196: * INSTALL, README:
7197: No need to include version number at the top of these files.
7198: [9f2981325351]
7199:
7200: 2011-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
7201:
7202: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c,
7203: plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
7204: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
7205: plugins/sudoers/visudo.c:
7206: Minor warning/error cleanup
7207: [9236dc85aeab]
7208:
7209: * config.h.in, configure.in:
1.1 misho 7210: Emulate ngettext for the non-nls case
1.1.1.2 misho 7211: [13571d63fa36]
7212:
7213: * plugins/sudoers/ldap.c:
7214: Do not mark untranslatable strings for translation
7215: [735f5d4413fe]
1.1 misho 7216:
1.1.1.2 misho 7217: * plugins/sudoers/check.c:
7218: Use ROOT_UID not 0.
7219: [09a268db8da4]
1.1 misho 7220:
1.1.1.2 misho 7221: * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
7222: plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c,
7223: src/load_plugins.c, src/sudo.c, src/sudo_edit.c:
7224: Minor warning/error message cleanup
7225: [3c7b1a7939b5]
1.1 misho 7226:
1.1.1.2 misho 7227: * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c,
7228: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
7229: plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
7230: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c,
7231: src/exec_pty.c, src/net_ifs.c, src/selinux.c:
7232: cannot -> "unable to" in warning/error messages
7233: [31c3897649e9]
1.1 misho 7234:
1.1.1.2 misho 7235: * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c,
7236: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
7237: plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c,
7238: src/sudo.c, src/utmp.c:
7239: can't -> "unable to" in warning/error messages
7240: [127b75f15291]
1.1 misho 7241:
7242: * configure, configure.in:
7243: FreeBSD needs the main sudo executable to link with -lpam when
7244: loading dynaic pam modules for some reason.
1.1.1.2 misho 7245: [944522cc9bef]
1.1 misho 7246:
1.1.1.2 misho 7247: 2011-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 7248:
1.1.1.2 misho 7249: * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c:
7250: We don't want to translate debugging messages.
7251: [56a1a365815a]
7252:
7253: * configure, configure.in, plugins/sudoers/Makefile.in,
7254: plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
7255: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
7256: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
7257: src/Makefile.in, src/sesh.c, src/sudo.c:
1.1 misho 7258: Add calls to bindtextdomain() and textdomain() Currently there are
7259: two domains, one for the sudo front-end and one for the sudoers
7260: plugin and its associated utilities.
1.1.1.2 misho 7261: [0426138f789e]
1.1 misho 7262:
7263: * configure, configure.in:
7264: Fix caching of libc gettext check.
1.1.1.2 misho 7265: [942142d2c43a]
1.1 misho 7266:
1.1.1.2 misho 7267: * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c,
7268: plugins/sudoers/mkdefaults:
7269: Mark defaults descriptions for translation
7270: [5b27f018e6cf]
1.1 misho 7271:
7272: * NEWS:
7273: Update for sudo 1.8.1p2
1.1.1.2 misho 7274: [747c4dee2ca7]
1.1 misho 7275:
1.1.1.2 misho 7276: 2011-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
7277:
7278: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7279: Quiet compiler warning when SELinux is enabled.
7280: [1fbf77dda240]
1.1 misho 7281:
1.1.1.2 misho 7282: * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
7283: src/error.c, src/net_ifs.c, src/sesh.c:
7284: Add missing includes of libintl.h.
7285: [bc1d66316082]
1.1 misho 7286:
1.1.1.2 misho 7287: * plugins/sudoers/auth/pam.c:
7288: Fix gettext marker.
7289: [a5cf4ed66c66]
1.1 misho 7290:
1.1.1.2 misho 7291: * common/aix.c, common/alloc.c, compat/strsignal.c,
7292: plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h:
7293: Include libint.h where needed.
7294: [2b0e5a663c7b]
7295:
7296: * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c,
7297: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
7298: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c,
7299: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
7300: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
7301: plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
7302: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
7303: plugins/sudoers/find_path.c, plugins/sudoers/gram.c,
7304: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
7305: plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
7306: plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
7307: plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
7308: plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c,
7309: plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
7310: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
7311: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
7312: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
7313: plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
7314: Prepare sudoers module messages for translation.
7315: [7212ae1909c5]
1.1 misho 7316:
1.1.1.2 misho 7317: * plugins/sudoers/sudoers.c:
7318: Only check gid of sudoers file if it is group-readable.
7319: [50e3bc0cb242]
1.1 misho 7320:
1.1.1.2 misho 7321: * plugins/sudoers/auth/aix_auth.c:
7322: For AIX, keep calling authenticate() until reenter reaches 0.
7323: [e240815b74b1]
1.1 misho 7324:
1.1.1.2 misho 7325: 2011-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 7326:
7327: * configure, configure.in:
7328: Cache the status of the initial gettext() check.
1.1.1.2 misho 7329: [32751ebe1704]
1.1 misho 7330:
7331: * INSTALL, configure, configure.in:
7332: Add --disable-nls flag and improve checks for gettext.
1.1.1.2 misho 7333: [c7e6b17052de]
1.1 misho 7334:
7335: * configure, configure.in:
7336: When building with gcc on HP-UX, use -march=1.1 to produce portable
7337: binaries on a pa-risc2 host. Previously, the +Dportable option was
7338: used for the HP-UX C compiler but gcc always produced native
7339: binaries.
1.1.1.2 misho 7340: [8f4c749324d7]
1.1 misho 7341:
1.1.1.2 misho 7342: 2011-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 7343:
1.1.1.2 misho 7344: * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c,
7345: src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c,
7346: src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c,
7347: src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
7348: Prepare sudo front end messages for translation.
7349: [2fc2fabceccb]
1.1 misho 7350:
7351: 2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
7352:
1.1.1.2 misho 7353: * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c:
7354: Add initial scaffolding to support localization via gettext()
7355: [7d47b59fcf95]
7356:
7357: * compat/fnmatch.h, compat/glob.h:
7358: Don't let the fnmatch/glob macros expand the function prototype.
7359: [a9014aa0288e]
1.1 misho 7360:
7361: 2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
7362:
1.1.1.2 misho 7363: * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h:
7364: Resolve namespace collisions on HP-UX ia64 and possibly others by
1.1 misho 7365: adding a rpl_ prefix to our fnmatch and glob replacements and
7366: #defining rpl_foo to foo in the header files.
1.1.1.2 misho 7367: [caa9b690a15d]
1.1 misho 7368:
7369: 2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
7370:
1.1.1.2 misho 7371: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7372: Split ALL, ROLE and TYPE into their own actions. Since you can only
1.1 misho 7373: have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
7374: the non-SELinux case. This is safe because the actions are in one
7375: big switch() statement.
1.1.1.2 misho 7376: [7473fc2cfa2c]
1.1 misho 7377:
1.1.1.2 misho 7378: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7379: Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
7380: [9be3480c2865]
7381:
7382: 2011-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 7383:
1.1.1.2 misho 7384: * doc/UPGRADE, doc/sudoers.pod:
7385: askpass moved from sudoers to sudo.conf in sudo 1.8.0
7386: [b2c2956cec4e]
1.1 misho 7387:
1.1.1.2 misho 7388: * doc/sudoers.pod:
7389: Remove obsolete warning about runas_default and ordering. Move
1.1 misho 7390: syslog facility and priority lists into the section where the
7391: relevant options are described.
1.1.1.2 misho 7392: [e57b8dc3f779]
1.1 misho 7393:
7394: 2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
7395:
1.1.1.2 misho 7396: * plugins/sudoers/auth/sia.c:
7397: Fix SIA support; we no longer have access to the real argc and argv
1.1 misho 7398: so allocate space for a fake one and use the argv passed to the
7399: plugin with "sudo" for argv[0].
1.1.1.2 misho 7400: [1c0552772ad2]
7401:
7402: 2011-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 7403:
1.1.1.2 misho 7404: * src/net_ifs.c:
7405: Remove useless realloc when trying to get the buffer size right.
7406: [792225380a62]
1.1 misho 7407:
1.1.1.2 misho 7408: * plugins/sudoers/set_perms.c:
7409: Be explicit when setting euid to 0 before call to setreuid(0, 0)
7410: [7bfeb629fccb]
1.1 misho 7411:
7412: 2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
7413:
7414: * configure, configure.in:
7415: Need to do checks for krb5_verify_user, krb5_init_secure_context and
1.1.1.2 misho 7416: krb5_get_init_creds_opt_alloc regardless of whether or not
7417: krb5-config is present.
7418: [9d1b98ece1d3]
1.1 misho 7419:
7420: 2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
7421:
1.1.1.2 misho 7422: * plugins/sudoers/set_perms.c:
7423: Work around weird AIX saved uid semantics on setuid() and
1.1 misho 7424: setreuid(). On AIX, setuid() will only set the saved uid if the euid
7425: is already 0.
1.1.1.2 misho 7426: [069fc08150ca]
1.1 misho 7427:
7428: 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
7429:
1.1.1.2 misho 7430: * sudo.pp:
7431: update copyright year
7432: [1c42d579ba6e]
1.1 misho 7433:
1.1.1.2 misho 7434: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7435: Treat a missing includedir like an empty one and do not return an
1.1 misho 7436: error.
1.1.1.2 misho 7437: [92f71d8cbfd4]
1.1 misho 7438:
7439: 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
7440:
1.1.1.2 misho 7441: * pp:
7442: Fix ARCH setting in cross-compile Solaris packages.
7443: [b0de281cc889]
1.1 misho 7444:
1.1.1.2 misho 7445: * sudo.pp:
7446: Fix aix version setting.
7447: [98437dbfb085]
1.1 misho 7448:
1.1.1.2 misho 7449: * plugins/sudoers/ldap.c:
7450: Remove extraneous parens in LDAP filter when sudoers_search_filter
1.1 misho 7451: is enabled that causes a search error. From Matthew Thomas.
1.1.1.2 misho 7452: [1d75bf1fc8d9]
1.1 misho 7453:
7454: 2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
7455:
1.1.1.2 misho 7456: * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
7457: Correct sizeof() to fix test failure.
7458: [fd2f7c0c0572]
1.1 misho 7459:
1.1.1.2 misho 7460: * plugins/sudoers/Makefile.in:
7461: "install" target should depend on "install-dirs". Fixes "make -j"
1.1 misho 7462: problem and closes bz #487. From Chris Coleman.
1.1.1.2 misho 7463: [083902d38edb]
1.1 misho 7464:
7465: 2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
7466:
1.1.1.2 misho 7467: * config.h.in:
7468: Add HAVE_RFC1938_SKEYCHALLENGE
7469: [a94cb33758a8]
1.1 misho 7470:
7471: 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
7472:
1.1.1.2 misho 7473: * NEWS:
7474: Mention plugin loading and libgcc changes
7475: [e11b30b5026a]
1.1 misho 7476:
1.1.1.2 misho 7477: * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
7478: Load plugins after parsing arguments and potentially printing the
1.1 misho 7479: version. That way, an error loading or initializing a plugin
7480: doesn't break "sudo -h" or "sudo -V".
1.1.1.2 misho 7481: [1b76f2b096a2]
1.1 misho 7482:
7483: * Makefile.in:
7484: When using a sub-shell to invoke the sub-make, exec make instead of
7485: running it inside the shell to avoid an extra process.
1.1.1.2 misho 7486: [fd2c04a71fbf]
1.1 misho 7487:
1.1.1.2 misho 7488: * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c:
7489: Stop testing unspecified behavior in fnmatch Make glob test more
1.1 misho 7490: portable
1.1.1.2 misho 7491: [229803093725]
1.1 misho 7492:
1.1.1.2 misho 7493: * compat/Makefile.in:
7494: No need to add current dir to include path and having it breaks the
1.1 misho 7495: test programs that expect to get the system glob.h and fnmatch.h
1.1.1.2 misho 7496: [68085f624be4]
1.1 misho 7497:
1.1.1.2 misho 7498: * INSTALL, configure, configure.in:
1.1 misho 7499: Fix and document --with-plugindir; partially from Diego Elio Petteno
1.1.1.2 misho 7500: [07edc52ea89e]
1.1 misho 7501:
1.1.1.2 misho 7502: * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
7503: compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c,
7504: compat/regress/glob/globtest.in:
7505: Fix fnmatch and glob tests to not use hard-coded flag values in the
1.1 misho 7506: input file. Link test programs with libreplace so we get our
7507: replacement verions as needed.
1.1.1.2 misho 7508: [c2cca448f660]
1.1 misho 7509:
7510: * Makefile.in:
7511: If make in a subdir fails, fail the target in the upper level
7512: Makefile too. Adapted from a patch from Diego Elio Petteno
1.1.1.2 misho 7513: [76fc9a0d96fd]
1.1 misho 7514:
1.1.1.2 misho 7515: * configure, configure.in, plugins/sudoers/auth/rfc1938.c:
1.1 misho 7516: Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
7517: has this. Adapted from a patch from Diego Elio Petteno
1.1.1.2 misho 7518: [a97279a59b93]
1.1 misho 7519:
1.1.1.2 misho 7520: * plugins/sudoers/Makefile.in:
7521: Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
1.1 misho 7522: directly.
1.1.1.2 misho 7523: [47b884029b3b]
1.1 misho 7524:
7525: * configure, configure.in:
7526: Fix warnings when -without-skey, --without-opie, --without-kerb4,
7527: --without-kerb5 or --without-SecurID were specified.
1.1.1.2 misho 7528: [71ad150f4d24]
1.1 misho 7529:
1.1.1.2 misho 7530: * MANIFEST:
7531: Add plugins/sudoers/sudoers_version.h
7532: [7423966de440]
1.1 misho 7533:
1.1.1.2 misho 7534: * configure, configure.in, plugins/sample/Makefile.in,
7535: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
1.1 misho 7536: Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
7537: now include LDFLAGS in the sudoers Makefile.in. Add missing settng
7538: of @LDFLAGS@ in plugin Makefile.in files.
1.1.1.2 misho 7539: [b835826f889c]
1.1 misho 7540:
7541: 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
7542:
1.1.1.2 misho 7543: * NEWS:
7544: Mention %#gid support in User_List and Runas_List
7545: [5a983dff017a]
1.1 misho 7546:
1.1.1.2 misho 7547: * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h,
7548: plugins/sudoers/visudo.c:
7549: Keep track of sudoers grammar version and report it in the -V
1.1 misho 7550: output.
1.1.1.2 misho 7551: [52901a3c0296]
1.1 misho 7552:
1.1.1.2 misho 7553: * plugins/sudoers/sudo_nss.h:
7554: Add multiple inclusion guard
7555: [50853aed046e]
1.1 misho 7556:
1.1.1.2 misho 7557: * configure, configure.in, plugins/sample/Makefile.in,
7558: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
1.1 misho 7559: The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
7560: LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
7561: set it to -Wc,-static-libgcc if not using GNU ld so we don't
7562: have a dependency on the shared libgcc in sudoers.so.
1.1.1.2 misho 7563: [66ad8bc5e32d]
1.1 misho 7564:
1.1.1.2 misho 7565: * doc/sudoers.pod:
7566: Fix typo; from Petr Uzel
7567: [f9a7afd80892]
1.1 misho 7568:
7569: 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
7570:
1.1.1.2 misho 7571: * plugins/sudoers/testsudoers.c:
7572: In dump-only mode, use "root" as the default username instead of
1.1 misho 7573: "nobody" as the latter may not be available on all systems.
1.1.1.2 misho 7574: [0c48e6414337]
1.1 misho 7575:
7576: 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
7577:
1.1.1.2 misho 7578: * plugins/sudoers/testsudoers.c:
7579: Remove NewArgv/NewArgc, they are no longer needed.
7580: [16e18f734c7e]
1.1 misho 7581:
1.1.1.2 misho 7582: * plugins/sudoers/testsudoers.c:
7583: Fix setting of user_args
7584: [aa29e0d0a54a]
1.1 misho 7585:
1.1.1.2 misho 7586: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7587: Add '!' token to lex tracing
7588: [5227ad266235]
1.1 misho 7589:
1.1.1.2 misho 7590: * plugins/sudoers/regress/testsudoers/test1.sh:
7591: Use group bin in test, not wheel as most systems have the bin group
1.1 misho 7592: but the same is no longer true of wheel.
1.1.1.2 misho 7593: [718802b3b45e]
1.1 misho 7594:
1.1.1.2 misho 7595: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7596: Avoid using pre or post increment in a parameter to a ctype(3)
1.1 misho 7597: function as it might be a macro that causes the increment to happen
7598: more than once.
1.1.1.2 misho 7599: [78e281152c3a]
1.1 misho 7600:
7601: 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
7602:
1.1.1.2 misho 7603: * sudo.pp:
7604: Strip off the beta or release candidate version when building AIX
1.1 misho 7605: packages.
1.1.1.2 misho 7606: [28fe31668559]
1.1 misho 7607:
7608: * configure, configure.in:
7609: We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
7610: structure checks for glibc which only has __e_termination visible
7611: when _GNU_SOURCE is *not* defined.
1.1.1.2 misho 7612: [59ae1698911f]
1.1 misho 7613:
1.1.1.2 misho 7614: * common/aix.c:
7615: getuserattr(user, ...) will fall back to the "default" entry
1.1 misho 7616: automatically, there's no need to check "default" manually.
1.1.1.2 misho 7617: [3c7a47a61fdb]
1.1 misho 7618:
7619: 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
7620:
1.1.1.2 misho 7621: * doc/UPGRADE:
7622: Document parser changes.
7623: [ec415503308d]
7624:
7625: * Makefile.in, common/Makefile.in, compat/Makefile.in,
7626: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
7627: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
7628: src/Makefile.in, zlib/Makefile.in:
1.1 misho 7629: If there is an existing sudoers file, only install if it passes a
7630: syntax check.
1.1.1.2 misho 7631: [37427c73e8cb]
1.1 misho 7632:
1.1.1.2 misho 7633: * plugins/sudoers/regress/sudoers/test6.out.ok,
7634: plugins/sudoers/testsudoers.c:
7635: Add runasgroup support to testsudoers
7636: [047ea5571f33]
1.1 misho 7637:
1.1.1.2 misho 7638: * plugins/sudoers/Makefile.in:
7639: For "make check", keep going even if a test fails.
7640: [ce6a0a73c372]
1.1 misho 7641:
1.1.1.2 misho 7642: * plugins/sudoers/testsudoers.c:
7643: More useful exit codes:
1.1 misho 7644: * 0 - parsed OK and command matched.
7645: * 1 - parse error
7646: * 2 - command not matched
7647: * 3 - command denied
1.1.1.2 misho 7648: [1d2ce1361903]
1.1 misho 7649:
1.1.1.2 misho 7650: * doc/sudoers.pod:
7651: Document %#gid, and %:#nonunix_gid syntax.
7652: [492d4f9696c4]
1.1 misho 7653:
1.1.1.2 misho 7654: * plugins/sudoers/pwutil.c:
7655: Add support to user_in_group() for treating group names that begin
1.1 misho 7656: with a '#' as gids.
1.1.1.2 misho 7657: [20240c94a134]
1.1 misho 7658:
1.1.1.2 misho 7659: * config.h.in, configure, configure.in, src/utmp.c:
1.1 misho 7660: Add explicit check for struct utmpx.ut_exit.e_termination and struct
7661: utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
7662: ut_exit if we detect one or the other.
1.1.1.2 misho 7663: [b4e8cab777e6]
1.1 misho 7664:
7665: 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
7666:
1.1.1.2 misho 7667: * plugins/sudoers/toke.c:
7668: Add back missing #include of config.h
7669: [9ab3897a1b2e]
7670:
7671: * plugins/sudoers/iolog_path.c,
7672: plugins/sudoers/regress/iolog_path/data:
7673: Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
1.1 misho 7674: strftime() does.
1.1.1.2 misho 7675: [93395762cdcd]
1.1 misho 7676:
1.1.1.2 misho 7677: * aclocal.m4:
7678: Quote first argument to AC_DEFUN(); from Elan Ruusamae
7679: [97f53ad31d77]
1.1 misho 7680:
7681: 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
7682:
1.1.1.2 misho 7683: * MANIFEST:
7684: add new sudoers tests
7685: [476af91b3da3]
1.1 misho 7686:
1.1.1.2 misho 7687: * plugins/sudoers/regress/sudoers/test8.in,
7688: plugins/sudoers/regress/sudoers/test8.out.ok,
7689: plugins/sudoers/regress/sudoers/test8.toke.ok:
7690: Add test for a newline in the middle of a string when no line
1.1 misho 7691: continuation character is used.
1.1.1.2 misho 7692: [de2394bc86ab]
1.1 misho 7693:
1.1.1.2 misho 7694: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7695: Use bitwise AND instead of modulus to check for length being odd. A
1.1 misho 7696: newline in the middle of a string is an error unless a line
7697: continuation character is used.
1.1.1.2 misho 7698: [bdb1d762a1d5]
1.1 misho 7699:
1.1.1.2 misho 7700: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
7701: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7702: Move lexer globals initialization into init_lexer.
7703: [1ce62211aadb]
1.1 misho 7704:
1.1.1.2 misho 7705: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7706: Fix a potential crash when a non-regular file is present in an
1.1 misho 7707: includedir. Fixes bz #452
1.1.1.2 misho 7708: [1586760c3525]
1.1 misho 7709:
1.1.1.2 misho 7710: * pp:
7711: On some Linux systems, "uname -p" contains detailed processor info
1.1 misho 7712: so check "uname -m" first and then "uname -p" if needed. Recognize
7713: PLD Linux.
1.1.1.2 misho 7714: [b8535cb9012e]
1.1 misho 7715:
7716: 2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
7717:
1.1.1.2 misho 7718: * plugins/sudoers/redblack.c:
7719: Don't need all sudoers.h here.
7720: [8c0929f42dab]
1.1 misho 7721:
1.1.1.2 misho 7722: * src/sudo.c:
7723: Print sudo version early, in case policy plugin init fails.
7724: [47cddc4358bc]
1.1 misho 7725:
7726: 2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
7727:
1.1.1.2 misho 7728: * plugins/sudoers/regress/sudoers/test4.toke.ok:
7729: Update to match change in input.
7730: [4a3af8e68790]
1.1 misho 7731:
1.1.1.2 misho 7732: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7733: Make an empty group or netgroup a syntax error.
7734: [66f51ddc2ff6]
1.1 misho 7735:
1.1.1.2 misho 7736: * plugins/sudoers/regress/sudoers/test7.in,
7737: plugins/sudoers/regress/sudoers/test7.out.ok,
7738: plugins/sudoers/regress/sudoers/test7.toke.ok:
7739: An empty group or netgroup should be a syntax error.
7740: [bd5bf1e2edce]
7741:
7742: * plugins/sudoers/regress/sudoers/test6.in,
7743: plugins/sudoers/regress/sudoers/test6.out.ok,
7744: plugins/sudoers/regress/sudoers/test6.toke.ok:
7745: Check that uids work in per-user and per-runas Defaults Check that
1.1 misho 7746: uids and gids work in a Command_Spec
1.1.1.2 misho 7747: [c5e848e6082b]
1.1 misho 7748:
1.1.1.2 misho 7749: * plugins/sudoers/regress/sudoers/test5.in,
7750: plugins/sudoers/regress/sudoers/test5.out.ok,
7751: plugins/sudoers/regress/sudoers/test5.toke.ok:
7752: Test empty string in User_Alias and Command_Spec
7753: [3a084d777e03]
1.1 misho 7754:
1.1.1.2 misho 7755: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7756: Allow a group ID in the User_Spec.
7757: [bc2859eb71dc]
1.1 misho 7758:
7759: 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
7760:
1.1.1.2 misho 7761: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7762: Return an error for the empty string when a word is expected. Allow
7763: an ID for per-user or per-runas Defaults.
7764: [915c259b00ff]
7765:
7766: * plugins/sudoers/testsudoers.c:
7767: Fix printing "User_Alias FOO = ALL"
7768: [ba58c3d548b3]
1.1 misho 7769:
7770: 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
7771:
1.1.1.2 misho 7772: * src/parse_args.c:
7773: Better error message about invalid -C argument
7774: [c9a8d15bbf5d]
1.1 misho 7775:
1.1.1.2 misho 7776: * NEWS:
7777: fix typo
7778: [cdcfbafed013]
1.1 misho 7779:
1.1.1.2 misho 7780: * doc/sudoers.pod:
7781: Fix placement of equal size ('=') in user specification summary.
7782: [5ad7178b230d]
1.1 misho 7783:
7784: 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
7785:
1.1.1.2 misho 7786: * MANIFEST:
7787: update to match sudoers regress
7788: [e04db0648717]
1.1 misho 7789:
1.1.1.2 misho 7790: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7791: Restore ability to define TRACELEXER and have trace output go to
1.1 misho 7792: stderr.
1.1.1.2 misho 7793: [d9531e4d1b20]
1.1 misho 7794:
1.1.1.2 misho 7795: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7796: Restore old behavior of setting sawspace = TRUE for command line
1.1 misho 7797: args when a line continuation character is hit to avoid causing
7798: problems for existing sudoers files.
1.1.1.2 misho 7799: [fd930ad25550]
1.1 misho 7800:
1.1.1.2 misho 7801: * plugins/sudoers/regress/sudoers/test4.in,
7802: plugins/sudoers/regress/sudoers/test4.out.ok,
7803: plugins/sudoers/regress/sudoers/test4.toke.ok:
7804: Add test for line continuation and aliases
7805: [29ab538ca6bb]
1.1 misho 7806:
1.1.1.2 misho 7807: * plugins/sudoers/Makefile.in:
7808: Make test output line up nicely for parse vs. toke
7809: [257ef82c1434]
1.1 misho 7810:
1.1.1.2 misho 7811: * plugins/sudoers/Makefile.in,
7812: plugins/sudoers/regress/sudoers/test1.in,
7813: plugins/sudoers/regress/sudoers/test1.out.ok,
7814: plugins/sudoers/regress/sudoers/test1.toke.ok,
7815: plugins/sudoers/regress/sudoers/test2.in,
7816: plugins/sudoers/regress/sudoers/test2.out.ok,
7817: plugins/sudoers/regress/sudoers/test2.toke.ok,
7818: plugins/sudoers/regress/sudoers/test3.in,
7819: plugins/sudoers/regress/sudoers/test3.out.ok,
7820: plugins/sudoers/regress/sudoers/test3.toke.ok,
7821: plugins/sudoers/regress/testsudoers/test1.ok,
7822: plugins/sudoers/regress/testsudoers/test1.out.ok,
7823: plugins/sudoers/regress/testsudoers/test1.sh,
1.1 misho 7824: plugins/sudoers/regress/testsudoers/test2.out,
7825: plugins/sudoers/regress/testsudoers/test2.sh,
7826: plugins/sudoers/regress/testsudoers/test3.ok,
7827: plugins/sudoers/regress/testsudoers/test3.sh,
7828: plugins/sudoers/regress/visudo/test1.ok,
7829: plugins/sudoers/regress/visudo/test1.sh:
7830: Move parser tests to sudoers directory and test the tokenizer output
7831: too.
1.1.1.2 misho 7832: [44f529b3cdb6]
1.1 misho 7833:
1.1.1.2 misho 7834: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7835: If we match a rule anchored to the beginning of a line after parsing
1.1 misho 7836: a line continuation character, return an ERROR token. It would be
7837: nicer to use REJECT instead but that substantially slows down the
7838: lexer.
1.1.1.2 misho 7839: [355478293f8c]
7840:
7841: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
7842: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
7843: plugins/sudoers/toke.l:
7844: Move LEXTRACE macro to toke.h so we can use it in yyerror().
7845: [72ee7a06d3ca]
1.1 misho 7846:
1.1.1.2 misho 7847: 2011-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 7848:
1.1.1.2 misho 7849: * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
7850: plugins/sudoers/toke.l:
7851: Make lex tracing settable at run-time in testsudoers via the -t
1.1 misho 7852: flag. Trace output goes to stderr. Will be used by regress tests
7853: to check lexer.
1.1.1.2 misho 7854: [93bd53c413c8]
1.1 misho 7855:
1.1.1.2 misho 7856: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7857: Allow whitespace after the modifier in a Defaults entry. E.g.
1.1 misho 7858: "Defaults: username set_home"
1.1.1.2 misho 7859: [9dfcf8dd8a3a]
1.1 misho 7860:
7861: 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
7862:
1.1.1.2 misho 7863: * mkpkg:
7864: Don't set CC when cross-compiling.
7865: [4b95b0c04e1c]
1.1 misho 7866:
1.1.1.2 misho 7867: * NEWS:
7868: Credit Matthew Thomas for the sudoers_search_filter changes.
7869: [a65998ab09f7]
1.1 misho 7870:
1.1.1.2 misho 7871: * MANIFEST:
7872: Add the .sym files to the MANIFEST
7873: [f599225cc861]
1.1 misho 7874:
1.1.1.2 misho 7875: * NEWS:
7876: Update for sudo 1.8.1 beta
7877: [71021e854c49]
1.1 misho 7878:
1.1.1.2 misho 7879: * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c:
7880: user_shell -> run_shell to avoid confusion with the user's SHELL
1.1 misho 7881: variable.
1.1.1.2 misho 7882: [dc0ac6dafc21]
1.1 misho 7883:
1.1.1.2 misho 7884: * src/exec_pty.c:
7885: Save the controlling tty process group before suspending in pty
1.1 misho 7886: mode. Previously, we assumed that the child pgrp == child pid
7887: (which is usually, but not always, the case).
1.1.1.2 misho 7888: [10b2883b7875]
1.1 misho 7889:
1.1.1.2 misho 7890: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
7891: Add support for sudoers_search_filter setting in ldap.conf. This
1.1 misho 7892: can be used to restrict the set of records returned by the LDAP
7893: query.
1.1.1.2 misho 7894: [b0f1b721d102]
1.1 misho 7895:
7896: 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
7897:
7898: * configure, configure.in:
7899: Remove the hack to disable -g in CFLAGS unless --with-devel
1.1.1.2 misho 7900: [89822cf84ef4]
1.1 misho 7901:
1.1.1.2 misho 7902: * doc/sudoers.pod:
7903: The '@' character does not normally need to be quoted.
7904: [7823f5ed829a]
1.1 misho 7905:
1.1.1.2 misho 7906: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7907: We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
1.1 misho 7908: if that whitespace is followed by a comma, we want to treat it as
7909: part of a list and not transition.
1.1.1.2 misho 7910: [1ca6943e1824]
1.1 misho 7911:
1.1.1.2 misho 7912: * plugins/sudoers/regress/testsudoers/test3.ok,
7913: plugins/sudoers/regress/testsudoers/test3.sh:
7914: Add check for whitespace when a User_List is used for a per-user
1.1 misho 7915: Defaults entry.
1.1.1.2 misho 7916: [91f75e6dd19a]
1.1 misho 7917:
1.1.1.2 misho 7918: * plugins/sudoers/regress/testsudoers/test2.out,
7919: plugins/sudoers/regress/testsudoers/test2.sh:
7920: Expand quoted name checks to cover recent fixes.
7921: [ce4f76bca146]
1.1 misho 7922:
1.1.1.2 misho 7923: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7924: Fix parsing of double-quoted names in Defaultd and Aliases which was
1.1 misho 7925: broken in 601d97ea8792.
1.1.1.2 misho 7926: [424b0d6c1dc4]
1.1 misho 7927:
1.1.1.2 misho 7928: * plugins/sudoers/Makefile.in:
7929: toke_util.c lives in $(srcdir) not $(devdir)
7930: [94866bebee83]
1.1 misho 7931:
7932: 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
7933:
7934: * configure, configure.in:
1.1.1.2 misho 7935: Change trunk version to 1.8.x to distinguish from real 1.8.0.
7936: [a9781e61d064]
1.1 misho 7937:
1.1.1.2 misho 7938: * NEWS, doc/UPGRADE:
7939: Document major changes in 1.8.1 and add upgrade notes.
7940: [f2cf51b0d9ce]
1.1 misho 7941:
1.1.1.2 misho 7942: * plugins/sudoers/match.c:
7943: Be careful not to deref user_stat if it is NULL. This cannot
1.1 misho 7944: currently happen in sudo but might in other programs using the
7945: parser.
1.1.1.2 misho 7946: [06a2334dd674]
1.1 misho 7947:
1.1.1.2 misho 7948: * mkpkg:
7949: configure will not add -O2 to CFLAGS if it is already defined to add
1.1 misho 7950: -O2 to the CFLAGS we pass in when PIE is being used.
1.1.1.2 misho 7951: [1ce6481ece59]
1.1 misho 7952:
1.1.1.2 misho 7953: * doc/sudoers.pod:
7954: Warn about the dangers of log_input and mention iolog_file and
1.1 misho 7955: iolog_dir in the log_input and log_output descriptions.
1.1.1.2 misho 7956: [ae854ffb0768]
1.1 misho 7957:
1.1.1.2 misho 7958: * pp:
7959: sync with git version
7960: [a993e39ce3cb]
1.1 misho 7961:
1.1.1.2 misho 7962: * doc/sudoers.pod:
7963: It seems that h comes after i
7964: [0f621109220d]
1.1 misho 7965:
1.1.1.2 misho 7966: * doc/sudoers.pod:
7967: Move log_input and log_output to their proper, sorted, location.
1.1 misho 7968: Document set_utmp and utmp_runas.
1.1.1.2 misho 7969: [273b234b9c34]
1.1 misho 7970:
1.1.1.2 misho 7971: * src/exec.c:
7972: Save the controlling tty process group before suspending so we can
1.1 misho 7973: restore it when we resume. Fixes job control problems on Linux
7974: caused by the previous attemp to fix resuming a shell when I/O
7975: logging not enabled.
1.1.1.2 misho 7976: [f03a660315ee]
1.1 misho 7977:
1.1.1.2 misho 7978: * common/lbuf.c:
7979: Fix printing of the remainder after a newline. Fixes "sudo -l"
1.1 misho 7980: output corruption that could occur in some cases.
1.1.1.2 misho 7981: [25d83fb501fc]
7982:
7983: 2011-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 7984:
1.1.1.2 misho 7985: * config.h.in, configure, configure.in, src/exec_pty.c,
7986: src/sudo_exec.h, src/utmp.c:
7987: Add support for ut_exit
7988: [b574c13f1bba]
1.1 misho 7989:
1.1.1.2 misho 7990: * doc/sudo_plugin.pod, plugins/sudoers/def_data.c,
7991: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
7992: plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c,
7993: src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c:
7994: Add support for controlling whether utmp is updated and which user
1.1 misho 7995: is listed in the entry.
1.1.1.2 misho 7996: [44a81632133f]
1.1 misho 7997:
1.1.1.2 misho 7998: * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h,
7999: plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults,
8000: plugins/sudoers/parse.c:
8001: Fix typo; tupple vs. tuple
8002: [697744acb710]
1.1 misho 8003:
1.1.1.2 misho 8004: * src/utmp.c:
8005: For legacy utmp, strip the /dev/ prefix before trying to determine
1.1 misho 8006: slot since the ttys file does not include the /dev/ prefix.
1.1.1.2 misho 8007: [7ad5b81ff90c]
8008:
8009: * aclocal.m4, configure, configure.in, pathnames.h.in:
8010: Add check for _PATH_UTMP
8011: [21e638029bfd]
1.1 misho 8012:
1.1.1.2 misho 8013: 2011-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 8014:
1.1.1.2 misho 8015: * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
8016: Adapt check_iolog_path to sessid changes
8017: [728b5fe2be6f]
1.1 misho 8018:
1.1.1.2 misho 8019: * config.h.in, configure, configure.in, src/Makefile.in,
8020: src/exec_pty.c, src/sudo_exec.h, src/utmp.c:
8021: Redo utmp handling. If no getutent()/getutxent() is available,
1.1 misho 8022: assume a ttyslot-based utmp. If getttyent() is available, use that
8023: directly instead of ttyslot() so we don't have to do the stdin dup2
8024: dance.
1.1.1.2 misho 8025: [18aa455cd140]
1.1 misho 8026:
1.1.1.2 misho 8027: 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 8028:
1.1.1.2 misho 8029: * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h,
8030: src/utmp.c:
8031: Move utmp handling into utmp.c
8032: [f6eae6c8e012]
1.1 misho 8033:
1.1.1.2 misho 8034: * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
8035: common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c,
8036: compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c,
8037: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
8038: compat/utimes.c, doc/sudo.pod, doc/visudo.pod,
8039: include/sudo_plugin.h, plugins/sample/sample_plugin.c,
8040: plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
8041: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
8042: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
8043: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
8044: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
8045: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
8046: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
8047: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
8048: plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c,
8049: plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
8050: plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
8051: plugins/sudoers/logging.c, plugins/sudoers/parse.c,
8052: plugins/sudoers/parse.h, plugins/sudoers/redblack.c,
8053: plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c,
8054: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c,
8055: src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c,
8056: src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
8057: src/sudo_plugin_int.h, src/tgetpass.c:
8058: Update copyright years.
8059: [16aa39f9060a]
1.1 misho 8060:
1.1.1.2 misho 8061: * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c,
8062: plugins/sudoers/sudoers.h, src/parse_args.c:
8063: Add "user_shell" boolean as a way to indicate to the plugin that the
1.1 misho 8064: -s flag was given.
1.1.1.2 misho 8065: [fb1ef0897b32]
1.1 misho 8066:
1.1.1.2 misho 8067: * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
8068: plugins/sudoers/sudoers.h:
8069: Move sessid out of sudo_user.
8070: [ba298ddb57f4]
1.1 misho 8071:
1.1.1.2 misho 8072: * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
8073: plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
8074: plugins/sudoers/sudoers.h:
8075: Log the TSID even if it is not a simple session ID.
8076: [d7cc1b9c513c]
1.1 misho 8077:
1.1.1.2 misho 8078: * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod:
8079: Document noexec in sample.sudo.conf and add back noexec_file section
1.1 misho 8080: in sudoers with a note that it is deprecated.
1.1.1.2 misho 8081: [4a6e961e494d]
1.1 misho 8082:
1.1.1.2 misho 8083: * plugins/sudoers/set_perms.c:
8084: Fix running commands as non-root on systems where setreuid() changes
1.1 misho 8085: the saved uid based on the effective uid we are changing to.
1.1.1.2 misho 8086: [df0769b71b34]
1.1 misho 8087:
8088: 2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
8089:
1.1.1.2 misho 8090: * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c,
8091: src/sudo.h:
8092: Move noexec path into sudo.conf now that sudo itself handles noexec.
1.1 misho 8093: Currently can be configured in sudoers too but is now undocumented
8094: and will be removed in a future release.
1.1.1.2 misho 8095: [6fa8befdc110]
1.1 misho 8096:
1.1.1.2 misho 8097: * doc/sudo.pod, doc/sudoers.pod:
8098: Document "Path noexec ..." in sudo.conf. No longer document
1.1 misho 8099: noexec_file in sudoers, it will be removed in a future release.
1.1.1.2 misho 8100: [24eee3a0b3e5]
1.1 misho 8101:
1.1.1.2 misho 8102: * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
8103: plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
8104: Move noexec handling to sudo front-end where it is documented as
1.1 misho 8105: being.
1.1.1.2 misho 8106: [3ed4f10d7052]
1.1 misho 8107:
1.1.1.2 misho 8108: * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
8109: src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
8110: src/sudo_exec.h:
8111: Add support for disabling exec via solaris privileges. Includes
1.1 misho 8112: preparation for moving noexec support out of sudoers and into front
8113: end as documented.
1.1.1.2 misho 8114: [dec843ed553e]
1.1 misho 8115:
1.1.1.2 misho 8116: * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym,
8117: plugins/sample_group/Makefile.in,
8118: plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
8119: plugins/sudoers/sudoers.sym:
8120: Only export the symbols corresponding to the plugin structs.
8121: [8d8d03b0ca54]
8122:
8123: * configure, configure.in, plugins/sample/Makefile.in,
8124: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
8125: Install plugins manually instead of using libtool. This works
1.1 misho 8126: around a problem on AIX where libtool will install a .a file
8127: containing the .so file instead of the .so file itself.
1.1.1.2 misho 8128: [796971cfbddb]
1.1 misho 8129:
8130: * Makefile.in:
8131: Move check into its own rule since some versions of make will run
8132: both targets as the default rule.
1.1.1.2 misho 8133: [34d759979176]
1.1 misho 8134:
1.1.1.2 misho 8135: * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
8136: m4/ltversion.m4, m4/lt~obsolete.m4:
8137: Update to libtool 2.2.10
8138: [34c130de6af7]
1.1 misho 8139:
1.1.1.2 misho 8140: 2011-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
8141:
8142: * src/exec.c:
8143: In handle_signals(), restart the read() on EINTR to make sure we
1.1 misho 8144: keep up with the signal pipe. Don't return -1 on EAGAIN, it just
8145: means we have emptied the pipe.
1.1.1.2 misho 8146: [d5b9c8eb9000]
1.1 misho 8147:
1.1.1.2 misho 8148: * compat/mktemp.c:
8149: Reorder functions to quiet a compiler warning.
8150: [c9e9a23729f0]
1.1 misho 8151:
1.1.1.2 misho 8152: * mkpkg:
8153: Use the Sun Studio C compiler on Solaris if possible
8154: [11a86e27891e]
1.1 misho 8155:
8156: 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
8157:
1.1.1.2 misho 8158: * mkpkg:
8159: Fix default setting of osversion variable.
8160: [52e49ca1cedd]
1.1 misho 8161:
1.1.1.2 misho 8162: * doc/sudo_plugin.pod:
8163: Make two login_class entris consistent.
8164: [18ff1fa94a91]
1.1 misho 8165:
1.1.1.2 misho 8166: * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c,
8167: src/sudo_exec.h:
8168: Add support for adding a utmp entry when allocating a new pty.
1.1 misho 8169: Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
8170: Currently only creates a new entry if the existing tty has a utmp
8171: entry.
1.1.1.2 misho 8172: [32db72b81d80]
1.1 misho 8173:
1.1.1.2 misho 8174: * plugins/sudoers/boottime.c:
8175: Avoid pulling in headers we don't need on Linux For getutx?id(),
1.1 misho 8176: call setutx?ent() first and always call endutx?ent().
1.1.1.2 misho 8177: [5dad21e1ee1b]
1.1 misho 8178:
1.1.1.2 misho 8179: * configure, configure.in:
8180: Add some more libs to SUDOERS_LIBS instead of relying on them to be
1.1 misho 8181: pulled in by SUDO_LIBS.
1.1.1.2 misho 8182: [18a7c21c09a7]
1.1 misho 8183:
1.1.1.2 misho 8184: * plugins/sudoers/sudoers.c:
8185: Fix return value of "sudo -l command" when command is not allowed,
1.1 misho 8186: broken in [c7097ea22111]. The default return value is now TRUE and
8187: a bad: label is used when permission is denied. Also fixed missing
8188: permissions restoration on certain errors. On error()/errorx(), the
8189: password and group files are now closed before returning.
1.1.1.2 misho 8190: [4f2d0e869ae5]
1.1 misho 8191:
8192: 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
8193:
1.1.1.2 misho 8194: * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
8195: Fix passing of login class back to sudo front end.
8196: [6f70a784ce48]
1.1 misho 8197:
1.1.1.2 misho 8198: * mkpkg:
8199: Add --osversion flag to specify OS instead of running "pp
1.1 misho 8200: --probeonly"
1.1.1.2 misho 8201: [a8efdccb7bc1]
1.1 misho 8202:
1.1.1.2 misho 8203: * sudo.pp:
8204: Fix expr usage w/ GNU expr
8205: [48895599ee63]
1.1 misho 8206:
8207: 2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
8208:
1.1.1.2 misho 8209: * plugins/sudoers/sudoers.c:
8210: Fix exit value for validate and list mode.
8211: [c7097ea22111]
1.1 misho 8212:
1.1.1.2 misho 8213: * plugins/sudoers/sudoers.c:
8214: Fix non-interactive mode with sudoers plugin.
8215: [172f29597bd2]
1.1 misho 8216:
8217: 2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
8218:
1.1.1.2 misho 8219: * doc/sudoreplay.pod:
8220: sudoreplay can now find IDs other than %{seq} and display the
1.1 misho 8221: session.
1.1.1.2 misho 8222: [fc3dd3be67e9]
1.1 misho 8223:
8224: 2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
8225:
1.1.1.2 misho 8226: * plugins/sudoers/sudoreplay.c:
8227: Add support for replaying sessions when iolog_file is set to
8228: something other than %{seq}.
8229: [ca3131243874]
8230:
8231: * plugins/sudoers/visudo.c:
8232: If we are killed by a signal, display the name of the signal that
1.1 misho 8233: got us.
1.1.1.2 misho 8234: [994bb76a990e]
1.1 misho 8235:
1.1.1.2 misho 8236: * configure, configure.in:
8237: Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
1.1 misho 8238: where they belong.
1.1.1.2 misho 8239: [40f94b936fa4]
1.1 misho 8240:
1.1.1.2 misho 8241: * configure.in:
8242: Fix bug in skey/opie check that could cause a shell warning.
8243: [83c043072be5]
1.1 misho 8244:
1.1.1.2 misho 8245: * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
8246: No longer need sudo_getepw() stubs.
8247: [bbee15c36912]
1.1 misho 8248:
8249: 2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
8250:
1.1.1.2 misho 8251: * plugins/sudoers/sudo_nss.c:
8252: Fix exit value of "sudo -l command" in sudoers module.
8253: [a6541867521b]
1.1 misho 8254:
8255: 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
8256:
1.1.1.2 misho 8257: * compat/regress/glob/globtest.c:
8258: Use fgets() not fgetln() for portability.
8259: [df1bb67fb168]
1.1 misho 8260:
1.1.1.2 misho 8261: * sudo.pp:
8262: Don't use the beta or release candidate version as the rpm release.
8263: [d661ef78021a]
1.1 misho 8264:
8265: 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
8266:
8267: * configure, configure.in:
8268: version 1.8.0
8269: [f6530d56f6ae] [SUDO_1_8_0]
8270:
8271: * NEWS:
8272: update sudo 1.8 section
8273: [f2ee2cf95d18]
8274:
8275: 2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
8276:
8277: * plugins/sudoers/regress/testsudoers/test2.sh:
8278: fix test description
8279: [cd5730fa9f09]
8280:
8281: * plugins/sudoers/regress/testsudoers/test2.out,
8282: plugins/sudoers/regress/testsudoers/test2.sh,
8283: plugins/sudoers/regress/visudo/test2.out,
8284: plugins/sudoers/regress/visudo/test2.sh:
8285: convert test2 to use testsudoers
8286: [b5ec3f0b69f1]
8287:
8288: * include/sudo_plugin.h, src/sudo_plugin_int.h:
8289: Move struct generic_plugin to sudo_plugin_int.h
8290: [6f7bc629329c]
8291:
8292: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
8293: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
8294: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
8295: plugins/sudoers/sudoers.h:
8296: Allow sudoers file name, mode, uid and gid to be specified in the
8297: settings list. The sudo front end does not currently set these but
8298: may in the future.
8299: [22f38a0fda2a]
8300:
8301: 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
8302:
8303: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
8304: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
8305: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
8306: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
8307: doc/visudo.man.in:
8308: 1.8.0rc1
8309: [5d4588b9c057]
8310:
8311: * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
8312: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
8313: src/parse_args.c, src/sudo.h:
8314: add help text to sudo, visudo and sudoreplay for the -h option
8315: [52e7378d8476]
8316:
8317: 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
8318:
8319: * compat/snprintf.c:
8320: avoid using "howmany" for a parameter name since it is a select-
8321: related macro
8322: [a14d565401a1]
8323:
8324: * doc/sudoers.pod:
8325: mention group_plugin when describing nonunix_group
8326: [e0d1d0034b17]
8327:
8328: * doc/sudo_plugin.pod:
8329: Add missing period at end of sentence
8330: [6744d7e9056d]
8331:
8332: * Makefile.in, doc/Makefile.in, include/Makefile.in,
8333: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
8334: plugins/sudoers/Makefile.in, src/Makefile.in:
8335: add localstatedir; closes bug 471
8336: [7aefcab85088]
8337:
8338: * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
8339: src/exec.c, src/exec_pty.c:
8340: The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
8341: Bug 470
8342: [927ed6740f32]
8343:
8344: * configure.in:
8345: add missing AH_TEMPLATE for ENV_RESET
8346: [16300010c986]
8347:
8348: * src/exec.c:
8349: SVR5 systems return non-zero for success on socketpair(), check for
8350: -1 instead. Closes Bug 469
8351: [4d276494bf8e]
8352:
8353: 2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
8354:
8355: * configure, configure.in:
8356: 1.8.0b5
8357: [d611cd5d73d3]
8358:
8359: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
8360: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
8361: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
8362: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
8363: regen
8364: [85e96eeaed82]
8365:
8366: * doc/sudo.pod:
8367: Document that a sudo.conf file with no Pligin lines uses the default
8368: sudoers plugins.
8369: [88bd52da977f]
8370:
8371: * src/load_plugins.c:
8372: If sudo.conf contains no Plugin lines, use the default sudoers
8373: policy and I/O plugins.
8374: [fd8f4cb811ab]
8375:
8376: 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
8377:
8378: * plugins/sudoers/sudo_nss.c:
8379: Avoid printing empty "Runas and Command-specific defaults for user"
8380: line.
8381: [2dd330fe4f8b]
8382:
8383: * common/lbuf.c:
8384: Truncate the buffer at buf.len before printing in the non-wordwrap
8385: case.
8386: [901e9833f80d]
8387:
8388: * common/lbuf.c:
8389: Remove extra newline when the tty width is very small or unavailable
8390: [245c05506c0e]
8391:
8392: 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
8393:
8394: * plugins/sudoers/alias.c:
8395: Remove unneeded variable.
8396: [2c086d30b796]
8397:
8398: 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
8399:
8400: * configure, configure.in:
8401: Prefer getutxid over getutid
8402: [3f3322e9c93e]
8403:
8404: * plugins/sudoers/boottime.c:
8405: Include utmp.h / utmpx.h before missing.h as apparently including it
8406: afterwards causes a compilation problem on GNU Hurd.
8407: [a528029ae962]
8408:
8409: 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
8410:
8411: * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
8412: #include "foo.h", not <foo.h> for local includes.
8413: [f65ec693998e]
8414:
8415: * src/parse_args.c:
8416: remove bogus XXX
8417: [9136c17d53ce]
8418:
8419: * compat/mksiglist.c:
8420: Fix typo
8421: [1a3bb7b455c9]
8422:
8423: * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
8424: plugins/sudoers/match.c:
8425: return foo not return(foo)
8426: [5c9e0647359a]
8427:
8428: 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
8429:
8430: * src/exec.c:
8431: Remove duplicate FD_SET of signal_pipe[0]
8432: [3096527d2215]
8433:
8434: 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
8435:
8436: * compat/mksiglist.c:
8437: Use "missing.h" not <missing.h> in generated code.
8438: [d8e09cffbe09]
8439:
8440: 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
8441:
8442: * aclocal.m4, configure:
8443: fix --with-iologdir=no
8444: [a89699cb5f5f]
8445:
8446: * aclocal.m4, configure:
8447: fix typo that broke --with-iologdir
8448: [91b54eb22403]
8449:
8450: 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
8451:
8452: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
8453: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
8454: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
8455: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
8456: doc/visudo.man.in:
8457: Bump version to 1.8.0b4
8458: [e2b7f2cdc02e]
8459:
8460: * NEWS:
8461: sync
8462: [decf5a0a8a33]
8463:
8464: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8465: Attempt to clarify how users and groups interact in Runas_Specs
8466: [e6fb3a2dbd77]
8467:
8468: * plugins/sudoers/regress/visudo/test2.out,
8469: plugins/sudoers/regress/visudo/test2.sh:
8470: Add test for quoted group that contains escaped double quotes
8471: [44596c48c629]
8472:
8473: * src/exec.c, src/exec_pty.c:
8474: Pass SIGUSR1/SIGUSR2 through to the child.
8475: [c3108a827b01]
8476:
8477: * src/exec_pty.c, src/sudo_exec.h:
8478: Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
8479: SIGUSR2 to indicate whether the child should be continued in the
8480: foreground or background.
8481: [35ca47cc6785]
8482:
8483: * src/exec.c:
8484: Use pid_t not int and check the return value of kill()
8485: [36ae7d37d7f9]
8486:
8487: 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
8488:
8489: * src/exec_pty.c:
8490: Remove obsolete comment
8491: [baebef4919f6]
8492:
8493: * src/exec.c:
8494: In non-pty mode before continuing the child, make it the foreground
8495: pgrp if possible. Fixes resuming a shell.
8496: [fef5b1d02ddb]
8497:
8498: * src/exec_pty.c:
8499: If we get a signal other than SIGCHLD in the monitor, pass it
8500: directly to the child.
8501: [b3ecb28163a0]
8502:
8503: * src/exec.c, src/exec_pty.c, src/sudo.h:
8504: Save signal state before changing handlers and restore before we
8505: execute the command.
8506: [faf7475dc4bf]
8507:
8508: 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
8509:
8510: * plugins/sudoers/iolog.c:
8511: Use a char array to map a number to a base36 digit.
8512: [257576c51f8b]
8513:
8514: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
8515: Be clear about what versions of sudo support new LDAP attributes.
8516: Fix up some formatting of attribute names. Minor other tweaks.
8517: [39f65df71f65]
8518:
8519: 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
8520:
8521: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8522: match quoted strings the same way whether in a Defaults line or as a
8523: user/group/netgroup name. Fixes escaped double quotes in quoted
8524: user/group/netgroup names.
8525: [601d97ea8792]
8526:
8527: * plugins/sudoers/Makefile.in:
8528: 'make check' depends on visudo and testsudoers
8529: [127c5a24df8f]
8530:
8531: * plugins/sudoers/sudoers2ldif:
8532: Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
8533: [9029163a58c3]
8534:
8535: 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
8536:
8537: * doc/UPGRADE:
8538: Mention LDAP attribute compatibility status.
8539: [2c3595aaec63]
8540:
8541: 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
8542:
8543: * README.LDAP:
8544: Mention phpQLAdmin
8545: [9304c9064fbe]
8546:
8547: * INSTALL, NEWS, config.h.in, configure, configure.in,
8548: doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
8549: Add --disable-env-reset configure option.
8550: [8a753aa13a46]
8551:
8552: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8553: Document that sudoers_locale also affects logging and email.
8554: [998d6ac11277]
8555:
8556: * NEWS, config.h.in, configure, configure.in,
8557: plugins/sudoers/logging.c:
8558: Do logging and email sending in the locale specified by the
8559: "sudoers_locale" setting ("C" by default). Email send by sudo
8560: includes MIME headers when the sudoers locale is not "C".
8561: [cb7e55408400]
8562:
8563: 2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
8564:
8565: * plugins/sudoers/check.c:
8566: Fix indentation
8567: [65ae7e92b9e4]
8568:
8569: 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
8570:
8571: * NEWS, src/parse_args.c, src/sudo.c:
8572: Perform command escaping for "sudo -s" and "sudo -i" after
8573: validating sudoers so the sudoers entries don't need to have all the
8574: backslashes.
8575: [4e168c103f4b]
8576:
8577: 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
8578:
8579: * plugins/sudoers/logging.c:
8580: Prepend "list " to the command logged when "sudo -l command" is used
8581: to make it clear that the command was listed, not run.
8582: [f392a6056cd6]
8583:
8584: * plugins/sudoers/parse.c:
8585: cosmetic change
8586: [7c0951dbc2dd]
8587:
8588: * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
8589: common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
8590: compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
8591: compat/nanosleep.c, compat/regress/glob/globtest.c,
8592: compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
8593: compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
8594: plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
8595: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
8596: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
8597: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
8598: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
8599: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
8600: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
8601: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
8602: plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
8603: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
8604: plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
8605: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
8606: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
8607: plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
8608: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
8609: plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
8610: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
8611: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
8612: plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
8613: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
8614: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
8615: src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
8616: src/sudo_noexec.c, src/tgetpass.c:
8617: standardize on "return foo;" rather than "return(foo);" or "return
8618: (foo);"
8619: [32d76c5aaf8c]
8620:
8621: * plugins/sudoers/sudoers.c:
8622: Do not reject sudoers file just because it is root-writable.
8623: [0febc579185b]
8624:
8625: 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
8626:
8627: * NEWS:
8628: sync
8629: [1ab03f8278ff]
8630:
8631: * plugins/sudoers/sudo_nss.c:
8632: For "sudo -U user -l" if user is not authorized on the host, say so.
8633: [289afe6dd15c]
8634:
8635: * plugins/sudoers/ldap.c:
8636: In sudo_ldap_lookup(), always do the initial sudoers check as the
8637: invoking user. If we are listing another user's privs we will do a
8638: separate lookup using list_pw later.
8639: [e52bc15de76d]
8640:
8641: 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
8642:
8643: * MANIFEST:
8644: add parser fill tests
8645: [4f65140d3515]
8646:
8647: * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
8648: Don't test features not supported by the bundled glob()
8649: [8ec7ace11949]
8650:
8651: * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
8652: compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
8653: doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8654: doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
8655: doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
8656: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
8657: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
8658: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
8659: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
8660: plugins/sudoers/ldap.c, plugins/sudoers/match.c,
8661: plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
8662: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
8663: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
8664: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
8665: plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
8666: Update copyright year to 2011
8667: [ac1b45cb1809]
8668:
8669: * plugins/sudoers/sudo_nss.c:
8670: When listing, use separate lbufs for the defaults and the privileges
8671: and only print something if the number of privileges is non-zero.
8672: Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
8673: [d0854d39f8ef]
8674:
8675: * plugins/sudoers/ldap.c:
8676: Stash pointer to user group vector in LDAP handle and only reuse the
8677: query if it has not changed. We always allocate a new buffer when
8678: we reset the group vector so a simple pointer check is sufficient.
8679: [88861d4eba69]
8680:
8681: * plugins/sudoers/sudo_nss.c:
8682: Check initgroups() return value.
8683: [3bdaf58408a7]
8684:
8685: * plugins/sudoers/Makefile.in,
8686: plugins/sudoers/regress/parser/check_fill.c:
8687: Add tests for the fill functions in toke_util.c
8688: [bca587ab4956]
8689:
8690: 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
8691:
8692: * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
8693: fix copyright year
8694: [e2038cdaf055]
8695:
8696: * NEWS:
8697: sync
8698: [56ca5d5eaebe]
8699:
8700: 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
8701:
8702: * common/term.c:
8703: Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
8704: [b91f266624ec]
8705:
8706: 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
8707:
8708: * mkpkg, sudo.pp:
8709: Add Requires line for audit-libs >= 1.4 for RHEL5+
8710: [6c02f976171b]
8711:
8712: * pp:
8713: sync with git version
8714: [d301c32d5865]
8715:
8716: 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
8717:
8718: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8719: fix typo
8720: [39353f92976f]
8721:
8722: 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
8723:
8724: * NEWS:
8725: Update for sudo 1.7.4p5
8726: [b444da76901f]
8727:
8728: * doc/schema.OpenLDAP, doc/schema.iPlanet:
8729: Add sudoNotBefore and sudoNotAfter attributes as optional attributes
8730: to the sudoRole object class. From Andreas Mueller
8731: [dacfad7e7a95]
8732:
8733: 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
8734:
8735: * NEWS:
8736: Mention "sudo -g group" password check fix.
8737: [1eb8fb14e53b]
8738:
8739: * plugins/sudoers/sudoers.c:
8740: Fix "sudo -g" support in the sudoers module.
8741: [07d1b0ce530e]
8742:
8743: * plugins/sudoers/check.c:
8744: If the user is running sudo as himself but as a different group we
8745: need to prompt for a password.
8746: [caf1fcc9a117]
8747:
8748: 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
8749:
8750: * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
8751: doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
8752: plugins/sudoers/ldap.c:
8753: Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
8754: LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
8755: derived LDAP SDKs but we can pass the timeout parameter to
8756: ldap_search_ext_s() or ldap_search_st() when possible.
8757: [5537049991f7]
8758:
8759: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
8760: regen
8761: [5b361c3c4324]
8762:
8763: * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
8764: Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
8765: with OpenLDAP ldap.conf files.
8766: [e97843bd16fb]
8767:
8768: * plugins/sudoers/pwutil.c:
8769: If user has no supplementary groups, fall back on checking the group
8770: file expliticly.
8771: [5223ad4eb690]
8772:
8773: 2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
8774:
8775: * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
8776: constify
8777: [6e132a4cca61]
8778:
8779: * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
8780: plugins/sudoers/toke.l:
8781: Move fill macro to toke.h
8782: [623d430798cf]
8783:
8784: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
8785: plugins/sudoers/toke.h, plugins/sudoers/toke.l,
8786: plugins/sudoers/toke_util.c:
8787: Split tokenizer utility functions out into toke_util.c
8788: [89a97bd51618]
8789:
8790: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
8791: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8792: ANSIfy
8793: [ca0eba1dfaa9]
8794:
8795: 2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
8796:
8797: * MANIFEST:
8798: sync
8799: [a43f94064bb3]
8800:
8801: * plugins/sudoers/Makefile.in:
8802: Add visudo tests to check target
8803: [8c82fb4ed40f]
8804:
8805: * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
8806: compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
8807: compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
8808: Add my regress tests for fnmatch() and glob() from OpenBSD.
8809: [6e8c1f211723]
8810:
8811: * plugins/sudoers/regress/testsudoers/test1.sh,
8812: plugins/sudoers/regress/visudo/test1.ok,
8813: plugins/sudoers/regress/visudo/test1.sh:
8814: Add regress test for command tags using visudo -c
8815: [18b0ef207c0f]
8816:
8817: * plugins/sudoers/Makefile.in,
8818: plugins/sudoers/regress/testsudoers/test1.ok,
8819: plugins/sudoers/regress/testsudoers/test1.sh:
8820: Add support for regress tests using testsudoers
8821: [1fa94bd2671b]
8822:
8823: * plugins/sudoers/testsudoers.c:
8824: Need to set user_name explicitly due to internal changes made when
8825: converting sudoers to a plugin.
8826: [1fa54e86a364]
8827:
8828: 2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
8829:
8830: * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
8831: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
8832: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
8833: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
8834: plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
8835: zlib/Makefile.in:
8836: Add regression tests for iolog_path()
8837: [afa4b416e559]
8838:
8839: * Makefile.in, common/Makefile.in, compat/Makefile.in,
8840: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
8841: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
8842: src/Makefile.in, zlib/Makefile.in:
8843: Add support for "make Makefile" to regenerate Makefile from
8844: Makefile.in
8845: [98bd2dda3294]
8846:
8847: * plugins/sudoers/iolog_path.c:
8848: Quiest a bogus compiler warning.
8849: [5ff932a7ad67]
8850:
8851: 2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
8852:
8853: * plugins/sudoers/iolog_path.c:
8854: Protect call to setlocale() with HAVE_SETLOCALE
8855: [2c29ee3ccc81]
8856:
8857: 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
8858:
8859: * MANIFEST:
8860: mkstemps.c was renamed mktemp.c
8861: [ae299c3b1827]
8862:
8863: * NEWS:
8864: Update from 1.7 branch
8865: [20817d79717b]
8866:
8867: * Makefile.in:
8868: Use "mv -f" when regenerating ChangeLog
8869: [c163635206c6]
8870:
8871: * plugins/sudoers/match.c:
8872: Fix NULL dereference with "sudo -g group" when the sudoers rule has
8873: no runas user or group listed. Fixes RedHat bug Bug 667103.
8874: [41a6a1243d9e]
8875:
8876: 2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
8877:
8878: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8879: Correct the default sudo.conf example
8880: [4e791698cad1]
8881:
8882: 2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
8883:
8884: * plugins/sudoers/iolog_path.c:
8885: Reset slashp if we allocate a new buffer for strftime()
8886: [e491daa4203b]
8887:
8888: * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
8889: plugins/sudoers/sudoers.h:
8890: Add extra out parameter to expand_iolog_path() to allow the caller
8891: to split the path into dir and file components if needed.
8892: [88346bc5ae39]
8893:
8894: 2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
8895:
8896: * plugins/sudoers/iolog.c:
8897: mkdir_iopath() returns size_t now that it uses strlcpy() and not
8898: snprintf()
8899: [3c4c64d265eb]
8900:
8901: * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
8902: Trim leading slashes from iolog_file and trailing slashes from
8903: iolog_dir
8904: [a803b51f8948]
8905:
8906: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8907: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
8908: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
8909: Pass a single I/O log file name in command_details instead of
8910: separate dir + file parameters.
8911: [d672a3e46e80]
8912:
8913: * plugins/sudoers/sudoreplay.c:
8914: change an error() to errorx()
8915: [8013dcfdd69d]
8916:
8917: * plugins/sudoers/iolog.c:
8918: Add missing cwd line to I/O log info file that got dropped when
8919: iolog_deserialize_info() was added
8920: [7cf84f208423]
8921:
8922: 2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
8923:
8924: * plugins/sudoers/iolog.c:
8925: Avoid relying on globals filled in by the sudoers policy module for
8926: the sudoers I/O log module. The I/O log open function now pulls the
8927: bits it needs out of user_info and command_info.
8928: [c02f6951b0cc]
8929:
8930: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
8931: plugins/sudoers/sudoers.h:
8932: If no iolog file is specified by the policy plugin, use io_nextid()
8933: to determine the next file in the sequence.
8934: [faa1130b1020]
8935:
8936: 2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
8937:
8938: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8939: Document iolog_compress in command_info
8940: [58895c7d12f5]
8941:
8942: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
8943: Add support for the iolog_compress variable in command_info.
8944: [36f13a2fd1c1]
8945:
8946: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
8947: Add sigsetjmp() calls to all plugin entry points just to be safe.
8948: [3fa482355bc4]
8949:
8950: * src/sudo.c, src/sudo.h:
8951: Don't need iolog variables in struct command_details, they are for
8952: the I/O log plugins to handle.
8953: [5111579ffd9d]
8954:
8955: 2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
8956:
8957: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8958: Document use of mkdtemp() for iolog path teplates
8959: [5db6101408a9]
8960:
8961: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
8962: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
8963: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
8964: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
8965: regen
8966: [1ee11fd6d4eb]
8967:
8968: * doc/sudo_plugin.pod, doc/sudoers.pod:
8969: Document iolog_file and supported escape sequences for sudoers.
8970: Clarify that iolog_file can contain directories.
8971: [da611dedcbdb]
8972:
8973: * compat/Makefile.in, configure, configure.in:
8974: Fix building of mkstemps/mkdtemp replacements.
8975: [793a5e303122]
8976:
8977: * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
8978: configure.in, include/missing.h:
8979: Provide mkdtemp() for systems without it.
8980: [b0527dfa965c]
8981:
8982: * plugins/sudoers/iolog_path.c:
8983: Fix typo
8984: [277f6c514cba]
8985:
8986: * plugins/sudoers/iolog.c:
8987: Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
8988: glibc mkdtemp() returns EINVAL.
8989: [2e7323b05579]
8990:
8991: * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
8992: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
8993: plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
8994: plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
8995: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
8996: Allow sudoers to specify the iolog file in addition to the iolog
8997: dir. Add escape sequence support to iolog file and dir: sequence
8998: number, user, group, runas_user, runas_group, hostname and
8999: command in addition to any escape sequence recognized by
9000: strftime(3).
9001: [75cd32ee0435]
9002:
9003: * plugins/sudoers/iolog.c:
9004: Add missing sigsetjmp() call in I/O plugin open function. Fixes a
9005: crash when the I/O plugin calls error(), errorx() or log_error().
9006: [1a6718bd817d]
9007:
9008: 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
9009:
9010: * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
9011: plugins/sudoers/sudoers.c:
9012: Give the policy module fine-grained control over what the I/O plugin
9013: logs.
9014: [d29784fd2a66]
9015:
9016: * common/term.c:
9017: Clear OPOST from c_oflag like we used to. Fixes screen-based
9018: editors such as vi.
9019: [506ad5ae9b4e]
9020:
9021: * doc/sudoers.pod:
9022: Clarify umask option description. From Reuben Thomas.
9023: [1294ac84222b]
9024:
9025: 2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
9026:
9027: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
9028: Pick last match in LDAP sudoers too
9029: [fbfd8e85703b]
9030:
9031: * doc/sudo_plugin.pod:
9032: Document iolog_file, iolog_dir and use_pty
9033: [26120a59c20e]
9034:
9035: * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
9036: plugins/sudoers/sudoers.c:
9037: Adapt plugins to version I/O logging ABI 1.1
9038: [880dd64bc1e8]
9039:
9040: * src/exec.c, src/sudo.h:
9041: Add use_pty command_info flag for policies to indicate that a pty
9042: should be allocated even if no I/O logging is performed.
9043: [e7b167f8a6e5]
9044:
9045: * src/sudo.c:
9046: Add remaining plugin convenience functions
9047: [ffeaf96da031]
9048:
9049: * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
9050: src/sudo_plugin_int.h:
9051: Change I/O log API to pass in command info to the I/O log open
9052: function. Add iolog_file and iolog_dir parameters to command info.
9053: This allows the policy plugin to specify the I/O log pathname. Add
9054: convenience functions for calling plugin functions that handle ABI
9055: backwards compatibility.
9056: [9b81dce76ce5]
9057:
9058: * compat/dlopen.c:
9059: Remove useless cast
9060: [7cecce969739]
9061:
9062: 2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
9063:
9064: * configure, configure.in:
9065: Bump version to 1.8.0b3
9066: [1dc9f040aae0]
9067:
9068: 2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
9069:
9070: * configure.in:
9071: Remove extraneous newline
9072: [71c94551eea5]
9073:
9074: 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
9075:
9076: * doc/sudoers.pod, plugins/sudoers/def_data.c,
9077: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
9078: plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
9079: Make I/O log dir configurable.
9080: [99b576667a38]
9081:
9082: * aclocal.m4, configure, configure.in, doc/sudoers.pod:
9083: Rename io_logdir to iolog_dir
9084: [0731662acc8d]
9085:
9086: 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
9087:
9088: * pp:
9089: Add missing '*' that prevented the generic ELF case from matching.
9090: [be77ca26bfb2]
9091:
9092: * pp:
9093: If file(1) can't identify the ELF binary type, try readelf(1).
9094: [38a18d32a9e3]
9095:
9096: 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
9097:
9098: * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
9099: plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
9100: plugins/sudoers/sudoers.c, src/sudo.c:
9101: Use %u to print uid/gid, not %lu and adjust casts to match.
9102: [03c43b8749cf]
9103:
9104: * doc/sudoers.ldap.pod:
9105: Clarify ordering of entries and attributes.
9106: [924e2a6bb603]
9107:
9108: * doc/sudoers.ldap.pod:
9109: Fix typo and editing goof.
9110: [79dc7ccd85a8]
9111:
9112: * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
9113: doc/sudoers.ldap.pod:
9114: Merge in ordered LDAP entry support from Andreas Mueller.
9115: [ea5885989bad]
9116:
9117: * plugins/sudoers/ldap.c:
9118: Make sure we don't dereference a NULL handle.
9119: [1a9f9ee15371]
9120:
9121: 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
9122:
9123: * pp:
9124: Add support for RHEL 6 file modes that include a trailing dot on
9125: files with an SELinux security context
9126: [dc09be959547]
9127:
9128: 2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
9129:
9130: * src/sudo.c:
9131: exec_setup() does not need to setuid(0), the Ubuntu issue was in the
9132: sudoers module.
9133: [d6dd99fc6062]
9134:
9135: * plugins/sudoers/sudoers.c:
9136: create_admin_success_flag() should use restore_perms() rather than
9137: set_perms() to restore the uid.
9138: [eba7a91c1f57]
9139:
9140: * src/sudo.c:
9141: In exec_setup() call setuid(0) to make certain the subsequent uid
9142: and gid changes will succeed. Fixes a problem on Ubuntu.
9143: [c5d32abf0645]
9144:
9145: * src/sudo_edit.c:
9146: Error out if we cannot change to root's uid so we catch the failure
9147: early.
9148: [7a2e7f8f2c80]
9149:
9150: 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
9151:
9152: * doc/sudoers.pod:
9153: fix typo; from Michael T Hunter
9154: [a574a9d0db5b]
9155:
9156: * plugins/sudoers/match.c:
9157: In sudoedit mode, assume command line arguments are paths and pass
9158: FNM_PATHNAME to fnmatch().
9159: [ce0abff8ce9f]
9160:
9161: 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
9162:
9163: * configure, configure.in:
9164: Add workaround for an error in sys/types.h on HP-UX 11.23 when large
9165: file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
9166: broken bits of the header file.
9167: [e337217f097a]
9168:
9169: * aclocal.m4:
9170: Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
9171: [fbbcee28961f]
9172:
9173: * sudo.pp:
9174: For Tru64, strip off beta version.
9175: [eeccd762df5e]
9176:
9177: * MANIFEST, plugins/sudoers/testsudoers.c,
9178: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
9179: Avoid conflicts with system definitions in grp.h and pwd.h
9180: [b219ffe1da09]
9181:
9182: * zlib/gzguts.h:
9183: Include stdio.h after zlib.h, not before. We need the large file
9184: defines to come first.
9185: [21d6df39790f]
9186:
9187: 2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
9188:
9189: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
9190: regen
9191: [3ff8750d0aac]
9192:
9193: * Makefile.in:
9194: Don't clean ChangeLog
9195: [ab0d30d289d4]
9196:
9197: * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
9198: Add prototype for cleanup()
9199: [75626fd3769a]
9200:
9201: 2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
9202:
9203: * plugins/sudoers/group_plugin.c:
9204: Avoid deferencing group_plugin if it is NULL in
9205: group_plugin_query(). This should not happen.
9206: [4f2933c8da7e]
9207:
9208: * plugins/sudoers/group_plugin.c:
9209: group plugin init function return TRUE when successful
9210: [198024477030]
9211:
9212: 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
9213:
9214: * plugins/sudoers/ldap.c:
9215: Enlarge the array of entry wrappers int blocks of 100 entries to
9216: save on allocation time. From Andreas Mueller
9217: [375c916bb03b]
9218:
9219: * plugins/sudoers/ldap.c:
9220: Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
9221: that was mistakenly dropped.
9222: [1555f5bc132d]
9223:
9224: 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
9225:
9226: * doc/TROUBLESHOOTING:
9227: Mention that sudo needs "ar" to build.
9228: [65582ace2d09]
9229:
9230: * configure, configure.in:
9231: Fail with a more useful error if "ar" is not found.
9232: [d1cb83719c17]
9233:
9234: 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
9235:
9236: * plugins/sudoers/ldap.c:
9237: Merge in ordered LDAP entry support from Andreas Mueller and add
9238: local changes from the 1.7 branch.
9239: [bca29e461618]
9240:
9241: 2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
9242:
9243: * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
9244: doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
9245: Add timed entry support from Andreas Mueller.
9246: [e18d1df46a8d]
9247:
9248: * plugins/sudoers/group_plugin.c:
9249: Don't try to unload if group_plugin is NULL. Don't call dlclose() if
9250: group_handle is NULL
9251: [de2273da37d5]
9252:
9253: * plugins/sudoers/sudoers.h:
9254: It is now plugin_cleanup(), not cleanup()
9255: [da62a4e1a78c]
9256:
9257: * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
9258: Call plugin_cleanup(), not cleanup()
9259: [e800ad8b33ad]
9260:
9261: 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
9262:
9263: * plugins/sudoers/ldap.c:
9264: Use efree() not free() and remove malloc.h include since we never
9265: directly call malloc() or free().
9266: [107fffd134bb]
9267:
9268: 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
9269:
9270: * sudo.pp:
9271: set PSTAMP for Solaris and move the backend-specific bits to their
9272: own %if [xxx] %endif blocks in %set.
9273: [a94ebe8920c1]
9274:
9275: * pp:
9276: sync with git repo
9277: [75ff509696b4]
9278:
9279: * configure, configure.in:
9280: Only substitute file zlib files when using the builtin zlib
9281: [6c8145b2deb4]
9282:
9283: * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
9284: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
9285: src/Makefile.in, zlib/Makefile.in:
9286: Give up on using VPATH to find sources as it is implemented
9287: inconsistenly in different versions of make.
9288: [60517c69aaee]
9289:
9290: * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
9291: plugins/sudoers/gram.c, plugins/sudoers/toke.c:
9292: Include config.h before any other includes to make sure we get the
9293: right value for _FILE_OFFSET_BITS.
9294: [8fb007ca832e]
9295:
9296: * MANIFEST:
9297: Add zlib
9298: [04a3e23dfaa9]
9299:
9300: * zlib/Makefile.in:
9301: Add missing targets
9302: [40e45a177168]
9303:
9304: * src/Makefile.in:
9305: g/c unused $(GENERATED)
9306: [c8758068c1bc]
9307:
9308: 2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
9309:
9310: * plugins/sudoers/group_plugin.c:
9311: Zero out group_plugin on unload just to be safe.
9312: [0b10f4d101ca]
9313:
9314: * plugins/sudoers/group_plugin.c:
9315: Unload group plugin if its init function fails.
9316: [6552cdac4b7c]
9317:
9318: * src/sudo.c:
9319: Only chdir to cwd if it is different from the current cwd or there
9320: is a new root (chroot).
9321: [b8203e875e84]
9322:
9323: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
9324: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
9325: doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
9326: Bump version to 1.8.0b2
9327: [6dadeb75a878]
9328:
9329: 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
9330:
9331: * INSTALL:
9332: Better --enable-zlib description
9333: [e0da54fa59a6]
9334:
9335: * mkpkg:
9336: Use system zlib on Linux Let configure decide on Solaris For all
9337: others, use builtin zlib
9338: [3d52eddb523c]
9339:
9340: * zlib/zconf.h.in:
9341: Add large file support.
9342: [bec01215270d]
9343:
9344: * config.h.in:
9345: Add large file support.
9346: [244e95b034ec]
9347:
9348: * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
9349: zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
9350: zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
9351: zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
9352: zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
9353: zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
9354: zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
9355: zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
9356: Add local copy of zlib for systems that lack it.
9357: [7542ca465c5a]
9358:
9359: 2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
9360:
9361: * src/exec.c:
9362: If perform_io() fails, kill the child before exiting so it doesn't
9363: complain about connection reset. We can get an I/O error if, for
9364: example, and we get EIO reading from stdin.
9365: [e59a05fa729f]
9366:
9367: 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
9368:
9369: * plugins/sudoers/sudoers.c, src/sudo.c:
9370: Fix complilation on systems with set_auth_parameters() Sprinkle
9371: volatile to quiet warnings from gcc 2.8.0
9372: [a34c2b924ba7]
9373:
9374: * compat/dlfcn.h, compat/dlopen.c:
9375: Avoid potential namespace issues with dlopen() emulation.
9376: [aedfababd6ca]
9377:
9378: * MANIFEST:
9379: sync
9380: [6afb97e6d308]
9381:
9382: * plugins/sudoers/interfaces.c:
9383: Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
9384: exist).
9385: [ddfca5af1a36]
9386:
9387: * Makefile.in:
9388: Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
9389: [e9d04bfa4505]
9390:
9391: * configure, configure.in:
9392: HP-UX 10.20 libc has an incompatible getline
9393: [2e7bc202e78d]
9394:
9395: * plugins/sudoers/visudo.c:
9396: Quiet an HP-UX compiler warning.
9397: [55b9d587ac8c]
9398:
9399: * configure, configure.in:
9400: Check for vi even with --with-editor specified; the sample plugin
9401: needs it.
9402: [94dfc3643f76]
9403:
9404: 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
9405:
9406: * compat/dlopen.c:
9407: Fix remaining syntax errors.
9408: [9d729b5b577e]
9409:
9410: * src/Makefile.in:
9411: sudo binary depends on the libtool-generated libs
9412: [9e6148406adb]
9413:
9414: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
9415: Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
9416: include the local or system dlfcn.h
9417: [68cfe4c1089b]
9418:
9419: * pp:
9420: Don't use run_as_superuser=false on HP-UX
9421: [532242370b09]
9422:
9423: * src/net_ifs.c:
9424: Use memset() instead of zero_bytes() since we don't include
9425: sudoers.h
9426: [a187c18c2472]
9427:
9428: * plugins/sudoers/interfaces.c:
9429: Fix pasto; AF_INET not AF_INET6
9430: [2d2e9d7dc6f9]
9431:
9432: * compat/dlopen.c:
9433: Actually call shl_load()
9434: [ed8153b8a3cd]
9435:
9436: * pp:
9437: Update from git repo. Debian: version numbers now compliant with
9438: policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
9439: 10.20
9440: [ecf2692bceeb]
9441:
9442: * configure, configure.in:
9443: Fix dlopen() detection for systems where dlopen() is in a separate
9444: library.
9445: [fa6b175582b6]
9446:
9447: * plugins/sudoers/auth/pam.c:
9448: If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
9449: useful message and return AUTH_FATAL so sudo does not keep trying to
9450: validate the user.
9451: [1be8857e5291]
9452:
9453: * src/preload.c:
9454: sudo_preload_table is an array
9455: [b7704e72a9da]
9456:
9457: * compat/dlopen.c:
9458: Quiet a compiler warning and fix sudo_preload_table external
9459: definition.
9460: [8234987664cc]
9461:
9462: * compat/dlfcn.h:
9463: Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
9464: [8bab6a4053cc]
9465:
9466: * plugins/sudoers/group_plugin.c:
9467: Make this compile correctly when no dlopen is available.
9468: [57643879bd2b]
9469:
9470: 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
9471:
9472: * plugins/sudoers/check.c:
9473: Having a timestamp file defined is no longer indicative of tty
9474: tickets being enabled. Check def_tty_tickets directly.
9475: [efcc11ad157f]
9476:
9477: * src/exec_pty.c, src/sudo.h, src/ttysize.c:
9478: Fix TCGETWINSZ compat.
9479: [da3a8b17cf7a]
9480:
9481: 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
9482:
9483: * src/exec_pty.c, src/ttysize.c:
9484: Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
9485: [926492dd10a6]
9486:
9487: 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
9488:
9489: * plugins/sudoers/sudoers.c, src/sudo.c:
9490: Move set_project() from sudoers module into sudo proper.
9491: [beabafac03b4]
9492:
9493: * configure, configure.in:
9494: Fix typo and regenerate
9495: [4a3caf4234f3]
9496:
9497: * plugins/sudoers/ldap.c:
9498: When iterating over returned LDAP entries, keep looking at remaining
9499: matches even if we have a positive match. This catches negative
9500: matches that may exist in other entries and more closely match the
9501: sudoers file behavior.
9502: [f47db6e609b0]
9503:
9504: * pp:
9505: Add support for multiple package instances on Solaris.
9506: [7f2a8b942545]
9507:
9508: * src/exec.c:
9509: Add missing signal_pipe[0] to fdsr for the non-pty case.
9510: [79d01e11b19c]
9511:
9512: * mkpkg:
9513: Add --with-project for Solaris
9514: [ffa4c2bb93f7]
9515:
9516: * README:
9517: Need ar and ranlib too
9518: [5c2f679172ef]
9519:
9520: 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
9521:
9522: * plugins/sudoers/env.c:
9523: Preserve ODMDIR environment variable by default on AIX.
9524: [bd47cb1e804f]
9525:
9526: 2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
9527:
9528: * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
9529: config.h.in, configure, configure.in, plugins/sample/Makefile.in,
9530: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
9531: plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
9532: plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
9533: src/preload.c:
9534: Add dlopen() emulation for systems without it. For HP-UX 10, emulate
9535: using shl_load(). For others, link sudoers plugin statically and use
9536: a lookup table to emulate dlsym().
9537: [e92edfb3c642]
9538:
9539: 2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
9540:
9541: * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
9542: compat/nanosleep.c, compat/utimes.c:
9543: When including compat headers, use the compat dir as part of the
9544: path so we are sure to get the correct header.
9545: [6c2a45da6af5]
9546:
9547: 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
9548:
9549: * plugins/sudoers/linux_audit.c:
9550: Ignore ECONNREFUSED from audit_log_user_command() which will occur
9551: if auditd is not running.
9552: [d314fe4c8d03]
9553:
9554: 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
9555:
9556: * pp:
9557: Sync with git version
9558: [1c0357744222]
9559:
9560: 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
9561:
9562: * common/fileops.c, plugins/sudoers/defaults.c:
9563: Cast isblank argument to unsigned char.
9564: [c822dbb3ca54]
9565:
9566: 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
9567:
9568: * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
9569: doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
9570: Implement --with-umask-override configure flag.
9571: [863e3047df22]
9572:
9573: * plugins/sudoers/env.c:
9574: Take MODE_LOGIN_SHELL into account when initially setting reset_home
9575: instead of special-casing it later.
9576: [5d6b16480fd6]
9577:
9578: * plugins/sudoers/sudoers.c:
9579: In login mode, make a copy of the runas user's pw_shell for
9580: NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
9581: freed before exec.
9582: [1d1ccb568dfa]
9583:
9584: * plugins/sudoers/env.c:
9585: Reset HOME for "sudo -i" even if HOME was listed in env_keep.
9586: [c1c1c65a2d63]
9587:
9588: * src/sudo.c:
9589: Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
9590: [7443454e5f88]
9591:
9592: * src/sudo.c:
9593: Reset signal mask at sudo startup time; we need to be able to rely
9594: on normal signal delivery to control the child process.
9595: [95800163ff94]
9596:
9597: 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
9598:
9599: * install-sh:
9600: Use sed instead of expr to split a flag from its argument. Fixes a
9601: problem with expr interpreting its arguments as a flag when they
9602: start with a dash.
9603: [736065e14301]
9604:
9605: * common/lbuf.c:
9606: Do not need sys/time.h after all
9607: [91f6f668ccda]
9608:
9609: * common/lbuf.c:
9610: Include sys/time.h for utimes() and struct timeval. No longer need
9611: ioctl.h or termios.h
9612: [2d75273d3213]
9613:
9614: * compat/snprintf.c:
9615: Quiet bogus compiler warnings.
9616: [fe252e1968f5]
9617:
9618: * include/missing.h:
9619: Declare innetgr() for HP-UX which is missing a declaration. Declare
9620: domainname() for HP-UX and Solaris which are missing a declaration.
9621: [b37c50751138]
9622:
9623: * plugins/sudoers/bsm_audit.c:
9624: Use __sun for consistency with the rest of the sources.
9625: [6b086b61ccb6]
9626:
9627: * plugins/sudoers/group_plugin.c:
9628: Quiet a bogus compiler warning.
9629: [ebc069842c4a]
9630:
9631: * plugins/sudoers/pwutil.c:
9632: Don't try to delref a NULL group.
9633: [f6ff0838be21]
9634:
9635: * common/alloc.c, common/lbuf.c:
9636: Include memory.h on systems that need it.
9637: [4e676da81c6f]
9638:
9639: 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
9640:
9641: * src/exec.c:
9642: Quiet gcc warnings on glibc systems that use warn_unused_result for
9643: write(2).
9644: [0532da0b7cf7]
9645:
9646: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
9647: sudo_plugin is in section 8; from Ted Percival
9648: [b4506a0de87e]
9649:
9650: * plugins/sudoers/Makefile.in:
9651: testsudoers depends on libsudoers.la, not sudoreplay
9652: [cdb1cc3bf06a]
9653:
9654: 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
9655:
9656: * src/exec.c:
9657: Read as many signals on the signal pipe as we can before returning.
9658: [b181671da047]
9659:
9660: * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
9661: Instead of using a array to store received signals, open a pipe and
9662: have the signal handler write the signal number to one end and
9663: select() on the other end. This makes it possible to handle signals
9664: similar to I/O without race conditions.
9665: [ee84d65c16b6]
9666:
9667: 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
9668:
9669: * doc/visudo.pod, plugins/sudoers/visudo.c:
9670: Make "visudo -c -f -" check the standard input.
9671: [195a3d2a9a26]
9672:
9673: * doc/sudoers.pod:
9674: set_home and always_set_home have an effect if HOME is present in
9675: the env_keep list.
9676: [159d0b9dc5c8]
9677:
9678: * plugins/sudoers/env.c:
9679: Make -H flag work when HOME is listed in env_keep. Also makes
9680: "set_home" and "always_set_home" override override HOME in env_keep.
9681: [a3e5b966193f]
9682:
9683: 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
9684:
9685: * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
9686: plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
9687: plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
9688: plugins/sudoers/visudo.c, src/net_ifs.c:
9689: Convert sudoers plugin to use interface list passed in settings.
9690: [87d9b5f4f586]
9691:
9692: * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
9693: src/parse_args.c, src/sudo.h:
9694: Query local network interfaces in the main sudo driver and pass to
9695: the plugin as "network_addrs" in the settings list.
9696: [7f35bcfe77a7]
9697:
9698: * plugins/sudoers/bsm_audit.c:
9699: Solaris BSM audit return EINVAL when auditing is not enabled,
9700: whereas OpenBSM returns ENOSYS.
9701: [411b980ec58b]
9702:
9703: 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
9704:
9705: * compat/fnmatch.c:
9706: missing.h should come before most local includes
9707: [53921a7b8b5b]
9708:
9709: * plugins/sudoers/sudoreplay.c:
9710: missing.h should come before most local includes
9711: [e9abb0db1aac]
9712:
9713: * plugins/sudoers/sudoers.h:
9714: Make local includes consistent; use double quotes for local includes
9715: except for generated ones where we use angle brackets.
9716: [09de4faa9547]
9717:
9718: * plugins/sudoers/sudoers.c:
9719: Always fill in NewArgv for audit code.
9720: [7c3aca60519f]
9721:
9722: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
9723: Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
9724: [007cf6560f92]
9725:
9726: * common/alloc.c, common/atobool.c, common/fileops.c,
9727: common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
9728: common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
9729: compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
9730: compat/getprogname.c, compat/glob.c, compat/isblank.c,
9731: compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
9732: compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
9733: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
9734: compat/unsetenv.c, compat/utimes.c, include/compat.h,
9735: plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
9736: plugins/sample_group/plugin_test.c,
9737: plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
9738: plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
9739: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
9740: plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
9741: plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
9742: plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
9743: src/sudo_noexec.c, src/ttysize.c:
9744: Make local includes consistent; use double quotes for local includes
9745: except for generated ones where we use angle brackets. Also g/c
9746: unused compat.h.
9747: [e57070dc8f04]
9748:
9749: 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
9750:
9751: * plugins/sudoers/match.c:
9752: When matching the runas user and runas group (-u and -g command line
9753: options), keep track of runas group and runas user matches
9754: separately. Only return a positive match if we have a match for
9755: both runas user and runas group (if specified).
9756: [815219e04cc8]
9757:
9758: 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
9759:
9760: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
9761: Add support for multiple URI lines by joining the contents and
9762: passing the result to ldap_initialize.
9763: [a47cae3b72e8]
9764:
9765: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
9766: Do not return -1 on error from the display functions; the caller
9767: expects a return value >= 0.
9768: [101456a7dd00]
9769:
9770: * plugins/sudoers/sudoers.c:
9771: Do not set both MODE_EDIT and MODE_RUN
9772: [8faa36694d54]
9773:
9774: 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
9775:
9776: * include/missing.h:
9777: Move includes to the top of the file.
9778: [a51436798e8c]
9779:
9780: 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
9781:
9782: * plugins/sudoers/Makefile.in:
9783: Add missing definition of timedir
9784: [458a749c2c5e]
9785:
9786: * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
9787: compat/mksiglist.c, compat/strsignal.c,
9788: plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
9789: Add #include of sys/types.h for .c files that include missing.h to
9790: be sure that size_t and ssize_t are defined.
9791: [08e3132dbf4f]
9792:
9793: * plugins/sudoers/Makefile.in:
9794: Install sudoers file from the build dir not hte src dir.
9795: [ca89e962dbf4]
9796:
9797: 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
9798:
9799: * plugins/sudoers/set_perms.c:
9800: If runas_pw changes, reset the stashed runas aux group vector.
9801: Otherwise, if runas_default is set in a per-command Defaults
9802: statement, the command runs with root's aux group vector (i.e. the
9803: one that was used when locating the command).
9804: [24f9107cedd2]
9805:
9806: * plugins/sudoers/Makefile.in:
9807: Add target to generate sudoers file Remove generated sudoers file as
9808: part of distclean
9809: [fb7422e90f03]
9810:
9811: 2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
9812:
9813: * src/exec.c:
9814: When not logging I/O install a handler for SIGCONT and deliver it to
9815: the command upon resume. Fixes bugzilla #431
9816: [495dce52a5aa]
9817:
9818: 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
9819:
9820: * plugins/sudoers/sudoers.h:
9821: g/c unused auth_pw extern definition
9822: [40eb7477ba17]
9823:
9824: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
9825: Move get_auth() into check.c where it is actually used.
9826: [e31db0ce3a61]
9827:
9828: 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
9829:
9830: * common/lbuf.c:
9831: Convert a remaining puts() and putchar() to use the output function.
9832: [d69e363a506b]
9833:
9834: * plugins/sudoers/plugin_error.c:
9835: Plug memory leak
9836: [68895469ea8d]
9837:
9838: 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
9839:
9840: * plugins/sudoers/env.c:
9841: Set dupcheck to TRUE when setting new HOME value if !env_reset but
9842: always_set_home is true. Prevents a duplicate HOME in the
9843: environment (old value plus the new one) introduced in f421f8827340.
9844: [9ca19183794f]
9845:
9846: * configure, configure.in, plugins/sudoers/sudoers,
9847: plugins/sudoers/sudoers.in:
9848: Substitute sysconfdir in the installed sudoers file to get the
9849: correct path for sudoers.d.
9850: [86072b6cd55d]
9851:
9852: 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
9853:
9854: * src/get_pty.c:
9855: Fix typo that prevented compilation on Irix; Friedrich Haubensak
9856: [b48be51b65fc]
9857:
9858: 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
9859:
9860: * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
9861: common/atobool.c, common/fileops.c, common/fmt_string.c,
9862: common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
9863: compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
9864: compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
9865: compat/getprogname.c, compat/glob.c, compat/isblank.c,
9866: compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
9867: compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
9868: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
9869: compat/unsetenv.c, compat/utimes.c, include/compat.h,
9870: include/missing.h, plugins/sample/sample_plugin.c,
9871: plugins/sample_group/getgrent.c,
9872: plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
9873: plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
9874: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
9875: plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
9876: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
9877: plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
9878: src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
9879: Merge compat.h and missing.h into missing.h
9880: [572909ae9716]
9881:
9882: 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
9883:
9884: * plugins/sudoers/auth/pam.c:
9885: If the user hits ^C while a password is being read, error out before
9886: reading any further passwords in the pam conversation function.
9887: Otherwise, if multiple PAM auth methods are required, the user will
9888: have to hit ^C for each one.
9889: [23782631748c]
9890:
9891: 2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
9892:
9893: * plugins/sudoers/check.c:
9894: Update comment
9895: [a5296cb3a20a]
9896:
9897: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9898: Document sudo_conv_t function and sudo_printf_t return values.
9899: [745c0017814c]
9900:
9901: * src/conversation.c:
9902: Make _sudo_printf return the number of characters printed on success
9903: like printf(3).
9904: [8eeefe8d7e77]
9905:
9906: 2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
9907:
9908: * plugins/sudoers/sudoers.c:
9909: sudoers.h includes sudo_plugin.h for us
9910: [cabe68e07807]
9911:
9912: * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
9913: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
9914: src/sudo_edit.c:
9915: Use gettimeofday() directly instead of via the gettime() wrapper.
9916: [7490426c99ae]
9917:
9918: * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
9919: compat/strerror.c, config.h.in, configure, configure.in,
9920: include/compat.h, include/missing.h, plugins/sudoers/logging.c,
9921: plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
9922: Remove some obsolete configure tests, ancient Unix systems are no
9923: longer supported.
9924: [2be6218c3a36]
9925:
9926: 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
9927:
9928: * sudo.pp:
9929: Set pp_kit_version and strip off patch level
9930: [aacfda1b676d]
9931:
9932: * sudo.pp:
9933: Better handling of versions with a patchlevel. For rpm and deb, use
9934: the patchlevel+1 as the release. For AIX, use the patchlevel as the
9935: 4th version number. For the rest, just leave the patchlevel in the
9936: version string.
9937: [638bd35f2346]
9938:
9939: 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
9940:
9941: * plugins/sudoers/auth/sudo_auth.c:
9942: For non-standalone auth methods, stop reading the password if the
9943: user enters ^C at the prompt.
9944: [82c2911bb264]
9945:
9946: * configure, configure.in, plugins/sudoers/Makefile.in,
9947: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
9948: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
9949: plugins/sudoers/pwutil.c:
9950: No need to look up shadow password unless we are doing password-
9951: style authentication. This moves the shadow password lookup to the
9952: auth functions that need it.
9953: [ba9e3eba2b72]
9954:
9955: * plugins/sudoers/sudoers.c:
9956: Retain final passwd/group refs until the policy close() function.
9957: Note that this doesn't get called in all cases so putting this in a
9958: cleanup function is probably better.
9959: [bbe214cb4119]
9960:
9961: * plugins/sudoers/check.c:
9962: Fix mismerge
9963: [395115f89dd6]
9964:
9965: * plugins/sudoers/check.c:
9966: When removing/resetting the timestamp file ignore the tty ticket
9967: contents.
9968: [b709f5667a0b]
9969:
9970: * plugins/sudoers/sudoers.c:
9971: delref sudo_user.pw, runas_pw and runas_gr immediately before we
9972: return.
9973: [4d67d15dfd3b]
9974:
9975: 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
9976:
9977: * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
9978: plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
9979: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
9980: Reference count cached passwd and group structs. The cache holds
9981: one reference itself and another is added by sudo_getgr{gid,nam} and
9982: sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
9983: group structs are persistent for now.
9984: [e544685523c3]
9985:
9986: * doc/UPGRADE:
9987: fix typo
9988: [e32f2d35e6c9]
9989:
9990: 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
9991:
9992: * plugins/sudoers/check.c:
9993: Do not produce a warning for "sudo -k" if the ticket file does not
9994: exist.
9995: [1598f6061b75]
9996:
9997: * plugins/sudoers/pwutil.c:
9998: Instead of caching struct passwd and struct group in the red-black
9999: tree, store a struct cache_item which includes both the key and
10000: datum. This allows us to user the actual name that was looked up as
10001: the key instead of the contents of struct passwd or struct group.
10002: This matters because the name in the database may not match what we
10003: looked up, due either to case folding or truncation (historically at
10004: 8 characters). Also mark the disabled calls to sudo_freepwcache()
10005: and sudo_freegrcache() as broken since we use cached data for things
10006: like set_perms() and the logging functions. Fixing this would
10007: require making a copy of the structs for user and runas or adding a
10008: reference count (better).
10009: [225d4a22f60e]
10010:
10011: * plugins/sudoers/Makefile.in:
10012: Fix path to mkinstalldirs
10013: [b4968379b12d]
10014:
10015: * plugins/sudoers/check.c, plugins/sudoers/logging.c,
10016: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
10017: src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
10018: Quiet gcc warnings on glibc systems that use warn_unused_result for
10019: write(2) and others.
10020: [c99f138960e0]
10021:
10022: 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
10023:
10024: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10025: Add %option noinput
10026: [72b9cd49b4f1]
10027:
10028: * aclocal.m4, configure, configure.in:
10029: Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
10030: back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
10031: cross-compiling.
10032: [e385c176d0ee]
10033:
10034: 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
10035:
10036: * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
10037: Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
10038: and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
10039: [cf3e60d9c440]
10040:
10041: 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
10042:
10043: * pp:
10044: Update to latest version
10045: [32f93be33961]
10046:
10047: 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
10048:
10049: * sudo.pp:
10050: Let pp determine pp_aix_version itself.
10051: [7cf0245d84ed]
10052:
10053: * INSTALL, config.h.in, configure, configure.in, mkpkg,
10054: plugins/sudoers/sudoers.c:
10055: Add support for Ubuntu admin flag file and enable it when building
10056: Ubuntu packages.
10057: [00e27cff2dfb]
10058:
10059: * plugins/sudoers/sudoers, sudo.pp:
10060: Add commented out SuSE-like targetpw settings
10061: [4605d47b7413]
10062:
10063: * configure, configure.in:
10064: Only try to use +DAportable for non-GCC on hppa
10065: [75d0f284ccf7]
10066:
10067: * configure, configure.in:
10068: Prevent configure from adding the -g flag unless in devel mode
10069: [b1fd3f8d45c0]
10070:
10071: 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
10072:
10073: * sudo.pp:
10074: Go back to sudo-flavor to match existing packages and only use an
10075: underscore for those that need it.
10076: [d737069d1e1c]
10077:
10078: * sudo.pp:
10079: Use sudo_$flavor instead of sudo-$flavor since that causes the least
10080: amount of trouble for the various package managers.
10081: [71f547af35fc]
10082:
10083: * mkpkg:
10084: Fix handling of the ldap flavor Remove destdir unless --debug was
10085: specified Make distclean before running configure if there is a
10086: Makefile present
10087: [6316f08de7d3]
10088:
10089: * sudo.pp:
10090: Add back include file.
10091: [195627bf68b8]
10092:
10093: * mkpkg:
10094: Pass extra args on to configure on HP-UX, if we don't have the HP C
10095: compiler, disable zlib to prevent gcc from finding it in
10096: /usr/local/lib.
10097: [473efa0e2bac]
10098:
10099: * mkpkg:
10100: Use the HP ANSI C compiler on HP-UX if possible
10101: [fb249b6b175d]
10102:
10103: * plugins/sudoers/sudoreplay.c:
10104: Some getline() implementations (FreeBSD 8.0) do not ignore the
10105: length pointer when the line pointer is NULL as they should.
10106: [2410a1a3543c]
10107:
10108: * plugins/sudoers/sudoreplay.c:
10109: Don't need to check for *cp being non-zero, isdigit() will do that.
10110: [7df11ea8a487]
10111:
10112: * plugins/sudoers/sudoreplay.c:
10113: Add setlocale() so the command line arguments that use floating
10114: point work in different locales. Since sudo now logs the timing
10115: data in the C locale we must Parse the seconds in the timing file
10116: manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
10117: the number of seconds with the user's locale so if the decimal point
10118: is not '.' try using the locale-specific version.
10119: [4d385765f23b]
10120:
10121: * src/exec.c:
10122: Do I/O logging in the C locale so the floating point numbers in the
10123: timing file are not locale-dependent.
10124: [5961cec044ec]
10125:
10126: * plugins/sudoers/sudoreplay.c:
10127: Use errorx() not error() for thingsthat don't set errno.
10128: [0fe5e692af84]
10129:
10130: 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
10131:
10132: * pp:
10133: Better support for 1.2.3 style versions in Tru64 kits
10134: [997c549bb777]
10135:
10136: * sudo.pp:
10137: Add Tru64 kit support
10138: [e273a954f981]
10139:
10140: * pp:
10141: Remove apparently unnecessary use of sudo
10142: [be8840d85125]
10143:
10144: * Makefile.in, plugins/sudoers/Makefile.in:
10145: Create timedir as part of install-dirs target.
10146: [c736bc2fb14f]
10147:
10148: * src/exec_pty.c:
10149: Handle ENXIO from read/write which can occur when reading/writing a
10150: pty that has gone away.
10151: [fa2e8059879f]
10152:
10153: * plugins/sudoers/pwutil.c:
10154: sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
10155: [3a045475d5ee]
10156:
10157: * mkpkg:
10158: platform is a pp flag not a variable
10159: [12eba39a47c1]
10160:
10161: * Makefile.in, mkpkg, sudo.pp:
10162: Add simple arg parsing for mkpkg so we can set debug, flavor or
10163: platform.
10164: [ada839fe252d]
10165:
10166: * pp:
10167: Make rpm backend work on AIX 5.x
10168: [549a76d11393]
10169:
10170: 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
10171:
10172: * plugins/sudoers/sudoers:
10173: Add commented out Defaults entry for log_output
10174: [7e67d7588900]
10175:
10176: 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
10177:
10178: * doc/Makefile.in:
10179: Remove sudo docdir completely
10180: [dce8e82878ef]
10181:
10182: * doc/sample.sudo.conf:
10183: Add sample sudo.conf
10184: [aafdba3fc411]
10185:
10186: 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
10187:
10188: * plugins/sudoers/Makefile.in:
10189: Add PACKAGE_TARNAME for docdir
10190: [930c92b8f8f0]
10191:
10192: 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
10193:
10194: * src/Makefile.in:
10195: Pass install-sh -b~ here too.
10196: [c3f5eb446c38]
10197:
10198: * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
10199: plugins/sudoers/Makefile.in, src/Makefile.in:
10200: Install binary files with -b~ to make a backup. Fixes "text file
10201: busy" error on HP-UX during install.
10202: [81f306f54f8c]
10203:
10204: * install-sh:
10205: "mv -f" on HP-UX doesn't unlink the destination first so add an
10206: explicit rm before moving the temporary into place.
10207: [fb719a79582d]
10208:
10209: * configure, configure.in:
10210: Some more ${foo} -> $(foo) conversion for consistent Makefiles.
10211: [0aa098770074]
10212:
10213: * doc/Makefile.in, plugins/sudoers/Makefile.in:
10214: Install sudoers2ldif in the doc dir
10215: [33ac3b53d7f5]
10216:
10217: 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
10218:
10219: * pathnames.h.in:
10220: Add missing include of maillock.h for Solaris
10221: [5a58883be23a]
10222:
10223: * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
10224: doc/sample.syslog.conf, doc/sudoers.cat:
10225: Change the default syslog facility from local2 to authpriv (or auth
10226: if the operating system doesn't support authpriv).
10227: [3b70ba514f49]
10228:
10229: * Makefile.in, sudo.pp:
10230: Install sudoers as /etc/sudoers on RPM and debian systems where the
10231: package manager will not replace a user-modified configuration file.
10232: This fixes upgrades from the vendor sudo packages.
10233: [d886b6d60b5b]
10234:
10235: * pp:
10236: RPM: use %config(noreplace) instead of %config for volatile This
10237: results in the new file being installed with a .rpmnew suffix
10238: instead of the file being replaced and the old one renamed with a
10239: .rpmsave suffix.
10240: [58be2119f8e8]
10241:
10242: 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
10243:
10244: * compat/mkstemps.c, plugins/sudoers/boottime.c:
10245: Include time.h for struct timeval
10246: [ddf8b04f0276]
10247:
10248: * src/exec_pty.c:
10249: The return value of strsignal() may be const and should be treated
10250: as const regardless.
10251: [620074ae1e77]
10252:
10253: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
10254: Mention that 127.0.0.1 will not match, nor will localhost unless
10255: that is the actual host name.
10256: [8b574122eb8f]
10257:
10258: * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
10259: Rename WHATSNEW -> NEWS
10260: [d1a2c8c47d89]
10261:
10262: * pp:
10263: Updated pp with latest patches
10264: [98e16b9b8f62]
10265:
10266: * WHATSNEW:
10267: Sync with 1.7.4
10268: [65ac4dafeef7]
10269:
10270: * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
10271: plugins/sudoers/sudoers:
10272: Add commented out line to add HOME to env_keep and add a warning to
10273: the note about the HOME change in UPGRADE.
10274: [0d6a775bb6c8]
10275:
10276: 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
10277:
10278: * plugins/sudoers/sudoreplay.c:
10279: Add LINE_MAX define for those without it.
10280: [446d9dbe7859]
10281:
10282: * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
10283: doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
10284: plugins/sudoers/defaults.c:
10285: The tty_tickets option is now on by default.
10286: [a01c48206d80]
10287:
10288: * WHATSNEW:
10289: Mention that AIX authdb support has been fixed.
10290: [87bd7f4eba6a]
10291:
10292: * common/aix.c:
10293: setauthdb() only sets the "old" registry if it was set by a previous
10294: call to setauthdb(). To restore the original value, passing NULL
10295: (or an empty string) to setauthdb() is sufficient.
10296: [470da190a254]
10297:
10298: 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
10299:
10300: * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
10301: doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
10302: plugins/sudoers/env.c:
10303: Reset HOME when env_reset is enabled unless it is in env_keep
10304: [f421f8827340]
10305:
10306: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
10307: The default for set_logname has been "true" for some time now.
10308: [f489da5674c3]
10309:
10310: * plugins/sudoers/boottime.c:
10311: Add missing include of time.h
10312: [624d7014932f]
10313:
10314: * plugins/sudoers/logging.c:
10315: Fix check for dup2() return value.
10316: [140ea2d50d20]
10317:
10318: * plugins/sudoers/env.c:
10319: Add PYTHONUSERBASE to initial_badenv_table
10320: [3149aae5b12c]
10321:
10322: * plugins/sudoers/visudo.c:
10323: Treat an unknown defaults entry as a parse error.
10324: [b3ebad73efb2]
10325:
10326: * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
10327: Check return value of setdefs() but don't stop setting defaults if
10328: we hit an unknown one.
10329: [945e752239ab]
10330:
10331: * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
10332: doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
10333: doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
10334: plugins/sudoers/env.c:
10335: If env_reset is enabled, set the MAIL environment variable based on
10336: the target user unless MAIL is explicitly preserved in sudoers.
10337: [a1b03e2e0e96]
10338:
10339: 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
10340:
10341: * pp:
10342: decode debian code names
10343: [8741280d9960]
10344:
10345: * WHATSNEW:
10346: fix typo
10347: [a8a19451110b]
10348:
10349: 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
10350:
10351: * WHATSNEW:
10352: Merge with 1.7.4
10353: [9348fa7e15b8]
10354:
10355: * src/sudo.c:
10356: Restore RLIMIT_NPROC after the uid switch if it appears that
10357: runas_setup() did not do it for us. Fixes a bash script problem on
10358: SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
10359: [786fb272e5fd]
10360:
10361: 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
10362:
10363: * mkpkg, pp, sudo.pp:
10364: Restore the dot removal in the os version reported by polypkg. Adapt
10365: mkpkg and sudo.pp to the change.
10366: [dcafdd53b88f]
10367:
10368: 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
10369:
10370: * INSTALL:
10371: document --with-pam-login
10372: [ea93e4c6873c]
10373:
10374: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
10375: The tag is NOSETENV, not UNSETENV. From Petr Uzel.
10376: [2ac90d8de36e]
10377:
10378: 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
10379:
10380: * sudo.pp:
10381: Include flavor in solaris package name
10382: [e605f6364c9f]
10383:
10384: * mkpkg:
10385: Older shells don't support IFS= so set explictly to space, tab,
10386: newline.
10387: [7773960bc8a0]
10388:
10389: * mkpkg:
10390: Use '=' not '==' in test
10391: [c99d42bc48e6]
10392:
10393: * mkpkg:
10394: Fix typo that prevented debian from matching
10395: [84421078fcb7]
10396:
10397: * mkpkg:
10398: Add missing prefix setting for debian
10399: [6466f23de4aa]
10400:
10401: * sudo.pp:
10402: Use tab indents to reduce the chance of problem with <<- Fix the
10403: debian %set section, pp does not set pp_deb_distro Uncomment %sudo
10404: line in sudoers for debian Uncomment some env_keep lines for RHEL,
10405: SLES and debian to more closely match the vendor sudoers files.
10406: Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
10407: debian for ldap flavor
10408: [c5b49feb1a0c]
10409:
10410: * plugins/sudoers/sudoers:
10411: Add commented out env_keep entries, sample Aliases and a %sudo line
10412: for debian.
10413: [387719e52d0f]
10414:
10415: * configure, configure.in:
10416: Move zlib check later on in the script to avoid a strange shell
10417: problem on SLES11.
10418: [1a3153bb1291]
10419:
10420: * configure.in:
10421: Remove check for egrep; configure has its own
10422: [a3b9d98cb5d2]
10423:
10424: 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
10425:
10426: * mkpkg:
10427: Enable zlib for linux distros
10428: [8fa51a1405a4]
10429:
10430: * mkpkg:
10431: Add ldap flavor to default build
10432: [97644f5a555f]
10433:
10434: * mkpkg, sudo.pp:
10435: Simplify rpm linux distro settings
10436: [b9dcf10cdf20]
10437:
10438: * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
10439: Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
10440: [2c549c1acde9]
10441:
10442: * Makefile.in:
10443: Fix ChangeLog creation from build dir
10444: [3d0c7904f173]
10445:
10446: * plugins/sudoers/sudoers.c:
10447: Handle getcwd() failure.
10448: [aef7bef87394]
10449:
10450: * doc/Makefile.in, mkpkg, sudo.pp:
10451: Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
10452: environment variable.
10453: [be6ed611b7a8]
10454:
10455: * sudo.pp:
10456: Create sudo group on debian
10457: [6ed6c032042e]
10458:
10459: * mkpkg, sudo.pp:
10460: Add debian 4/5/6 and use the dot when doing version matches
10461: [6bcb664d1f4f]
10462:
10463: * aclocal.m4, configure:
10464: Use a loop when searching for mv, sendmail and sh
10465: [d5e9369f8d13]
10466:
10467: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
10468: Remove spurious "and"; from debian
10469: [a21e6f7c5b99]
10470:
10471: * aclocal.m4, configure, configure.in, doc/sudoers.cat,
10472: doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
10473: doc/visudo.man.in, doc/visudo.pod:
10474: Substitute the value of EDITOR into the sudoers and visudo manuals.
10475: [cd79e587dd7f]
10476:
10477: 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
10478:
10479: * mkpkg, pp, sudo.pp:
10480: Initial support for debian 4.0
10481: [ac6707915fa8]
10482:
10483: * mkpkg:
10484: Some platforms need -fPIE instead of -fpie
10485: [fd6be19e5bc2]
10486:
10487: * plugins/sudoers/auth/pam.c:
10488: Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
10489: On Linux it causes a DNS lookup via libaudit.
10490: [1e10105ade5b]
10491:
10492: * MANIFEST:
10493: Update MANIFEST to match packaging changes
10494: [ef86ee557b5b]
10495:
10496: * sudo.psf:
10497: We now use pp to generate HP-UX packages
10498: [f7aa8da7844e]
10499:
10500: * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
10501: Remove vestiges of old binary package bits.
10502: [afffd005452f]
10503:
10504: * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
10505: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
10506: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
10507: src/Makefile.in:
10508: install-man -> install-doc
10509: [99b5fa05567c]
10510:
10511: * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
10512: plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
10513: Use http://rc.quest.com/topics/polypkg/ for packaging
10514: [5ca8eb75b223]
10515:
10516: * install-sh:
10517: Just ignore the -c option, it is the default Add support for -d
10518: option
10519: [a8b6b0a131e8]
10520:
10521: 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
10522:
10523: * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
10524: Use _PATH_STDPATH instead of _PATH_DEFPATH
10525: [137fa911908e]
10526:
10527: * plugins/sudoers/Makefile.in, src/Makefile.in:
10528: Do not strip binaries.
10529: [20166e287176]
10530:
10531: * INSTALL, configure, configure.in:
10532: Add --insults=disabled configure option to allow people to build in
10533: insult support but have the insults disabled unless explicitly
10534: enabled in sudoers.
10535: [523b8c552e90]
10536:
10537: * compat/mkstemps.c:
10538: Add prototype for gettime()
10539: [275eee40473b]
10540:
10541: * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
10542: plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
10543: plugins/sudoers/sudoers.h:
10544: Add support for a sudo-i pam.d file to be used for "sudo -i".
10545: Adapted from a RedHat patch.
10546: [06d34f16520b]
10547:
10548: 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
10549:
10550: * include/missing.h:
10551: Fix mkstemps() prototype
10552: [2421841e815b]
10553:
10554: * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
10555: config.h.in, configure, configure.in, include/missing.h,
10556: src/sudo_edit.c:
10557: Use mkstemps() instead of mkstemp() in sudoedit. This allows
10558: sudoedit to preserve the file extension (if any) which may be used
10559: by the editor (like emacs) to choose the editing mode.
10560: [d33172d2c086]
10561:
10562: 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
10563:
10564: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
10565: plugins/sudoers/ldap.c:
10566: TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
10567: TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
10568: code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
10569: should avoid disabling TLS_CHECKPEER is possible.
10570: [196622436212]
10571:
10572: 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
10573:
10574: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
10575: Make sudo_plugin format a bit more like a man page
10576: [048d596e32da]
10577:
10578: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10579: Add suport for negated user/host/command lists in a Defaults entry.
10580: E.g. Defaults:!baduser noexec
10581: [d41112cf0342]
10582:
10583: * Makefile.in, common/Makefile.in, compat/Makefile.in,
10584: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
10585: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
10586: src/Makefile.in:
10587: Add uninstall target
10588: [fea66ebf136a]
10589:
10590: * common/Makefile.in, compat/Makefile.in:
10591: Remove unused AR, SED and RANLIB variables
10592: [2ff9928bfdb3]
10593:
10594: * Makefile.in:
10595: Do not install sample plugins
10596: [5443b87bd1c3]
10597:
10598: 2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
10599:
10600: * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
10601: configure.in, plugins/sudoers/env.c:
10602: Now that sudoers is a dynamically loaded module we cannot override
10603: the libc environment functions because the symbols may already have
10604: been resolved via libc. Remove getenv/putenv/setenv/unsetenv
10605: replacements from sudoers and add replacements for setenv/unsetenv
10606: for systems that lack them.
10607: [3f2b43cb8851]
10608:
10609: * configure, configure.in, plugins/sudoers/Makefile.in:
10610: Link testsudoers with -ldl when needed
10611: [f79606f9fcd7]
10612:
10613: * plugins/sample_group/plugin_test.c:
10614: Remove unused time.h and add limits.h for PATH_MAX
10615: [3f5d0074d621]
10616:
10617: * doc/sudoers.ldap.pod:
10618: Fix typo.
10619: [bc855fd57397]
10620:
10621: 2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
10622:
10623: * plugins/sample_group/plugin_test.c:
10624: Do not depend on strlcpy/strlcat
10625: [6e7e2b5af051]
10626:
10627: * plugins/sample_group/plugin_test.c:
10628: Standalone test driver for sudoers group plugin.
10629: [eb1235fc3b8e]
10630:
10631: 2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
10632:
10633: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
10634: Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
10635: aid.
10636: [2a34e616229b]
10637:
10638: * plugins/sample_group/sample_group.c:
10639: Fix style nit in function declarations
10640: [ab87c7c76bf9]
10641:
10642: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
10643: Document group_plugin syntax.
10644: [ed1faf72ddcb]
10645:
10646: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
10647: Document the sudoers group plugin.
10648: [f19a62dc8cfc]
10649:
10650: * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
10651: configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
10652: plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
10653: plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
10654: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
10655: plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
10656: plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
10657: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
10658: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
10659: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
10660: Replace built-in non-unix group support with a sudoers group plugin.
10661: Include a sample plugin that can read Unix-format group files.
10662: [8fc58ce0b1a8]
10663:
10664: * configure, configure.in, src/load_plugins.c:
10665: Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
10666: [5c491dddb8ef]
10667:
10668: 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
10669:
10670: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
10671: doc/sudoers.man.in, doc/sudoers.pod:
10672: Move sudoers-specific bits out of sudo(8) and into sudoers(5)
10673: [e8a5a5830cfe]
10674:
10675: * aclocal.m4, configure, configure.in:
10676: Substitute @io_logdir@ for the sudoers I/O log directory.
10677: [21a75ca7b0ab]
10678:
10679: 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
10680:
10681: * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
10682: common/atobool.c, common/fileops.c, common/fmt_string.c,
10683: common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
10684: compat/getgrouplist.c, compat/getline.c, compat/glob.c,
10685: compat/snprintf.c, config.h.in, configure, configure.in,
10686: include/fileops.h, plugins/sample/sample_plugin.c,
10687: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
10688: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
10689: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
10690: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
10691: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
10692: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
10693: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
10694: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
10695: plugins/sudoers/boottime.c, plugins/sudoers/check.c,
10696: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
10697: plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
10698: plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
10699: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
10700: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
10701: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
10702: plugins/sudoers/logging.c, plugins/sudoers/match.c,
10703: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
10704: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
10705: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
10706: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
10707: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
10708: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
10709: src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
10710: src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
10711: src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
10712: Set usrinfo for AIX Set adminstrative domain for the process when
10713: looking up user's password or group info and when preparing for
10714: execve(). Include strings.h even if string.h exists since they may
10715: define different things. Fixes warnings on AIX and others.
10716: [cf8b93e872c9]
10717:
10718: * Makefile.in:
10719: Add a separate all target for AIX make which was using the entire
10720: LHS (not just the first entry) of the first target as the implicit
10721: target.
10722: [a45b980a01ef]
10723:
10724: * plugins/sudoers/env.c:
10725: Do not rely on env.env_len when unsetting a variable, just use the
10726: NULL terminator.
10727: [ca6eb239c829]
10728:
10729: * plugins/sudoers/env.c:
10730: In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
10731: [7046ba7caa4e]
10732:
10733: 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
10734:
10735: * plugins/sudoers/vasgroups.c:
10736: Use warningx() instead of log_error() since the latter is not
10737: available to visudo or testsudoers. This does mean that they don't
10738: end up in syslog.
10739: [152b7c50f426]
10740:
10741: * plugins/sudoers/sudoers.c:
10742: Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
10743: closed the sudoers sources. From Quest sudo.
10744: [c1cd573bab94]
10745:
10746: * plugins/sudoers/pwutil.c:
10747: Ignore case when matching user/group names in the cache. From Quest
10748: sudo.
10749: [2aa4ecc7d7f5]
10750:
10751: 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
10752:
10753: * config.h.in, configure, configure.in, src/selinux.c:
10754: Add check for setkeycreatecon() when --with-selinux is specified.
10755: [affae247b4e0]
10756:
10757: * configure, configure.in:
10758: Error out if libaudit.h is missing or ununable when --with-linux-
10759: audit was specified
10760: [d82e743fac04]
10761:
10762: * doc/HISTORY, doc/history.pod:
10763: Add =head3 entries, mostly for the html version
10764: [ee93112d0308]
10765:
10766: 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
10767:
10768: * doc/HISTORY, doc/history.pod:
10769: Mention when LDAP was incorporate.
10770: [2923dc17f79c]
10771:
10772: 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
10773:
10774: * configure, configure.in:
10775: Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
10776: not covered by _ALL_SOURCE.
10777: [c92fd69809d0]
10778:
10779: 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
10780:
10781: * plugins/sudoers/iolog.c:
10782: Add a cast to quiet a compiler warning.
10783: [a200e07ee1bc]
10784:
10785: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
10786: Quiet a compiler warning.
10787: [c9acfc927cea]
10788:
10789: * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
10790: Call set_fqdn() after sudoers has parsed instead of inline as a
10791: callback.
10792: [5f4e5d075f2d]
10793:
10794: * WHATSNEW, plugins/sudoers/sudoers.c:
10795: Do not call set_fqdn() until sudoers parses (where is gets run as a
10796: callback).
10797: [09040fca6d40]
10798:
10799: * WHATSNEW:
10800: mention the change in tty ticket behavior when there is no tty
10801: [575a1fd98f05]
10802:
10803: * plugins/sudoers/check.c:
10804: Do not update tty ticket if there is no tty.
10805: [63f9c33ce6a7]
10806:
10807: * doc/LICENSE, doc/license.pod:
10808: Update copyright year
10809: [0722ab5d404b]
10810:
10811: * doc/Makefile.in:
10812: Do not rely on BSD make's $>
10813: [936a86398bd9]
10814:
10815: * configure, configure.in:
10816: Set timedir to /var/db/sudo for darwin to match Apple sudo's
10817: location
10818: [d5b9b03096f1]
10819:
10820: 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
10821:
10822: * plugins/sudoers/sudoers.h:
10823: Add stub declarations for struct stat and struct timeval
10824: [f6d90551a4fd]
10825:
10826: * MANIFEST:
10827: Remove compat/sigaction.c
10828: [d0ed6d9a770e]
10829:
10830: * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
10831: plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
10832: Check for zlib.h in addition to libz.
10833: [6e191b4a6065]
10834:
10835: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
10836: src/sudo_exec.h:
10837: Move functions and symbols shared between exec.c and exec_pty.c into
10838: sudo_exec.h.
10839: [14ae63403544]
10840:
10841: * doc/Makefile.in:
10842: Comment out rules to build .man.in and .cat files unless --with-
10843: devel
10844: [3cf7e5606a85]
10845:
10846: * doc/Makefile.in:
10847: Comment out rules to build .man.in and .cat files unless --with-
10848: devel
10849: [d30495b0e29e]
10850:
10851: * src/parse_args.c:
10852: Quote any non-alphanumeric characters other than '_' or '-' when
10853: passing a command to be run via the shell for the -s and -i options.
10854: [d633f74fe2d9]
10855:
10856: * doc/Makefile.in:
10857: Add back .man suffix
10858: [6e63b60a2739]
10859:
10860: * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
10861: plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
10862: plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
10863: plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
10864: src/selinux.c:
10865: Add Linux audit support.
10866: [5a2f445e0bd4]
10867:
10868: 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
10869:
10870: * plugins/sudoers/iolog.c:
10871: Remove an XXX
10872: [a170cbe651d1]
10873:
10874: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
10875: plugins/sudoers/sudoreplay.c:
10876: Add -f (filter) option to sudoreplay to allow certain streams to be
10877: replayed and others ignored.
10878: [62e51b432ea1]
10879:
10880: * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
10881: src/tgetpass.c:
10882: Fix -A flag when askpass is specified in sudo.conf or if sudo
10883: doesn't need to read a password.
10884: [2e401e4a00e3]
10885:
10886: * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
10887: src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
10888: Clean up some XXXs
10889: [689f0b002d3d]
10890:
10891: * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
10892: doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
10893: Add support for multiple sudoers_base entries in ldap.conf. From
10894: Joachim Henke
10895: [e3e4a3c2bd5b]
10896:
10897: * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
10898: src/exec_pty.c:
10899: remove setsid check, we require a POSIX system
10900: [cc73cb9e22c0]
10901:
10902: * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
10903: src/sudo.c, src/tgetpass.c:
10904: Check for dup2() failure.
10905: [5d46d66794f5]
10906:
10907: * config.h.in, configure, configure.in:
10908: Remove dup2() check, it is not optional.
10909: [5f1d56de4384]
10910:
10911: 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
10912:
10913: * WHATSNEW:
10914: sync with sudo 1.7.3
10915: [88e5c0bd6d59]
10916:
10917: * INSTALL:
10918: SunOS does not ship with an ANSI compiler
10919: [f13c85c67069]
10920:
10921: * INSTALL:
10922: Update OS specific notes. Delete some really ancient ones and move
10923: older ones to the end of the list.
10924: [59ce592c4c52]
10925:
10926: * README:
10927: Sudo can be downloaded from the web site too Mention "OS dependent
10928: notes" section in INSTALL
10929: [191871538984]
10930:
10931: * src/exec_pty.c, src/selinux.c:
10932: Call selinux_restore_tty() as part of cleanup() so it gets called
10933: from error()/errorx()
10934: [bb017da6b6da]
10935:
10936: * MANIFEST, doc/PORTING:
10937: Remove obsolete porting guide
10938: [321e35591344]
10939:
10940: * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
10941: Move union sudo_in_addr_un into interfaces.h
10942: [b2c8b19ee094]
10943:
10944: * doc/Makefile.in:
10945: Remove useless circular dependencies
10946: [5682181b59cf]
10947:
10948: * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
10949: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
10950: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
10951: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
10952: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
10953: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
10954: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
10955: Convert to ANSI C function declarations
10956: [a4f76927d034]
10957:
10958: * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
10959: common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
10960: compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
10961: compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
10962: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
10963: compat/strlcpy.c, compat/timespec.h, compat/utime.h,
10964: compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
10965: include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
10966: include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
10967: plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
10968: plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
10969: plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
10970: plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
10971: plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
10972: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
10973: plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
10974: plugins/sudoers/logging.h, plugins/sudoers/match.c,
10975: plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
10976: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
10977: plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
10978: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
10979: plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
10980: plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
10981: src/conversation.c, src/error.c, src/load_plugins.c,
10982: src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
10983: src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
10984: Update copyright year
10985: [26ac7991f7d8]
10986:
10987: * doc/Makefile.in:
10988: Fix commented DEVDOCS when not in devel mode.
10989: [e0a97eaf3793]
10990:
10991: * plugins/sudoers/match.c:
10992: Quiet a compiler warning.
10993: [b2a17ebd5d38]
10994:
10995: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
10996: Quiet a compiler warning.
10997: [687843bc593d]
10998:
10999: * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
11000: Make all functions in ldap.c static
11001: [b2111e89eeba]
11002:
11003: * doc/schema.ActiveDirectory:
11004: Updates from Alain Roy to provide better examples for importing the
11005: schema and to fix problems caused by Windows validating attributes
11006: which have not yet been added before committing the changes.
11007: [69f4c5ccaf89]
11008:
11009: 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
11010:
11011: * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
11012: doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
11013: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
11014: doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
11015: doc/visudo.cat, doc/visudo.man.in:
11016: Leave rules to build .man.in and .cat files uncommented but only
11017: make them part of the "all" rule in devel mode. Generate .cat files
11018: directly from .man.in instead of .man using default values in
11019: configure.in
11020: [c3054a44f6a5]
11021:
11022: * configure, configure.in:
11023: Bump sudo version to 1.8.0b1
11024: [8f79c85135e1]
11025:
11026: * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
11027: Print configure args with verbose version information.
11028: [1ce690660ed2]
11029:
11030: * TODO, plugins/sudoers/visudo.c:
11031: Remove tfd from struct sudoersfile; it is not used. Add prev pointer
11032: to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
11033: Use tq_append to append sudoers entries to the tail queue.
11034: [1743f9a286e4]
11035:
11036: 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
11037:
11038: * WHATSNEW:
11039: Describe tty timestamp improvements
11040: [e214e863a313]
11041:
11042: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
11043: A comment character may not be part of a command line argument
11044: unless it is quoted with a backslash. Fixes parsing of:
11045: testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
11046: [ea2e990f85ed]
11047:
11048: * doc/sudoers.pod:
11049: Make this read a little bit better when passwd_timeout is 0.
11050: [39d362757f31]
11051:
11052: * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
11053: Attempt to handle a default password prompt timeout of zero more
11054: gracefully.
11055: [ea47d43acf5b]
11056:
11057: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
11058: Do not override value of keepopen global, instead restore it to the
11059: value we pushed onto the stack when popping.
11060: [fe282e5a3402]
11061:
11062: * plugins/sudoers/Makefile.in:
11063: Add dependency for utility programs on libreplace and libcommon
11064: [2339aba64928]
11065:
11066: * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
11067: plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
11068: src/exec.c, src/exec_pty.c, src/tgetpass.c:
11069: Remove sigaction emulation Use SA_INTERRUPT in sa_flags
11070: [7dd61f1bd8d2]
11071:
11072: * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
11073: We don't use getgrouplist() at the moment so there's no need to
11074: provide a compat version.
11075: [1597536fbada]
11076:
11077: * TODO:
11078: sync with reality
11079: [9e1a874e7885]
11080:
11081: * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
11082: src/conversation.c, src/sudo.h, src/tgetpass.c:
11083: Fix visiblepw sudoers option; the plugin API portion still needs
11084: documenting
11085: [60b6933ef5e0]
11086:
11087: * src/sudo.c:
11088: Print sudo version as well.
11089: [987ed459b459]
11090:
11091: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
11092: Use sudo_printf for I/O log version Clarify policy plugin version
11093: string
11094: [5a58b7e8c80b]
11095:
11096: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
11097: plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
11098: Silence some compiler warnings
11099: [afb1eba90915]
11100:
11101: * src/load_plugins.c, src/tgetpass.c:
11102: Store askpass path in a global instead of uses setenv() which many
11103: systems lack.
11104: [b440bcc0e660]
11105:
11106: 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
11107:
11108: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
11109: doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
11110: plugins/sudoers/check.c, plugins/sudoers/def_data.c,
11111: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
11112: plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
11113: plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
11114: src/tgetpass.c:
11115: Move askpass path specification from sudoers to sudo.conf.
11116: [5507ab867c26]
11117:
11118: * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
11119: Use a flag bit in struct command_details for selinux instead of a
11120: separate field.
11121: [c59ca4acded9]
11122:
11123: * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
11124: Implement background mode. If I/O logging we use pipes instead of a
11125: pty.
11126: [c07a4b356cbd]
11127:
11128: * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
11129: src/exec.c, src/exec_pty.c, src/tgetpass.c:
11130: Move compat definition of NSIG to compat.h
11131: [ab0385467f25]
11132:
11133: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
11134: doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
11135: Mention plugins in the sudo manual and add some missing path
11136: substitution in the sudo_plugin manual.
11137: [570f831f47a3]
11138:
11139: * src/Makefile.in:
11140: Set _PATH_SUDO_CONF based on $(sysconfdir)
11141: [fde51869cf07]
11142:
11143: * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
11144: src/exec.c, src/exec_pty.c, src/ttysize.c:
11145: Require POSIX termios to build sudo
11146: [9ec6b41f3f95]
11147:
11148: * src/tgetpass.c:
11149: Ignore SIGPIPE for "sudo -S"
11150: [7ad27fde0c06]
11151:
11152: * src/tgetpass.c:
11153: Fix uninitialized variable in TGP_ECHO case and print a newline if
11154: the user interrupted password input.
11155: [ce19204d8dd4]
11156:
11157: * src/tgetpass.c:
11158: Make TGP_ECHO override TGP_MASK and don't try to restore the
11159: terminal if we didn't modify it.
11160: [a7e11abfe7e4]
11161:
11162: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
11163: include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
11164: src/conversation.c, src/sudo.h, src/tgetpass.c:
11165: Add SUDO_CONV_PROMPT_MASK define which corresponds to the
11166: "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
11167: set.
11168: [e0550590cabe]
11169:
11170: * src/exec_pty.c:
11171: Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
11172: [762448182fe3]
11173:
11174: 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
11175:
11176: * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
11177: Add selinux_enabled flag into struct command_details and set it in
11178: command_info_to_details(). Return an error from selinux_setup()
11179: instead of exiting. Call selinux_setup() from exec_setup().
11180: [011bea23a5a0]
11181:
11182: 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
11183:
11184: * src/exec_pty.c:
11185: Remove commented out copy of old sudo_execve() function.
11186: [9c5e21380472]
11187:
11188: 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
11189:
11190: * plugins/sudoers/sudoers.c:
11191: Fix setting selinux type on command line.
11192: [814b20a0b3be]
11193:
11194: * plugins/sudoers/iolog.c:
11195: In sudoers_io_close(), skip NULL io_fds[] elements.
11196: [4011ff7d4daf]
11197:
11198: * include/compat.h:
11199: No longer need NGROUPS_MAX define
11200: [cae4c49d7077]
11201:
11202: * compat/nanosleep.c, config.h.in, configure, configure.in,
11203: include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
11204: plugins/sudoers/visudo.c, src/sudo_edit.c:
11205: Replace timerfoo macros with timevalfoo since the timer macros are
11206: known to be busted on some systems.
11207: [4f97d79f2d41]
11208:
11209: * src/exec_pty.c:
11210: Remove duplicate call to selinux_setup().
11211: [82bd52764e21]
11212:
11213: * plugins/sudoers/auth/pam.c:
11214: If pam_open_session() fails, pass its status to pam_end.
11215: [1d8de4cf8ff3]
11216:
11217: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
11218: If a file in a #includedir has improper permissions or owner just
11219: skip it. This prevents packages that incorrectly install a file
11220: into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
11221: #includedir files still result in a parse error (for now).
11222: [ade99a4549a4]
11223:
11224: * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
11225: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
11226: plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
11227: Add use_pty sudoers option to force use of a pty even when not
11228: logging I/O.
11229: [b280a8972a79]
11230:
11231: * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
11232: Make env_init() void as it never fails.
11233: [d3890e55daa7]
11234:
11235: * plugins/sudoers/env.c:
11236: No longer use _NSGetEnviron so don't need crt_externs.h
11237: [9b4e0e139881]
11238:
11239: * plugins/sudoers/env.c:
11240: Remove unused VNULL define
11241: [a42cacb263e3]
11242:
11243: 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
11244:
11245: * plugins/sudoers/iolog.c:
11246: Add #define for maximum session id
11247: [9e18c17a28c2]
11248:
11249: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
11250: Split exec.c into exec.c and exec_pty.c
11251: [d52376327332]
11252:
11253: * MANIFEST:
11254: Sync with source file moves.
11255: [4a62c6c9e846]
11256:
11257: * src/Makefile.in, src/get_pty.c, src/pty.c:
11258: Rename pty.c -> get_pty.c
11259: [5696a12bd29b]
11260:
11261: 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
11262:
11263: * plugins/sudoers/iolog.c:
11264: Only use I/O input log file if def_log_input is set and output file
11265: if def_log_output is set.
11266: [d866992f1681]
11267:
11268: 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
11269:
11270: * compat/strsignal.c:
11271: Update copyright year
11272: [a96f2593fd4e]
11273:
11274: * src/pty.c:
11275: uid -> ttyuid
11276: [c3454d74ebcb]
11277:
11278: * plugins/sudoers/sudoers.c:
11279: For sudoedit, make a local copy of editor string si become part of
11280: argv. If no editor environment variable, split def_editor on ':'
11281: since it may be a colon-delimited path.
11282: [2ee298506a6e]
11283:
11284: * src/sudo_edit.c:
11285: Remove unneeded endpwent()/endgrent()
11286: [623f6743d101]
11287:
11288: * doc/Makefile.in:
11289: Use value of nroff from configure
11290: [b2ce649125ab]
11291:
11292: * src/exec.c:
11293: Add missing const to I/O log action function
11294: [d764a3955e04]
11295:
11296: * plugins/sudoers/check.c:
11297: Update copyright year and fix whitespace
11298: [e648c35b16be]
11299:
11300: * configure, configure.in:
11301: Fix typo
11302: [8e0bdfc47da4]
11303:
11304: * plugins/sudoers/iolog.c:
11305: Remove redundant tty signal blocking in log function.
11306: [f17f575dabd4]
11307:
11308: 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
11309:
11310: * plugins/sudoers/iolog.c:
11311: Place static keyword where it belongs
11312: [b01aec7c86b4]
11313:
11314: * plugins/sudoers/logging.c:
11315: Always use a printf format string for send_mail()
11316: [13b1ada644c9]
11317:
11318: * common/atobool.c, plugins/sudoers/ldap.c:
11319: Extend atobool() so we can use it in the LDAP code.
11320: [73f8e6807044]
11321:
11322: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
11323: Sudo now stashes tty ctime for tty_tickets on Solaris too.
11324: [e82df13ad3fd]
11325:
11326: * plugins/sudoers/boottime.c:
11327: Fix dummy version of get_boottime()
11328: [01d69c06013b]
11329:
11330: 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
11331:
11332: * plugins/sudoers/check.c:
11333: Enable tty_is_devpts() support for Solaris with the "devices"
11334: filesystem.
11335: [237c6b25fa84]
11336:
11337: * src/exec.c:
11338: Unbreak the non-io logging case.
11339: [4822b9f709fb]
11340:
11341: * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
11342: Fix symbol name conflict with sudo_printf.
11343: [0d44eab0a8f6]
11344:
11345: * plugins/sudoers/auth/pam.c:
11346: Fix OpenPAM detection for newer versions.
11347: [1b2abed232d8]
11348:
11349: * plugins/sudoers/vasgroups.c:
11350: Sync with Quest sudo git repo
11351: [f1d98b3cba02]
11352:
11353: * aclocal.m4, configure, configure.in:
11354: HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
11355: Add missing template for ENV_DEBUG Adapted from Quest sudo
11356: [695dbd7b28f4]
11357:
11358: * README.LDAP:
11359: Fix typos; from Quest Sudo
11360: [4eba9da33b8e]
11361:
11362: 2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
11363:
11364: * plugins/sudoers/Makefile.in:
11365: Add back -I$(top_srcdir); we need it for including compat/foo.h
11366: since we cannot rely on "foo.h" being found relative to the source
11367: file when the cwd is different.
11368: [bbf24695f325]
11369:
11370: * src/exec.c:
11371: Fix a bug where we could treat EAGAIN as a permanent error. Also set
11372: cstat if perform_io() returns an error.
11373: [200475c4326f]
11374:
11375: * common/alloc.c, plugins/sudoers/boottime.c,
11376: plugins/sudoers/sudoers.c:
11377: Add casts to quiet compiler warnings.
11378: [85eb1c336697]
11379:
11380: * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
11381: plugins/sudoers/visudo.c:
11382: Fix typo in ternary operator usage.
11383: [6492ac1450e2]
11384:
11385: 2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
11386:
11387: * INSTALL, configure, configure.in:
11388: Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
11389: [92121d693b30]
11390:
11391: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
11392: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
11393: Update docs to match sudoers I/O logging changes
11394: [18d651989e49]
11395:
11396: * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
11397: pathnames.h.in, plugins/sudoers/def_data.c,
11398: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
11399: plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
11400: plugins/sudoers/gram.h, plugins/sudoers/gram.y,
11401: plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
11402: plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
11403: plugins/sudoers/sudoreplay.c:
11404: Break sudoers transcript feature up into log_input and log_output.
11405: [db3c1248d2ad]
11406:
11407: * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
11408: plugins/sudoers/visudo.c:
11409: Use setprogname() as needed.
11410: [6beee63a4553]
11411:
11412: * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
11413: Adapt sudoreplay to iolog changes.
11414: [581f52c05f0f]
11415:
11416: 2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
11417:
11418: * plugins/sudoers/iolog.c:
11419: Log all input and output into separate files and store a number on
11420: each timing file line to indicate which file the data is in.
11421: [fb460c5273dd]
11422:
11423: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
11424: plugins/sudoers/sudoers.h:
11425: Make sudoers_io functions static to iolog.c
11426: [b2df3cc3eecb]
11427:
11428: 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
11429:
11430: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
11431: src/sudo_usage.h.in:
11432: Completely remove the -L flag from the sudo front end.
11433: [3d220030b720]
11434:
11435: * plugins/sudoers/sudoreplay.c:
11436: Fix EAGAIN handling when writing to stdout.
11437: [4766d77cea49]
11438:
11439: * plugins/sudoers/sudoers.c:
11440: Eliminate unused variables
11441: [83bd711e79c4]
11442:
11443: * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
11444: Re-enable cleanup functions in sudoers plugin and sudo driver for
11445: error()/errorx().
11446: [43093f937dd8]
11447:
11448: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
11449: plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
11450: plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
11451: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
11452: Use sudo_printf to display verbose version information.
11453: [435cc9f8d4a2]
11454:
11455: * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
11456: plugins/sudoers/Makefile.in, src/Makefile.in:
11457: Minor Makefile cleanup: fix a typo, change the removal order in the
11458: clean targets, and remove a superfluous include path for the sudoers
11459: plugin.
11460: [6e3b2d6b4437]
11461:
11462: * plugins/sudoers/env.c:
11463: Handle duplicate variables in the environment. For unsetenv(), keep
11464: looking even after remove the first instance. For sudo_putenv(),
11465: check for and remove dupes after we replace an existing value.
11466: [c1bbb88d0435]
11467:
11468: 2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
11469:
11470: * plugins/sudoers/Makefile.in:
11471: Use explicit path to source file instead of $< for files that live
11472: in devdir and top_srcdir.
11473: [358ab7f6cc64]
11474:
11475: * plugins/sudoers/Makefile.in:
11476: Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
11477: ending LIBSUDOERS_OBJS with a backslash
11478: [481a5c96d47e]
11479:
11480: * plugins/sudoers/Makefile.in, src/Makefile.in:
11481: Link libcommon before libreplace since libcommon may use functions
11482: only present in libreplace.
11483: [1847c496ff5b]
11484:
11485: * common/Makefile.in:
11486: Move code common to sudo and the sudoers plugin to a convenience
11487: library, libcommon. Removes the need to make links in the sudoers
11488: plugin dir and reduces re-compilation of duplicate object files.
11489: [4c8986352937]
11490:
11491: * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
11492: common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
11493: common/term.c, common/zero_bytes.c, configure, configure.in,
11494: plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
11495: src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
11496: src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
11497: src/zero_bytes.c:
11498: Move code common to sudo and the sudoers plugin to a convenience
11499: library, libcommon. Removes the need to make links in the sudoers
11500: plugin dir and reduces re-compilation of duplicate object files.
11501: [1d1d98bd55b9]
11502:
11503: * src/exec.c, src/sudo.c, src/sudo.h:
11504: Rename script_execve to sudo_execve and rename script_foo in exec.c
11505: [a35ec80de96a]
11506:
11507: * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
11508: rename script.c exec.c and fix up the MANIFEST file
11509: [36bc3bff9578]
11510:
11511: * src/script.c, src/sudo.c, src/sudo.h:
11512: Rename script_setup() to pty_setup() and call from script_execve()
11513: directly.
11514: [899b0fb2a14d]
11515:
11516: * configure, configure.in:
11517: bump version to 1.8.0a2
11518: [0b1c1ca9d4e5]
11519:
11520: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
11521: Document init_session
11522: [b5324785a406]
11523:
11524: * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
11525: plugins/sudoers/auth/sudo_auth.h:
11526: Clean up the sudoers auth API a bit and update the docs.
11527: [c40fd4cb6e68]
11528:
11529: * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
11530: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
11531: plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
11532: Add init_session function to struct policy_plugin that gets called
11533: before the uid/gid/etc changes. A struct passwd pointer is passed
11534: in,which may be NULL if the user does not exist in the passwd
11535: database.The sudoers module uses init_session to open the pam
11536: session as needed.
11537: [d71723320ee8]
11538:
11539: 2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
11540:
11541: * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
11542: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
11543: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
11544: Add open/close session to sudo auth, only used by PAM. This allows
11545: us to open (and close) the PAM session from sudoers.
11546: [2665e2920d0d]
11547:
11548: * plugins/sudoers/Makefile.in:
11549: Add explicit rule to build getdate.o for HP-UX make.
11550: [7f049e989956]
11551:
11552: * plugins/sudoers/Makefile.in:
11553: Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
11554: rules as an alternate way to prevent HP-UX make (and others) from
11555: trying to rebuild the parser in non-dev mode.
11556: [f84badad98c5]
11557:
11558: * plugins/sudoers/sudoers.c:
11559: Re-enable PATH_MAX check for command
11560: [40d8a50da136]
11561:
11562: * Makefile.in:
11563: For distclean, clean the main directory last since the subdirs need
11564: to be able to run libtool to clean things.
11565: [8949a9861634]
11566:
11567: * compat/Makefile.in:
11568: Fix generation of mksiglist.h
11569: [b7cdc9b36650]
11570:
11571: * src/script.c:
11572: Now that we defer sending cstat until the end of script_child() we
11573: cannot reuse cstat when reading command status from parent.
11574: [25c882643466]
11575:
11576: 2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
11577:
11578: * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
11579: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
11580: doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
11581: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
11582: Use numeric registers to handle conditionals instead of trying to do
11583: it all with text processing.
11584: [478079c3fd4b]
11585:
11586: * doc/sudoers.pod:
11587: Document per-command SELinux settings
11588: [13840d566805]
11589:
11590: * plugins/sudoers/sudoers.c:
11591: Repair "sudo -l -U username"
11592: [10a0dcdf2ddf]
11593:
11594: * plugins/sudoers/sudoers.c:
11595: Set selinux role and type in command details.
11596: [8ae6d35a126d]
11597:
11598: * src/script.c, src/selinux.c, src/sudo.h:
11599: Rework SELinux support.
11600: [83279cc94bf2]
11601:
11602: 2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
11603:
11604: * src/script.c, src/selinux.c, src/sudo.h:
11605: Make SELinux support compile again. Needs more work to be complete.
11606: [3d3addebcf82]
11607:
11608: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
11609: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
11610: src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
11611: src/sudo.h:
11612: Bring back closefrom settings.
11613: [b1c6257d4bbb]
11614:
11615: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
11616: plugins/sudoers/sudoers.h:
11617: If running a command or sudoedit in transcript mode, call
11618: io_nextid() before log_allowed() so the session id is logged.
11619: [c42f3ae40150]
11620:
11621: * configure, configure.in:
11622: Use mandoc(1) if nroff(1) is not present.
11623: [daad4bbd04af]
11624:
11625: * doc/Makefile.in:
11626: Use the --file argument to config.status instead of setting
11627: CONFIG_FILES in the environment.
11628: [c89411a8bf70]
11629:
11630: * plugins/sudoers/Makefile.in:
11631: We cannot conditionally update gram.h or the dependency ordering
11632: gets messed up in devel mode.
11633: [c938953231d9]
11634:
11635: 2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
11636:
11637: * Makefile.in, compat/Makefile.in, configure, configure.in,
11638: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
11639: plugins/sudoers/Makefile.in, src/Makefile.in:
11640: Substitute @SHELL@ into Makefiles
11641: [36aa6a095335]
11642:
11643: * config.sub:
11644: Fix typo
11645: [16d294d26b58]
11646:
11647: * config.guess, config.sub, configure, configure.in:
11648: Update to autoconf 2.65
11649: [4fa6ea8caea3]
11650:
11651: * Makefile.in:
11652: Fix libtool target (space vs. tabs)
11653: [755cf3892618]
11654:
11655: * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
11656: Remove use of RETSIGTYPE; all modern systems have signal handlers
11657: that return void.
11658: [42b4e3aee668]
11659:
11660: * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
11661: ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
11662: m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
11663: plugins/sudoers/Makefile.in, src/Makefile.in:
11664: Update to libtool-2.2.6b. I haven't made any local modifications
11665: this time, which should be OK since we install sudo_noexec.so by
11666: hand now.
11667: [6f79ced593bb]
11668:
11669: * compat/Makefile.in, plugins/sample/Makefile.in,
11670: plugins/sudoers/Makefile.in, src/Makefile.in:
11671: Use libtool to clean objects
11672: [1581057d6472]
11673:
11674: * include/Makefile.in:
11675: Install sudo_plugin.h as part of "make install" and make other
11676: install targets callable from the top-level Makefile
11677: [aaaeb027d774]
11678:
11679: * configure, configure.in:
11680: regen with autoupdate to eliminate AC_TRY_LINK
11681: [5d5541c230f5]
11682:
11683: * Makefile.in, compat/Makefile.in, configure, configure.in,
11684: doc/Makefile.in, plugins/sample/Makefile.in,
11685: plugins/sudoers/Makefile.in, src/Makefile.in:
11686: Install sudo_plugin.h as part of "make install" and make other
11687: install targets callable from the top-level Makefile
11688: [b258b8401b1c]
11689:
11690: * plugins/sample/sample_plugin.c:
11691: The sample plugin doesn't support being run with no args so return a
11692: usage error in this case.
11693: [473b3cf965be]
11694:
11695: * plugins/sudoers/iolog.c:
11696: Set close on exec flag for descriptors used for I/O logging so they
11697: are not present in the command being run.
11698: [2c7e8708df76]
11699:
11700: * plugins/sudoers/tsgetgrpw.c:
11701: Set close on exec flag in private versions of setpwent() and
11702: setgrent().
11703: [64fef78cb833]
11704:
11705: * src/script.c:
11706: Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
11707: Fixes extra fds being present in the command when it is part of a
11708: pipeline.
11709: [060451617713]
11710:
11711: * plugins/sudoers/sudoers.c:
11712: Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
11713: is used when logging). Note that user_ttypath will still be NULL if
11714: there is no tty.
11715: [31b69a6ecda7]
11716:
11717: * src/script.c, src/sudo.h:
11718: Cosmetic changes: add comments, remove orphaned prototype and
11719: make a global static.
11720: [f7851af0143e]
11721:
11722: 2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
11723:
11724: * src/script.c:
11725: Move check for maxfd == -1 to flush_output where it belongs.
11726: [b826a95b4491]
11727:
11728: * src/script.c:
11729: Break out of select loop if all the fds we want to select on are -1.
11730: [f5b387024238]
11731:
11732: * src/sudo.c:
11733: Avoid possible malloc(0) if plugin returns an empty groups list.
11734: [9765a8fe5ce7]
11735:
11736: * src/sudo.c:
11737: Add debugging info when calling plugin close function
11738: [95a273c7ff66]
11739:
11740: * src/script.c:
11741: Avoid closing stdin/stdout/stderr when we are piping output.
11742: [330e76423caf]
11743:
11744: * src/script.c:
11745: When execve() of the command fails, it is possible to receive
11746: SIGCHLD before we've read the error status from the pipe. Re-order
11747: things such that we send the final status at the very end and prefer
11748: error status over wait status.
11749: [b0dcf825244f]
11750:
11751: 2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
11752:
11753: * plugins/sudoers/auth/sudo_auth.c:
11754: Fix compilation for non PAM/BSD auth/AIX auth
11755: [e382b39d2e4f]
11756:
11757: 2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
11758:
11759: * src/script.c:
11760: Additional checks to make sure we don't close /dev/tty by mistake.
11761: When flushing, sleep in select as long as we have buffers that need
11762: to be written out.
11763: [8139cbd3dd54]
11764:
11765: * src/script.c:
11766: Now that we can use pipes for stdin/stdout/stderr there is no longer
11767: a need to error out when there is no tty. We just need to make sure
11768: we don't try to use the tty fd if it is -1.
11769: [666621635d26]
11770:
11771: 2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
11772:
11773: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
11774: include/sudo_plugin.h, plugins/sample/sample_plugin.c,
11775: plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
11776: Add argc and argv to I/O logger open function.
11777: [0d7faa007d27]
11778:
11779: * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
11780: plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
11781: src/parse_args.c, src/sudo.c, src/sudo_edit.c:
11782: Remove check_sudoedit function pointer in struct sudo_policy.
11783: Instead, sudo will set sudoedit=true in the settings array. The
11784: plugin should check for this and modify argv_out as appropriate in
11785: check_policy.
11786: [c0328e3276b8]
11787:
11788: 2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
11789:
11790: * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
11791: src/sudo_edit.c:
11792: If plugin sets "sudoedit=true" in the command info, enable sudoedit
11793: mode even if not invoked as sudoedit. This allows a plugin to
11794: enable sudoedit when the user runs an editor.
11795: [96d67b99e42e]
11796:
11797: 2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
11798:
11799: * plugins/sudoers/Makefile.in:
11800: gram.h must not depend on gram.y if we want to avoid unnecessary
11801: rebuilding of targets dependent on gram.h when gram.y changes.
11802: [9db4b767fdca]
11803:
11804: * plugins/sample/sample_plugin.c:
11805: Refactor common bits of check_policy and check_edit
11806: [ac4d366a04cf]
11807:
11808: * plugins/sample/sample_plugin.c:
11809: Add sudoedit support
11810: [a1a6cc4c0cef]
11811:
11812: 2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
11813:
11814: * plugins/sudoers/Makefile.in:
11815: Rely more on VPATH; fixes a dependency issue with the parser.
11816: [45e406ebdea2]
11817:
11818: * include/compat.h:
11819: Fix typo introduced in last commit
11820: [3ccb0f853d11]
11821:
11822: * include/compat.h:
11823: Emulate seteuid using setreuid() or setresuid() as needed. There are
11824: still a few places that call seteuid() directly.
11825: [36e8efa3a99d]
11826:
11827: * src/parse_args.c, src/sudo_edit.c:
11828: Attempt to fix building on systems that only have setuid.
11829: [8e9ba4083318]
11830:
11831: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
11832: Clarify sudoedit a tad.
11833: [d39dfaa14ade]
11834:
11835: 2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
11836:
11837: * src/sudo_edit.c:
11838: Fix compilation on HP-UX
11839: [f6e47843d139]
11840:
11841: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
11842: Document sudoedit
11843: [4cbf5196d993]
11844:
11845: * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
11846: Change how we handle the sudoedit argv. We now require that there
11847: be a "--" in argv to separate the editor and any command line
11848: arguments from the files to be edited.
11849: [20623d549a3c]
11850:
11851: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
11852: plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
11853: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
11854: src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
11855: src/sudo.h, src/sudo_edit.c:
11856: Work in progress support for sudoedit. The actual interface used by
11857: the plugin for sudoedit is likely to change.
11858: [c31262a31997]
11859:
11860: * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
11861: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
11862: Make find_path() a little more generic by not checking def_foo
11863: variables inside it. Instead, pass in ignore_dot as a function
11864: argument.
11865: [9c23101a094d]
11866:
11867: * plugins/sudoers/env.c:
11868: Add version of getenv(3) that uses our own environ pointer.
11869: [0e3783e63534]
11870:
11871: 2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
11872:
11873: * src/script.c:
11874: Avoid a potential race condition if SIGCHLD is received immediately
11875: before we call select().
11876: [99adc5ea7f0a]
11877:
11878: * plugins/sudoers/sudoers.c:
11879: Call env_init() before we open the sudoers sources as those may call
11880: our setenv() replacement.
11881: [5f82601f5ab0]
11882:
11883: * plugins/sudoers/env.c:
11884: Initialize env_len in env_init()
11885: [7ae02b3029b5]
11886:
11887: 2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
11888:
11889: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
11890: Document time stamp shortcomings under SECURITY NOTES Use "time
11891: stamp" instead of timestamp.
11892: [2b86120815b2]
11893:
11894: * doc/Makefile.in:
11895: Make sed substitution of mansectsu and mansectform global.
11896: [94588632dba0]
11897:
11898: * plugins/sudoers/check.c:
11899: If the tty lives on a devpts filesystem, stash the ctime in the tty
11900: ticket file, as it is not updated when the tty is written to. This
11901: helps us determine when a tty has been reused without the user
11902: authenticating again with sudo.
11903: [0e62a31bceb0]
11904:
11905: * src/tgetpass.c:
11906: Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
11907: is what our compat checks set.
11908: [df50f0a040c9]
11909:
11910: * configure, configure.in:
11911: Add check for whether sudo need to link with -ldl to get dlopen().
11912: This is a bit of a hack that will get reworked when libtool is
11913: updated.
11914: [63bdcf579533]
11915:
11916: * plugins/sudoers/check.c:
11917: Fix timestamp removal with -k/-K
11918: [6b4639fef973]
11919:
11920: * plugins/sudoers/Makefile.in:
11921: audit.c is now private to the sudoers plugin
11922: [1974f342ae0b]
11923:
11924: * configure, configure.in:
11925: Link with -lpthread on HP-UX since a plugin may be linked with
11926: -lpthread and dlopen() will fail if the shared object has a
11927: dependency on -lpthread but the main program is not linked with it.
11928: [d42139391263]
11929:
11930: * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
11931: Add separate test for getresuid() since HP-UX has setresuid() but no
11932: getresuid().
11933: [910fe727a374]
11934:
11935: * doc/Makefile.in:
11936: Remove errant backslash
11937: [dd5464257c69]
11938:
11939: * src/script.c:
11940: Fix SIGPIPE handling. Now that we use may use pipes for
11941: stdin/stdout we need to pass any SIGPIPE we receive to the running
11942: command.
11943: [3f6b1991f4fd]
11944:
11945: * src/script.c:
11946: Also start the command in the background if stdin is not a tty.
11947: [d93bc33a3740]
11948:
11949: 2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
11950:
11951: * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
11952: No need to use pseudo-cbreak mode now that we use pipes when stdout
11953: is not a tty. Instead, check whether stdin is a tty and if not,
11954: delay setting the tty to raw mode until the command tries to access
11955: it itself (and receives SIGTTIN or SIGTTOU).
11956: [e68315cf8c6b]
11957:
11958: * src/tgetpass.c:
11959: Use an array for signals received instead of a single variable so we
11960: don't lose any when there are multiple different signals.
11961: [2ac726dac864]
11962:
11963: * src/tgetpass.c:
11964: Do signal setup after turning off echo, not before. If we are using
11965: a tty but are not the foreground pgrp this will generate SIGTTOU so
11966: we want the default action to be taken (suspend process).
11967: [bebb6209c795]
11968:
11969: 2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
11970:
11971: * src/script.c:
11972: Flush the iobufs on suspend or child exit using the same logic as
11973: the main event loop.
11974: [c627feee1035]
11975:
11976: * src/script.c:
11977: Free memory after we are done with it.
11978: [8db9b611b45a]
11979:
11980: 2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
11981:
11982: * doc/HISTORY:
11983: Quest now sponsors Sudo development
11984: [6cc490083bc7]
11985:
11986: 2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
11987:
11988: * doc/Makefile.in:
11989: Install sudo_plugin man page.
11990: [c253729790b2]
11991:
11992: * src/script.c:
11993: Go back to reseting io_buffer offset and length (and now also the
11994: EOF handling) in the loop we do the FD_SET, not after we drain the
11995: buffer after write() since we don't know what order reads and writes
11996: will occur in.
11997: [5f38bfa8497f]
11998:
11999: * MANIFEST:
12000: audit files moved to sudoers plugin directory
12001: [b1ead182428e]
12002:
12003: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
12004: Document plugin_printf and new logging functions.
12005: [fe9430b60ab5]
12006:
12007: * src/script.c:
12008: Add support for logging stdin when it is not a tty. There is still a
12009: bug where "cat | sudo cat" has problems because both cat and sudo
12010: are trying to read from the tty.
12011: [04c9c59fcfba]
12012:
12013: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
12014: plugins/sudoers/sudoers.c, src/script.c:
12015: Add separate I/O logging functions for tty in/out and
12016: stdin/stdout/stderr. NOTE: stdin logging does not currently work and
12017: is disabled for now.
12018: [a36dfd4ca935]
12019:
12020: 2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
12021:
12022: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
12023: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
12024: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
12025: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
12026: src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
12027: Add pointer to a printf like function to plugin open functon. This
12028: can be used instead of the conversation function to display info and
12029: error messages.
12030: [98734eea8ef1]
12031:
12032: * Makefile.in:
12033: Stop if make in a subdir fails
12034: [228bb3ad2dbc]
12035:
12036: * src/script.c:
12037: Only set user's tty to blocking mode when doing the final flush.
12038: Flush pipes as well as pty master when the process is done.
12039: [20ff67218666]
12040:
12041: 2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
12042:
12043: * plugins/sudoers/ldap.c:
12044: Use print_error() when displaying ldap config info in debugging
12045: mode.
12046: [d142e0cacb22]
12047:
12048: * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
12049: No longer need strdup() or strndup() replacements.
12050: [df53697174ec]
12051:
12052: * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
12053: plugins/sudoers/sudoers.h:
12054: Add print_error() function that uses the conversation function to
12055: print a variable number of error strings and use it in log_error().
12056: [b1fa2861b575]
12057:
12058: * src/script.c, src/sudo.h, src/term.c:
12059: Do not need the opost flag to term_copy() now that we use pipes for
12060: stdout/stderr when they are not a tty.
12061: [f42811f70a19]
12062:
12063: * src/script.c:
12064: Use pipes to the sudo process if stdout or stderr is not a tty.
12065: Still needs some polishing and a decision as to whether it is
12066: desirable to add additonal entry points for logging
12067: stdout/stderr/stdin when they are not ttys. That would allow a
12068: replay program to keep things separate and to know whether the
12069: terminal needs to be in raw mode at replay time.
12070: [1a945e0ab2da]
12071:
12072: 2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
12073:
12074: * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
12075: plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
12076: src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
12077: Move audit sources into the sudoers plugin dir; the driver does not
12078: use them.
12079: [50ec36422cd0]
12080:
12081: * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
12082: compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
12083: plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
12084: plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
12085: plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
12086: src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
12087: src/term.c, src/ttysize.c:
12088: Use angle brackets when including headers that can only be found
12089: when an -I flag is specified. The files in the compat dir could get
12090: away with double quotes here but I've converted all the source files
12091: to use angle brackets for consistency.
12092: [9e30a8fc6d4b]
12093:
12094: * plugins/sudoers/Makefile.in:
12095: Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
12096: dir can be found when building outside the source tree.
12097: [1150934b79dd]
12098:
12099: * plugins/sudoers/Makefile.in:
12100: Clean up links in distclean
12101: [78595028be8b]
12102:
12103: * plugins/sudoers/Makefile.in:
12104: Hack around VPATH semantic differences by symlinking files we need
12105: from ../../src into the current directory and build those. A better
12106: fix would be to either make a .a or .la file with those files in it
12107: or simply use a single, flat, Makefile instead of per-subdirs
12108: Makefiles.
12109: [892c332d3f05]
12110:
12111: * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
12112: fmt_string is used by the sudoers plugin too so do not include
12113: sudo.h (which is not really needed here anyway)
12114: [231c35e3941f]
12115:
12116: * compat/Makefile.in, plugins/sample/Makefile.in,
12117: plugins/sudoers/Makefile.in, src/Makefile.in:
12118: Fix building with non-BSD versions of make such as GNU make.
12119: Requires VPATH support, which should be in any non-neolithic make.
12120: [dc174f135919]
12121:
12122: * configure, configure.in, plugins/sudoers/Makefile.in,
12123: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
12124: src/Makefile.in:
12125: Re-enable bsm audit. Currently auditing is done within the sudoers
12126: plugin itself. If possible, this should really be done in the main
12127: driver but we don't presently have the needed data to do that. This
12128: will be re-evaluated when Linux audit support is added.
12129: [1d05a3236bfe]
12130:
12131: * compat/Makefile.in, plugins/sample/Makefile.in,
12132: plugins/sudoers/Makefile.in, src/Makefile.in:
12133: Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
12134: of explicit rules in the dependency.
12135: [88f80efd25f0]
12136:
12137: * plugins/sudoers/visudo.c:
12138: Fix mismerge; alias_remove_recursive() now returns int
12139: [6257a4849641]
12140:
12141: 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
12142:
12143: * plugins/sudoers/visudo.c:
12144: Fix a crash when checking a sudoers file that has aliases that
12145: reference themselves. Based on a diff from David Wood.
12146: [545d194484a7]
12147:
12148: * src/script.c:
12149: Print signal info after restoring the tty mode, not before.
12150: [a68618e67435]
12151:
12152: * src/script.c:
12153: Defer call to alarm() until after we fork the child. Pass correct
12154: pid to terminate_child() If the command exits due to signal, set
12155: alive to false like we do when it exits normally. Add missing
12156: check for errpipe[0] != -1 before using it in FD_ISSET
12157: [22f0a1549391]
12158:
12159: 2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
12160:
12161: * plugins/sudoers/boottime.c:
12162: Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
12163: [0e627170c6e8]
12164:
12165: 2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
12166:
12167: * src/Makefile.in:
12168: Simplify dependencies by using .c.o and .c.lo rules.
12169: [6abcaef5d1ac]
12170:
12171: * configure, configure.in, plugins/sudoers/Makefile.in,
12172: src/Makefile.in:
12173: Substitute in @PROGS@ into src/Makefile to add sesh
12174: [cc46d3b6208f]
12175:
12176: 2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
12177:
12178: * plugins/sudoers/sudoers.c:
12179: Add back calls to log_denial() if sudoers does not allow the
12180: command.
12181: [9783316207f0]
12182:
12183: * plugins/sudoers/sudoers.c:
12184: Pass in correct pwflag for list and validate.
12185: [973dd56d4b81]
12186:
12187: * plugins/sudoers/env.c:
12188: Add missing check for NULL in validate_env_vars
12189: [1d6eb6957824]
12190:
12191: * src/Makefile.in:
12192: Add sudo_noexec.la to "all" target, otherwise it only gets built at
12193: install time.
12194: [644a9694d2ef]
12195:
12196: * plugins/sudoers/sudoers.c:
12197: Only set sudo_user.env_vars if the env_add list is empty.
12198: [fccdf6f0e0e2]
12199:
12200: * plugins/sudoers/sudoers.c:
12201: Set sudo_user.env_vars so that environment variables specified on
12202: the command line get logged correctly.
12203: [9b51012c491e]
12204:
12205: * plugins/sudoers/env.c, plugins/sudoers/logging.c,
12206: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
12207: Re-enable environment files and setting environment variables on the
12208: command line.
12209: [5662d5645dbd]
12210:
12211: 2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
12212:
12213: * plugins/sudoers/check.c:
12214: Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
12215: a pointer to time_t as tv_sec in struct timeval may be long.
12216: [4de0c46e788e]
12217:
12218: * plugins/sudoers/check.c:
12219: Don't stash ctime in on-disk tty ticket info for now; on many
12220: (most?) systems the ctime is updated when the tty is written to.
12221: Once I have a better idea of what systems do not update ctime on
12222: ttys (and have a way to test for this) the ctime stash will be
12223: conditionally re-enabled.
12224: [a90eeec0f648]
12225:
12226: 2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
12227:
12228: * MANIFEST, Makefile.in:
12229: Add back "dist" target, this time using a MANIFEST file
12230: [29277c05499f]
12231:
12232: * Makefile.in:
12233: Remove Makefile in distclean target
12234: [83d695f4f450]
12235:
12236: * Makefile.in, src/Makefile.in:
12237: Update clean and cleandir targets
12238: [ad7b2afeb9c1]
12239:
12240: * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
12241: src/sudo.h:
12242: Move fileops.c defines and prototypes to filesops.h
12243: [4545e9b6892d]
12244:
12245: * plugins/sudoers/check.c:
12246: Lock the tty timestamp when writing. We shouldn't have to lock when
12247: reading since the file is updated via a single write system call.
12248: [0c7276f02696]
12249:
12250: 2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
12251:
12252: * plugins/sudoers/alias.c, plugins/sudoers/check.c,
12253: plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
12254: plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
12255: plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
12256: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
12257: plugins/sudoers/logging.c, plugins/sudoers/match.c,
12258: plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
12259: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
12260: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
12261: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
12262: plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
12263: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
12264: Convert to ANSI C function declarations
12265: [9c45def57cf7]
12266:
12267: * plugins/sudoers/sudoers.h:
12268: Remove extraneous bits and classify by source file.
12269: [e8ea9f109ebb]
12270:
12271: * include/compat.h:
12272: Add timercmp macro for systems without it
12273: [d3bf87b1d08e]
12274:
12275: * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
12276: plugins/sudoers/sudoers.h:
12277: get_boottime() now fills in a timeval struct
12278: [3573c3f44e11]
12279:
12280: * plugins/sudoers/check.c:
12281: Store info from stat(2)ing the tty in the tty ticket when tty
12282: tickets are in use. On most systems, this closes the loophole
12283: whereby a user can log out of a tty, log back in and still have the
12284: timestamp be valid.
12285: [53380f9f5242]
12286:
12287: * config.h.in, configure.in:
12288: Add timespec2timeval and use it when getting ctime/mtime
12289: [4cb7f7caec2c]
12290:
12291: 2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
12292:
12293: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
12294: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
12295: plugins/sudoers/testsudoers.c:
12296: Convert perm setting to push/pop model; still needs some work Use
12297: the stashed runas groups instead of using getgrouplist() Reset perms
12298: to the initial value on error
12299: [09c072ebde8b]
12300:
12301: * config.h.in, configure.in:
12302: fix ctim_get and mtim_get macros
12303: [58773dc1e360]
12304:
12305: * config.h.in, configure, configure.in, include/compat.h,
12306: plugins/sudoers/check.c, plugins/sudoers/gettime.c,
12307: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
12308: Use timeval directly instead of converting to timespec when dealing
12309: with file times and time of day.
12310: [a0ce1ae00a67]
12311:
12312: * plugins/sudoers/Makefile.in:
12313: Don't like sudoreplay with libsudoers.la due to a yacc symbol
12314: conflict.
12315: [f1a59cc63a15]
12316:
12317: 2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
12318:
12319: * configure, configure.in:
12320: Darwin >= 9.x has real setreuid(2)
12321: [7ec942a64275]
12322:
12323: 2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
12324:
12325: * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
12326: Ansify env.c
12327: [f58551bad10a]
12328:
12329: * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
12330: plugins/sudoers/sudoers.h:
12331: Remove remaining references to the environ pointer.
12332: [96faa530816a]
12333:
12334: 2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
12335:
12336: * config.h.in, configure, configure.in, plugins/sudoers/env.c:
12337: Don't change the environ directly in the sudoers plugin
12338: [6db48ed3f7e0]
12339:
12340: 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
12341:
12342: * plugins/sudoers/sudoers.c:
12343: Fix typo
12344: [4aa452b07f8f]
12345:
12346: * plugins/sudoers/alias.c:
12347: Fix use after free in error message when a duplicate alias exists.
12348: [ce1d2812ee34]
12349:
12350: 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
12351:
12352: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
12353: src/parse_args.c:
12354: Add a "noninteractive" boolean to the settings passed in to the
12355: plugin's open function that is set when the user specifies the -n
12356: flag.
12357: [68f8d9d6d4d0]
12358:
12359: * config.h.in, configure, configure.in, plugins/sudoers/env.c:
12360: Add workaround for the lack of the environ pointer on Mac OS X in
12361: dlopen()ed modules. Use of environ in the sudoers plugin should
12362: ultimately be removed but this will do for the moment.
12363: [80c61647434f]
12364:
12365: * plugins/sudoers/visudo.c:
12366: Set errorfile to the sudoers path if we set parse_error manually.
12367: This prevents a NULL dereference in printf() when checking a sudoers
12368: file in strict mode when alias errors are present.
12369: [45e249ca99f7]
12370:
12371: * plugins/sudoers/sudoers.c:
12372: Main sudo no longer print "unable to execute" on exec failure so do
12373: it here.
12374: [50aaf62b43b5]
12375:
12376: 2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
12377:
12378: * src/script.c:
12379: Use a pipe to pass back errno to the parent if execve() fails. If we
12380: get an error in script_child(), kill the command and exit.
12381: [dc3bf870f91b]
12382:
12383: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
12384: src/parse_args.c, src/sudo.c:
12385: Handle plugin's open function returning -2 (usage error).
12386: [aadf900c1de8]
12387:
12388: * src/script.c:
12389: If execve() fails, leave it to the plugin to print an error string.
12390: [e25748f2d5b9]
12391:
12392: * src/script.c:
12393: If execve fails in logging mode, pass the errno directly to the
12394: grandparent on the backchannel and exit. The immediate parent will
12395: get SIGCHLD and try to report that status but its parent will no
12396: longer be listening. It would probably be cleaner to pass this over
12397: a pipe in script_child().
12398: [cb122acc81a8]
12399:
12400: * plugins/sudoers/sudoers.c:
12401: Don't override rval with results of check_user() unless it failed.
12402: [46fb7e87ac7d]
12403:
12404: 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
12405:
12406: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
12407: Fix typo
12408: [ccd0b693f3da]
12409:
12410: * src/parse_args.c:
12411: NULL-terminate env_add
12412: [2c534368a0c3]
12413:
12414: 2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
12415:
12416: * src/sudo.c:
12417: Call the I/O log open function before the I/O version function.
12418: [e88bf898990b]
12419:
12420: * plugins/sudoers/iolog.c:
12421: Remove io_conv and just use sudo_conv
12422: [a280052468eb]
12423:
12424: * plugins/sudoers/set_perms.c:
12425: Fix set/restore perms for systems w/o setresuid
12426: [4160517f6666]
12427:
12428: 2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
12429:
12430: * plugins/sudoers/check.c, plugins/sudoers/logging.c,
12431: plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
12432: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
12433: Primitive set/restore permissions. Will be replaced by a push/pop
12434: model.
12435: [aae102290866]
12436:
12437: * src/script.c:
12438: Only need to take action on SIGCHLD in parent if no I/O logger. If
12439: there is an I/O logger we will receive ECONNRESET or EPIPE when we
12440: try to read from the socketpair.
12441: [e1e4560401f6]
12442:
12443: 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
12444:
12445: * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
12446: doc/sudoers.pod, plugins/sudoers/find_path.c:
12447: Merge fb4d571495fa from the 1.7 branch to trunk.
12448: [c8fb424ad4d2]
12449:
12450: 2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
12451:
12452: * src/script.c:
12453: Don't set SA_RESTART when registering SIGALRM handler. Do set
12454: SA_RESTART when registering SIGWINCH handler.
12455: [173472b76525]
12456:
12457: * doc/Makefile.in:
12458: Add dev targets for *.man.in and *.cat that don't specfify the
12459: $(srcdir) prefix.
12460: [b62f425da2e4]
12461:
12462: * src/script.c:
12463: If log_input or log_output returns false, terminate the command.
12464: [074f4c0c34a0]
12465:
12466: * src/script.c:
12467: Better signal handling. Instead of using a single variable to store
12468: the received signal, use an array so we can't lose a signal when
12469: multiple are sent. Fix process termination by SIGALRM in non-I/O
12470: logger mode. Fix relaying terminal signals to the child in non-I/O
12471: logger mode.
12472: [7a4723aca99d]
12473:
12474: * src/script.c:
12475: Fix a race between when we get the child pid in the parent and when
12476: the child process exits. The problem exhibited as a hang after a
12477: short-lived process, e.g. "sudo id" when no IO logger was enabled.
12478: [80bcc0aca70b]
12479:
12480: 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
12481:
12482: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
12483: Add a note about the security implications of the fast_glob option.
12484: [c37a92ab7c93]
12485:
12486: 2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
12487:
12488: * config.h.in, configure, configure.in:
12489: Fix up some AC_DEFINE descriptions and regen config.h.in
12490: [f4655adc0db3]
12491:
12492: 2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
12493:
12494: * include/missing.h:
12495: No longer check for strdup or strndup for LIBOBJ replacement.
12496: [fdc764ee8109]
12497:
12498: * src/script.c:
12499: Avoid installing signal handlers that are io-logger specific. Fixes
12500: job control when no io logger is enabled.
12501: [0853dd0906d4]
12502:
12503: * doc/Makefile.in:
12504: Only regen man pages from pod when configured with --with-devel
12505: [ab1995f8103d]
12506:
12507: 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
12508:
12509: * Makefile, Makefile.in, configure, configure.in:
12510: Top-level Makefile.in. Nothing is currently substituted but this is
12511: needed for separate build dirs.
12512: [e80873cbd201]
12513:
12514: * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
12515: plugins/sudoers/Makefile.in, src/Makefile.in:
12516: Fix out-of-tree builds
12517: [59a35bef07b8]
12518:
12519: * Merge
12520: [386b848047e9]
12521:
12522: * doc/Makefile.in:
12523: We always install sudoreplay in 1.8
12524: [ce52ba6617c9]
12525:
12526: 2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
12527:
12528: * compat/siglist.in:
12529: SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
12530: [6d69e1b05faf]
12531:
12532: 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
12533:
12534: * configure, configure.in:
12535: No need to provide strdup() or strndup(), sudo uses estrdup() and
12536: estrndup()
12537: [57ec23b72958]
12538:
12539: 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
12540:
12541: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
12542: Free str after using it in the version method. Use sudo_conv, not
12543: io_conv since we don't have the IO conversation function pointer in
12544: the I/O version method anymore now that io_open is delayed.
12545: [f2ed132adeb0]
12546:
12547: 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
12548:
12549: * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
12550: compat/siglist.in:
12551: Add license to mksiglist.c and note that the bits from pdksh are
12552: public domain
12553: [d8121a2467e8]
12554:
12555: * compat/Makefile.in:
12556: Fix LIBOBJDIR vs. srcdir wrt the siglist bits
12557: [164160148421]
12558:
12559: * plugins/sudoers/Makefile.in:
12560: Add sudoreplay testsudoers and visudo to clean target
12561: [138a17e51c0c]
12562:
12563: * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
12564: compat/siglist.in, compat/strsignal.c, configure, configure.in,
12565: include/missing.h, src/script.c:
12566: Create our own sys_siglist for systems without it for use by
12567: strsignal()
12568: [2e5da011ebc3]
12569:
12570: * compat/Makefile.in:
12571: Remove duplicate $(LIBOBJDIR)
12572: [adf9abc9432f]
12573:
12574: 2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
12575:
12576: * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
12577: Main sudo should not block signals; the plugin should do this in
12578: check_policy.
12579: [3f3736a7c5ed]
12580:
12581: 2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
12582:
12583: * src/script.c:
12584: Fix a sizeof(ptr) vs. sizeof(*ptr)
12585: [aa1bcf5afcce]
12586:
12587: * src/script.c:
12588: Unlike most operating systems, HP-UX select() is not interrupted by
12589: SIGCHLD when the signal is registered with SA_RESTART. If we clear
12590: SA_RESTART when calling sigaction() for SIGCHLD we get the expected
12591: behavior and the code in the select() loops already handles EINTR
12592: correctly.
12593: [9eba0115e35a]
12594:
12595: * compat/getprogname.c:
12596: progname should be const
12597: [130228f062b7]
12598:
12599: * plugins/sudoers/Makefile.in:
12600: Move --tag=disable-static to when we link sudoers.la, not when we
12601: install.
12602: [ceb5e6c3b78b]
12603:
12604: * src/load_plugins.c:
12605: Load the sudoers I/O plugin by default too now that it is hooked up.
12606: [ea38befd0742]
12607:
12608: 2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
12609:
12610: * src/pty.c:
12611: It looks like AIX doesn't need to push STREAMS modules for ptys.
12612: [22da618ba0a1]
12613:
12614: 2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
12615:
12616: * src/parse_args.c, src/sudo.c:
12617: Delay calling the I/O plugin open function until the policy plugin
12618: returns success.
12619: [f3297c325b48]
12620:
12621: 2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
12622:
12623: * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
12624: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
12625: plugins/sudoers/sudoers.h:
12626: Add back io logging (transcript) support. Currently, the open
12627: function runs too early and it is not possible to use the io module
12628: independently of the policy module.
12629: [9bd932f66226]
12630:
12631: * plugins/sudoers/set_perms.c:
12632: Comment out dead code; will be removed when set_perms is rewritten.
12633: [af7a995284f8]
12634:
12635: 2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
12636:
12637: * plugins/sudoers/sudoers.c:
12638: Fix off by one error when allocating user_groups.
12639: [6281fcf9c3bb]
12640:
12641: 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
12642:
12643: * configure, configure.in, plugins/sudoers/Makefile.in:
12644: Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
12645: [fbce3e9eda3a]
12646:
12647: * plugins/sudoers/sudoers.c:
12648: Fix typo in preserve groups case
12649: [1fd72024fb5a]
12650:
12651: * plugins/sudoers/sudoers.c:
12652: In command_info it is "runas_groups" not "groups".
12653: [5c64dce4f285]
12654:
12655: * src/sudo.c:
12656: Fix iteration over runas_groups list.
12657: [b3c45a0cd643]
12658:
12659: * configure, configure.in, plugins/sudoers/env.c,
12660: plugins/sudoers/match.c, src/script.c:
12661: Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
12662: [a8108a0776c2]
12663:
12664: * compat/getgrouplist.c:
12665: getgrouplist(3) for those without it
12666: [4ab4d21e3b16]
12667:
12668: * plugins/sudoers/sudoers.c:
12669: Set preserve_groups or groups list in command_info
12670: [1266119ad654]
12671:
12672: * src/sudo.c:
12673: Fix setting of groups list
12674: [e75315e40bd4]
12675:
12676: * config.h.in, configure, configure.in, include/compat.h,
12677: include/missing.h:
12678: Add checks for getgrset and getgrouplist and use replacement
12679: getgrouplist if the system doesn't support it.
12680: [a62b8ba50863]
12681:
12682: * src/parse_args.c:
12683: Pass in preserve_groups when the -P flag is specified as per the
12684: design
12685: [7420c5d15474]
12686:
12687: * plugins/sudoers/sudoers.c:
12688: Check preserve_groups and ignore_ticket args with atobool instead of
12689: assuming they are true if present.
12690: [71c905702697]
12691:
12692: 2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
12693:
12694: * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
12695: plugins/sudoers/plugin_error.c:
12696: Rename plugin-specific error.c to plugin_error.c Wire up visudo,
12697: sudoreplay and testsudoers in the build
12698: [9d581d5fa4d4]
12699:
12700: * src/Makefile.in, src/term.c:
12701: term.c does not needto include sudo.h
12702: [f6683cdcd2dd]
12703:
12704: * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
12705: doc/sudo_plugin.pod:
12706: Document the -2 return in the check_policy section too
12707: [e9cb4c34bbcf]
12708:
12709: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
12710: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
12711: src/parse_args.c, src/sudo.c, src/sudo.h:
12712: Fix the -s and -i flags and add support for the "implied_shell"
12713: option. If the user does not specify a command, sudo will now pass
12714: in the path to the user's shell and set impied_shell=true. The
12715: plugin can them either check the command normally or return -2 to
12716: cause sudo to print a usage message and exit.
12717: [bf889c38f229]
12718:
12719: 2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
12720:
12721: * config.h.in, configure, configure.in, src/load_plugins.c:
12722: Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
12723: Darwin where libraries end in .dylib but modules end in .so
12724: [2c56aaa38e21]
12725:
12726: * plugins/sudoers/parse.c:
12727: Better prefix determination now that we can't rely on len==0 to tell
12728: the beginning on an entry.
12729: [622bf18179e9]
12730:
12731: * plugins/sudoers/ldap.c:
12732: display_bound_defaults() stub should return 0, not 1 since it is a
12733: count, not a boolean.
12734: [0327a6c3d55d]
12735:
12736: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
12737: Document progname in settings
12738: [42031d56a2e3]
12739:
12740: * compat/getprogname.c, include/compat.h,
12741: plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
12742: src/parse_args.c, src/sudo.c:
12743: Rewrite compat/getprogname.c and add setprogname(). The progname is
12744: now passed to the plugin via the settings array.
12745: [25d8663e6006]
12746:
12747: * configure, configure.in, plugins/sudoers/Makefile.in:
12748: Fix --with-ldap
12749: [b64b633f426d]
12750:
12751: * plugins/sudoers/sudo_nss.c:
12752: Add missing whitespace for Runas and Command-specific defaults
12753: [65f4ddf5545e]
12754:
12755: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
12756: plugins/sudoers/sudo_nss.c:
12757: Use embedded newlines in lbuf instead of multiple calls to
12758: lbuf_print.
12759: [eed3af9cc3e1]
12760:
12761: * src/lbuf.c:
12762: Add support for embedded newlines.
12763: [e11f79b18deb]
12764:
12765: 2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
12766:
12767: * compat/getprogname.c:
12768: If system doesn't support getprogname or __programe and we are
12769: building a shared object don't bother with Argc/Argv, just return
12770: "sudo"
12771: [aebde9062be7]
12772:
12773: * config.h.in, configure, configure.in, src/load_plugins.c:
12774: Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
12775: appears to always install a shared object with the .so suffix.
12776: [f9bbd0c0e9d3]
12777:
12778: * compat/Makefile.in, configure, configure.in,
12779: plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
12780: src/Makefile.in:
12781: Play more nicely with libtool and let it build libreplace (was
12782: libmissing) for us.
12783: [a4c6ebb2495c]
12784:
12785: * include/missing.h:
12786: Include stdarg.h for va_list rather than requiring all consumers of
12787: missing.h to include stdarg.h themselves.
12788: [37382df948de]
12789:
12790: * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
12791: plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
12792: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
12793: src/parse_args.c:
12794: Pass in output function to lbuf_init() instead of writing to stdout.
12795: A side effect is that the usage info can now go to stderr as it
12796: should.
12797: [6d261261a072]
12798:
12799: 2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
12800:
12801: * include/lbuf.h, plugins/sudoers/sudo_nss.c,
12802: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
12803: src/parse_args.c, src/sudo.c:
12804: Use number of tty columns that is passed in user_info instead of
12805: getting it directly in the lbuf code.
12806: [8a16635c2638]
12807:
12808: * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
12809: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
12810: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
12811: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
12812: plugins/sudoers/defaults.h, plugins/sudoers/env.c,
12813: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
12814: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
12815: plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
12816: plugins/sudoers/logging.h, plugins/sudoers/match.c,
12817: plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
12818: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
12819: plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
12820: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
12821: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
12822: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
12823: plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
12824: plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
12825: plugins/sudoers/visudo.c:
12826: Kill __P in sudoers
12827: [63601e6cb171]
12828:
12829: * config.h.in, configure, configure.in, src/load_plugins.c:
12830: Set the sudoers plugin name in configure so we get the extension
12831: right.
12832: [edad89924cd1]
12833:
12834: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
12835: Document lines/cols in user_info
12836: [a808872394f3]
12837:
12838: * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
12839: Add tty size to user info
12840: [23f3d27e77a7]
12841:
12842: * src/script.c:
12843: Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
12844: [a2208dd09051]
12845:
12846: 2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
12847:
12848: * plugins/sudoers/sudoers.c:
12849: Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
12850: out if we fail to lookup the user's name that is passed in
12851: [e4e3728ed482]
12852:
12853: * plugins/sudoers/error.c:
12854: Pass the error value back via siglongjmp.
12855: [667b8ad575ce]
12856:
12857: * plugins/sudoers/check.c:
12858: Use conversation function for lecture.
12859: [1ab4719f509b]
12860:
12861: * plugins/sudoers/check.c:
12862: Don't update ticket file if verify_user returns FALSE.
12863: [2bbc46a39a2b]
12864:
12865: 2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
12866:
12867: * plugins/sudoers/sudoers.c, src/sudo.c:
12868: Wire up invalidate and validate methods for sudoers
12869: [c0630c7bca47]
12870:
12871: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
12872: plugins/sudoers/sudoers.h:
12873: Add support for -k flag with a command.
12874: [edad239b098b]
12875:
12876: * src/parse_args.c:
12877: Allow -k to be specified with a command.
12878: [43a45add9974]
12879:
12880: * plugins/sudoers/sudoers.c:
12881: Wire up policy_list
12882: [27cc35699eca]
12883:
12884: * plugins/sudoers/error.c:
12885: Add newline at the end of message and space after the colon in
12886: warning message
12887: [5a591aa8e744]
12888:
12889: * plugins/sudoers/auth/sudo_auth.c:
12890: Add missing newline after pass password warning
12891: [337dba3870a7]
12892:
12893: * plugins/sudoers/sudoers.c:
12894: Set user_groups and user_ngroups based on user_info
12895: [61bee85128c8]
12896:
12897: * plugins/sudoers/error.c:
12898: Make this compile
12899: [7041c441e1c8]
12900:
12901: * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
12902: Make _warning in error.c use the conversation function and remove
12903: commented out warning/warningx in sudoers.c.
12904: [7c9b09024b63]
12905:
12906: * plugins/sudoers/logging.c:
12907: Use siglongjmp() in log_error for fatal errors
12908: [b50e26f1c73f]
12909:
12910: * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
12911: Quiet a libtool warning
12912: [b2331fb006bc]
12913:
12914: * Makefile:
12915: Build sudoers plugin
12916: [5cdf06e66978]
12917:
12918: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
12919: Use warningx in yyerror() so the conversation function gets used
12920: when built as part of sudoers.
12921: [85f964215eef]
12922:
12923: 2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
12924:
12925: * plugins/sudoers/auth/pam.c:
12926: Rename sudo_conv to conversation to avoid a namespace conflict.
12927: [1ad359d36be9]
12928:
12929: * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
12930: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
12931: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
12932: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
12933: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
12934: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
12935: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
12936: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
12937: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
12938: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
12939: plugins/sudoers/env.c, plugins/sudoers/error.c,
12940: plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
12941: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
12942: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
12943: plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
12944: plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
12945: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
12946: plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
12947: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
12948: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
12949: plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
12950: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
12951: Initial bits of sudoers plugin; still needs work.
12952: [af2a2c59a952]
12953:
12954: * config.h.in:
12955: Add HAVE_STRDUP and HAVE_STRNDUP
12956: [50a3c0dd510f]
12957:
12958: * compat/Makefile.in, configure, configure.in:
12959: Build libmissing in two flavors (one PIC one non-PIC) and link with
12960: the appropriate one.
12961: [b62f411a4c18]
12962:
12963: * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
12964: compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
12965: Build libmissing in two flavors (one PIC one non-PIC) and link with
12966: the appropriate one.
12967: [e1e04972b5fe]
12968:
12969: 2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
12970:
12971: * include/missing.h:
12972: Add strdup and strndup and fix strsignal
12973: [c159babe2896]
12974:
12975: 2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
12976:
12977: * compat/strdup.c, compat/strndup.c, configure, configure.in,
12978: plugins/sample/Makefile.in, src/Makefile.in:
12979: Add strdup and strndup to compat
12980: [25c9fd399a4d]
12981:
12982: * plugins/sample/sample_plugin.c:
12983: Need to include compat.h before missing.h
12984: [c94f7aad380f]
12985:
12986: * compat/strsignal.c:
12987: Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
12988: it doesn't exist configure will set it to 0.
12989: [384580566389]
12990:
12991: * compat/glob.c:
12992: Fix botched ANSI C coversion of globexp2()
12993: [4a344b8cbe49]
12994:
12995: * configure, configure.in:
12996: Remove redundant getgroups check
12997: [0b16ec210c81]
12998:
12999: * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
13000: Require either termios or termio, no more sgtty.
13001: [9b2fa2f17a1c]
13002:
13003: * compat/strsignal.c, config.h.in, configure, configure.in:
13004: Change the sys_siglist check to use AC_CHECK_DECLS and also check
13005: for _sys_siglist and__sys_siglist
13006: [2e078fed2408]
13007:
13008: 2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
13009:
13010: * configure, configure.in, src/Makefile.in:
13011: Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
13012: use SUDO_OBJS for the main driver as part of OBJS.
13013: [9ae4a80a5ade]
13014:
13015: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13016: Mention in the conversation function section that a newline is not
13017: implicit.
13018: [04a233b6c491]
13019:
13020: * include/compat.h:
13021: Add definition of WCOREDUMP for systems without it. This is known
13022: to work on AIX and SunOS 4, but may be incorrect on other systems
13023: that lack WCOREDUMP.
13024: [c85b3ce6b77d]
13025:
13026: 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
13027:
13028: * plugins/sample/sample_plugin.c, src/conversation.c:
13029: conversation function no longer puts a newline at the end of info or
13030: error messages.
13031: [c534cae1ac4a]
13032:
13033: 2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
13034:
13035: * src/script.c:
13036: Use parent process group id instead of parent process id when
13037: checking foreground status and suspending parent. Fixes an issue
13038: when running commands under /usr/bin/time and others.
13039: [564f528c3bb7]
13040:
13041: 2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
13042:
13043: * aclocal.m4:
13044: transcript option is now --with not --enable
13045: [0646fac4cf93]
13046:
13047: * plugins/sample/sample_plugin.c:
13048: Add support to -u and -g flags Check fmt_string retval Add timeout
13049: for debugging purposes
13050: [cfefa4fa60b5]
13051:
13052: * src/script.c, src/sudo.c:
13053: Wire up SIGALRM handler Set close on exec flag for child side of the
13054: socketpair Fix signal handling when not doing I/O logging
13055: [379581ec7272]
13056:
13057: * src/sudo.c:
13058: g/c unused SIGCHLD handler
13059: [0afa03912dce]
13060:
13061: * src/fmt_string.c, src/parse_args.c, src/sudo.c:
13062: Don't use emalloc() in fmt_string(); we want to be able to use it
13063: from a plugin.
13064: [ade64d368147]
13065:
13066: * include/list.h:
13067: tq_remove not list_remove
13068: [0e0e1fd5c31c]
13069:
13070: * configure, configure.in:
13071: AUTH_OBJS should contain .lo files not .o files.
13072: [c64c82c9d5a2]
13073:
13074: 2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
13075:
13076: * src/parse_args.c:
13077: Simplify conversion of command line args to name=value pairs.
13078: [75ab127c6a94]
13079:
13080: * plugins/sample/sample_plugin.c:
13081: Handle NULL reply from conversation function
13082: [6ce09b6cb204]
13083:
13084: * compat/getline.c:
13085: Don't depend on emalloc/erealloc
13086: [73df09e2109f]
13087:
13088: * plugins/sample/Makefile.in:
13089: Use $(OBJS) instead of sample_plugin.lo
13090: [2d995db9aa99]
13091:
13092: * plugins/sample/sample_plugin.c:
13093: runas_user is in settings not user_info
13094: [7ee12068bc57]
13095:
13096: * src/parse_args.c:
13097: Fix a mismatch between sudo_settings and settings_pairs that causes
13098: some settings to get the wrong values.
13099: [b1bc6d81a65f]
13100:
13101: 2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
13102:
13103: * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
13104: src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
13105: src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
13106: Convert to ANSI C
13107: [d03b6e4a3b75]
13108:
13109: * src/load_plugins.c:
13110: Fix strlcpy() return value check.
13111: [7cd66999a374]
13112:
13113: * INSTALL, configure, configure.in:
13114: No longer need to substitute in script.o and pty.o; I/O logging
13115: support is always built.
13116: [45250024c5dc]
13117:
13118: 2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
13119:
13120: * src/script.c:
13121: Add fallback to /bin/sh when execve() fails with ENOEXEC.
13122: [7684a15a1352]
13123:
13124: * include/alloc.h, src/alloc.c:
13125: Add estrndup()
13126: [47621c83bed9]
13127:
13128: 2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
13129:
13130: * src/script.c, src/sudo.c:
13131: Refactor script_execve() a bit so that it can be used in non-script
13132: mode. Needs more cleanup.
13133: [f09e022d547c]
13134:
13135: * src/sudo.c:
13136: Ignore empty entries in command_info list
13137: [1eea9a8de21c]
13138:
13139: * include/list.h, src/list.c:
13140: Add tq_remove
13141: [40908a617cb2]
13142:
13143: * src/conversation.c:
13144: Pass timeout to tgetpass()
13145: [9e66c918b771]
13146:
13147: * Makefile:
13148: Add ChangeLog target
13149: [da4a39150838]
13150:
13151: * README, WHATSNEW:
13152: Bump version and update things slightly for sudo 1.8.0
13153: [4b73cc45e2d4]
13154:
13155: * configure, configure.in:
13156: Sudo now requires an ANSI/ISO C compiler
13157: [1e51f72e6964]
13158:
13159: * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
13160: src/sudo_noexec.c:
13161: Convert to ANSI C
13162: [5cbd315dbde8]
13163:
13164: * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
13165: include/list.h, include/missing.h:
13166: Convert to ANSI C
13167: [3f5016ff64f4]
13168:
13169: * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
13170: compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
13171: compat/getprogname.c, compat/glob.c, compat/glob.h,
13172: compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
13173: compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
13174: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
13175: compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
13176: compat/utimes.c:
13177: Convert to ANSI C
13178: [0d635c85461c]
13179:
13180: 2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
13181:
13182: * src/sudo.c, src/tgetpass.c:
13183: Make user_details extern so tgetpass can get at the uid and gid. Set
13184: uid/gid to user before executing askpass program. Check environment
13185: for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
13186: set the askpass program itself
13187: [d33606396176]
13188:
13189: * src/sudo.c:
13190: No longer need sudo_usage.h in sudo.c
13191: [063e2946c382]
13192:
13193: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
13194: doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
13195: src/sudo_usage.h.in:
13196: Document -D level command line flag which maps to the debug_level
13197: setting.
13198: [61f1e2ab3ac1]
13199:
13200: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13201: Document debug_level in plugin doc. Still need to document the -D
13202: flag in sudo itself.
13203: [8c62daea3e9b]
13204:
13205: 2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
13206:
13207: * plugins/sample/sample_plugin.c:
13208: include missing,h for vasprintf
13209: [92503de49b39]
13210:
13211: * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
13212: doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13213: Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
13214: [14cfb4775238]
13215:
13216: * plugins/sample/sample_plugin.c:
13217: Need to include limits.h
13218: [bda7f74343d2]
13219:
13220: * compat/glob.c:
13221: No more sudo_getpw*
13222: [232e52907634]
13223:
13224: * plugins/sample/Makefile.in, src/Makefile.in:
13225: Add missing compat bits
13226: [4843dd000e08]
13227:
13228: * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
13229: compat files should not include sudo.h wire up compat in sample
13230: plugin
13231: [a175b8185e0f]
13232:
13233: * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
13234: Fix up compat dependencies. Fix distclean target in doc/Makefile.in
13235: [57e49bc20857]
13236:
13237: * configure, configure.in:
13238: Fix typo
13239: [333655e3d5fe]
13240:
13241: * plugins/sample/sample_plugin.c:
13242: Log input and output to temp files for proof of concept.
13243: [ae1dfc34f7d6]
13244:
13245: * Makefile, configure, configure.in, doc/Makefile.in:
13246: Add doc Makefile.in and wire it up
13247: [6a310443c87d]
13248:
13249: * src/script.c:
13250: Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
13251: suspending a shell with the "suspend" builtint.
13252: [3d65f182819a]
13253:
13254: * src/script.c:
13255: In child, handle parent side of the pipe going away.
13256: [a29c14d78cd9]
13257:
13258: * src/script.c:
13259: No longer need to check for explicit death of the child (process #2)
13260: since if it dies we will get EPIPE from the socketpair. Fix a
13261: sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
13262: sudo_debug.
13263: [24c55dd4ff60]
13264:
13265: * src/sudo.c:
13266: Make sudo_debug do a single vfprintf() which will result in a single
13267: write call on most systems. Avoids problems with interleaved debug
13268: printf from different processes. Also remove an extraneous error
13269: case since recv() can't return a short read and add some more XXX.
13270: [b37a8533ef1e]
13271:
13272: 2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
13273:
13274: * src/script.c:
13275: Fix uninitialized variable.
13276: [e012a0a30890]
13277:
13278: * src/Makefile.in:
13279: Fix sudo install target
13280: [1417fa4b4ab9]
13281:
13282: * src/parse_args.c, src/sudo.c, src/sudo.h:
13283: Wire up debug_level
13284: [144fab289c73]
13285:
13286: * src/Makefile.in:
13287: Fix dependencies
13288: [5170940af2ce]
13289:
13290: * configure, configure.in:
13291: Fix setting of plugin dir
13292: [144eda170a72]
13293:
13294: * Makefile:
13295: add clean targets
13296: [d53f6f6f5c3a]
13297:
13298: * src/atobool.c:
13299: Add missing source for sudo front end
13300: [42487de9c489]
13301:
13302: * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
13303: Sample plugin demonstrating the sudo plugin API
13304: [f1fd62d7644f]
13305:
13306: * Makefile, configure, configure.in, install-sh, pathnames.h.in,
13307: plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
13308: src/fileops.c, src/fmt_string.c, src/load_plugins.c,
13309: src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
13310: src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
13311: sudo_usage.h.in:
13312: Modular sudo front-end which loads policy and I/O plugins that do
13313: most the actual work. Currently relies on dynamic loading using
13314: dlopen(). See doc/plugin.pod for the plugin API.
13315: [924f6eb2fbba]
13316:
13317: * doc/plugin.pod, include/sudo_plugin.h:
13318: Sudo plugin API
13319: [374ccbbd24ae]
13320:
13321: * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
13322: compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
13323: plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
13324: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
13325: src/fileops.c, src/sudo_edit.c:
13326: Replace emul/include.h with compat/include.h to match new source
13327: tree layout.
13328: [7eccd10449a1]
13329:
13330: * src/lbuf.c:
13331: Include missing.h for memrchr() proto
13332: [03abd63a8a33]
13333:
13334: * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
13335: TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
13336: alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
13337: auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
13338: auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
13339: auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
13340: auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
13341: closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
13342: compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
13343: compat/getline.c, compat/getprogname.c, compat/glob.c,
13344: compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
13345: compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
13346: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
13347: compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
13348: compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
13349: def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
13350: doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
13351: doc/license.pod, doc/sample.pam, doc/sample.sudoers,
13352: doc/sample.syslog.conf, doc/schema.ActiveDirectory,
13353: doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
13354: doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
13355: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
13356: doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
13357: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
13358: doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
13359: emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
13360: error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
13361: getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
13362: gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
13363: include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
13364: include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
13365: ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
13366: interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
13367: list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
13368: mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
13369: nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
13370: plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
13371: plugins/sudoers/alias.c, plugins/sudoers/auth/API,
13372: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
13373: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
13374: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
13375: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
13376: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
13377: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
13378: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
13379: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
13380: plugins/sudoers/boottime.c, plugins/sudoers/check.c,
13381: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
13382: plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
13383: plugins/sudoers/defaults.h, plugins/sudoers/env.c,
13384: plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
13385: plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
13386: plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
13387: plugins/sudoers/gram.c, plugins/sudoers/gram.h,
13388: plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
13389: plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
13390: plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
13391: plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
13392: plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
13393: plugins/sudoers/logging.c, plugins/sudoers/logging.h,
13394: plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
13395: plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
13396: plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
13397: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
13398: plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
13399: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
13400: plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
13401: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
13402: plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
13403: plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
13404: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
13405: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
13406: plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
13407: sample.pam, sample.sudoers, sample.syslog.conf,
13408: schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
13409: selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
13410: src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
13411: src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
13412: src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
13413: src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
13414: strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
13415: sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
13416: sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
13417: sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
13418: sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
13419: sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
13420: term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
13421: tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
13422: visudo.man.in, visudo.pod, zero_bytes.c:
13423: Rework source layout in preparation for modular sudo.
13424: [7fc1978c6ad5]
13425:
13426: 2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
13427:
13428: * Avoid a duplicate fclose() of the sudoers file.
13429: [5dba851088c1]
13430:
13431: * Fix size arg when realloc()ing include stack. From Daniel Kopecek
13432: [0a2935061e33]
13433:
13434: * Use setrlimit64(), if available, instead of setrlimit() when setting
13435: AIX resource limits since rlim_t is 32bits.
13436: [353db89bac61]
13437:
13438: * Fix use after free when sending error messages. From Timo Juhani
13439: Lindfors
13440: [e50dbd902382]
13441:
13442: * ChangeLog, Makefile.in:
13443: Generate the ChangeLog as part of "make dist" instead of having it
13444: in the repo.
13445: [251b70964673]
13446:
13447: 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
13448:
13449: * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
13450: auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
13451: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
13452: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
13453: auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
13454: closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
13455: emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
13456: fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
13457: gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
13458: ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
13459: isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
13460: logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
13461: mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
13462: pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
13463: sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
13464: sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
13465: strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
13466: sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
13467: sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
13468: sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
13469: term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
13470: utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
13471: Remove CVS $Sudo$ tags.
13472: [de683a8b31f5]
13473:
13474: 2010-01-18 convert-repo <convert-repo>
13475:
13476: * .hgtags:
13477: update tags
13478: [9b7aa44ae436]
13479:
13480: 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
13481:
13482: * sudo_usage.h.in:
13483: make this match sudoers SYNOPSIS
13484: [c74ba66944c2]
13485:
13486: * lbuf.c, parse.c:
13487: Print a newline between Runas and Command-specific defaults in sudo
13488: -l.
13489: [b5bdfcc9ce4b]
13490:
13491: * term.c:
13492: Use SET and CLR macros in term_raw
13493: [50ca42609d6c]
13494:
13495: * sudoreplay.c:
13496: Set stdin to non-blocking mode early instead of in check_input. Use
13497: term_raw instead of term_cbreak since the data we get has already
13498: been expanded via OPOST.
13499: [51c47e803d62]
13500:
13501: 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
13502:
13503: * script.c, term.c:
13504: Enable/disable all postprocessing instead of just nl->crnl
13505: processing since things like tab expansion matter too. However, if
13506: stdout is a tty leave postprocessing on in the pty since we run into
13507: problems doing it only on the real stdout with .e.g nvi.
13508: [62666e309673]
13509:
13510: 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
13511:
13512: * check.c:
13513: If tty_tickets is enabled and there is no tty, prompt for a
13514: password. Do not lecture user for "sudo -k command" if user has a
13515: timestamp.
13516: [5880200c5f6b]
13517:
13518: * INSTALL:
13519: Document missing options: --with-efence and --with-bsm-audit
13520: [d83afcdf9ff3]
13521:
13522: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
13523: sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
13524: sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
13525: visudo.man.in, visudo.pod:
13526: username -> user name groupname -> group name hostname -> host name
13527: [10c85646f45d]
13528:
13529: * INSTALL, README.LDAP, sudoers.pod:
13530: filename -> file name like the rest of the docs
13531: [1ef8ab5a9018]
13532:
13533: 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
13534:
13535: * parse.c:
13536: Fix printing of entries with multiple host entries on a single line.
13537: [226ceaf91d8d]
13538:
13539: 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
13540:
13541: * sudoers.pod:
13542: Mention that targetpw affects the timestamp file name.
13543: [a26e22e4f72e]
13544:
13545: * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
13546: sudoers.pod:
13547: Add compress_transcript option.
13548: [6e94f8cb9dfb]
13549:
13550: 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
13551:
13552: * configure, configure.in:
13553: bump to 1.7.3b2
13554: [906d7e347d15]
13555:
13556: * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
13557: Better split of membership vs. traditional group check in
13558: user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
13559: [6ebc55d4716b]
13560:
13561: 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
13562:
13563: * pwutil.c:
13564: Fix pasto and add default return value.
13565: [7973b5e4599c]
13566:
13567: * check.c, match.c, pwutil.c, sudo.h:
13568: refactor group member checking into user_in_group()
13569: [48ca8c2eddf8]
13570:
13571: * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
13572: sudo.h:
13573: Add support for mbr_check_membership() as present in darwin.
13574: [5501aed02b9f]
13575:
13576: 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
13577:
13578: * match.c:
13579: Rename label to be accurate
13580: [3af17dd960f7]
13581:
13582: * Makefile.in, boottime.c, check.c, config.h.in, configure,
13583: configure.in, sudo.h:
13584: Treat timestamp files from before we booted as old. Idea from and
13585: Apple patch.
13586: [5c96e484c05a]
13587:
13588: 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
13589:
13590: * sudo.c, sudo.pod, sudo_usage.h.in:
13591: Allow the -u flag to be used in conjunction with the -v flag as per
13592: older versions of sudo.
13593: [591e9fc13c1a]
13594:
13595: * logging.c:
13596: fix typo in last commit
13597: [4fd0c692dcf0]
13598:
13599: 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
13600:
13601: * logging.c:
13602: Convert fmt_first and fmt_confd into macros.
13603: [32e870158b29]
13604:
13605: * sudoers.pod:
13606: timeouts can be floats now
13607: [89de639a9679]
13608:
13609: * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
13610: defaults.h, mkdefaults:
13611: Add support for floating point timeout values (e.g. 2.5 minutes).
13612: [210ffa291733]
13613:
13614: 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
13615:
13616: * sudo.pod:
13617: The -L flag will be removed in sudo 1.7.4
13618: [ffd026084333]
13619:
13620: 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
13621:
13622: * sudoreplay.c:
13623: Fix a bug due to order of operators.
13624: [938d34464283]
13625:
13626: 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
13627:
13628: * match.c:
13629: cmnd_matches() already deals with negation so _cmndlist_matches()
13630: does not need to do so itself. Fixes a bug with negated entries in
13631: a Cmnd_List.
13632: [71c845f6ce73]
13633:
13634: 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
13635:
13636: * sudo.c:
13637: Don't exit() from open_sudoers, just return NULL for all errors.
13638: [8cfa832f972a]
13639:
13640: * script.c:
13641: Can't rely on the shell sending us SIGCONT when transitioning from
13642: backgroup to foreground process.
13643: [3c6c5b6cb4b3]
13644:
13645: * toke.c, toke.l:
13646: Add missing extern def for parse_error
13647: [45b7b59d03b7]
13648:
13649: 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
13650:
13651: * toke.c, toke.l:
13652: Avoid a parse error when #includedir doesn't find any files. Closes
13653: bug #375
13654: [1ce1b850e9e6]
13655:
13656: * Makefile.in:
13657: Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
13658: [6a22e32da108]
13659:
13660: 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
13661:
13662: * script.c:
13663: Start command out in foreground mode if stdout is a tty. Works
13664: around issues with some curses-based programs that don't handle
13665: tcsetattr getting interrupted by a signal. Still allows us to avoid
13666: hogging the tty if the command is part of a pipeline.
13667: [1c32f2b94769]
13668:
13669: * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
13670: Use a socketpair to pass signals from parent to child. Child will
13671: now pass command status change info back via the socketpair. This
13672: allows the parent to distinguish between signals it has been sent
13673: directly and signals the command has received. It also means the
13674: parent can once again print the signal notifications to the tty so
13675: all writes to the pty master occur in the parent. The command is
13676: now always started in background mode with tty signals handled by
13677: the parent.
13678: [c6790b82986d]
13679:
13680: 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
13681:
13682: * configure, configure.in:
13683: Fix a few typos in the descriptions; from Jeff Makey Only do the
13684: check for krb5_get_init_creds_opt_free() taking two arguments if we
13685: find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
13686: positive when using our own krb5_get_init_creds_opt_free which takes
13687: only a single argument.
13688: [845a9ff6f93d]
13689:
13690: 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
13691:
13692: * configure, configure.in:
13693: Remove a spurious comma in the kerb5 bits.
13694: [3433eab083db]
13695:
13696: * auth/kerb5.c:
13697: Call krb5_get_init_creds_opt_init() in our emulated
13698: krb5_get_init_creds_opt_alloc() for MIT kerberos.
13699: [7ffb40bf43e9]
13700:
13701: 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
13702:
13703: * config.h.in:
13704: Add HAVE_ZLIB
13705: [9297bde61ecc]
13706:
13707: * script.c:
13708: Need to ignore SIGTT{IN,OU} in child when running the command in the
13709: background. Also some minor cleanup.
13710: [dc208d982319]
13711:
13712: 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
13713:
13714: * script.c:
13715: Instead of calling sigsuspend when waiting for SIGUSR[12] from
13716: parent, install the signal handlers w/o SA_RESTART and let them
13717: interrupt waitpid().
13718: [759c7d18203b]
13719:
13720: * script.c:
13721: Pass along SIGHUP and SIGTERM from parent to child.
13722: [035b0e254568]
13723:
13724: * script.c:
13725: Close unused bits of script_fds in processes that don't need them.
13726: Restore default SIGCONT handler in child.
13727: [e037378ab0c1]
13728:
13729: * script.c:
13730: Update foreground/background status in SIGCONT handler in parent
13731: process.
13732: [3f7f91333264]
13733:
13734: 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
13735:
13736: * script.c:
13737: Defer setting terminal into raw mode until just before we fork() and
13738: only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
13739: and sudo is already in the foreground be sure to set raw mode before
13740: continuing the child.
13741: [1102ef40832c]
13742:
13743: 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
13744:
13745: * script.c:
13746: Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
13747: give the command the controlling tty if the main sudo process is the
13748: foreground process.
13749: [cf3a91cb5682]
13750:
13751: * script.c:
13752: Don't bother with sudo_waitpid() here for now.
13753: [9086de480c2d]
13754:
13755: * script.c:
13756: fix non-zlib case
13757: [a258bff0f9a6]
13758:
13759: 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
13760:
13761: * script.c:
13762: Remove non-wroking code that crept into rev 1.55
13763: [2802dd55cff5]
13764:
13765: 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
13766:
13767: * INSTALL, configure, configure.in, script.c, sudoreplay.c:
13768: First pass at zlib support for transcript data files
13769: [5d10260807da]
13770:
13771: * Makefile.in:
13772: remove vestiges of ZLDFLAGS
13773: [1fa0caf1c0fb]
13774:
13775: * script.c:
13776: Add missing variable declaration for when TIOCSCTTY is not defined.
13777: Need to include sys/termio.h for TIOCSCTTY on some systems.
13778: [ee7f41ac2709]
13779:
13780: * script.c:
13781: when resuming command, send SIGCONT to its pgrp not just pid
13782: [5cd63c1d565b]
13783:
13784: * selinux.c:
13785: remove unused variable
13786: [df67df4be228]
13787:
13788: * script.c:
13789: include selinux.h for is_selinux_enabled() proto
13790: [85ebaa880cc1]
13791:
13792: * script.c:
13793: Don't use log_error() in the child process.
13794: [def65fe2a433]
13795:
13796: * script.c:
13797: Do I/O in parent instead of child since the parent can have both
13798: /dev/tty as well as the pty fds open. The child just sets things up
13799: and waits for its grandchild and writes the signal description to
13800: the pty master if the command was killed by a signal.
13801: [95e473208982]
13802:
13803: 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
13804:
13805: * missing.h, sudo.h:
13806: Move two struct forward declarations from sudo.h to missing.h
13807: [90ad28294a8c]
13808:
13809: * script.c:
13810: Make comment at the top of script_exec() match reality.
13811: [c5042d27dbe0]
13812:
13813: * sudo.c:
13814: if neither stdin nor stdout is a tty, check stderr
13815: [c532ff20c8d8]
13816:
13817: * Makefile.in:
13818: Add back dependecy of gram.h on gram.y
13819: [c58382b7fcca]
13820:
13821: * script.c:
13822: Make transcript mode work as long as we can figure out our tty, even
13823: if it is not stdin. We'd like to use /dev/tty but that won't be
13824: valid after the setsid().
13825: [7b8bba8d99e7]
13826:
13827: 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
13828:
13829: * config.h.in, configure, configure.in, pty.c:
13830: Add support for IRIX-style dynamic ptys
13831: [bedc9bac44c1]
13832:
13833: * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
13834: Move alloc.c protos into alloc.h
13835: [b6a90649617d]
13836:
13837: * missing.h:
13838: Move prototypes for missing libc functions to missing.h
13839: [dda9ae1ccaf8]
13840:
13841: * Makefile.in, sudo.h, sudoreplay.c:
13842: Move prototypes for missing libc functions to missing.h
13843: [7483166b577b]
13844:
13845: 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
13846:
13847: * config.h.in, configure, configure.in:
13848: Disable transcript support if no tcsetpgrp until we support older
13849: BSD-style job control.
13850: [27ac1d8163df]
13851:
13852: * configure, configure.in, pty.c, script.c:
13853: Break out pty code into pty.c
13854: [e85509b25d41]
13855:
13856: * compat.h, config.h.in, configure, configure.in:
13857: add killpg macro if no killpg function
13858: [3a125f4a51f0]
13859:
13860: * config.h.in, configure, configure.in, script.c:
13861: Push ptem and ldterm for STERAMS-based systems when allocating a
13862: pty.
13863: [36bb39b30ff2]
13864:
13865: 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
13866:
13867: * script.c:
13868: Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
13869: [d94bd5c9bf4e]
13870:
13871: * script.c:
13872: Call tcgetpgrp() in the parent, not the child and have the child
13873: spin until it is granted. Fixes a race on darwin.
13874: [6e8d435339ce]
13875:
13876: * script.c:
13877: Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
13878: reopen slave.
13879: [0bdc63c019ca]
13880:
13881: 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
13882:
13883: * script.c:
13884: In script mode, if the command is killed by a signal, print the
13885: signal description as well as a core dump notification like the
13886: shell does.
13887: [9df61738df07]
13888:
13889: * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
13890: sudo.h:
13891: Add check for strsignal() and a simple implementation if it is not
13892: there but sys_siglist is
13893: [61421a188ef4]
13894:
13895: * script.c:
13896: Add missing WUNTRACED and store the signal that stopped the
13897: grandchild in suspended, not signo.
13898: [df65042b200e]
13899:
13900: * script.c:
13901: g/c unused code
13902: [40d8cb5c9203]
13903:
13904: * script.c:
13905: Associate the grandchild's pgrp with the tty instead of the child's
13906: and just get suspend notifications via SIGCHLD instead of directly.
13907: This fixes a hang with programs that try to set terminal attributes
13908: and is more consistent with how the shell handles things.
13909: [6865abff7e94]
13910:
13911: 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
13912:
13913: * script.c:
13914: Move setpgid() of child into the parent side of the fork() where it
13915: belongs.
13916: [3defa782777c]
13917:
13918: 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
13919:
13920: * script.c:
13921: fix typo
13922: [b6a612b3622c]
13923:
13924: * script.c:
13925: Run command in its own pgrp (like the shell does) for easier
13926: signalling. No need to relay SIGINT or SIGQUIT to parent, just send
13927: to grandchild. Don't want grandchild stopped events in the child
13928: (only termination). Flush output after suspending grandchild before
13929: signalling parent.
13930: [db556bf2176f]
13931:
13932: * script.c:
13933: Back out revision 1.34; the problem lies elsewhere.
13934: [85f590a03275]
13935:
13936: * script.c:
13937: Don't set stdout to blocking mode when flushing remaining output.
13938: It can cause us to hang when trying to exit. Need to investigate
13939: why.
13940: [6f803a3e33ca]
13941:
13942: * script.c:
13943: Handle SIGTTOU and remove some debugging.
13944: [52d17279053e]
13945:
13946: * term.c:
13947: Back out revision 1.10 as the signal that interrupts us may be
13948: SIGTTOU or SIGTTIN which the caller must handle.
13949: [7e2fa9107975]
13950:
13951: * script.c:
13952: Apparently we need to send SIGSTOP to the command as well as ourself
13953: when we get SIGTSTP, the kernel doesn't automatically stop the
13954: process for us.
13955: [1a936e9309c4]
13956:
13957: * script.c:
13958: Use an extra process to act as the glue bewteen the sessions
13959: associated with the user's controlling tty (what the shell uses) and
13960: the tty that sudo is using to do its logging. Basically, this means
13961: that if we get, e.g. SIGTSTP from the process sudo is running, we
13962: relay the signal to the parent so it's shell can do the job control.
13963: [6dd296988060]
13964:
13965: * term.c:
13966: Handle getting/setting terminal attributes when the fd is in non-
13967: blocking mode.
13968: [ae5ae535ea7b]
13969:
13970: 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
13971:
13972: * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
13973: Add support for pausing and changing the speed in interactive mode.
13974: [72a2063780a7]
13975:
13976: * script.c:
13977: Already define O_NOCTTY in compat.h, don't need it here
13978: [b5d80ed3e5ce]
13979:
13980: 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
13981:
13982: * sudoreplay.c:
13983: Add missing protos
13984: [c4cb4e7f4d8a]
13985:
13986: 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
13987:
13988: * sudo_edit.c:
13989: Always update the stashed mtime of the temp file instead of using
13990: what we have for the original because the time resolution of the
13991: filesystem the temporary is on may not match that of the filesystem
13992: that holds the original. Should fix bz #371 found by Philippe Levan.
13993: [c86ca4bec60c]
13994:
13995: * sudoreplay.c:
13996: Use cbreak mode instead of raw mode and add signal handlers to
13997: restore the tty on interrupt.
13998: [84dd283da41c]
13999:
14000: * script.c, sudo.h, term.c:
14001: Retain NL to NLCR conversion on the real tty and skip it on the pty
14002: we allocate. That way, if stdout is not a pty there are no extra
14003: carriage returns.
14004: [32e4f570414e]
14005:
14006: * script.c:
14007: Fix log_output(); just pass in a string and a length.
14008: [ca980cc0a3fb]
14009:
14010: 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
14011:
14012: * script.c:
14013: do not use errno when complaining out lack of a tty
14014: [8f9b8c55ab8e]
14015:
14016: 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
14017:
14018: * Makefile.in, sudoreplay.c, term.c:
14019: Instead of messing with line endings, just set terminal to raw mode
14020: in sudoreplay.
14021: [90943fa87acb]
14022:
14023: * term.c:
14024: When copying the terminal attributes to the pty, be sure not to set
14025: ONLCR. This prevents extra carriage returns from ending up in the
14026: script output file.
14027: [e6b5475ac2aa]
14028:
14029: * script.c:
14030: Convert a do {} while into a while
14031: [e461310d2c77]
14032:
14033: * Makefile.in:
14034: Use if then instead of test && when installing binaries that may not
14035: exist.
14036: [ad4f9490d971]
14037:
14038: * script.c:
14039: Add O_NOCTTY when opening a tty device. Explicitly disconnect from
14040: old tty before associatng with new one.
14041: [0e0ca634b80c]
14042:
14043: * script.c, selinux.c, sudo.c, sudo.h:
14044: First cut at refactoring some of the selinux code so it can be used
14045: in conjunction with sudo's transcript support.
14046: [779b0d8f9d29]
14047:
14048: 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
14049:
14050: * aclocal.m4, configure, configure.in:
14051: Fix default case of transcript_enabled being unset.
14052: [f8aa96186e6b]
14053:
14054: * script.c, sudoreplay.c:
14055: Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
14056: [2844a7a851fa]
14057:
14058: * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
14059: Hook up --disable-transcript and --enable-transcript=DIR
14060: [b3fa7e6b2480]
14061:
14062: 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
14063:
14064: * aclocal.m4, configure, configure.in, pathnames.h.in:
14065: _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
14066: transcript=DIR option to specify the directory
14067: [b0bb76d43cda]
14068:
14069: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
14070: regen
14071: [c7a8a0a9027c]
14072:
14073: * configure, configure.in, sudoers.man.pl, sudoers.pod:
14074: Substitute in default value for secure_path
14075: [c8f9ac6dbf93]
14076:
14077: * sudo.pod:
14078: Mention that the password must be followed by a newline with the -S
14079: option.
14080: [2fc589a3ee7e]
14081:
14082: 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
14083:
14084: * script.c:
14085: Go back to dropping out of the select() loop when the process dies;
14086: Linux ptys apparently don't behave the same as BSD in regards to
14087: select(). No need to flush remaining output to the transcript, only
14088: to stdout. Add back code to check the master pty for additional data
14089: when we exit the main select loop.
14090: [abed9a9cbc6b]
14091:
14092: 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
14093:
14094: * Makefile.in:
14095: Add getline.o to COMMON_OBJS
14096: [04ef7643cbc2]
14097:
14098: * Makefile.in:
14099: sudoreplay depends on libsudo.a
14100: [142bd0472631]
14101:
14102: * Makefile.in:
14103: More pwutil.o into COMMON_OBJS
14104: [4a016b933629]
14105:
14106: * pwutil.c, testsudoers.c, tsgetgrpw.c:
14107: Remove my_* redirection in pwutil.c for testsudoers and just use the
14108: normal libc get{pw,gr}* names.
14109: [9b76d637d86b]
14110:
14111: * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
14112: More time and date examples
14113: [c6ee0175ec56]
14114:
14115: * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
14116: Move nanosleep() emulation into its own file Check librt.a for
14117: nanosleep if we don't find it in libc
14118: [4da0cc26aad7]
14119:
14120: * Makefile.in, configure, configure.in:
14121: Build libsudo with the common bits and link things against that.
14122: [2b53bc0b081a]
14123:
14124: * script.c:
14125: Fix final flush.
14126: [6da287d833da]
14127:
14128: * script.c:
14129: Keep reading from the pty master -> log file until read returns <=
14130: 0. Do our best to write everything to stdout when flushing any
14131: remaining bits.
14132: [2a45d4ae280c]
14133:
14134: * sudoreplay.c:
14135: Use unbuffered I/O when writing to stdout and make sure we write the
14136: entire buffer.
14137: [f39ef9844a47]
14138:
14139: 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
14140:
14141: * sudoreplay.c:
14142: Only use max_wait if it is non-zero
14143: [f6c10604d2e8]
14144:
14145: * getdate.c, getdate.y, getline.c:
14146: Need compat.h here
14147: [5d6722e225a0]
14148:
14149: * sudoreplay.c:
14150: Fix nanosleep emulation
14151: [34e5e5d72a76]
14152:
14153: * script.c:
14154: Fix comment after #endif
14155: [bd1347718b25]
14156:
14157: * sudoreplay.c:
14158: Add protos for missing libc bits
14159: [644f496427a2]
14160:
14161: * configure, configure.in:
14162: add missing line continuation char
14163: [db13c0d402cd]
14164:
14165: * config.h.in, configure, configure.in, getline.c:
14166: Implement getline() in terms of fgetln() if we have it.
14167: [3ab786eaadc5]
14168:
14169: * sudoreplay.c:
14170: Print year when formatting log line
14171: [90be669e3443]
14172:
14173: * sudoreplay.pod:
14174: Document cwd, attempt to document time/date formats.
14175: [6290fb9b65c6]
14176:
14177: * sudoreplay.c:
14178: Fix getline return value check.
14179: [d696d6657261]
14180:
14181: * Makefile.in, config.h.in, configure, configure.in, getline.c,
14182: sudoreplay.c:
14183: Use getline() if the system has it, else use provide our own for
14184: sudoreplay.
14185: [afca1d6fbe5e]
14186:
14187: * script.c:
14188: Refactor code to update output and timing files.
14189: [361491332b1a]
14190:
14191: 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
14192:
14193: * sudoreplay.c:
14194: Make sudo_getln() behave more like glibc getline.
14195: [40c9f2ea29e6]
14196:
14197: * script.c:
14198: When flushing remaining output, also update timing file.
14199: [5a9a5a627549]
14200:
14201: * sudoreplay.c:
14202: Use get_timestr() and make the -l output look like the regular sudo
14203: log.
14204: [452ba9d436c9]
14205:
14206: * logging.c, sudo.h, timestr.c:
14207: Make get_timestr() take a time_t so we can use it properly in
14208: sudoreplay.
14209: [82e67cc53c9c]
14210:
14211: * script.c:
14212: Create session dir earlier now that we update the seq number early.
14213: [797fe8d6dc61]
14214:
14215: 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
14216:
14217: * sudoreplay.c:
14218: Use fromdate and todate as the keywords instead of from and to; the
14219: short forms will still be accepted.
14220: [d14d9b116df4]
14221:
14222: * sudoreplay.c:
14223: Fix reading long liensin sudo_getln()
14224: [58dadd74118c]
14225:
14226: * script.c, sudoreplay.c:
14227: Log the cwd in the script log file. Add sudo_getln() to read
14228: arbitrarily long lines.
14229: [faceb802ab8f]
14230:
14231: * Makefile.in, logging.c, sudo.h, timestr.c:
14232: Move get_timestr() into its own source file so sudoreplay can use
14233: it.
14234: [99b054bfa20a]
14235:
14236: 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
14237:
14238: * sudoreplay.c:
14239: Add to and from perdicates (date ranges); needs documentation
14240: [1d629174dcf4]
14241:
14242: 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
14243:
14244: * Makefile.in, getdate.c, getdate.y:
14245: Fix warning and add generated getdate.c
14246: [b877a86b5a03]
14247:
14248: * Makefile.in, getdate.y:
14249: Add getdate.y to be used for sudoreplay date parsing.
14250: [b8e26fbb7a40]
14251:
14252: 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
14253:
14254: * sudoreplay.c:
14255: Check more than just the first character of a predicate
14256: [4fe53728adb1]
14257:
14258: * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
14259: Add examples, sort predicates
14260: [70f8075cbccc]
14261:
14262: * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
14263: sudoreplay.pod:
14264: Implement search expressions in sudoreplay similar in concept to
14265: what find or tcpdump uses. TODO: date ranges
14266: [f7ce4fb4cf3a]
14267:
14268: 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
14269:
14270: * script.c:
14271: Remove vhangup as it was hanging up the wrong tty. Should really
14272: vhangup in the child after it as set its tty.
14273: [2eed9df73010]
14274:
14275: * sudoers.pod:
14276: Fix cut at documenting transcript support.
14277: [e6c533a5568a]
14278:
14279: * logging.c:
14280: ID= -> TSID= for transcript ID
14281: [1bf755a35333]
14282:
14283: 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
14284:
14285: * sudoers.pod:
14286: Move fast_glob description to where it belongs in sorted order
14287: [5901cfb0d25f]
14288:
14289: * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
14290: parse.c, parse.h, sudo.c:
14291: Rename script -> transcript
14292: [e06cf823122c]
14293:
14294: 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
14295:
14296: * compat.h:
14297: Add timeradd and timersub for those without them
14298: [929f8aa06c2b]
14299:
14300: * script.c:
14301: Sanity check sessid before using it.
14302: [aa8ca5211d43]
14303:
14304: * sudo.c:
14305: Only set the session id if we are running a command or editing a
14306: file.
14307: [7205d717c098]
14308:
14309: * script.c:
14310: Actually. qsort is fine since most versions fal back to a cheaper
14311: sort when the number of elements to sort is small (like in our
14312: case).
14313: [d11c7cd352fe]
14314:
14315: * config.h.in, configure, configure.in, script.c:
14316: Check for dup2 and use dup instead if we don't have it.
14317: [98bd89830f8a]
14318:
14319: * script.c, sudo.c, sudo.h:
14320: Move the code to dup2 the script fds to low numbered descriptors
14321: into script_duplow() and fix the fd sorting.
14322: [9453fdc5fba6]
14323:
14324: * script.c, sudo.c, sudo.h:
14325: Move script_setup() back to immediately before we drop privs and
14326: call the new script_nextid() in its place, which will set
14327: sudo_user.sessid for the logging functions.
14328: [8434d0c8ff08]
14329:
14330: 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
14331:
14332: * Makefile.in:
14333: Install sudoreplay
14334: [6acf2cdb4d3f]
14335:
14336: * sudoreplay.c:
14337: remove unused variable
14338: [2316360bb992]
14339:
14340: 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
14341:
14342: * logging.c, script.c, sudo.c, sudo.h:
14343: Log the session ID, if there is one. Currently logs ID=XXXXXX,
14344: perhaps should be SESSIONID or SESSID.
14345: [53976905b0a6]
14346:
14347: * Makefile.in, configure, configure.in, sudoreplay.cat,
14348: sudoreplay.man.in, sudoreplay.pod:
14349: Add sudoreplay docs
14350: [da4f14f0e64c]
14351:
14352: * sudoreplay.c:
14353: add -V (version) flag
14354: [b5e743639ee3]
14355:
14356: * sudoreplay.c:
14357: Hook up max_wait.
14358: [2ec5697a92ba]
14359:
14360: * script.c, sudoreplay.c:
14361: Use base36 number for the ID and store script files with paths like
14362: /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
14363: (2,176,782,336) unique IDs.
14364: [6aab019d07aa]
14365:
14366: 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
14367:
14368: * config.h.in, configure.in:
14369: Add check for regcomp
14370: [44c3ebd7ff34]
14371:
14372: * sudoreplay.c:
14373: Add support for selecting by pattern and tty when listing.
14374: [66189f840c52]
14375:
14376: 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
14377:
14378: * sudoreplay.c:
14379: The beginnings of a list mode.
14380: [8d0150b4a52c]
14381:
14382: 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
14383:
14384: * Makefile.in:
14385: fix pasto
14386: [616b4640b8a8]
14387:
14388: * Makefile.in, config.h.in, configure.in:
14389: Add scaffolding for building sudoreplay
14390: [a32958505dbe]
14391:
14392: * sudoreplay.c:
14393: include error.h first arg to nanotime is const
14394: [fe5a7bb31bc5]
14395:
14396: * sudoreplay.c:
14397: Initial cut at sudoreplay; replay a sudo session.
14398: [f149fba372bd]
14399:
14400: 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
14401:
14402: * script.c:
14403: Fix wait() usage and use correct wait status.
14404: [f4745ed7ad05]
14405:
14406: * sudo.c, sudo.h, tgetpass.c:
14407: Add protos for term_* to sudo.h
14408: [14fe1abd7e7b]
14409:
14410: * script.c:
14411: Fix detection of the child process exiting. Since the child is in
14412: its own session we should only ever get SIGCHLD for that process but
14413: better safe than sorry.
14414: [7edfdadd8505]
14415:
14416: * config.h.in:
14417: Add UNIX98 pty support.
14418: [82f4b53a0e8f]
14419:
14420: * configure, configure.in, script.c:
14421: Add UNIX98 pty support.
14422: [795b8bb0a3a1]
14423:
14424: 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
14425:
14426: * term.c:
14427: For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
14428: if it is defined.
14429: [40f8b83baf69]
14430:
14431: * auth/pam.c:
14432: Set PAM_RUSER and PAM_RHOST early so they can be used during
14433: authentication. Based on a patch from Jamie Beverly.
14434: [3d567b453a6a]
14435:
14436: * match.c:
14437: Close dir before returning if strlcpy() reports overflow. From
14438: Martynas Venckus.
14439: [6a82f96473e5]
14440:
14441: * config.h.in, configure, configure.in, script.c:
14442: On Linux, the openpty proto libes in pty.h
14443: [98643a018d1c]
14444:
14445: * script.c:
14446: Call vhangup on exit if the system has it Use setpgrp() if no
14447: setsid()
14448: [3a9e13149829]
14449:
14450: 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
14451:
14452: * config.h.in, configure, configure.in:
14453: Add checks for revoke and vhangup if we don't have openpty
14454: [fcb04572e994]
14455:
14456: * script.c:
14457: Session logging guts that got forgotten in the previous commit.
14458: [c2af08a63ea9]
14459:
14460: * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
14461: configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
14462: gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
14463: tgetpass.c:
14464: First cut at session logging for sudo. Still need to write
14465: get_pty() for Unix 98 and old-style BSD ptys. Also needs
14466: documentation and general cleanup.
14467: [77e3f5e25738]
14468:
14469: 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
14470:
14471: * sudo.c, sudo_edit.c:
14472: Fix a bug introduced with def_closefrom. The value of def_closefrom
14473: already includes the +1.
14474: [7291c136300d]
14475:
14476: 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
14477:
14478: * Makefile.in:
14479: Generate sudo distributions with pax in ustar mode. No longer need
14480: to use a temp file or have the source dir name match the version.
14481: [9778177a8272]
14482:
14483: 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
14484:
14485: * toke.c, toke.l:
14486: Fix expansion of %h in #include names. Fixes bugzilla 363
14487: [6e346879ba24]
14488:
14489: 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
14490:
14491: * mkdefaults:
14492: If no arg assume def_data.in
14493: [c1dd28c0e675]
14494:
14495: * README, WHATSNEW:
14496: Update for 1.7.2
14497: [f5ad45f69f05] [SUDO_1_7_2]
14498:
14499: * ChangeLog:
14500: sync
14501: [6283549396ff]
14502:
14503: 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
14504:
14505: * sudoers.cat, sudoers.man.in, sudoers.pod:
14506: Add missing single quotes around a colon in Runas_Spec definition.
14507: From Elias Benali.
14508: [ccc6ee4fca83]
14509:
14510: 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
14511:
14512: * sudo.man.in, sudoers.man.in:
14513: regen
14514: [546e75304ebf]
14515:
14516: * redblack.c:
14517: In rbrepair, re-color the root or the first non-block node we find
14518: to be black. Re-coloring the root is probably not needed but won't
14519: hurt.
14520: [34d01ebe241b]
14521:
14522: * sudo.cat, sudoers.cat:
14523: regen
14524: [bebf5a39f54f]
14525:
14526: 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
14527:
14528: * redblack.c:
14529: When repairing the tree, don't touch the root node.
14530: [9841f0d5d789]
14531:
14532: 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
14533:
14534: * set_perms.c:
14535: Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
14536: Reported by Josef Schmid.
14537: [ed044b1eb879]
14538:
14539: 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
14540:
14541: * sudoers.pod:
14542: Document that we accept env_pam-style environment files
14543: [e3b545456352]
14544:
14545: * env.c:
14546: Adapt to accept pam_env-style /etc/environment which allows shell-
14547: style lines such as: export EDITOR="/usr/bin/vi"
14548: [752eb75bf007]
14549:
14550: * sudoers.pod:
14551: Make it clear that env_delete only works when !env_reset. From Lo??c
14552: Minier
14553: [3bd3f8e351ba]
14554:
14555: 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
14556:
14557: * sudo.pod, sudoers.pod:
14558: Add non-unix group bits, adapted from Quest
14559: [8ce427de8dea]
14560:
14561: * Makefile.in:
14562: build the .cat page in the current working dir, not the src dir
14563: [00e87a307674]
14564:
14565: * env.c:
14566: Return EINVAL in setenv() if var is NULL or the empty string to
14567: match glibc behavior.
14568: [23fd7c247142]
14569:
14570: 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
14571:
14572: * configure, configure.in:
14573: Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
14574: [fedd4a3e2a85]
14575:
14576: 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
14577:
14578: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
14579: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
14580: regen
14581: [7b9f461a40b3]
14582:
14583: 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
14584:
14585: * INSTALL:
14586: Document --with-libvas and --with-libvas-rpath
14587: [a071e6d96c89]
14588:
14589: 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
14590:
14591: * ldap.c, sudoers.ldap.pod:
14592: For netscape-derived LDAP SDKs the cert and key paths may be a
14593: directory or a file. However, version 5.0 of the SDK only seems to
14594: support using a directory. If ldapssl_clientauth_init fails and the
14595: cert or key paths look like they could be files, strip off the last
14596: path element and try again.
14597: [ac4e49d83043]
14598:
14599: * Makefile.in:
14600: Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
14601: [4547cc1a335f]
14602:
14603: 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
14604:
14605: * configure, configure.in, match.c, sudo.c, vasgroups.c:
14606: Update non-Unix group support from Quest, as reworked by me.
14607: [1abafce29dc6]
14608:
14609: * toke.c:
14610: regen
14611: [01bfca9148b7]
14612:
14613: * toke.l:
14614: Add support for escaped hex chars in names, e.g. \x20 for space.
14615: [3c7be8e58a39]
14616:
14617: 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
14618:
14619: * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
14620: auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
14621: fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
14622: logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
14623: set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
14624: sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
14625: tgetpass.c, toke.l, visudo.c:
14626: Update copyright years.
14627: [e615f676c764]
14628:
14629: 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
14630:
14631: * interfaces.c, lbuf.c:
14632: Minor fixes for Minix-3
14633: [898c510d23f9]
14634:
14635: 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
14636:
14637: * set_perms.c:
14638: Handle getgroups() returning 0. Also add missing check for
14639: HAVE_GETGROUPS.
14640: [d73b958f9ffd]
14641:
14642: 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
14643:
14644: * Makefile.in, config.h.in, configure, configure.in, sudo.c,
14645: version.h, visudo.c:
14646: Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
14647: [5050579a264d]
14648:
14649: 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
14650:
14651: * set_perms.c:
14652: Remove group setting code in setusercontext case, we will do it
14653: ourselves later on in runas_setup. Set the gid after
14654: initgroups/setgroups is called, since on Mac OS X it seems to change
14655: the egid.
14656: [09dc21d8b42d]
14657:
14658: 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
14659:
14660: * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
14661: vasgroups.c:
14662: Initial bits of non-unix group support using Quest Authentication
14663: Services
14664: [1eecab0ff27e]
14665:
14666: * toke.c, toke.l:
14667: Accept %:foo as a non-Unix group
14668: [4c4b5dd899a6]
14669:
14670: * toke.c, toke.l:
14671: Allow user/group to be double quoted in the case of non-Unix groups
14672: which contain spaces.
14673: [47a3d568b7e8]
14674:
14675: 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
14676:
14677: * match.c:
14678: Don't allow the user to specify the default runas user if their
14679: sudoers entry only allows them to run as a group.
14680: [4d726177227c]
14681:
14682: 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
14683:
14684: * sudo.c:
14685: Must call audit_success before we change uids.
14686: [04a9e6ce6e55]
14687:
14688: * logging.c, set_perms.c, sudo.h, testsudoers.c:
14689: Add option for set_perm to not exit on failure and use this in the
14690: logging routines.
14691: [833dce7b7f42]
14692:
14693: * parse.c:
14694: In -l mode, if the user is only allowed to run as a group, display
14695: the user's name, not root's before the allowed group.
14696: [ef92ff99d265]
14697:
14698: * sudo.c:
14699: Fix -g mode, broken by rev 1.503 which had the side effect of
14700: setting the runas user to root unilaterally.
14701: [50a2f7df4385]
14702:
14703: 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
14704:
14705: * fileops.c:
14706: When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
14707: [30fbe832dcf3]
14708:
14709: * pwutil.c:
14710: Only cache by the method we fetched for pwd and grp lookups.
14711: Previously we cached both by namd and id but this can cause problems
14712: for entries that share the same id. Also add more info in the error
14713: message in case the insert fails (which should now be impossible).
14714: [ef95a4f0bab5]
14715:
14716: 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
14717:
14718: * sudoers.pod:
14719: Add a clarification from Nick Sieger
14720: [1eadad329561]
14721:
14722: 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
14723:
14724: * env.c:
14725: Inline the setting of the environment string.
14726: [9515d11c6295]
14727:
14728: 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
14729:
14730: * env.c:
14731: setenv(3) in Linux treats a NUL value as the empty string setenv(3)
14732: in BSD doesn't return an error if the name has '=' in it, it just
14733: treats the '=' as end of string.
14734: [941260bf94d2]
14735:
14736: 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
14737:
14738: * toke.c, toke.l:
14739: Not all systems have d_namlen
14740: [e377b18d8e2d]
14741:
14742: 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
14743:
14744: * sudoers.pod:
14745: Fix up some pod2html issues.
14746: [823a1f10ab60]
14747:
14748: 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
14749:
14750: * interfaces.c:
14751: Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
14752: Quest Software.
14753: [73de36653131]
14754:
14755: * sudoers.pod:
14756: Ignore files ending in '~' in sudo.d (emacs backup files)
14757: [7871fad702db]
14758:
14759: * toke.c, toke.l:
14760: Ignore files ending in '~' in sudo.d (emacs backup files)
14761: [53fded2a469f]
14762:
14763: 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
14764:
14765: * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
14766: For #includedir, ignore any file containing a dot
14767: [a7daa1bce6c2]
14768:
14769: * Makefile.in, version.h:
14770: Bump version
14771: [ef60f14ffc44]
14772:
14773: * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
14774: sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
14775: visudo.c:
14776: Implement #includedir directive. Files in an includedir are not
14777: edited by visudo unless they contain a syntax error.
14778: [3923d85a6c79]
14779:
14780: * ChangeLog:
14781: sync
14782: [8741ed61a78b] [SUDO_1_7_1]
14783:
14784: * WHATSNEW:
14785: Forgot umask_override
14786: [7c86a21a5504]
14787:
14788: * ChangeLog, TODO:
14789: sync
14790: [57339ca6bccf]
14791:
14792: 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
14793:
14794: * visudo.c:
14795: Rewind stream if we fdopen sudoers since it may not be at the
14796: beginning. Set the keepopen flag on already-open files too so the
14797: lexer doesn't close them out from under us.
14798: [61292d819aff]
14799:
14800: * visudo.c:
14801: Print the proper file name when there is a parse error in an include
14802: file.
14803: [b0e85d4aedde]
14804:
14805: 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
14806:
14807: * WHATSNEW:
14808: Sync
14809: [997e5d485ea3]
14810:
14811: 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
14812:
14813: * configure, configure.in:
14814: Fix a warning when --without-ldap is specified.
14815: [d91fd9481b30]
14816:
14817: 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
14818:
14819: * alias.c, parse.h, visudo.c:
14820: Store aliases that we remove during check_aliases in a freelist and
14821: free them at the end so we don't leak memory.
14822: [805e2272f6a3]
14823:
14824: 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
14825:
14826: * visudo.c:
14827: Check aliases in -c mode too.
14828: [9199e188d9f2]
14829:
14830: * alias.c, parse.h, visudo.c:
14831: Make alias_remove return the alias struct instead of freeing it
14832: directly. Fixes a use after free in alias_remove_recursive, the only
14833: consumer.
14834: [a04b61804800]
14835:
14836: * alias.c, match.c, parse.c, parse.h, visudo.c:
14837: Rename find_alias -> alias_find for consistency.
14838: [48b0a82924f3]
14839:
14840: 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
14841:
14842: * visudo.c:
14843: When checking for unused aliases, recurse if the alias points to
14844: another alias.
14845: [2d4d1a7f3a41]
14846:
14847: 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
14848:
14849: * ldap.c:
14850: Back out rev 1.105 for now. Real ldapux_client.conf support will be
14851: done later after some refactoring.
14852: [8ad72e69b277]
14853:
14854: 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
14855:
14856: * ldap.c:
14857: Treat ldap_hostport the same as "host" for ldapux.
14858: [3281dcc66da8]
14859:
14860: * configure, configure.in:
14861: Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
14862: Fixes compilation with ldapux.
14863: [ca1ed585ef0e]
14864:
14865: 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
14866:
14867: * fileops.c:
14868: fix char subscript
14869: [41e51f080d00]
14870:
14871: 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
14872:
14873: * Makefile.in:
14874: remove errant carriage returns
14875: [e9e258a31c7b]
14876:
14877: * audit.c, env.c:
14878: fix K&R compilation
14879: [d182e8920f13]
14880:
14881: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
14882: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
14883: regen
14884: [791a5cbf04e5]
14885:
14886: 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
14887:
14888: * config.h.in:
14889: Add missing HAVE_BSM_AUDIT
14890: [49ad1bb96f04]
14891:
14892: * WHATSNEW:
14893: Add 1.7.1 features
14894: [f107f1604c61]
14895:
14896: * INSTALL:
14897: Mention --with-netsvc
14898: [d1e90d147795]
14899:
14900: * sudoers.ldap.pod:
14901: Document netsvc.conf support
14902: [e78f8abce6af]
14903:
14904: * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
14905: sudo_nss.h:
14906: Add support for AIX netsvc.conf (like nsswitch.conf).
14907: [1df56a84dee5]
14908:
14909: 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
14910:
14911: * config.h.in, configure, configure.in, env.c:
14912: Add --enable-env-debug flag to enable environment sanity checks.
14913: [128cdd8832e7]
14914:
14915: * sudoers.ldap.pod, sudoers.pod:
14916: Work around some pod2html issue.
14917: [e733b9609bd2]
14918:
14919: 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
14920:
14921: * env.c:
14922: Only sync environ for putenv, setenv, and unsetenv. We need to make
14923: sure that sudo_putenv and sudo_setenv only modify env.envp, not
14924: environ.
14925: [be3ac732243c]
14926:
14927: 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
14928:
14929: * env.c:
14930: Really fix UNSETENV_VOID
14931: [08ab7e882507]
14932:
14933: * env.c:
14934: Fix unsetenv when UNSETENV_VOID
14935: [d3038b3f2f15]
14936:
14937: * aclocal.m4, configure:
14938: Fix SUDO_FUNC_PUTENV_CONST
14939: [de35569c572b]
14940:
14941: * ldap.c:
14942: tivoli-based ldap does not have ldapssl_err2string
14943: [c63fd90d5e99]
14944:
14945: * configure:
14946: regen
14947: [f38f1ee828ad]
14948:
14949: 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
14950:
14951: * config.h.in, configure, configure.in, ldap.c:
14952: Add support for Tivoli-based LDAP start TLS as seen in AIX.
14953: Untested.
14954: [8f8771829f85]
14955:
14956: * env.c:
14957: Add sanity checks for setenv/unsetenv
14958: [adbd1d95856b]
14959:
14960: * Makefile.in:
14961: Include bsm_audit.h in the tarball
14962: [4a4aa02b2c32]
14963:
14964: * Makefile.in, version.h:
14965: bump version for sudo 1.7.1
14966: [362c71d21595]
14967:
14968: * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
14969: env.c, ldap.c, sudo.h:
14970: Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
14971: provide our own setenv/unsetenv/putenv that operates on own env
14972: pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
14973: [276edcd23032]
14974:
14975: 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
14976:
14977: * sudo.c:
14978: Make "sudoedit -h" work as expected
14979: [2bcbbb45d389]
14980:
14981: * auth/pam.c:
14982: Make sure def_prompt is always defined. This is a workaround for
14983: pam configs that prompt for a password in the session but don't have
14984: an auth line. A better fix is to expand the sudo prompt earlier and
14985: set def_prompt to that when initializing.
14986: [ee073c04aec3]
14987:
14988: * sudo.pod:
14989: Mention that the helper for -A may be graphical.
14990: [b64a940c4082]
14991:
14992: * TROUBLESHOOTING:
14993: Document what happens if there is no tty.
14994: [313d58a856a5]
14995:
14996: * sudo.c:
14997: cosmetic changes
14998: [894f5e3b0c3e]
14999:
15000: * term.c:
15001: Fix term_restore
15002: [6c6315ff14bc]
15003:
15004: * sudo.c:
15005: Fix "sudo -k" with no other args
15006: [59e94dc419c6]
15007:
15008: 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
15009:
15010: * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
15011: Allow the -k flag to be specified in conjunction with a command or
15012: another option that may require authentication.
15013: [5960ff20355d]
15014:
15015: 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
15016:
15017: * configure, configure.in:
15018: Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
15019: [e86ab69c4a57]
15020:
15021: * Makefile.in:
15022: Parallel make fix. From Diego E. 'Flameeyes'
15023: [1289d7ee27db]
15024:
15025: 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
15026:
15027: * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
15028: Implement umask_override
15029: [8b87a3f7c5aa]
15030:
15031: * toke.c:
15032: regen
15033: [79d7ca9ac873]
15034:
15035: * sudoers.pod, toke.l, visudo.c:
15036: Implement %h escape in sudoers include filenames.
15037: [a7f288dd64f0]
15038:
15039: * audit.c:
15040: Need to include compat.h
15041: [c0dc07ce2f70]
15042:
15043: * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
15044: Make audit_success and audit_failure generic functions in
15045: preparation for integrating linux audit support.
15046: [7df020a8fd6f]
15047:
15048: * term.c:
15049: remove duplicate include
15050: [1dfcd01a7e46]
15051:
15052: 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
15053:
15054: * bsm_audit.c:
15055: Add missing include
15056: [fb56e08c37ee]
15057:
15058: * sudo.c:
15059: May need to update the runas user after parsing command-based
15060: defaults.
15061: [246f130d7802]
15062:
15063: 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
15064:
15065: * glob.c:
15066: Add missing pair of braces introduced with character class support.
15067: [0e2afa2e03e9]
15068:
15069: 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
15070:
15071: * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
15072: Rename pwstars to pwfeedback
15073: [a9f85a57ebac]
15074:
15075: 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
15076:
15077: * bsm_audit.c, bsm_audit.h:
15078: Add const to make MacOS happy.
15079: [4274432d6627]
15080:
15081: * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
15082: configure.in, sudo.c:
15083: Add bsm audit support from Christian S.J. Peron
15084: [bef61cd8693d]
15085:
15086: * term.c:
15087: This is new code, no DARPA notice.
15088: [ec6ad09b9c23]
15089:
15090: 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
15091:
15092: * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
15093: Rename simple_glob -> fast_glob
15094: [68d9ed803cc1]
15095:
15096: * match.c:
15097: g/c unused var
15098: [693fa0464eb6]
15099:
15100: * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
15101: Add simple_glob option to use fnmatch() instead of glob(). This is
15102: useful when you need to specify patterns that reference network file
15103: systems.
15104: [77ba634f6949]
15105:
15106: * tgetpass.c:
15107: add term_* proto
15108: [520f5149d073]
15109:
15110: * sudoers.pod:
15111: mention glob()
15112: [ddaab8e03c52]
15113:
15114: 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
15115:
15116: * tgetpass.c:
15117: Delete any pwstars we wrote after the user hits return. That way
15118: there is no record on screen as to the user's password length.
15119: [fae25cda762b]
15120:
15121: 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
15122:
15123: * term.c:
15124: Move terminal setting bits from tgetpass.c to term.c
15125: [03d43325ee99]
15126:
15127: * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
15128: tgetpass.c:
15129: Add pwstars sudoers option that causes sudo to print a star every
15130: time the user presses a key.
15131: [7aab417e184d]
15132:
15133: 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
15134:
15135: * Makefile.in:
15136: Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
15137: [64f70e879816]
15138:
15139: 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
15140:
15141: * ldap.c:
15142: For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
15143: indicate no limit. From Mark Janssen.
15144: [e2c5732d54f5]
15145:
15146: 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
15147:
15148: * toke.c, toke.l:
15149: Comments that begin with #- should not be parsed as uids.
15150: [a72a50f12f41]
15151:
15152: 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
15153:
15154: * sudo.c:
15155: Do not try to set the close on exec flag if we didn't actually open
15156: sudoers.
15157: [ece3ca256904]
15158:
15159: 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
15160:
15161: * ChangeLog:
15162: regen
15163: [e11f0e4c1bdd] [SUDO_1_7_0]
15164:
15165: 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
15166:
15167: * TODO:
15168: sync
15169: [5b8954462bb3]
15170:
15171: 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
15172:
15173: * auth/pam.c:
15174: Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
15175: password prompt.
15176: [8563601cb3de]
15177:
15178: * configure, configure.in:
15179: Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
15180: as it cannot generate shared objects.
15181: [6d4262ef9669]
15182:
15183: * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
15184: K&R compilation fixes
15185: [77921678d17c]
15186:
15187: * parse.c:
15188: Use tq_foreach_fwd when checking pseudo-commands to make it clear
15189: that we are not short-circuiting on last match. When pwcheck is
15190: 'all', initialize nopass to TRUE and override it with the first non-
15191: TRUE entry.
15192: [96b209f4778f]
15193:
15194: 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
15195:
15196: * parse.c:
15197: Do not short circuit pseudo commands when we get a match since,
15198: depending on the settings, we may need to examine all commands for
15199: tags.
15200: [fdbaf89d6f35]
15201:
15202: 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
15203:
15204: * sudoers.cat, sudoers.man.in:
15205: regen
15206: [1ecce7c1b841]
15207:
15208: * sudoers.pod:
15209: hostnames may also contain wildcards
15210: [82b76695601c]
15211:
15212: * Makefile.in:
15213: remove stamp-* files and linux core files in clean target
15214: [22003f091467]
15215:
15216: 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
15217:
15218: * auth/sudo_auth.h, config.h.in, configure, configure.in:
15219: Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
15220: [6905bede8410]
15221:
15222: 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
15223:
15224: * configure, configure.in:
15225: correctly enable SIA on Digital UNIX
15226: [a51881d13995]
15227:
15228: * TODO:
15229: checkpoint
15230: [af0fe8d94d42]
15231:
15232: * ChangeLog:
15233: sync
15234: [831f623cf99c]
15235:
15236: 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
15237:
15238: * check.c, sudo.h, tgetpass.c:
15239: Even if neither stdin nor stdout are ttys we may still have /dev/tty
15240: available to us.
15241: [20f306ba883b]
15242:
15243: 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
15244:
15245: * sudoers.cat, sudoers.man.in:
15246: regen
15247: [76d97c4c318f]
15248:
15249: * sudoers.pod:
15250: fix typos; Markus Lude
15251: [bff8bc1e2066]
15252:
15253: * ChangeLog:
15254: sync
15255: [f108552531cd]
15256:
15257: * toke.c:
15258: regen
15259: [de828413c67e]
15260:
15261: * toke.l:
15262: Fix matching of a line that only consists of a comment char
15263: [09c953d8d5ca]
15264:
15265: 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
15266:
15267: * auth/pam.c:
15268: MacOS pam will retry conversation function if it fails so just treat
15269: ^C as an empty password.
15270: [d056058930bc]
15271:
15272: * visudo.c:
15273: When checking for alias use, also check defaults bindings.
15274: [2647f82c7dbd]
15275:
15276: * redblack.c:
15277: unused var
15278: [b7ff71c17c18]
15279:
15280: * redblack.c:
15281: Replace my rbdelete with Emin's version (which actually works ;-)
15282: [21b133dd0c72]
15283:
15284: 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
15285:
15286: * testsudoers.c:
15287: malloc debugging
15288: [0fb446fa3279]
15289:
15290: * visudo.c:
15291: malloc options in devel mode for visudo too
15292: [98d06c6afeef]
15293:
15294: 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
15295:
15296: * sudo.c:
15297: fix compilation on non-C99; from Theo
15298: [7c304e16c536]
15299:
15300: * visudo.c:
15301: fix check_aliases
15302: [83f30a3b1765]
15303:
15304: * alias.c:
15305: when destroying an alias, free the correct data pointer
15306: [6e1a8bd86c01]
15307:
15308: * auth/sudo_auth.h:
15309: add proto for aixauth_cleanup; from Dale King
15310: [eba94ffc8f63]
15311:
15312: 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
15313:
15314: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
15315: visudo.man.in:
15316: regen
15317: [409fa57fff83]
15318:
15319: * sudo.pod, sudoers.pod, visudo.pod:
15320: standardize on the term 'option' for command line options (not flag)
15321: [228caefc2e36]
15322:
15323: 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
15324:
15325: * INSTALL:
15326: Add note on configuring HP-UX pam
15327: [f7674a581baf]
15328:
15329: 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
15330:
15331: * check.c, sudo.c:
15332: Move tty checks into check_user() so we only do them if we actually
15333: need a password.
15334: [7d997d7106d6]
15335:
15336: * sudo.c:
15337: Don't error out if no tty or askpass unless we actually need to
15338: authenticate.
15339: [9f23b83ed66c]
15340:
15341: 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
15342:
15343: * ChangeLog:
15344: regen
15345: [23f9aef32da6]
15346:
15347: * pathnames.h.in, sudo.c:
15348: s/overriden/overridden/; from Tobias Stoeckmann
15349: [9f7459a8fac5]
15350:
15351: 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
15352:
15353: * WHATSNEW, visudo.c:
15354: check sudoers owner and mode in strict mode
15355: [a3468c5ac1c4]
15356:
15357: * gram.c, toke.c:
15358: regen
15359: [7d6b515a5443]
15360:
15361: * sudo.man.in, sudoers.man.in, visudo.man.in:
15362: Update copyright years.
15363: [52d340cb8cba]
15364:
15365: * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
15366: auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
15367: auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
15368: closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
15369: gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
15370: interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
15371: parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
15372: sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
15373: testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
15374: visudo.pod, zero_bytes.c:
15375: Update copyright years.
15376: [b4e6bf2beafa]
15377:
15378: * emul/charclass.h, fnmatch.c, glob.c:
15379: add my copyright
15380: [28681385014a]
15381:
15382: 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
15383:
15384: * toke.c, toke.l:
15385: The loop in fill_cmnd() was going one byte too far past the end,
15386: resulting in a NUL being written immediately after the buffer end.
15387: [a5a49d603cd7]
15388:
15389: * UPGRADE, WHATSNEW:
15390: add sections on tgetpass changes
15391: [2e6929b6a102]
15392:
15393: * tgetpass.c:
15394: Treat EOF w/o newline as an error.
15395: [aa02b1db9240]
15396:
15397: 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
15398:
15399: * parse.c:
15400: Fix "sudo -v" when NOPASSWD is set.
15401: [f4914711ea80]
15402:
15403: * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
15404: auth/sudo_auth.h:
15405: No longer treat an empty password at the prompt as special. To quit
15406: out of sudo you now need to hit ^C at the password prompt.
15407: [980f760ad419]
15408:
15409: * sudoers.cat, sudoers.man.in:
15410: regen
15411: [6ca21a2cd869]
15412:
15413: * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
15414: Sudo will now refuse to run if no tty is present unless the new
15415: visiblepw sudoers flag is set.
15416: [0cc56943252e]
15417:
15418: 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
15419:
15420: * aix.c:
15421: just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
15422: defined
15423: [24fc6f712d5c]
15424:
15425: * aix.c:
15426: fix fallback value for RLIM_SAVED_MAX
15427: [e09e04e1af89]
15428:
15429: * auth/aix_auth.c, auth/sudo_auth.h:
15430: Move clearing of AUTHSTATE into aixauth_cleanup.
15431: [e14ae7bd259c]
15432:
15433: * auth/aix_auth.c, env.c:
15434: Unset AUTHSTATE after calling authenticate() as it may not be
15435: correct for the user we are running the command as.
15436: [d14f68f1b0ab]
15437:
15438: * isblank.c:
15439: Add isblank() function for systems without it. Needed for POSIX
15440: character class matching in fnmatch.c and glob.c.
15441: [16cba30b283f]
15442:
15443: 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
15444:
15445: * TROUBLESHOOTING:
15446: expound on sudo and cd
15447: [8e0fa9033637]
15448:
15449: 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
15450:
15451: * ChangeLog:
15452: regen
15453: [40cf320a10fc]
15454:
15455: * sudoers.cat, sudoers.man.in:
15456: regen
15457: [7cac761ae2c6]
15458:
15459: * sudoers.pod:
15460: mention defauts parse order
15461: [4e2ce86d1394]
15462:
15463: 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
15464:
15465: * Makefile.in, aclocal.m4, compat.h, configure:
15466: Add isblank() function for systems without it. Needed for POSIX
15467: character class matching in fnmatch.c and glob.c.
15468: [a1ab55da8424]
15469:
15470: * Makefile.in:
15471: add emul/charclass.h to HDRS
15472: [7e8a019dcaa4]
15473:
15474: 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
15475:
15476: * TODO:
15477: checkpoint
15478: [afeb9bc1baed]
15479:
15480: * defaults.c, parse.c, testsudoers.c, visudo.c:
15481: Move update_defaults into defaults.c and call it properly from
15482: visudo and testsudoers.
15483: [f4dbb369461f]
15484:
15485: * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
15486: tsgetgrpw.c:
15487: use zero_bytes() instead of memset() for consistency
15488: [4cee0465f4a8]
15489:
15490: * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
15491: visudo.c:
15492: Zero out sigaction_t before use in case it has non-standard entries.
15493: [120092225459]
15494:
15495: * match.c:
15496: quiet gcc
15497: [098a1df49b23]
15498:
15499: * match.c:
15500: Short circuit glob() checks if basename(pattern) !=
15501: basename(command). Refactor code that checks for a command in a
15502: directory and use it in the glob case if the resolved pattern ends
15503: in a '/'.
15504: [3c46fd317acb]
15505:
15506: 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
15507:
15508: * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
15509: Defer setting runas defaults until after runaspw/gr is setup.
15510: [12e75ee49c0c]
15511:
15512: 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
15513:
15514: * match.c, sudo.c, testsudoers.c:
15515: Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
15516: systems do not include space for the NUL in the size. Also manually
15517: NUL-terminate buffer from gethostname() since POSIX is wishy-washy
15518: on this.
15519: [7266ab3296a3]
15520:
15521: 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
15522:
15523: * sudo.c, sudoers.pod:
15524: When setting the umask, use the union of the user's umask and the
15525: default value set in sudoers so that we never lower the user's umask
15526: when running a command.
15527: [4e804b004e38]
15528:
15529: * sudo.c:
15530: Don't try to read from a zero-length sudoers file. Remove the bogus
15531: Solaris work-around for EAGAIN. Since we now use fgetc() it should
15532: not be a problem.
15533: [bb8e5f68d944]
15534:
15535: 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
15536:
15537: * parse.c:
15538: In update_defaults() check the return value of user*_matches against
15539: ALLOW so we don't inadvertantly match on UNSPEC.
15540: [4e422fa1527e]
15541:
15542: 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
15543:
15544: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
15545: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
15546: regen man pages; no more hyphenation
15547: [15de4fe2fe01]
15548:
15549: * sudo.c:
15550: Don't error out on a zero-length sudoers file. With the advent of
15551: #include the user could create a situation where sudo is unusable.
15552: [6eb461319fa5]
15553:
15554: 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
15555:
15556: * auth/kerb5.c, config.h.in, configure, configure.in:
15557: Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
15558: krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
15559: all. Add configure tests to handle all the cases.
15560: [4b554a98470d]
15561:
15562: 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
15563:
15564: * sudo.pod:
15565: resort ENVIRONMENT
15566: [f4f20f40653e]
15567:
15568: * sudoers.pod:
15569: document sudoers_locale
15570: [0bffd2dbe806]
15571:
15572: * sudo.pod, sudo_edit.c:
15573: add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
15574: or EDITOR
15575: [0ef8cb248cee]
15576:
15577: * toke.c, toke.l:
15578: In fill_cmnd(), collapse any escaped sudo-specific characters.
15579: Allows character classes to be used in pathnames.
15580: [5685244c8e44]
15581:
15582: 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
15583:
15584: * lbuf.c:
15585: fix typo in non-C89 function declaration
15586: [99a7113b3a05]
15587:
15588: * sudoers.pod:
15589: Mention POSIX characters classes now that out fnmatch() and glob()
15590: support them.
15591: [9c916f1230c3]
15592:
15593: * sample.sudoers, sudoers.pod:
15594: Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
15595: locale agnostic.
15596: [a60a62bec244]
15597:
15598: * parse.h:
15599: use __signed char if we are going to assign a negative value since
15600: on Power, char is unsigned by default
15601: [2877b319df17]
15602:
15603: * config.h.in, configure, configure.in:
15604: Add tests for __signed char and signed char.
15605: [5eb874fdf1d4]
15606:
15607: * aix.c:
15608: Fix AIX limit setting. getuserattr() returns values in disk blocks
15609: rather than bytes. The default hard stack size in newer AIX is
15610: RLIM_SAVED_MAX. From Dale King.
15611: [3db67415ecc3]
15612:
15613: 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
15614:
15615: * emul/charclass.h, fnmatch.c, glob.c:
15616: Add character class support to included glob(3) and fnmatch(3).
15617: [6b5b4ad77899]
15618:
15619: 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
15620:
15621: * emul/fnmatch.h:
15622: Remove UCB advertising clause and some compatibility defines.
15623: [2ade7bee74e1]
15624:
15625: 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
15626:
15627: * sudo_edit.c:
15628: Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
15629: or sudo. This allows one to set EDITOR to sudoedit without getting
15630: into an infinite loop of sudoedit running itself until the path gets
15631: too big.
15632: [aa49ab68f82d]
15633:
15634: * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
15635: Add sudoers_locale Defaults option to override the default sudoers
15636: locale of "C".
15637: [0639886a35bf]
15638:
15639: 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
15640:
15641: * sudo.c:
15642: Set locale to system default except for during sudoers parse.
15643: [016dd2736728]
15644:
15645: 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
15646:
15647: * match.c:
15648: Redo change in 1.34 to use pointer arithmetic.
15649: [f9e7b63bb450]
15650:
15651: 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
15652:
15653: * match.c:
15654: Fix a dereference (read) of a freed pointer. Reported by Patrick
15655: Williams.
15656: [69877b633753]
15657:
15658: 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
15659:
15660: * sudo.c:
15661: Set locale to "C" to avoid interpretation issues with character
15662: ranges in sudoers. May want to make the locale a sudoers option in
15663: the future.
15664: [098a95de1746]
15665:
15666: 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
15667:
15668: * config.h.in:
15669: we no longer use setproctitle
15670: [c7f20fb747ea]
15671:
15672: * sudo.h:
15673: remove #if 1
15674: [a368ee6816c6]
15675:
15676: * LICENSE, mkstemp.c:
15677: Use my replacement mkstemp() from the mktemp package.
15678: [d07c2beb0f9e]
15679:
15680: 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
15681:
15682: * gram.c:
15683: regen with yacc skeleton bug fixed
15684: [24784571cbb8]
15685:
15686: * sudoers.pod:
15687: Remove duplicate "as root". From Martin Toft.
15688: [97241acfee5e]
15689:
15690: 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
15691:
15692: * pwutil.c, sudo.c, sudo.h, testsudoers.c:
15693: Flesh out the fake passwd entry used for running commands as a uid
15694: not listed in the passwd database. Fixes an issue with some PAM
15695: modules.
15696: [a6648227f3f2]
15697:
15698: 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
15699:
15700: * sudo.c:
15701: Error out in -i mode if the user has no shell. This can happen when
15702: running commands as a uid with no password entry.
15703: [0c174bef36ff]
15704:
15705: 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
15706:
15707: * toke.c, toke.l:
15708: Better fix for line continuation inside double quotes. Now accepts
15709: whitespace between the backslash and the newline like the main
15710: lexer.
15711: [64efcdf86d31]
15712:
15713: 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
15714:
15715: * toke.c, toke.l:
15716: Fix line continuation in strings. It was only being honored if
15717: preceded by whitespace.
15718: [96c21271a3e4]
15719:
15720: 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
15721:
15722: * config.h.in, configure, configure.in, logging.c:
15723: Replace the double fork with a fork + daemonize.
15724: [328505441e67]
15725:
15726: 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
15727:
15728: * env.c, sudo.c:
15729: The -i flag should imply env_reset. This got broken in sudo 1.6.9.
15730: [3caedfeaec87]
15731:
15732: * logging.c, sudo.c, sudo_edit.c, visudo.c:
15733: Change how the mailer is waited for. Instead of having a SIGCHLD
15734: handler, use the double fork trick to orphan the child that opens
15735: the pipe to sendmail. Fixes a problem running su on some Linux
15736: distros.
15737: [b59ce60a393d]
15738:
15739: 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
15740:
15741: * configure, configure.in:
15742: Fix configure test for dirfd() on Linux where DIR is opaque.
15743: [b8f729cdfecc]
15744:
15745: 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
15746:
15747: * tgetpass.c:
15748: Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
15749: this problem we'll need to revisit this again.
15750: [c17fee8ad530]
15751:
15752: 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
15753:
15754: * logging.c:
15755: Ignore SIGPIPE instead of blocking it when piping to the mailer. If
15756: we only block the signal it may be delivered later when we unblock.
15757: Also, there is no need to block SIGCHLD since we no longer do the
15758: double fork. The normal SIGCHLD handler is sufficient.
15759: [e94a49e992e5]
15760:
15761: 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
15762:
15763: * configure, configure.in:
15764: Add description for NO_PAM_SESSION, from a redhat patch.
15765: [b9e4c939ec09]
15766:
15767: 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
15768:
15769: * sudo.cat, sudo.man.in, sudo.pod:
15770: Fix typos in -i usage
15771: [2d7ce5de0235]
15772:
15773: 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
15774:
15775: * configure, configure.in:
15776: Redo the test for dgettext() in a way that hopefully will work
15777: around the libintl_dgettext() undefined problem.
15778: [d27beb0cf85e]
15779:
15780: 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
15781:
15782: * schema.ActiveDirectory:
15783: change filename in comment
15784: [733da4ee9ac5]
15785:
15786: 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
15787:
15788: * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
15789: sudoers.ldap.pod:
15790: Reference schema.ActiveDirectory
15791: [d6aec537800e]
15792:
15793: 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
15794:
15795: * schema.OpenLDAP, schema.iPlanet:
15796: Mark sudoRunAs as deprecated.
15797: [00c50df807af]
15798:
15799: * schema.ActiveDirectory:
15800: add sudoRunAsUser and sudoRunAsGroup
15801: [19bcce6f72fb]
15802:
15803: * schema.ActiveDirectory:
15804: Active Directory schema by Chantal Paradis and Eric Paquet
15805: [06a09c92c6a5]
15806:
15807: 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
15808:
15809: * parse.c:
15810: remove an XXX that was fixed
15811: [b88038062fa2]
15812:
15813: * ChangeLog:
15814: sync
15815: [8fc27c17270e]
15816:
15817: * parse.c:
15818: Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
15819: fixes a problem where the tag value printed was influenced by
15820: defaults set in the first pass through the parser.
15821: [588ccd630367]
15822:
15823: 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
15824:
15825: * Makefile.in, sudo.psf:
15826: No point in packaging the TODO file
15827: [9590248fffe1]
15828:
15829: * ChangeLog:
15830: sync
15831: [152acf4c6813]
15832:
15833: 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
15834:
15835: * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
15836: sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
15837: Add env_file Defaults option that is similar to /etc/environment on
15838: some systems.
15839: [1daf53d51e18]
15840:
15841: 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
15842:
15843: * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
15844: sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
15845: version.h, visudo.cat, visudo.man.in:
15846: change version to 1.7.0
15847: [d41d126b9bd8]
15848:
15849: * UPGRADE:
15850: initial valgrind pass done
15851: [c59c3876d8ca]
15852:
15853: 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
15854:
15855: * ldap.c:
15856: Fix typo/think in sudo_ldap_read_secret() when storing the secret.
15857: [830d246c09b0]
15858:
15859: 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
15860:
15861: * ldap.c:
15862: define LDAPS_PORT if the system headers do not
15863: [247b12325701]
15864:
15865: 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
15866:
15867: * gram.c, gram.y:
15868: Fix another memory leak in init_parser().
15869: [7bba47deba11]
15870:
15871: * configure, configure.in:
15872: There was a missing space before the ldap libs in SUDO_LIBS for some
15873: configurations.
15874: [7524cfc93759]
15875:
15876: * alias.c, gram.c, gram.y, toke.c, toke.l:
15877: Clean up some memory leaks pointed out by valgrind.
15878: [a965866ece1a]
15879:
15880: 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
15881:
15882: * sudo.c:
15883: fix "sudo -s" broken by mode/flags breakout
15884: [acffe984d408]
15885:
15886: * configure, configure.in:
15887: remove duplicate check for dgettext
15888: [58145529133c]
15889:
15890: 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
15891:
15892: * aix.c:
15893: Fall back to default stanza if no user-specific limit is found.
15894: [7b8cb29123ee]
15895:
15896: 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
15897:
15898: * snprintf.c:
15899: include stdint.h if present
15900: [f0ec38529306]
15901:
15902: * snprintf.c:
15903: Use LLONG_MAX, not the old QUAD_MAX
15904: [01041ce508fb]
15905:
15906: 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
15907:
15908: * sudoers.ldap.pod:
15909: fix cut and pasto
15910: [34240fdef5ab]
15911:
15912: 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
15913:
15914: * pwutil.c:
15915: Add #ifdef PURITY
15916: [ce1b571ad526]
15917:
15918: 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
15919:
15920: * auth/bsdauth.c:
15921: remove useless cast
15922: [494f8a862e1d]
15923:
15924: 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
15925:
15926: * ChangeLog:
15927: sync
15928: [f5c97ffaabcc]
15929:
15930: * TODO:
15931: sync
15932: [96ff1c44c182]
15933:
15934: * sudo.h:
15935: Split MODE_* defines into primary and flags.
15936: [c02ee3027cb9]
15937:
15938: 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
15939:
15940: * aix.c:
15941: It turns out the logic for getting AIX limits is more convoluted
15942: than I realized and differs depending on whether the soft and/or
15943: hard limits are defined.
15944: [cf8d3f85d395]
15945:
15946: 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
15947:
15948: * Makefile.in, configure, configure.in:
15949: Back out AIX-specific change to set the sudo_noexec path to the .a
15950: file, we do really want to use the .so file. Since libtool doesn't
15951: do that correctly, just install the .so file ourselves in the
15952: Makefile.
15953: [05c6f33177d9]
15954:
15955: * install-sh:
15956: If the file given to install is a path, only use the basename of the
15957: file when building the destination path.
15958: [695ba4e429ce]
15959:
15960: 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
15961:
15962: * sudo.c:
15963: parse_args() cleanup: Sort command line options in the getopt()
15964: switch The -U option requires a parameter Normalize a few ISSET
15965: calls Split mode into mode and flags and retire the now-obsolete
15966: excl variable
15967: [0d156835f861]
15968:
15969: * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
15970: sudo_usage.h.in:
15971: Add -n (non-interactive) flag.
15972: [e3e50400d32d]
15973:
15974: * sudo.c:
15975: Move version printing, etc. into a separate function.
15976: [18c91b476e2c]
15977:
15978: * sudo.c:
15979: Don't try to cleanup nsswitch if it has not been initialized.
15980: [aeb1ca1b399d]
15981:
15982: 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
15983:
15984: * logging.c:
15985: Block SIGPIPE in send_mail() so sudo is not killed by a problem
15986: executing the mailer.
15987: [f130e7924cca]
15988:
15989: 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
15990:
15991: * configure, configure.in:
15992: AIX shared libs end in .a, not .so.
15993: [a5deb07020d8]
15994:
15995: 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
15996:
15997: * env.c:
15998: Preserve HOME by default too. Matches documentation and previous
15999: behavior.
16000: [c16f17f1047c]
16001:
16002: 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
16003:
16004: * sudo.c:
16005: Use getopt() to parse the command line. We need to be able to
16006: intersperse env variables and options yet still honor "--"" which
16007: complicates things slightly.
16008: [60f271ce5c16]
16009:
16010: 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
16011:
16012: * ChangeLog:
16013: sync
16014: [685e67964eda]
16015:
16016: * acsite.m4, configure, ltmain.sh:
16017: update to libtool-1.5.26
16018: [4c9a8c3d3b40]
16019:
16020: * config.guess, config.sub:
16021: update from libtool-1.5.26 distribution
16022: [c6641aef2527]
16023:
16024: * aix.c, sudo.h:
16025: attempt to fix compilation errors on AIX
16026: [edb13e5b2184]
16027:
16028: * Makefile.in:
16029: fix typo in last commit
16030: [25ba7f7ceae4]
16031:
16032: * Makefile.in:
16033: Add WHATSNEW file to the distribution
16034: [213f4115de8f]
16035:
16036: * visudo.c:
16037: use warningx instead of fprintf(stderr, ...)
16038: [a3494b8ccb19]
16039:
16040: * list.c:
16041: add DEBUG to list2tq
16042: [115d24a3000c]
16043:
16044: * ChangeLog, TODO:
16045: sync
16046: [60e6f4d1fac0]
16047:
16048: * WHATSNEW:
16049: mention mailfrom
16050: [e2498f9e18d6]
16051:
16052: * Makefile.in, aix.c, config.h.in, configure, configure.in,
16053: set_perms.c, sudo.h:
16054: Add aix_setlimits() to set resource limits on AIX using a
16055: combination of getuserattr() and setrlimit(). Currently untested.
16056: [9b1441fd89ca]
16057:
16058: 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
16059:
16060: * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
16061: sudoers.man.in, sudoers.pod:
16062: Add mailfrom Defaults option that sets the value of the From: field
16063: in the warning/error mail. If unset the login name of the invoking
16064: user is used.
16065: [029b9f05d3d9]
16066:
16067: * defaults.c:
16068: store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
16069: [a90e407d5e00]
16070:
16071: * gram.c, gram.y:
16072: When adding a default, only call list2tq() once to do the list to tq
16073: conversion. It is not legal to call list2tq multiple times on the
16074: same list since list2tq consumes and modifies the list argument.
16075: [fbc25d245c4a]
16076:
16077: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
16078: comment out XXXs for now
16079: [595a1d43309d]
16080:
16081: * WHATSNEW:
16082: mention askpass
16083: [b993e0837c22]
16084:
16085: 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
16086:
16087: * sudo.c:
16088: Error out if both -A and -S are specified Error out if -A is
16089: specified but no askpass is configured
16090: [24f1df2638f6]
16091:
16092: * configure, configure.in:
16093: we are not going to ship a sudo-specific askpass
16094: [61949e7a3943]
16095:
16096: 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
16097:
16098: * sudo.h:
16099: fix definition of TGP_ASKPASS
16100: [0447c57ba4c3]
16101:
16102: * def_data.c, def_data.in:
16103: make askpass boolean-capable
16104: [e0885893a325]
16105:
16106: * INSTALL:
16107: document --with-askpass
16108: [c76e15ba97cf]
16109:
16110: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
16111: sudoers.man.in, visudo.cat:
16112: regen
16113: [8d16242980b7]
16114:
16115: 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
16116:
16117: * sudo.pod, sudo_usage.h.in, sudoers.pod:
16118: document -A and askpass
16119: [02c07505a78c]
16120:
16121: * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
16122: def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
16123: sudo_usage.h.in, tgetpass.c:
16124: Add support for running a helper program to read the password when
16125: no tty is present (or when specified with the -A flag). TODO: docs.
16126: [05780f5f71fd]
16127:
16128: * def_data.c, def_data.in:
16129: add missing printf format to SELinux role and type strings
16130: [2b32774715e7]
16131:
16132: 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
16133:
16134: * INSTALL, configure, configure.in:
16135: Disable use of gss_krb5_ccache_name() by default and add
16136: --enable-gss-krb5-ccache-name configure option to enable it. It
16137: seems that gss_krb5_ccache_name() doesn't work properly with some
16138: combinations of Heimdal and OpenLDAP.
16139: [f61ebd3b19bd]
16140:
16141: 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
16142:
16143: * selinux.c:
16144: Ignore setexeccon() failing in permissive mode. Also add a call to
16145: setkeycreatecon() (though this is probably insufficient). From Dan
16146: Walsh.
16147: [52564fc1c069]
16148:
16149: * auth/pam.c:
16150: Only set std_prompt for the PAM_PROMPT_* cases. The conversation
16151: function may be called for non-password reading purposes so we must
16152: be careful not to use def_prompt in cases where it may not be set.
16153: [29d88ca575ba]
16154:
16155: 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
16156:
16157: * selinux.c:
16158: Don't free the new tty context, we need to keep it around when we
16159: restore the tty context after the command completes
16160: [5b4bd39b6ea8]
16161:
16162: 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
16163:
16164: * selinux.c:
16165: s/newrole/sudo/
16166: [21b8a96ff8df]
16167:
16168: * sudo.man.pl, sudo.pod:
16169: Only put login_cap(3) in SEE ALSO section if we have login.conf
16170: support
16171: [05250ddff2c0]
16172:
16173: 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
16174:
16175: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
16176: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
16177: regen
16178: [301e5c5ccdbe]
16179:
16180: * sudoers.pod:
16181: Substitute in comment characters for lines partaining to login.conf,
16182: BSD auth and SELinux and only enable them if pertinent.
16183: [c1c98fa163ce]
16184:
16185: * sudoers.man.pl:
16186: Substitute in comment characters for lines partaining to login.conf,
16187: BSD auth and SELinux and only enable them if pertinent.
16188: [6c88f30b878a]
16189:
16190: * sudo.pod:
16191: Substitute in comment characters for lines partaining to login.conf,
16192: BSD auth and SELinux and only enable them if pertinent.
16193: [acdbdfd24e1d]
16194:
16195: * sudo.man.pl:
16196: Substitute in comment characters for lines partaining to login.conf,
16197: BSD auth and SELinux and only enable them if pertinent.
16198: [0c56d4750ac3]
16199:
16200: * Makefile.in, configure, configure.in:
16201: Substitute in comment characters for lines partaining to login.conf,
16202: BSD auth and SELinux and only enable them if pertinent.
16203: [9a02bd6a6658]
16204:
16205: * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
16206: Remove the =cut on the first line (above the copyright notice) to
16207: quiet pod2man. Also remove the hackery in the FILES section and
16208: just deal with the fact that there will a newline between each
16209: pathname.
16210: [2ac1ab191835]
16211:
16212: 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
16213:
16214: * Makefile.in:
16215: run sudo.man.pl when generating sudo.man.in
16216: [859727369168]
16217:
16218: * configure, configure.in, sudo.man.pl:
16219: comment out SELinux manual bits unless --with-selinux was specified
16220: [97ff4212b649]
16221:
16222: * sudoers.pod:
16223: document role and type defaults for SELinux
16224: [870f303366b3]
16225:
16226: * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
16227: Document "sudo -ll" and make "sudo -l -l" be equivalent.
16228: [3ce6dc429ea3]
16229:
16230: 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
16231:
16232: * configure, configure.in:
16233: Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
16234: Debian GNU/kFreeBSD.
16235: [c4efa567a328]
16236:
16237: 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
16238:
16239: * auth/kerb5.c:
16240: Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
16241: verify_krb_v5_tgt()
16242: [f80538e5a6fa]
16243:
16244: * logging.c, logging.h, sudo.c:
16245: Remove dependence on VALIDATE_NOT_OK in logging functions. Split
16246: log_auth() into log_allowed() and log_denial() Replace mail_auth()
16247: with should_mail() and a call to send_mail()
16248: [58aac9997557]
16249:
16250: 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
16251:
16252: * ldap.c:
16253: Add debugging so we can tell if the krb5 ccache is accessible
16254: [c679322527bb]
16255:
16256: * INSTALL:
16257: mention --with-selinux
16258: [9efbe0b52194]
16259:
16260: 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
16261:
16262: * configure:
16263: regen
16264: [467a834f867c]
16265:
16266: * selinux.c:
16267: add Sudo tag
16268: [d004ee669bed]
16269:
16270: * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
16271: sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
16272: testsudoers.c, toke.c, toke.l:
16273: Add support for SELinux RBAC. Sudoers entries may specify a role
16274: and type. There are also role and type defaults that may be used.
16275: To make sure a transition occurs, when using RBAC commands are
16276: executed via the new sesh binary. Based on initial changes from Dan
16277: Walsh.
16278: [1d4abfe2c004]
16279:
16280: * sesh.c:
16281: Add support for SELinux RBAC. Sudoers entries may specify a role
16282: and type. There are also role and type defaults that may be used.
16283: To make sure a transition occurs, when using RBAC commands are
16284: executed via the new sesh binary. Based on initial changes from Dan
16285: Walsh.
16286: [1e3b395ce049]
16287:
16288: * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
16289: def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
16290: pathnames.h.in, selinux.c:
16291: Add support for SELinux RBAC. Sudoers entries may specify a role
16292: and type. There are also role and type defaults that may be used.
16293: To make sure a transition occurs, when using RBAC commands are
16294: executed via the new sesh binary. Based on initial changes from Dan
16295: Walsh.
16296: [6b421948286e]
16297:
16298: 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
16299:
16300: * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
16301: Add long list (sudo -ll) support for printing verbose LDAP and
16302: sudoers file entries. Still need to update manual.
16303: [2875be37935c]
16304:
16305: 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
16306:
16307: * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
16308: Unify the -l output for file and ldap based sudoers and use lbufs
16309: for both. The ldap output does not currently include options that
16310: cannot be represented as tags. This will be remedied in a long list
16311: output mode to come.
16312: [b2e429456596]
16313:
16314: 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
16315:
16316: * set_perms.c:
16317: Use a specific error message for errno == EAGAIN when setuid() et al
16318: fails. On Linux systems setuid() will fail with errno set to EAGAIN
16319: if changing to the new uid would result in a resource limit
16320: violation.
16321: [08d0aecd9f03]
16322:
16323: * sudo.c:
16324: Unlimit nproc on Linux systems where calling the setuid() family of
16325: syscalls causes the nroc resource limit to be checked. The limits
16326: will be reset by pam_limits.so when PAM is used. In the non-PAM
16327: case the nproc limit will remain unlimited but there doesn't seem to
16328: be a way around that other than having sudo parse
16329: /etc/security/limits.conf directly.
16330: [df024b415a8d]
16331:
16332: * env.c, sudo.c, sudo.pod:
16333: Only read /etc/environment on Linux and AIX
16334: [90669e2aefdb]
16335:
16336: 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
16337:
16338: * configure, configure.in:
16339: Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
16340: ldap.conf and ldap.secret paths from going into config.h. Avoid
16341: single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
16342: since in some versions of bash they will end up literally in the
16343: resulting define.
16344: [25390f3ef10a]
16345:
16346: 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
16347:
16348: * README.LDAP:
16349: mention --with-nsswitch=no
16350: [c509df927263]
16351:
16352: * configure, configure.in:
16353: ldap_ssl.h depends on ldap.h being included first
16354: [d96d90e9b21f]
16355:
16356: * config.h.in, configure, configure.in, ldap.c:
16357: Include ldap_ssl.h if we can find it. Needed for the
16358: ldapssl_set_strength defines on HP-UX at least.
16359: [9e530470948a]
16360:
16361: * sudoers.ldap.pod:
16362: sync
16363: [b9d101f4673a]
16364:
16365: * TODO:
16366: sync
16367: [2ce951b2ecd0]
16368:
16369: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
16370: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
16371: regen
16372: [b61d793987e0]
16373:
16374: * Makefile.in:
16375: Use 78n line length when formatting cat pages.
16376: [761bee9d5759]
16377:
16378: * README.LDAP:
16379: Remove redundant info that is now in sudoers.ldap.pod
16380: [01828dcce59e]
16381:
16382: 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
16383:
16384: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
16385: Reorganize the first section a bit. Substitute the proper path for
16386: /etc/sudoers.
16387: [11ae165e065d]
16388:
16389: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
16390: Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
16391: schema into EXAMPLES
16392: [ab6509d1dde7]
16393:
16394: * configure, configure.in:
16395: Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
16396: sudoers.ldap.man.
16397: [6e689972f465]
16398:
16399: * configure, configure.in:
16400: substitute for sudoers.ldap.man
16401: [5a4a25766dee]
16402:
16403: * Makefile.in:
16404: Fix cut & pasto introduced when adding sudoers.ldap man page.
16405: [a7b069af8894]
16406:
16407: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
16408: Fill in some of the missing pieces. Still needs some reorganization
16409: and editing.
16410: [5e7331722166]
16411:
16412: 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
16413:
16414: * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
16415: sudoers.ldap.pod:
16416: Beginnings of a sudoers.ldap man page. Currently, much of the
16417: information is adapted from README.LDAP.
16418: [aad28c8a922d]
16419:
16420: 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
16421:
16422: * pwutil.c:
16423: When copying gr_mem we must guarantee that the storage space for
16424: gr_mem is properly aligned. The simplest way to do this is to
16425: simply store gr_mem directly after struct group. This is not a
16426: problem for gr_passwd or gr_name as they are simple strings.
16427: [af58fc76f1ed]
16428:
16429: * ldap.c:
16430: Fix a typo/thinko in one of the calls to
16431: sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
16432: [70b2eb8097f5]
16433:
16434: 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
16435:
16436: * config.h.in, configure, configure.in, ldap.c:
16437: include <mps/ldap_ssl.h> in ldap.c if available
16438: [34346206ef16]
16439:
16440: 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
16441:
16442: * gram.c, gram.y:
16443: Make sure we define SIZE_MAX for yacc's skeleton.c
16444: [d8a45c7a3c42]
16445:
16446: * tgetpass.c:
16447: Use TCSAFLUSH when restoring terminal settings (and echo) to
16448: guarantee that any pending output is discarded
16449: [549a184479e5]
16450:
16451: 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
16452:
16453: * sudoers:
16454: no longer need to specify SETENV when user has sudo ALL
16455: [3051b41f8032]
16456:
16457: * testsudoers.c:
16458: sync user_args size calculation with sudo.c Add -g group option,
16459: renaming old -g to -G Add set_runasgr() and set_runaspw() and use
16460: them
16461: [0850325180f0]
16462:
16463: * sudo.c, sudo.h:
16464: Make set_runaspw static void
16465: [5d44d7a340ce]
16466:
16467: * testsudoers.c, visudo.c:
16468: g/c set_runaspw stub
16469: [79ebb5e2cc38]
16470:
16471: * configure, configure.in:
16472: Don't add -llber twice.
16473: [4356d302eef4]
16474:
16475: 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
16476:
16477: * ldap.c:
16478: fix typo
16479: [249cecc557e9]
16480:
16481: 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
16482:
16483: * gram.c:
16484: regen
16485: [2f94ea375b67]
16486:
16487: * configure, configure.in:
16488: Fix check that determines whether -llber is required.
16489: [6afa99523379]
16490:
16491: * README.LDAP, config.h.in, configure, configure.in, ldap.c:
16492: For netscape-based LDAP, use ldapssl_set_strength() to implement the
16493: checkpeer ldap.conf option.
16494: [16ae24d73795]
16495:
16496: * auth/kerb5.c:
16497: Delay krb5_cc_initialize() until we actually need to use the cred
16498: cache, which is what krb5_verify_user() does. Better cleanup on
16499: failure.
16500: [d12e5f1695b8]
16501:
16502: 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
16503:
16504: * auth/kerb5.c:
16505: Rewrite verify_krb_v5_tgt() based on what heimdal's
16506: krb5_verify_user() does.
16507: [05b5815f86c9]
16508:
16509: 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
16510:
16511: * gram.c:
16512: The U suffix on constants is an ANSI feature
16513: [c6dfce3167f1]
16514:
16515: * configure, configure.in:
16516: Add check for ber_set_option() in -llber
16517: [43d0c0566074]
16518:
16519: 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
16520:
16521: * README.LDAP:
16522: default if no nsswitch.conf is files only
16523: [c13001d9c998]
16524:
16525: 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
16526:
16527: * README.LDAP:
16528: don't tell people to mail aaron about LDAP stuff
16529: [8165ec1ef0c6]
16530:
16531: * README.LDAP:
16532: timelimit and bind_timelimit
16533: [44f74cbed167]
16534:
16535: * ChangeLog:
16536: sync
16537: [aba1a0ab02bd]
16538:
16539: * ldap.c:
16540: Move ldap.secret reading into a separate function.
16541: [1948acc9f7a4]
16542:
16543: * check.c:
16544: user_runas -> runas_pw
16545: [334490fc2bae]
16546:
16547: 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
16548:
16549: * TODO:
16550: sync
16551: [c7b165cc47c6]
16552:
16553: * check.c, sudo.pod, sudoers.pod:
16554: Add and document the %p escape in the password prompt. Based on a
16555: patch from Patrick Schoenfeld.
16556: [3972d4f31ffa]
16557:
16558: * ldap.c:
16559: Check strlcpy() return values.
16560: [9b42f3ae8ff1]
16561:
16562: * ldap.c:
16563: refactor ldap binding code into sudo_ldap_bind_s()
16564: [cb0c66a4d955]
16565:
16566: * README.LDAP:
16567: Make it clear that host and uri can take multiple parameters. URI is
16568: now supported for more than just openldap nsswitch.conf does't
16569: accept "compat"
16570: [f610dea656d6]
16571:
16572: * sudo.c:
16573: comment cleanup and update (c) year
16574: [6cd69c810ca5]
16575:
16576: * parse.c, sudo_nss.c:
16577: Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
16578: This should make it possible to build an LDAP-only sudo binary.
16579: [61c3f27066a0]
16580:
16581: * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
16582: Improve chaining of multiple sudoers sources by passing in the
16583: previous return value to the next in the chain
16584: [2c0b722b1b2d]
16585:
16586: * gram.y:
16587: Free up parser data structures in sudo_file_close().
16588: [2251531d4519]
16589:
16590: * gram.c, parse.c:
16591: Free up parser data structures in sudo_file_close().
16592: [8371f130f401]
16593:
16594: * ldap.c:
16595: Parse uri ourself if no ldap_initialize() is present Use
16596: ldap_create() instead of deprecated ldap_init() Use
16597: ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
16598: [85d3825b1953]
16599:
16600: * config.h.in, configure, configure.in:
16601: Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
16602: CFLAGS
16603: [240524512bc5]
16604:
16605: 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
16606:
16607: * config.h.in, configure, configure.in:
16608: add check for ldap_create
16609: [3089badd73b8]
16610:
16611: 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
16612:
16613: * config.h.in, configure, configure.in, ldap.c:
16614: Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
16615: dn using the mechanism appropriate for the LDAP SDK in use. Use
16616: ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
16617: ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
16618: [6deeca3d00cc]
16619:
16620: * lbuf.c:
16621: include unistd.h
16622: [8419ed0bae7f]
16623:
16624: * config.h.in, configure.in:
16625: fix typo in mtim_getnsec
16626: [2d5f21230a60]
16627:
16628: 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
16629:
16630: * config.h.in, configure, configure.in:
16631: add check for st__tim in struct stat as used by SCO
16632: [587060ea2a89]
16633:
16634: * ldap.c:
16635: use ldap_search_ext_s instead of deprecated ldap_search_s
16636: [5fc44fe3b44c]
16637:
16638: * Makefile.in, TODO, sudo.cat, sudo.man.in:
16639: add sudo_nss.h to HDRS
16640: [86f01a70ff29]
16641:
16642: * ldap.c:
16643: Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
16644: ldap_rdn2str().
16645: [aa217002cfae]
16646:
16647: 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
16648:
16649: * ldap.c:
16650: Use ldap_get_values_len()/ldap_value_free_len() instead of the
16651: deprecated ldap_get_values()/ldap_value_free().
16652: [e22dceb85e57]
16653:
16654: * ChangeLog:
16655: sync
16656: [adad27b36107]
16657:
16658: * TODO:
16659: sync
16660: [c449eb47e0ef]
16661:
16662: * gettime.c, sudo.c:
16663: Remove some already fixed XXXs
16664: [532788d0e6da]
16665:
16666: * ldap.c:
16667: Same return value as non-existent sudoers if LDAP was unable to
16668: connect.
16669: [5819810e8e4e]
16670:
16671: * sudo.pod:
16672: mention /etc/environment
16673: [ea8e6102f853]
16674:
16675: * README.LDAP, UPGRADE, WHATSNEW:
16676: Update to reflect recent developments.
16677: [ed1fb026fe77]
16678:
16679: * sudo.c:
16680: Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
16681: [55b68a58260d]
16682:
16683: * ldap.c:
16684: When building up a query don't list groups in the aux group vector
16685: that are the same as the passwd file group. On most systems the
16686: first gid in the group vector is the same as the passwd entry gid.
16687: [4bb51e297e0d]
16688:
16689: * env.c, ldap.c:
16690: Define LDAPNOINIT before calling ldap_init(), etc. to disable user
16691: ldaprc and system defaults that could affect how LDAP works.
16692: [ce5036440db2]
16693:
16694: * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
16695: sudo_nss.c, sudo_nss.h:
16696: Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
16697: to specify nsswitch.conf path or disable it. If --with-nsswitch=no
16698: but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
16699: file and --with-ldap-secret-file
16700: [ea5d7704381f]
16701:
16702: * parse.c:
16703: Honor def_ignore_local_sudoers
16704: [f38e1121fae1]
16705:
16706: 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
16707:
16708: * ldap.c:
16709: no longer need to check def_ignore_local_sudoers here
16710: [fce2a72f96fb]
16711:
16712: * parse.c:
16713: Refactor group vector resetting into a function and also call it
16714: from display_cmnd. Stop after the first sucessful match in
16715: display_cmnd. Print a newline between each display_privs method.
16716: [981b37b5adff]
16717:
16718: * parse.c:
16719: fix double free introduced in rev 1.218
16720: [c574b02d8747]
16721:
16722: * ldap.c:
16723: belt and suspenders; zero out result after freeing it
16724: [7732988d4620]
16725:
16726: * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
16727: Refactor line reading into a separate function, sudo_parseln(),
16728: which removes comments, leading/trailing whitespace and newlines.
16729: May want to rethink the use of sudo_parseln() for /etc/ldap.secret
16730: [61d9068f0645]
16731:
16732: * parse.c, sudo.c:
16733: Make the inability to read the sudoers file a non-fatal error if
16734: there are other sudoers sources available. sudoers_file_lookup now
16735: returns "not OK" if sudoers was not present
16736: [643babf597a8]
16737:
16738: * ldap.c:
16739: make it clear that the global options are from LDAP
16740: [9ff950349463]
16741:
16742: * logging.c:
16743: allocate proper amount of space for error string
16744: [8bebb7d46d19]
16745:
16746: * sudo_nss.c, sudo_nss.h:
16747: actual sudo nss code
16748: [5bd7d52d7738]
16749:
16750: * ldap.c, parse.c, sudo.c, sudo.h:
16751: nss-ify display_privs and display_cmnd.
16752: [cccfdd3253f2]
16753:
16754: * defaults.c, parse.c, testsudoers.c, visudo.c:
16755: move update_defaults() to parse.c
16756: [ace144b958a9]
16757:
16758: * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
16759: Use nsswitch to hide some sudoers vs. ldap implementation details
16760: and reduce the number of #ifdef LDAP TODO: fix display routines and
16761: error handling
16762: [6225edde89a6]
16763:
16764: 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
16765:
16766: * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
16767: First cut at nsswitch.conf support. Further reorganizaton and
16768: related changes are forthcoming.
16769: [717f59d0790b]
16770:
16771: 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
16772:
16773: * env.c, pathnames.h.in, sudo.c, sudo.h:
16774: Add support for reading and /etc/environment file. Still needs to
16775: be documented and should probably only applies to OSes that have it
16776: (AIX and Linux, maybe others).
16777: [15d3edae27e4]
16778:
16779: * ldap.c:
16780: include limits.h
16781: [e19875ef0f82]
16782:
16783: 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
16784:
16785: * WHATSNEW:
16786: reword LDAP SASL
16787: [7ec3c4ec31b5]
16788:
16789: 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
16790:
16791: * TODO:
16792: sync
16793: [87c5a7aea7bf]
16794:
16795: * README.LDAP:
16796: Add an example sudoRole, clarify netscape vs. openldap a bit more
16797: [6f96c0ca8107]
16798:
16799: * README.LDAP:
16800: Be clear on what is OpenLDAP vs. Netscape-derived
16801: [a33c8314dec5]
16802:
16803: * config.h.in, configure, configure.in, ldap.c:
16804: Use ldapssl_init() for ldaps support instead of trying to do it
16805: manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
16806: and tls_key for cert7.db and key3.db respectively. Don't print
16807: debugging info for options that are not set. Add warning if
16808: start_tls specified when not supported.
16809: [abb62dc7e4a3]
16810:
16811: * ldap.c:
16812: fix compilation on solaris
16813: [03d449684e80]
16814:
16815: * Makefile.in:
16816: add missing .h and .c files for missing lib objs
16817: [8b37825bdfc7]
16818:
16819: 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
16820:
16821: * ldap.c:
16822: fix LDAP_OPT_NETWORK_TIMEOUT setting
16823: [226eba89c0ad]
16824:
16825: * ldap.c:
16826: fix compilation on Solaris
16827: [917d47639eb6]
16828:
16829: 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
16830:
16831: * configure, configure.in:
16832: fix typo
16833: [009d5c81b225]
16834:
16835: * README.LDAP:
16836: try to clear up which variables are for OpenLDAP and which are for
16837: netscape-derived SDKs
16838: [f8d9823ee73c]
16839:
16840: * config.h.in, configure, configure.in, ldap.c:
16841: Add support for "ssl on" in both netscape and openldap flavors. Only
16842: the OpenLDAP flavor has been tested.
16843: [952745829ec5]
16844:
16845: * logging.c, sudo.c, sudo.h:
16846: Call cleanup() before exit in log_error() instead of calling
16847: sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
16848: [da02d1b67a2c]
16849:
16850: * sudo.c:
16851: ld -> ldap_conn
16852: [01afa6d927cc]
16853:
16854: 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
16855:
16856: * logging.c, sudo.c, sudo.h:
16857: Better ldap cleanup.
16858: [25b9abe2d617]
16859:
16860: * ldap.c:
16861: Distinguish between LDAP conf settings that are connection-specific
16862: (which take an ld pointer) and those that are default settings
16863: (which do not).
16864: [d48dc6c9c3b4]
16865:
16866: 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
16867:
16868: * ldap.c:
16869: Improved warnings on error.
16870: [c8dce7b4feb4]
16871:
16872: * ldap.c:
16873: Make ldap config table driven and set the config *after* we open the
16874: connection.
16875: [d9698b5a2681]
16876:
16877: 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
16878:
16879: * ldap.c:
16880: fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
16881: [598c6df06660]
16882:
16883: * configure, configure.in:
16884: some operating systems need to link with -lkrb5support when using
16885: krb5
16886: [8896365dde9e]
16887:
16888: 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
16889:
16890: * WHATSNEW:
16891: minor update
16892: [acfeeb7f4886]
16893:
16894: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
16895: regen
16896: [a3c6699674f9]
16897:
16898: 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
16899:
16900: * ChangeLog, TODO:
16901: sync
16902: [138e99b925ee]
16903:
16904: * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
16905: add -g support for LDAP
16906: [8fc27dbe9287]
16907:
16908: 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
16909:
16910: * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
16911: The -i and -s flags can now take an optional command.
16912: [6afec104ee77]
16913:
16914: 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
16915:
16916: * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
16917: sudoers.pod:
16918: Add passprompt_override flag to sudoers that will cause the prompt
16919: to be overridden in all cases. This flag is also set when the user
16920: specifies the -p flag.
16921: [e4c5402131a6]
16922:
16923: * sudo.c:
16924: Move setting of login class until after sudoers has been parsed. Set
16925: NewArgv[0] for -i after runas_pw has been set.
16926: [62a48c8c56fa]
16927:
16928: * configure, configure.in:
16929: Move the dgettext check.
16930: [5fd8a4712d1c]
16931:
16932: 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
16933:
16934: * auth/pam.c, config.h.in, configure, configure.in:
16935: Add basic support for looking up the string "Password: " in the PAM
16936: localized text db. This allows us to determine whether the PAM
16937: prompt is the default "Password: " one even if it has been
16938: localized.
16939:
16940: TODO: concatenate non-std PAM prompts and user-specified sudo
16941: prompts.
16942: [81c25a415d41]
16943:
16944: 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
16945:
16946: * Makefile.in, config.h.in, configure, configure.in, parse.c,
16947: set_perms.c, sudo.c, sudo.h:
16948: Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
16949: insufficient.
16950: [1cce6ec1a91e]
16951:
16952: * acsite.m4, configure, interfaces.c, memrchr.c:
16953: Fix typos; Martynas Venckus
16954: [be1233cca11a]
16955:
16956: 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
16957:
16958: * set_perms.c:
16959: Don't assume runas_pw is set; it may not be in the -g case.
16960: [aa11bd2193ac]
16961:
16962: 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
16963:
16964: * logging.c, set_perms.c:
16965: Set aux group vector for PERM_RUNAS and restore group vector for
16966: PERM_ROOT if we previously changed it. Stash the runas group vector
16967: so we don't have to call initgroups more than once. Also add no-op
16968: check to check_perms.
16969: [53837fc755f7]
16970:
16971: 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
16972:
16973: * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
16974: ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
16975: pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
16976: sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
16977: testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
16978: Add support for runas groups. This allows the user to run a command
16979: with a different effective group. If the -g option is specified
16980: without -u the command will be run as the current user (only the
16981: group will change). the -g and -u options may be used together.
16982: TODO: implement runas group for ldap improve runas group
16983: documentation add testsudoers support
16984: [9019309df6d0]
16985:
16986: * configure, configure.in:
16987: fix setting of mandir
16988: [2c60f269399f]
16989:
16990: * sudo.pod, sudoers.pod:
16991: document that ALL implies SETENV
16992: [bcc8e5b703b9]
16993:
16994: * ldap.c:
16995: s/setenv_ok/setenv_implied/g
16996: [f005df2c2eea]
16997:
16998: * ldap.c:
16999: hostname_matches() returns TRUE on match in sudo 1.7.
17000: [c3d4377b6e8b]
17001:
17002: * ldap.c:
17003: use strcmp, not strcasecmp when comparing ALL
17004: [e486024574a1]
17005:
17006: * ldap.c:
17007: Make sudo ALL imply setenv. Note that unlike with file-based
17008: sudoers this does affect all the commands in the sudoRole.
17009: [bc12f54321d1]
17010:
17011: * gram.c, gram.y, parse.c, parse.h:
17012: sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
17013: it is not passed on to other commands in the list.
17014: [026e2cb40680]
17015:
17016: * visudo.c:
17017: Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
17018: sudo_getpwuid() instead of getpwuid().
17019: [86f30a8fbd49]
17020:
17021: 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
17022:
17023: * sudoers:
17024: Expand on the dangers of not using visudo to edit sudoers.
17025: [e434e8057d02]
17026:
17027: 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
17028:
17029: * parse.c:
17030: Don't quote *?[]! on output since the lexer does not strip off the
17031: backslash when reading those in.
17032: [561da4a13afa]
17033:
17034: 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
17035:
17036: * glob.c:
17037: expand "u_foo" types to "unsigned foo" to avoid compatibility
17038: issues.
17039: [b0d7c64d78c3]
17040:
17041: 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
17042:
17043: * logging.c:
17044: Refactor log line generation in to new_logline().
17045: [6a9b9730615d]
17046:
17047: 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
17048:
17049: * TROUBLESHOOTING:
17050: fix typo
17051: [9e19d4f86e47]
17052:
17053: 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
17054:
17055: * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
17056: match.c:
17057: Add configure check for struct in6_addr instead of relying on
17058: AF_INET6 since some systems define AF_INET6 but do not include IPv6
17059: support.
17060: [e24082c416bd]
17061:
17062: 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
17063:
17064: * configure, configure.in:
17065: Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
17066: use.
17067: [76a9df4a63be]
17068:
17069: 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
17070:
17071: * configure, configure.in:
17072: POSIX states that struct timespec be declared in time.h so check
17073: there regardless of the value of TIME_WITH_SYS_TIME.
17074: [e42c55ec9daf]
17075:
17076: 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
17077:
17078: * tgetpass.c:
17079: Instead of defining a macro to call the appropriate method for
17080: turning on/off echo, just define tc[gs]etattr() and the related
17081: defines that use the correct terminal ioctls if needed. Also go back
17082: to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
17083: [5dfb2379d995]
17084:
17085: 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
17086:
17087: * Makefile.in:
17088: g/c @ALLOCA@
17089: [e6946c2e3820]
17090:
17091: * configure:
17092: regen
17093: [9bac7159a138]
17094:
17095: * INSTALL, auth/pam.c, config.h.in, configure.in:
17096: Add --disable-pam-session configure option to disable calling
17097: pam_{open,close}_session. May work around bugs in some PAM
17098: implementations.
17099: [273d0fdb4a9d]
17100:
17101: 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
17102:
17103: * tgetpass.c:
17104: quiet gcc warnings
17105: [325565c5a579]
17106:
17107: * tgetpass.c:
17108: Avoid printing the prompt if we are already backgrounded. E.g. if
17109: the user runs "sudo foo &" from the shell. In this case, the call
17110: to tcsetattr() will cause SIGTTOU to be delivered.
17111: [db2139a8d8b8]
17112:
17113: 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
17114:
17115: * def_data.c, def_data.h, def_data.in:
17116: Reorder things such that the definition of env_reset come right
17117: before the env variable lists.
17118: [e0d8e22a581a]
17119:
17120: * parse.h:
17121: Shrink type and seqno in struct alias from int to u_short
17122: [9425263dd565]
17123:
17124: * alias.c, match.c, parse.c, parse.h:
17125: Add a sequence number in the aliases for loop detection. If we find
17126: an alias with the seqno already set to the current (global) value we
17127: know we've visited it before so ignore it.
17128: [301a0548ffff]
17129:
17130: 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
17131:
17132: * TODO, auth/pam.c, sudo.c, sudo.h:
17133: PAM wants the full tty path so add user_ttypath which holds the full
17134: path to the tty or is NULL if no tty was present.
17135: [c7c1dd4b36c8]
17136:
17137: * auth/pam.c:
17138: Set PAM_RHOST to work around a bug in Solaris 7 and lower that
17139: results in a segv.
17140: [3a8865b3a357]
17141:
17142: 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
17143:
17144: * gram.c:
17145: regen
17146: [5647be127950]
17147:
17148: * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
17149: parse.h, testsudoers.c, visudo.c:
17150: rename lh_ -> tq_
17151: [8f500c542c4a]
17152:
17153: 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
17154:
17155: * alloc.c:
17156: remove some useless casts
17157: [409a448b23f5]
17158:
17159: * alloc.c:
17160: pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
17161: predates the final C99 spec and the standard specifies that it shall
17162: include stdint.h anyway
17163: [ae478fdef61a]
17164:
17165: 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
17166:
17167: * Makefile.in, alloca.c, configure.in:
17168: Since we ship with a pre-generated parser there is no need to ship a
17169: bogus alloca implementation.
17170: [3f611a7cc0e5]
17171:
17172: * configure:
17173: regen
17174: [771eccf5269c]
17175:
17176: * configure.in:
17177: remove initial setting of CHECKSIA, we require that it be unset if
17178: not used
17179: [a2e91adc5aa2]
17180:
17181: * Makefile.in:
17182: add list.c to SRCS
17183: [7db0e56cf5b9]
17184:
17185: * configure:
17186: regen
17187: [3716ec30172e]
17188:
17189: * configure.in:
17190: only do SIA checks on Digital Unix
17191: [6a96e1af2597]
17192:
17193: 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
17194:
17195: * sudoers.cat, sudoers.man.in:
17196: regen
17197: [ac1dc29de72b]
17198:
17199: * ChangeLog, TODO:
17200: sync
17201: [781effce0a2d]
17202:
17203: * auth/kerb5.c:
17204: Remove call to krb5_cc_register() as it is not needed for modern
17205: kerb5.
17206: [351b8b764f16]
17207:
17208: * configure:
17209: regen
17210: [ac21dbcc9c2c]
17211:
17212: * aclocal.m4, configure.in:
17213: New method for setting the default authentication type and avoiding
17214: conflicts in auth types.
17215: [5fb15be11f78]
17216:
17217: * match.c, parse.c, testsudoers.c:
17218: Each entry in a cmndlist now has an associated runaslist so no need
17219: to keep track of the most recent non-NULL one.
17220: [582e015786b0]
17221:
17222: 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
17223:
17224: * ldap.c:
17225: back out partial ldaps support mistakenly committed
17226: [357703e94b2d]
17227:
17228: * ldap.c:
17229: Add support for unix groups and netgroups in sudoRunas
17230: [2f04eb91c6d0]
17231:
17232: 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
17233:
17234: * sudo_edit.c:
17235: Fix sudoedit of a non-existent file. From Tilo Stritzky.
17236: [a5488a03bddd]
17237:
17238: 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
17239:
17240: * configure:
17241: regen
17242: [541177376ee1]
17243:
17244: * INSTALL:
17245: update --passprompt escape info
17246: [6d57db4cd538]
17247:
17248: * configure.in:
17249: remove now-bogus comment and update copyright date
17250: [6a4af45fa331]
17251:
17252: * configure.in:
17253: Fix up use of with_passwd
17254: [7c79d8640f77]
17255:
17256: * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
17257: Update to autoconf-2.61 andf libtool-1.5.24
17258: [045259b0b439]
17259:
17260: * Makefile.in:
17261: "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
17262: [f5b6a7afb817]
17263:
17264: 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
17265:
17266: * gram.c:
17267: regen
17268: [b5b78e71d2cb]
17269:
17270: * gram.y:
17271: move tags and runaslist propagation to be earlier
17272: [94f7805f4489]
17273:
17274: * visudo.c:
17275: If -f flag given use the permissions of the original file as a
17276: template
17277: [9303d22bddb0]
17278:
17279: * gram.y:
17280: prevent a double free() when re-initing the parser
17281: [5b3907c4de5a]
17282:
17283: 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
17284:
17285: * configure:
17286: regen
17287: [49a90b19a17d]
17288:
17289: * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
17290: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
17291: auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
17292: configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
17293: parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
17294: sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
17295: Remove support for compilers that don't support void *
17296: [35e1d01ae197]
17297:
17298: * gram.c:
17299: regen
17300: [70ce412a458a]
17301:
17302: * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
17303: parse.c, parse.h, testsudoers.c, visudo.c:
17304: Move list manipulation macros to list.h and create C versions of the
17305: more complex ones in list.c. The names have been down-cased so they
17306: appear more like normal functions.
17307: [9cea0e281148]
17308:
17309: * Makefile.in:
17310: Fix cmp command when regenerating parser. Make gram.o the first
17311: dependency for all programs so gram.h will be generated before
17312: anything that needs it.
17313: [429ea065abf1]
17314:
17315: * gram.y, parse.h:
17316: Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
17317: [2f3433833589]
17318:
17319: * match.c, parse.c, testsudoers.c:
17320: Use LH_FOREACH_REV when checking permission and short-circuit on the
17321: first non-UNSPEC hit we get for the command. This means that
17322: instead of cycling through the all the parsed sudoers entries we
17323: start at the end and work backwards and quit after the first
17324: positive or negative match.
17325: [881474532f3e]
17326:
17327: * gram.c:
17328: regen
17329: [9152a19d4188]
17330:
17331: * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
17332: Change list head macros to take a pointer, not a struct.
17333: [054f1dcce4cc]
17334:
17335: * gram.c:
17336: regen
17337: [be154aae6235]
17338:
17339: * gram.y:
17340: Propagate the runasspec from one command to the next in a cmndspec.
17341: [4957b1cb03a3]
17342:
17343: 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
17344:
17345: * match.c:
17346: Replace has_meta() with a macro that calls strpbrk().
17347: [a2e58846a542]
17348:
17349: * regen
17350: [5a932a5c9451]
17351:
17352: * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
17353: testsudoers.c, visudo.c:
17354: Use a list head struct when storing the semi-circular lists and
17355: convert to tail queues in the process. This will allow us to
17356: reverse foreach loops more easily and it makes it clearer which
17357: functions expect a list as opposed to a single member.
17358:
17359: Add macros for manipulating lists. Some of these should become
17360: functions.
17361:
17362: When freeing up a list, just pop off the last item in the queue
17363: instead of going from head to tail. This is simpler since we don't
17364: have to stash a pointer to the next member, we always just use the
17365: last one in the queue until the queue is empty.
17366:
17367: Rename match functions that take a list to have list in the name.
17368: Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
17369: [7c37b271607a]
17370:
17371: * parse.c:
17372: Fix pasto, append "!" not negated (which is an int) for sudo -l
17373: output.
17374: [93a444c3997f]
17375:
17376: * Makefile.in:
17377: Remove the dependency of gram .h on gram.y, the .c dependency is
17378: enough. Only move y.tab.h to gram.h if it is different; avoids
17379: needless rebuilding.
17380: [67bf4ea2a2e5]
17381:
17382: 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
17383:
17384: * sudoers.pod:
17385: Defaults lines may be associated with lists of users, hosts,
17386: commands and runas users, not just single entries.
17387: [795effacb6be]
17388:
17389: 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
17390:
17391: * Makefile.in:
17392: Revert the "cmp" portion of the last diff, it doesn't make sense.
17393: [26f34bf4e2e3]
17394:
17395: * Makefile.in:
17396: Remove *.lo for clean: When generating the parser, only move the
17397: generated files into place if they differ from the existing ones.
17398: [84673fea371b]
17399:
17400: 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
17401:
17402: * toke.c, toke.l:
17403: Replace IPV6 regexp with a much simpler (readable) one and add an
17404: extra check when it matches to make sure we have a valid address.
17405: [592e9f690556]
17406:
17407: * match.c:
17408: Fix thinko introduced when merging IPV6 support.
17409: [da38cd5eb8c7]
17410:
17411: 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
17412:
17413: * HISTORY, LICENSE:
17414: regen
17415: [0d7b27b90634]
17416:
17417: * license.pod:
17418: add 2007
17419: [510e5048ae1a]
17420:
17421: * UPGRADE:
17422: mention #uid vs. comment pitfall
17423: [4d2861898bcc]
17424:
17425: * acsite.m4:
17426: Merge in a patch from the libtool cvs that fixes a problem with the
17427: latest autoconf. From Stepan Kasal.
17428: [0c279ae7df3e]
17429:
17430: * parse.h:
17431: Back out he XOR swap trick, it is slower than a temp variable on
17432: modern CPUs.
17433: [91c4b024e317]
17434:
17435: * gram.c:
17436: regen
17437: [cb6d4106fb74]
17438:
17439: * gram.y, parse.h:
17440: Convert the tail queue to a semi-circle queue and use the XOR swap
17441: trick to swap the prev pointers during append.
17442: [8bf4d9fbee58]
17443:
17444: 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
17445:
17446: * parse.h:
17447: remove useless statement
17448: [421ec1dd73e6]
17449:
17450: * toke.c, toke.l:
17451: Refactor #include parsing into a separate function and return
17452: unparsed chars (such as newline or comment) back to the lexer.
17453: [64166917aa3d]
17454:
17455: 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
17456:
17457: * WHATSNEW:
17458: mention better uid support
17459: [56f510e7f2ec]
17460:
17461: * sudoers.pod:
17462: Users may now consist of a uid.
17463: [5fd31b2c55ed]
17464:
17465: * gram.c, gram.h, toke.c:
17466: regen
17467: [599e58af6dc1]
17468:
17469: * parse.c:
17470: Use lbuf_append_quoted() for sudo -l output to quote characters that
17471: would require quoting in sudoers.
17472: [3132d05c990a]
17473:
17474: * lbuf.c, lbuf.h:
17475: Add lbuf_append_quoted() which takes a set of characters which
17476: should be quoted with a backslash when displayed.
17477: [ab09bebb1d65]
17478:
17479: * toke.l:
17480: Require that the first character after a comment not be a digit or a
17481: dash. This allows us to remove the GOTRUNAS state and treat
17482: uid/gids similar to other words. It also means that we can now
17483: specify uids in User_Lists and a User_Spec may now contain a uid.
17484: [461fe01f8392]
17485:
17486: * gram.y, toke.l:
17487: Replace RUNAS token with '(' and ')' tokens to make the runas
17488: portion of the grammar more natural.
17489: [e0c383b4684d]
17490:
17491: * BUGS:
17492: The BUGS file is history
17493: [4d9a809585c7]
17494:
17495: * Makefile.in, README:
17496: The BUGS file is history
17497: [d9500e261172]
17498:
17499: 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
17500:
17501: * toke.c, toke.l:
17502: Allow comments after a RunasAlias as long as the character after the
17503: pound sign isn't a digit or a dash.
17504: [d7f3bd94eeda]
17505:
17506: * WHATSNEW:
17507: Glob support was back-ported to 1.6.9
17508: [d1d5cfd46228]
17509:
17510: 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
17511:
17512: * Makefile.in:
17513: remove sudo_usage.h in distclean
17514: [df05ce9c4127]
17515:
17516: * parse.c:
17517: If a Defaults value contains a blank, double-quote the string.
17518: [9057a910daad]
17519:
17520: * toke.c, toke.l:
17521: Properly deal with Defaults double-quoted strings that span multiple
17522: lines using the line continuation char. Previously, the entire
17523: thing, including the continuation char, newline, and spaces was
17524: stored as-is.
17525: [4a4e8eacefe6]
17526:
17527: * sudo.c:
17528: Be consistent when using single quotes and backticks.
17529: [d010b83a0fa1]
17530:
17531: 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
17532:
17533: * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
17534: sudo.c, sudo_usage.h.in:
17535: Add new linebuf code to do appends of dynamically allocated strings
17536: and word-wrapped output. Currently used for sudo's usage() and sudo
17537: -l output. Sudo usage strings are now in sudo_usage.h which is
17538: generated at configure time.
17539: [4dfd0ee8d961]
17540:
17541: 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
17542:
17543: * parse.c, sudo.c, sudo.h:
17544: Fix line wrapping in usage() and use the actual tty width instead of
17545: assuming 80.
17546: [700eab37c5a6]
17547:
17548: 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
17549:
17550: * history.pod:
17551: some more info
17552: [8140112a8ae1]
17553:
17554: * history.pod:
17555: Mentioned Chris Jepeway's parser and also the new one that is in
17556: sudo 1.7.
17557: [2132d00f0597]
17558:
17559: 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
17560:
17561: * sudo.pod, visudo.pod:
17562: For the options list, add flag args where appropriate and increase
17563: the indent level so there is room for them.
17564: [2b60fb572e12]
17565:
17566: 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
17567:
17568: * parse.c:
17569: Fix some spacing in "sudo -l" and add a comment about some bogosity
17570: in the line wrapping.
17571: [b59b056f5ee2]
17572:
17573: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17574: visudo.man.in:
17575: regen
17576: [5fb719f18ebc]
17577:
17578: * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
17579: def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
17580: parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
17581: testsudoers.c, toke.c, toke.l:
17582: Remove monitor support until there is a versino of systrace that
17583: uses a lookaside buffer (or we have a better mechanism to use).
17584: [61ff76878e4a]
17585:
17586: * config.h.in, configure, configure.in, sudo.c:
17587: use getaddrinfo() instead of gethostbyname() if it is available
17588: [cc33c136aa6a]
17589:
17590: 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
17591:
17592: * parse.c, sudo.c:
17593: Deal with OSes where sizeof(gid_t) < sizeof(int).
17594: [130a89cbdfba]
17595:
17596: * interfaces.c:
17597: repair non-getifaddrs() code after ipv6 integration
17598: [7ae7a89e2236]
17599:
17600: * sudo.c:
17601: If we can open sudoers but fail to read the first byte, close the
17602: file stream before trying again.
17603: [6f31272fae7b]
17604:
17605: 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
17606:
17607: * toke.c:
17608: regen
17609: [4d7afe0aa6fa]
17610:
17611: * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
17612: Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
17613: [4e6ff2965a42]
17614:
17615: * sudo.pod, sudoers.pod, visudo.pod:
17616: Add some missing markup Update copyright
17617: [7e6d3c686b5e]
17618:
17619: 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
17620:
17621: * configure, configure.in:
17622: fix sudo_noexec extension which got broken in the libtool update
17623: [3a5b447df861]
17624:
17625: 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
17626:
17627: * Makefile.in:
17628: explicitly specify -Tascii to nroff
17629: [45c8da4cbefe]
17630:
17631: 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
17632:
17633: * logging.c:
17634: remove an ANSI-ism that crept in
17635: [29086f87b2ca]
17636:
17637: 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
17638:
17639: * sudo.pod:
17640: Adjust list indents Prevent -- from being turned into an em dash Use
17641: a list for the environment instead of a literal paragraph
17642: [c3abcd8f76f4]
17643:
17644: * visudo.pod:
17645: Use a list for the environment instead of an indented literal
17646: paragraph.
17647: [0ffcfcb7349f]
17648:
17649: * sudoers.pod:
17650: Adjust list indentation
17651: [615c89e3123a]
17652:
17653: * license.pod:
17654: add =head3
17655: [8b2e0d38c0bd]
17656:
17657: 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
17658:
17659: * sudo.pod:
17660: mention that when specifying a uid for the -u option the shell may
17661: require that the # be escaped
17662: [3e3a17bff150]
17663:
17664: 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
17665:
17666: * match.c:
17667: Fix off by one in group matching.
17668: [b529602b7fba]
17669:
17670: 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
17671:
17672: * env.c:
17673: Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
17674: [ffbf8907c6e7]
17675:
17676: 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
17677:
17678: * configure, configure.in:
17679: Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
17680: -lgssapi_krb5 case.
17681: [2b85a89c2252]
17682:
17683: * aclocal.m4, configure, configure.in:
17684: Fix link tests such that new gcc doesn't optimize away the test.
17685: [83484ec95cba]
17686:
17687: 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
17688:
17689: * sudo.pod, sudoers.pod, visudo.pod:
17690: add missing over/back
17691: [251a12c89b91]
17692:
17693: * sudo.pod, sudoers.pod, visudo.pod:
17694: Change FILES section to use =item
17695: [60b9efc3a0b2]
17696:
17697: * env.c:
17698: Add back allocation of the env struct in rebuild_env but save a copy
17699: of the old pointer and free it before returning.
17700: [1100cd4fa997]
17701:
17702: * env.c:
17703: Don't init the private environment in rebuild_env() since it may
17704: have already been done implicitly sudo_setenv/sudo_unsetenv.
17705:
17706: Multiply length by sizeof(char *) in memcpy/memmove when copying the
17707: environment so we copy the full thing.
17708:
17709: Add missing set of parens so we deref the right pointer in
17710: sudo_unsetenv when searching for a matching variable.
17711: [9086a8f756b1]
17712:
17713: 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
17714:
17715: * sudo.pod, sudoers.pod, visudo.pod:
17716: Use file markup for paths in the FILES section
17717: [940d99f731f2]
17718:
17719: * sudo.pod, sudoers.pod, visudo.pod:
17720: Don't capitalize sudo/visudo
17721: [f067a455d44b]
17722:
17723: * sudoers.pod:
17724: Sort sudoers options; based on a diff from Igor Sobrado.
17725: [a9b9befe85ac]
17726:
17727: 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
17728:
17729: * sudo.pod, sudoers.pod, visudo.pod:
17730: Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
17731: latter confuses pod2man. The Makefile rules for the .man.in file
17732: will add @mansectsu@ and @mansectform@ back in after pod2man is done
17733: anyway.
17734: [b50ea0db727c]
17735:
17736: 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
17737:
17738: * LICENSE, Makefile.in, license.pod:
17739: Move license info to pod format
17740: [25bdd82e592b]
17741:
17742: * configure, configure.in, sudoers.pod:
17743: Substitute value of path_info into sudoers man page.
17744: [9ba661a82798]
17745:
17746: * WHATSNEW:
17747: remove features that were back-ported to 1.6.9
17748: [e76d756cbe65]
17749:
17750: * sudo.c, sudo.pod, visudo.c, visudo.pod:
17751: Sort SYNOPSIS and sync usage. From Igor Sobrado.
17752: [4970386c9e54]
17753:
17754: * env.c:
17755: Only need sudo_setenv/sudo_unsetenv if we are going to use
17756: ldap_sasl_interactive_bind_s() but don't have
17757: gss_krb5_ccache_name().
17758: [f1a73d8b35c5]
17759:
17760: * ChangeLog:
17761: rebuild without branch info
17762: [5d5a33494677]
17763:
17764: * Makefile.in:
17765: Add ChangeLog target
17766: [a702034fdd89]
17767:
17768: * auth/pam.c:
17769: Run cleanup code if the user hits ^C at the password prompt.
17770: [9cf87768e921]
17771:
17772: * auth/pam.c:
17773: Some versions of pam_lastlog have a bug that will cause a crash if
17774: PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
17775: string.
17776: [5b63f6c88866]
17777:
17778: 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
17779:
17780: * Makefile.in:
17781: ChageLog not Changelog
17782: [1243d8473ceb]
17783:
17784: * ChangeLog:
17785: sync
17786: [d887df98c6b0]
17787:
17788: * Makefile.in:
17789: CHANGE -> Changelog
17790: [917738df30dd]
17791:
17792: * TODO:
17793: sync
17794: [cd382f7d1948]
17795:
17796: 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
17797:
17798: * config.h.in, configure, configure.in, ldap.c:
17799: Add configure hooks for gss_krb5_ccache_name() and the gssapi
17800: headers.
17801: [139606209991]
17802:
17803: 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
17804:
17805: * env.c, sudo.c:
17806: rebuild_env() and insert_env_vars() no longer return environment
17807: pointer, they set environ directly.
17808:
17809: No longer need to pass around an envp pointer since we just operate
17810: on environ now.
17811:
17812: Add dosync argument to insert_env() that indicates whether it should
17813: reset environ when realloc()ing env.envp.
17814:
17815: Use an initial size of 128 for the environment.
17816: [4735fd5fddb8]
17817:
17818: * env.c:
17819: Split sudo_setenv() into an external version and a version only for
17820: use by rebuild_env().
17821: [fda7d655adb1]
17822:
17823: 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
17824:
17825: * ldap.c:
17826: Add support for using gss_krb5_ccache_name() instead of setting
17827: KRB5CCNAME. Also use sudo_unsetenv() in the non-
17828: gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
17829: original environment. TODO: configure setup for
17830: gss_krb5_ccache_name()
17831: [fcafa5a49caf]
17832:
17833: * README.LDAP:
17834: add krb5_ccname
17835: [fceb8f883886]
17836:
17837: * README.LDAP, ldap.c:
17838: Add support for sasl_secprops in ldap.conf
17839: [1f06f4bf7347]
17840:
17841: * env.c, sudo.h:
17842: Add sudo_unsetenv() and refactor private env syncing code into
17843: sync_env().
17844: [045ecb3fd22b]
17845:
17846: * README.LDAP, ldap.c:
17847: The ldap.conf variable is sasl_auth_id not sasl_authid.
17848: [a5f98491311b]
17849:
17850: 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
17851:
17852: * ldap.c, sudo.c, sudo.h:
17853: Add support for krb5_ccname in ldap.conf. If specified, it will
17854: override the default value of KRB5CCNAME in the environment for the
17855: duration of the call to ldap_sasl_interactive_bind_s().
17856: [b08a10c3045b]
17857:
17858: * env.c, sudo.h:
17859: Remove format_env() Add sudo_setenv() to replace most format_env() +
17860: insert_env() combinations. insert_env() no longer takes a struct
17861: environment *
17862: [131da52f43f3]
17863:
17864: * ldap.c:
17865: Fix use_sasl vs. rootuse_sasl logic.
17866: [0c0417b6918c]
17867:
17868: * README.LDAP, config.h.in, configure, configure.in, ldap.c:
17869: Add support for SASL auth when connecting to an LDAP server. Adapted
17870: from a diff by Tom McLaughlin.
17871: [a6285f1356ea]
17872:
17873: 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
17874:
17875: * configure, configure.in:
17876: Only enable AIX or BSD auth if no other exclusive auth method has
17877: been chosen. Allows people to e.g., use PAM on AIX without adding
17878: --without-aixauth. A better solution is needed to deal with default
17879: authentication since if a non-exclusive method is chosen we will
17880: still get an error.
17881: [83f7afdc0ec3]
17882:
17883: 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
17884:
17885: * HISTORY, Makefile.in, history.pod:
17886: Generate HISTORY from history.pod (which is also used for web pages)
17887: [60bcd5164931]
17888:
17889: 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
17890:
17891: * sudo.man.in, sudoers.man.in:
17892: regen
17893: [63956a366191]
17894:
17895: * sudo.pod:
17896: Better explanation of environment handling in the sudo man page.
17897: [6c247742f7ee]
17898:
17899: * env.c, sudo.c:
17900: Defer setting user-specified env vars until after authentication.
17901: [4750b79323ee]
17902:
17903: * env.c:
17904: honor def_default_path for PATH set on the command line
17905: [6db31d9b6d65]
17906:
17907: * env.c, sudo.c, sudo.pod, sudoers.pod:
17908: Allow user to set environment variables on the command line as long
17909: as they are allowed by env_keep and env_check. Ie: apply the same
17910: restrictions as normal environment variables. TODO: deal with
17911: secure_path
17912: [26c0da3840cf]
17913:
17914: 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
17915:
17916: * sudo.c, sudo_edit.c:
17917: Call rebuild_env() in call cases. Pass original envp to sudo_edit().
17918: Don't allow -E or env var setting in sudoedit mode. More accurate
17919: usage() when called as sudoedit.
17920: [a4af20658361]
17921:
17922: * ldap.c:
17923: warn -> warning
17924: [d87d1192b048]
17925:
17926: * sudo.pod:
17927: add -c option to sudoedit synopsis
17928: [15b596a7e2db]
17929:
17930: * TODO:
17931: udpate to reality
17932: [e2f8fde89db1]
17933:
17934: * parse.c:
17935: Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
17936: value from {user,host,runas,cmnd}_matches(). Rename *matches
17937: variables -> *match. Purely cosmetic.
17938: [e54a44c00a88]
17939:
17940: * parse.c:
17941: Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
17942: in behavior.
17943: [c6272b4f2127]
17944:
17945: * sudoers:
17946: add SETENV tag
17947: [3a3066bb6788]
17948:
17949: 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
17950:
17951: * parse.c:
17952: Make pwcheck local to the pwflag block. Use pwcheck even if user
17953: didn't match since Defaults options may still apply.
17954: [45da9efbbafd]
17955:
17956: * check.c, sudo.c:
17957: Do not update timestamp if user not validated by sudoers.
17958: [a4a9d4364827]
17959:
17960: * set_perms.c:
17961: for PERM_RUNAS, set the egid to the runas user's gid and restore to
17962: the user's original in PERM_ROOT
17963: [1514bfb32847]
17964:
17965: * logging.c, mon_systrace.c, set_perms.c, sudo.h:
17966: PERM_FULL_ROOT is now no different than PERM_ROOT so remove
17967: PERM_FULL_ROOT
17968: [b9d047a3178c]
17969:
17970: * check.c:
17971: don't check timestamp mtime if we are just going to remove it
17972: [5d2470bc6cbd]
17973:
17974: * sudoers.pod:
17975: Move sudoers defaults parameters into their own section.
17976: [54701fbc0ff3]
17977:
17978: * testsudoers.c:
17979: Reduce a level of indent by a few placed continue statements.
17980: [5d5a9838c8ef]
17981:
17982: * parse.c:
17983: Make matching but negated commands/hosts/runas entries override a
17984: previous match as expected. Also reduce some levels of indent by a
17985: few placed continue statements.
17986: [dd59fa4b91a1]
17987:
17988: 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
17989:
17990: * parse.c:
17991: Print default runas in "sudo -l" if sudoers don't specify one.
17992: [07d408c400bd]
17993:
17994: * match.c:
17995: Less hacky way of testing whether the domain was set.
17996: [a537059776e5]
17997:
17998: 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
17999:
18000: * INSTALL:
18001: Mention pam-devel and openldap-devel for Linux
18002: [9e708c54ecc3]
18003:
18004: 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
18005:
18006: * README.LDAP:
18007: or vs. are
18008: [abe8c0f3a410]
18009:
18010: 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
18011:
18012: * sudo.c:
18013: fix typo in Solaris project support
18014: [2ffeb2d80959]
18015:
18016: * HISTORY:
18017: update
18018: [df162b36f120]
18019:
18020: * sudo.c:
18021: Make -- on the command line match the manual page. The implied shell
18022: case has been simplified as a result.
18023: [cd217a1f6694]
18024:
18025: 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
18026:
18027: * sudoers2ldif:
18028: add simplistic support for sudoRunas; note that if a sudoers entry
18029: contains multiple Runas users, all will apply to the sudoRole
18030: [65b11421f5c8]
18031:
18032: * sudoers2ldif:
18033: honor SETENV and NOSETENV tags
18034: [2c0d5ba7a09b]
18035:
18036: 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
18037:
18038: * mon_systrace.c:
18039: Redo setting of user_args. We now build up a private copy of argv
18040: first and then replace the NULs?with spaces.
18041: [ccbba72ea112]
18042:
18043: * mon_systrace.c:
18044: getcwd() returns NULL on failure, not 0 on success
18045: [88cd9e66e530]
18046:
18047: * mon_systrace.c:
18048: allow chunksiz to reach 1 before erroring out
18049: [619d68f14964]
18050:
18051: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
18052: visudo.man.in:
18053: regen
18054: [8db512d3caf0]
18055:
18056: 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
18057:
18058: * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
18059: logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
18060: toke.c, toke.l:
18061: Add support for setting environment variables on the command line.
18062: This is only allowed if the setenv sudoers options is enabled or if
18063: the command is prefixed with the SETENV tag.
18064: [5744caebd969]
18065:
18066: * README.LDAP:
18067: replace Aaron's email address with the sudo-workers list
18068: [2ffce5f9afc0]
18069:
18070: * configure:
18071: regen
18072: [8013dff82c0c]
18073:
18074: 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
18075:
18076: * schema.OpenLDAP, schema.iPlanet:
18077: Break schema out into separate files.
18078: [15e598e4c60b]
18079:
18080: * Makefile.in, README.LDAP:
18081: Break schema out into separate files.
18082: [1a53966ca1fa]
18083:
18084: 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
18085:
18086: * auth/aix_auth.c:
18087: free message if set by authenticate()
18088: [849c220c1236]
18089:
18090: * match.c:
18091: deal with NULL gr_mem
18092: [49e4d74f0bbe]
18093:
18094: 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
18095:
18096: * config.h.in:
18097: regen
18098: [fead999ad3e9]
18099:
18100: * configure.in:
18101: add template for HAVE_PROJECT_H
18102: [e6c42c2eaad1]
18103:
18104: * closefrom.c:
18105: include fcntl.h
18106: [54d98b382f03]
18107:
18108: 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
18109:
18110: * INSTALL:
18111: mention --with-project
18112: [d3ea3baad7c5]
18113:
18114: * config.h.in, configure.in, sudo.c:
18115: Add Solaris 10 "project" support. From Michael Brantley.
18116: [f14f3c8c6554]
18117:
18118: * sudoers.pod:
18119: fix typo
18120: [50db81a19787]
18121:
18122: * configure:
18123: regen
18124: [ea71afd3e564]
18125:
18126: * configure.in:
18127: Fix preservation of LDFLAGS in the LDAP case.
18128: [40a3a47e8059]
18129:
18130: * memrchr.c:
18131: Remove dependecy on NULL
18132: [c957ae5e1733]
18133:
18134: * configure:
18135: regen
18136: [4955ce0c6912]
18137:
18138: * aclocal.m4, configure.in:
18139: Can't use the regular autoconf fnmatch() check since we need
18140: FNM_CASEFOLD so go back to our custom one.
18141: [f10d76237486]
18142:
18143: * env.c:
18144: Fix preserving of variables in env_keep.
18145: [d040049d6b84]
18146:
18147: * env.c:
18148: add XAUTHORIZATION
18149: [0d589a5fe015]
18150:
18151: * UPGRADE:
18152: expand upon env resetting and mention that it began in 1.6.9 not
18153: 1.7.
18154: [dba251655c76]
18155:
18156: * sudoers.pod:
18157: Update descriptions of env_keep and env_check to match current
18158: reality.
18159: [dba77357954b]
18160:
18161: 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
18162:
18163: * env.c:
18164: Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
18165: LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
18166: [eec4632bd190]
18167:
18168: * env.c, logging.c:
18169: Treat USERNAME environemnt variable like LOGNAME/USER
18170: [09f52dcfd70c]
18171:
18172: * env.c:
18173: Don't need to populate keepenv table with the contents of the
18174: checkenv table.
18175: [527a14afd973]
18176:
18177: * sudo.c:
18178: Don't force sudo into the C locale.
18179: [8a5bd301ef96]
18180:
18181: * env.c:
18182: Make env_check apply when env_reset it true. Environment variables
18183: are passed through unless they contain '/' or '%'. There is no need
18184: to have a variable in both env_check and env_keep.
18185: [840c802721e4]
18186:
18187: 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
18188:
18189: * visudo.c:
18190: Remove an duplicate lock_file() call and add a comment.
18191: [5af9dcdf0eb6]
18192:
18193: * UPGRADE:
18194: Add sudo 1.6.9 upgrade note.
18195: [1585149f2914]
18196:
18197: 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
18198:
18199: * interfaces.c:
18200: Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
18201: small. From Klaus Wagner.
18202: [d6899fc44f77]
18203:
18204: * logging.c, sudo.h:
18205: Redo the long syslog line splitting based on a patch from Eygene
18206: Ryabinkin. Include memrchr() for systems without it.
18207: [66a50e8d553a]
18208:
18209: * memrchr.c:
18210: Redo the long syslog line splitting based on a patch from Eygene
18211: Ryabinkin. Include memrchr() for systems without it.
18212: [2f6702b7d41b]
18213:
18214: * Makefile.in, config.h.in, configure, configure.in:
18215: Redo the long syslog line splitting based on a patch from Eygene
18216: Ryabinkin. Include memrchr() for systems without it.
18217: [407a46190921]
18218:
18219: * configure.in:
18220: Since we need to be able to convert timespec to timeval for utimes()
18221: the last 3 digits in the tv_nsec are not significant. This makes the
18222: sudoedit file date comparison work again.
18223: [9d0258849fa9]
18224:
18225: 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
18226:
18227: * aclocal.m4, configure, configure.in:
18228: Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
18229: This deals with exclusive authentication methods in a simple way.
18230: [7d70072c0f35]
18231:
18232: 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
18233:
18234: * LICENSE:
18235: mkstemp.c is BSD code too.
18236: [29e236d98162]
18237:
18238: * sudo.pod, sudoers.pod, visudo.pod:
18239: No commercial support for now.
18240: [7c76b3e192dd]
18241:
18242: 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
18243:
18244: * sudo.c:
18245: cleanenv() is no more.
18246: [518080514408]
18247:
18248: 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
18249:
18250: * ChangeLog:
18251: Display branch info in Changelog
18252: [44e3b27427c7]
18253:
18254: * utimes.c:
18255: Include config.h early so we have it for TIME_WITH_SYS_TIME
18256: [4bf1a00d0703]
18257:
18258: * ChangeLog:
18259: Fix Changelog generation and update.
18260: [6e960dbcbece]
18261:
18262: 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
18263:
18264: * closefrom.c:
18265: Use /proc/self/fd instead of /proc/$$/fd
18266:
18267: Move old-style fd closing into closefrom_fallback() and call that if
18268: /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
18269: [faa7e4810758]
18270:
18271: * auth/kerb5.c, config.h.in, configure.in:
18272: o use krb5_verify_user() if available instead of doing it by hand o
18273: use krb5_init_secure_context() if we have it o pass an encryption
18274: type of 0 to krb5_kt_read_service_key() instead of
18275: ENCTYPE_DES_CBC_MD5 to let kerberos choose.
18276: [df7acf72bd7c]
18277:
18278: * env.c:
18279: Check TERM and COLORTERM for '%' and '/' characters. From Debian.
18280: [f92d05197e40]
18281:
18282: * configure.in:
18283: Fix closefrom() substitution in the Makefile
18284: [b642b13fcc5c]
18285:
18286: * TROUBLESHOOTING:
18287: Mention alternate sudo pronunciation.
18288: [7c71dc73409f]
18289:
18290: 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
18291:
18292: * env.c:
18293: Remove KRB5_KTNAME from environment. Allow COLORTERM.
18294: [70f35a79f780]
18295:
18296: * auth/kerb5.c:
18297: If we cannot get a valid service key using the default keytab it is
18298: a fatal error. Fixes a bug where sudo could be tricked into
18299: allowing access when it should not by a fake KDC. From Thor Lancelot
18300: Simon.
18301: [a3ae6a47cb23]
18302:
18303: 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
18304:
18305: * aclocal.m4, configure, configure.in:
18306: Update long long checks to use AC_CHECK_TYPES and to cache values.
18307: [047318eaaeb2]
18308:
18309: * aclocal.m4, configure.in:
18310: Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
18311: use AC_REPLACE_FNMATCH since that assumes replacing with GNU
18312: fnmatch.
18313: [80513a1003ea]
18314:
18315: 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
18316:
18317: * configure, configure.in:
18318: Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
18319: need it for visudo now too.
18320: [50837c7c2b5e]
18321:
18322: 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
18323:
18324: * sudoers.pod:
18325: Attempt to clarify the bit talking about network numbers w/o
18326: netmasks.
18327: [211e68c1d034]
18328:
18329: * sudo.pod:
18330: Clarify timestamp dir ownership sentence.
18331: [9178f132c7f7]
18332:
18333: 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
18334:
18335: * auth/pam.c:
18336: Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
18337: Dmitry V. Levin.
18338: [81fce91667bc]
18339:
18340: 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
18341:
18342: * sudo.c:
18343: -i is also one of the mutually exclusive options to list it in the
18344: warning message. Noted by Chris Pepper.
18345: [7da73fb248e9]
18346:
18347: 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
18348:
18349: * visudo.pod:
18350: The sudoers variable is env_editor, not enveditor. From Jean-
18351: Francois Saucier.
18352: [2a86ec09a6db]
18353:
18354: 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
18355:
18356: * redblack.c:
18357: I tracked down the original author so credit him and include his
18358: license info.
18359: [3733553a1bba]
18360:
18361: 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
18362:
18363: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
18364: sudoers.pod:
18365: Fix typos; from Jason McIntyre.
18366: [1ee4ce2512f2]
18367:
18368: * logging.c:
18369: Restore signal mask before calling reapchild(). Fixes a possible
18370: race condition that could prevent sudo from properly waiting for the
18371: child.
18372: [9ee4192385dc]
18373:
18374: 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
18375:
18376: * pwutil.c:
18377: Don't declare pw_free() if we are not going to use it.
18378: [adb79a4289ca]
18379:
18380: * env.c:
18381: Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
18382: LDR_PRELOAD64. The 64-bit version is not currently supported.
18383: Remove zero_env() prototype as it no longer exists.
18384: [b4fe65027fb6]
18385:
18386: 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
18387:
18388: * logging.c:
18389: Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
18390: [78002ad90f7b]
18391:
18392: 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
18393:
18394: * auth/pam.c:
18395: If the user enters ^C at the password prompt, abort instead of
18396: trying to authenticate with an empty password (which causes an
18397: annoying delay).
18398: [da3f27b747c7]
18399:
18400: 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
18401:
18402: * closefrom.c, config.h.in, configure, configure.in:
18403: Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
18404: Darren Tucker.
18405: [0331b7780759]
18406:
18407: * pwutil.c:
18408: pw_free() is only used by sudo_freepwcache() so ifdef it out too.
18409: [0014c0d9eeba]
18410:
18411: 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
18412:
18413: * config.guess, config.sub:
18414: Update to latest versions from cvs.savannah.gnu.org
18415: [aa0143101c20]
18416:
18417: 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
18418:
18419: * pwutil.c, sudo_edit.c:
18420: Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
18421: we can close the passwd/group files early.
18422: [559074bd7eb7]
18423:
18424: * config.h.in, configure, configure.in, set_perms.c:
18425: Add seteuid() flavor of set_perms() for systems without setreuid()
18426: or setresuid() that have a working seteuid(). Tested on Darwin.
18427: [508d8da99189]
18428:
18429: 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
18430:
18431: * mon_systrace.c:
18432: systrace_read() returns ssize_t
18433: [9f97d1d1a59d]
18434:
18435: * configure, configure.in:
18436: Fix typo, -lldap vs. -ldap; from Tim Knox.
18437: [a8cc43c3bb2a]
18438:
18439: 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
18440:
18441: * HISTORY:
18442: Fix typo; Matt Ackeret
18443: [86964ee3dfbd]
18444:
18445: 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
18446:
18447: * sudo.c:
18448: Print sudoers path in -V mode for root.
18449: [dc43f2d75bd9]
18450:
18451: 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
18452:
18453: * ldap.c:
18454: Do a sub tree search instead of a base search (one level in the tree
18455: only) for sudo right objects. This allows system administrators to
18456: categorize the rights in a tree to make them easier to manage.
18457: [6d2d9abf996e]
18458:
18459: 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
18460:
18461: * sudo.pod:
18462: fix typo
18463: [1473413bcbda]
18464:
18465: 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
18466:
18467: * ldap.c:
18468: Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
18469: bind_timelimit support; adapted from gentoo.
18470: [afc816093026]
18471:
18472: 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
18473:
18474: * ldap.c:
18475: Support comments that start in the middle of a line
18476: [c25df6ee3db8]
18477:
18478: * configure, configure.in:
18479: Define LDAP_DEPRECATED until we start using ldap_get_values_len()
18480: [ee249bfe230a]
18481:
18482: 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
18483:
18484: * closefrom.c:
18485: Silence gcc -Wsign-compare; djm@openbsd.org
18486: [28769ce6418d]
18487:
18488: * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
18489: cleanup() now takes an int as an arg so it can be used as a signal
18490: handler too.
18491: [2bb0df34d09c]
18492:
18493: * sudo.c:
18494: Make a copy of the shell field in the passwd struct for NewArgv to
18495: avoid a use after free situation after sudo_endpwent() is called.
18496: [5dcc9ffd362e]
18497:
18498: 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
18499:
18500: * config.h.in, configure, configure.in:
18501: Add mkstemp() for those poor souls without it.
18502: [5fdd02e863e0]
18503:
18504: * mkstemp.c:
18505: Add mkstemp() for those poor souls without it.
18506: [c99401207860]
18507:
18508: * Makefile.in:
18509: Add mkstemp() for those poor souls without it.
18510: [9c1cf2678f24]
18511:
18512: 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
18513:
18514: * env.c:
18515: Add PERL5DB to list of environment variables to remove.
18516: [7375c27ecf75]
18517:
18518: 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
18519:
18520: * mon_systrace.c, mon_systrace.h:
18521: Instead of calling the check function twice with a state cookie use
18522: separate check/log functions.
18523:
18524: Check more ioctl() calls for failure.
18525:
18526: systrace_{read,write} now return the number of bytes read/written or
18527: -1 on error.
18528: [3dc8946d90e9]
18529:
18530: * env.c:
18531: Add more environment variables to remove; from gentoo linux Add some
18532: comments about what bad env variables go to what (more to do)
18533: [6918110a6b82]
18534:
18535: 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
18536:
18537: * sudo.c, sudo_edit.c:
18538: Move sudo_end{gr,pw}ent() until just before the exec since they free
18539: up our cached copy of the passwd structs, including sudo_user and
18540: sudo_runas. Fixes a use-after-free bug.
18541: [54de3778bad0]
18542:
18543: * visudo.c:
18544: Close all fd's before executing editor.
18545: [4fcc05e1bec8]
18546:
18547: * sudo.c:
18548: Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
18549: [ef0e8ffa5c9f]
18550:
18551: * check.c:
18552: Fix fd leak when lecture file option is enabled. From Jerry Brown
18553: [ce97f9207cd8]
18554:
18555: 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
18556:
18557: * env.c:
18558: Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
18559: environment variables to remove. From Charles Morris
18560: [c96e1367d1c1]
18561:
18562: 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
18563:
18564: * env.c:
18565: add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
18566: [72a6a1571226]
18567:
18568: 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
18569:
18570: * env.c:
18571: add PS4 and SHELLOPTS to initial_badenv_table for bash
18572: [89dfb3f318f3]
18573:
18574: 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
18575:
18576: * sudoers.pod:
18577: Fix typo; Toby Peterson
18578: [b7a3222b23f4]
18579:
18580: 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
18581:
18582: * tsgetgrpw.c:
18583: Make return buffers static so they don't get clobbered
18584: [13323a39b9f5]
18585:
18586: 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
18587:
18588: * auth/securid5.c:
18589: Fix securid5 authentication, was not checking for ACM_OK. Also add
18590: default cases for the two switch()es. Problem noted by ccon at
18591: worldbank
18592: [14091e418333]
18593:
18594: 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
18595:
18596: * ldap.c:
18597: Remove ncat() in favor of just counting bytes and pre-allocating
18598: what is needed.
18599: [25b8712adb61]
18600:
18601: 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
18602:
18603: * ldap.c:
18604: Fix up some comments Add missing fclose() for the rootbinddn case
18605: [ae95c8a89711]
18606:
18607: * ldap.c:
18608: align struct ldap_config
18609: [35d0d64c76f8]
18610:
18611: * ldap.c:
18612: use LINE_MAX for max conf file line size
18613: [da116cb8853d]
18614:
18615: * pathnames.h.in:
18616: add _PATH_LDAP_SECRET
18617: [128b04ecfab7]
18618:
18619: * README.LDAP:
18620: Mention rootbinddn Give example ou=SUDOers container
18621: [852edc69bd1c]
18622:
18623: 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
18624:
18625: * INSTALL, configure, configure.in, ldap.c:
18626: Support rootbinddn in ldap.conf
18627: [1615c91522a1]
18628:
18629: * env.c, sudo.pod, sudoers.pod:
18630: Preserve DISPLAY environment variable by default.
18631: [05f503d5f438]
18632:
18633: * acsite.m4, configure:
18634: set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
18635: [18a04dea8d05]
18636:
18637: * acsite.m4, configure:
18638: set need_version=no for all cases; this is safe for LD_PRELOAD
18639: [b542560e1a73]
18640:
18641: * aclocal.m4:
18642: typo
18643: [c040df0fcd5a]
18644:
18645: * configure, configure.in:
18646: Add dragonfly
18647: [f13794618636]
18648:
18649: * auth/pam.c:
18650: Fix call to pam_end() when pam_open_session() fails.
18651: [0be47cdfdef1]
18652:
18653: * configure:
18654: regen
18655: [7f5c13b4b800]
18656:
18657: * acsite.m4:
18658: rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
18659: ltsugar.m4 ltversion.m4
18660: [a7ba9fd1a2ab]
18661:
18662: * config.guess, config.sub, ltmain.sh:
18663: merge in local changes: config.guess: o better openbsd support
18664: config.sub: o hiuxmpp support ltmain.sh o remove requirement that
18665: libs must begin with "lib" o don't print a bunch of crap about
18666: library installs o don't run ldconfig
18667: [f4149f2c720f]
18668:
18669: * config.guess, config.sub, ltmain.sh:
18670: libtool 1.9f
18671: [82a534e7121f]
18672:
18673: * configure.in:
18674: Update with autoupdate and make minor changes for libtool 1.9f
18675: [11b5ae5c1428]
18676:
18677: 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
18678:
18679: * parse.c:
18680: don't call sudo_ldap_display_cmnd if ldap not setup
18681: [8bcf6c094ffe]
18682:
18683: * sudo_edit.c, visudo.c:
18684: Move declatation of struct timespec to its own include files for
18685: systems without it since it needs time_t defined.
18686: [b95c333299a0]
18687:
18688: * gettime.c:
18689: Move declatation of struct timespec to its own include files for
18690: systems without it since it needs time_t defined.
18691: [021b4569cc0c]
18692:
18693: * fileops.c:
18694: Move declatation of struct timespec to its own include files for
18695: systems without it since it needs time_t defined.
18696: [dd8573b2ee7d]
18697:
18698: * emul/timespec.h:
18699: Move declatation of struct timespec to its own include files for
18700: systems without it since it needs time_t defined.
18701: [f95137771564]
18702:
18703: * check.c, compat.h:
18704: Move declatation of struct timespec to its own include files for
18705: systems without it since it needs time_t defined.
18706: [2ef2ace8fe85]
18707:
18708: * ldap.c:
18709: Don't set safe_cmnd for the "sudo ALL" case.
18710: [ad7fa9e07da0]
18711:
18712: 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
18713:
18714: * auth/pam.c:
18715: Call pam_open_session() and pam_close_session() to give pam_limits a
18716: chance to run. Idea from Karel Zak.
18717: [fed46d471350]
18718:
18719: 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
18720:
18721: * check.c, sudo.c:
18722: Add explicit cast from mode_t -> u_int in printf to silence warnings
18723: on Solaris
18724: [17bb961fe22d]
18725:
18726: * parse.c:
18727: include grp.h to silence a warning on Solaris
18728: [14386fbab640]
18729:
18730: 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
18731:
18732: * parse.c:
18733: Fix printing of += and -= defaults.
18734: [a667604c56cd]
18735:
18736: 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
18737:
18738: * mon_systrace.c:
18739: Sanity check number of syscall args with argsize. Not really needed
18740: but a little paranoia never hurts.
18741: [6bb455a2c2d6]
18742:
18743: * mon_systrace.c, mon_systrace.h:
18744: Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
18745: for systrace lengths (since it uses int)
18746: [3cafccffcffd]
18747:
18748: 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
18749:
18750: * mon_systrace.c:
18751: Add some memsets for paranoia Fix namespace collsion w/ error Check
18752: rval of decode_args() and update_env() Remove improper setting of
18753: validated variable
18754: [3d385158354d]
18755:
18756: 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
18757:
18758: * parse.c, sudo.c, sudo.h:
18759: In -l mode, only check local sudoers file if def_ignore_sudoers is
18760: not set and call LDAP versions from display_privs() and
18761: display_cmnd() instead of directly from main(). Because of this we
18762: need to defer closing the ldap connection until after -l processing
18763: has ocurred and we must pass in the ldap pointer to display_privs()
18764: and display_cmnd().
18765: [1dfc2e8c9f2b]
18766:
18767: * ldap.c:
18768: Reorganize LDAP code to better match normal sudoers parsing.
18769: Instead of storing strings for later printing in -l mode we do
18770: another query since the authenticating user and the user being
18771: listed may not be the same (the new -U flag). Also add support for
18772: "sudo -l command".
18773:
18774: There is still a fair bit if duplicated code that can probably be
18775: refactored.
18776: [e9568f19bde5]
18777:
18778: 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
18779:
18780: * ldap.c:
18781: Replace pass variable with do_netgr for better readability.
18782: [1bba841b6e79]
18783:
18784: * ldap.c:
18785: use DPRINTF macro
18786: [02b159b66bb5]
18787:
18788: * ldap.c:
18789: estrdup, not strdup
18790: [22cdee7973c1]
18791:
18792: 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
18793:
18794: * parse.c:
18795: Add macro to test if the tag changed to improve readability.
18796: [4e11b4819556]
18797:
18798: * parse.c:
18799: Avoid printing defaults header if there are no defaults to print...
18800: [41a28627df03]
18801:
18802: * glob.c:
18803: Fix a warning on systems without strlcpy().
18804: [6814e0f0e4f4]
18805:
18806: * pwutil.c:
18807: Use macros where possible for sudo_grdup() like sudo_pwdup().
18808: [30f201ff35cd]
18809:
18810: 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
18811:
18812: * utimes.c:
18813: It is possible for tv_usec to hold >= 1000000 usecs so add in
18814: tv_usec / 1000000.
18815: [794ac4d53a65]
18816:
18817: 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
18818:
18819: * auth/kerb5.c:
18820: The component in krb5_principal_get_comp_string() should be 1, not 0
18821: for Heimdal. From Alex Plotnick.
18822: [fefa351c5044]
18823:
18824: 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
18825:
18826: * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
18827: interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
18828: redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
18829: Add efree() for consistency with emalloc() et al. Allows us to rely
18830: on C89 behavior (free(NULL) is valid) even on K&R.
18831: [7876bb80d87c]
18832:
18833: * parse.c, sudo.c:
18834: Move initgroups() for -U option into display_privs() so group
18835: matching in sudoers works correctly.
18836: [b074428ad2ca]
18837:
18838: 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
18839:
18840: * ldap.c:
18841: Removed duplicate call to ldap_unbind_s introduced along with
18842: sudo_ldap_close.
18843: [19acc1c20f7c]
18844:
18845: * parse.c:
18846: Add missing space in Defaults printing
18847: [95d2935bf6d4]
18848:
18849: 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
18850:
18851: * pwutil.c:
18852: Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
18853: and string copies.
18854: [6b6b241495e5]
18855:
18856: 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
18857:
18858: * pwutil.c:
18859: Zero old pw_passwd before replacing with version from shadow file.
18860: [3251b349dfe1]
18861:
18862: * configure, configure.in:
18863: Only attempt shadow password detection if PAM is not being used Add
18864: shadow_* variables to make shadow password detection more generic.
18865: [d498a3423ac9]
18866:
18867: * configure.in:
18868: Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
18869: [04d55bbd5e35]
18870:
18871: 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
18872:
18873: * sudoers.pod:
18874: use a non-breaking space to avoid a double space after e.g.
18875: [11cdb54bdf7b]
18876:
18877: * sudo.pod:
18878: commna, not colon after e.g.
18879: [8d5875ff72e0]
18880:
18881: 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
18882:
18883: * sudo_noexec.c:
18884: Add __ variants of the exec functions. GNU libc at least uses
18885: __execve() internally.
18886: [d1880473d790]
18887:
18888: * indent.pro:
18889: Match reality a bit more.
18890: [633e3fa875a7]
18891:
18892: * pwutil.c:
18893: Missed piece from rev. 1.6, fix sudo_getpwnam() too.
18894: [128f7b21c2ee]
18895:
18896: * pwutil.c:
18897: Store shadow password after making a local copy of struct passwd in
18898: case normal and shadow routines use the same internal buffer in
18899: libc.
18900: [f806052a6ffc]
18901:
18902: 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
18903:
18904: * alloc.c, logging.c:
18905: Make varargs usage consistent with the rest of the code.
18906: [3d45affc9851]
18907:
18908: 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
18909:
18910: * sudo_noexec.c:
18911: Wrap more of the exec family since on Linux the others do not appear
18912: to go through the normal execve() path.
18913: [8167769b4e19]
18914:
18915: * visudo.c:
18916: make print_unused static like proto says
18917: [ecf10e1bae55]
18918:
18919: * glob.c:
18920: silence a warning on K&R systems
18921: [2e00425f1a5c]
18922:
18923: * alias.c, error.c:
18924: make this build in K&R land
18925: [156f65f8525a]
18926:
18927: * parse.c:
18928: make this build in K&R land
18929: [6fc9276889cb]
18930:
18931: 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
18932:
18933: * toke.c:
18934: regen
18935: [3b349748cd21]
18936:
18937: 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
18938:
18939: * ldap.c:
18940: return(foo) not return foo optimize _atobool() slightly
18941: [11d09d154ed5]
18942:
18943: * ldap.c:
18944: Use TRUE/FALSE
18945: [53999320d98f]
18946:
18947: * ldap.c:
18948: Reformat to match the rest of sudo's code.
18949: [1bd0f2afa0e7]
18950:
18951: * sudo.pod:
18952: I am the primary author
18953: [5d311ecd85c6]
18954:
18955: 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
18956:
18957: * Makefile.in, README, RUNSON:
18958: The RUNSON file is toast--it confused too many people and really
18959: isn't needed in a configure-oriented world.
18960: [96a6ef7bbc08]
18961:
18962: * INSTALL:
18963: alternate -> alternative
18964: [b65015c5d0a2]
18965:
18966: * tgetpass.c:
18967: Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
18968: TCSAFLUSH.
18969: [c66b4763ffdc]
18970:
18971: * toke.l:
18972: Allow leading blanks before Defaults and Foo_Alias definitions
18973: [2add513d9277]
18974:
18975: * Makefile.in:
18976: fix rules to build toke.o and gram.o in devel mode
18977: [96cbb414ebd3]
18978:
18979: 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
18980:
18981: * sudoers.pod:
18982: env_keep overrides set_logname
18983: [401877193a15]
18984:
18985: * env.c:
18986: Fix disabling set_logname and make env_keep override set_logname.
18987: [0906e7a5ed93]
18988:
18989: * compat.h, config.h.in, configure, configure.in:
18990: No longer need memmove()
18991: [43bdb6efe3f2]
18992:
18993: * env.c, sudo.c:
18994: Just clean the environment once. This assumes that any further
18995: setenv/putenv will be able to handle the fact that we replaced
18996: environ with our own malloc'd copy but all the implementations I've
18997: checked do.
18998: [11658fe92ba2]
18999:
19000: 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
19001:
19002: * env.c, sudo.c:
19003: In -i mode, base the value of insert_env()'s dupcheck flag on
19004: DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
19005: [8365b0bd0c71]
19006:
19007: 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
19008:
19009: * env.c, sudo.c:
19010: Move setting of user_path, user_shell, user_prompt and prev_user
19011: into init_vars() since user_shell at least is needed there.
19012: [37e22dce66e9]
19013:
19014: 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
19015:
19016: * Makefile.in:
19017: fix devel builds
19018: [9fbb15ef164c]
19019:
19020: * sudo.c:
19021: Fix some printf format mismatches on error.
19022: [ffc1c3f11740]
19023:
19024: * check.c:
19025: Fix some printf format mismatches on error.
19026: [7b3b508adf50]
19027:
19028: * configure, gram.c, toke.c:
19029: regen
19030: [aa76f9d8b02a]
19031:
19032: * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
19033: auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
19034: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
19035: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
19036: auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
19037: closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
19038: emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
19039: getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
19040: interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
19041: parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
19042: snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
19043: sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
19044: testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
19045: visudo.pod, zero_bytes.c:
19046: Update copyright years.
19047: [0610c3654739]
19048:
19049: * Makefile.binary.in:
19050: Update copyright years.
19051: [d78ffc9f2e2b]
19052:
19053: * LICENSE:
19054: Update copyright years.
19055: [f60473bca4b1]
19056:
19057: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
19058: version 1.7
19059: [aa977a544ca1]
19060:
19061: * WHATSNEW:
19062: What's new in sudo 1.7, based on the 1.7 CHANGES entries.
19063: [ecfcf7269c14]
19064:
19065: 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
19066:
19067: * compat.h, logging.h, sudo.h:
19068: Add __printflike and use it with gcc to warn about printf-like
19069: format mismatches
19070: [b192ad4a0548]
19071:
19072: 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
19073:
19074: * CHANGES, ChangeLog:
19075: Replaced CHANGES file with ChangeLog generated from cvs logs
19076: [d9ace9dab98f]
19077:
19078: * set_perms.c:
19079: Use warning/error instead of perror/fatal.
19080: [e33259df7738]
19081:
19082: * config.guess:
19083: Update OpenBSD section
19084: [9d2c23de6801]
19085:
19086: * UPGRADE:
19087: Add upgrading noted for 1.7
19088: [1fb6b6d6df07]
19089:
19090: * env.c, sudo.c, sudoers.pod:
19091: Instead of zeroing out the environment, just prune out entries based
19092: on the env_delete and env_check lists. Base building up the new
19093: environment on the current environment and the variables we removed
19094: initially.
19095: [fc192df8fd15]
19096:
19097: * config.h.in, configure, configure.in, sudo.c:
19098: Set locale to "C" if locales are supported, just to be safe.
19099: [91fbaa98f02e]
19100:
19101: * toke.c, toke.l:
19102: Cast?argument to ctype functions to unsigned char.
19103: [e096b4d65796]
19104:
19105: 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
19106:
19107: * env.c:
19108: correct value for DID_USER
19109: [b5b05d36ec15]
19110:
19111: * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
19112: #include <compat.h> not "compat.h"
19113: [7a0ad9a0ccd7]
19114:
19115: * defaults.c:
19116: Reset the environment by default.
19117: [4ecc6423e0f0]
19118:
19119: * sudo.c:
19120: Alloc an extra slot in NewArgv. Removes the need to malloc an new
19121: vector if execve() fails.
19122: [83dfb6f584a7]
19123:
19124: 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
19125:
19126: * INSTALL, config.h.in, configure, configure.in, sudo.c:
19127: Use execve(2) and wrap the command in sh if we get ENOEXEC.
19128: [c0c6af4e2a21]
19129:
19130: 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
19131:
19132: * sudo_noexec.c:
19133: Only include time.h on systems that lack struct timespec which gets
19134: defind in compat.h (using time_t).
19135: [e373e518b4cb]
19136:
19137: * sudo_noexec.c:
19138: Include time.h for time_t in compat.h for systems w/o struct
19139: timespec.
19140: [a34b5637e458]
19141:
19142: * compat.h, config.h.in, configure, configure.in:
19143: use bcopy on systems w/o memmove
19144: [f835eafd78c6]
19145:
19146: * compat.h:
19147: __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
19148: use to gcc >= 2.8.
19149: [1cb9a4e58566]
19150:
19151: * Makefile.in:
19152: Add explicit rule to build sudo_noexec.lo
19153: [df1dfcf8dd77]
19154:
19155: 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
19156:
19157: * INSTALL.configure, Makefile.in:
19158: No longer depend on VPATH; pointed out a bunch of missed
19159: dependencies.
19160: [601a45d4af6b]
19161:
19162: * TROUBLESHOOTING:
19163: Help for PAM when account section is missing
19164: [9b8221256756]
19165:
19166: * auth/pam.c:
19167: Give user a clue when there is a missing "account" section in the
19168: PAM config.
19169: [2529625c0495]
19170:
19171: * auth/pam.c:
19172: Better error handling.
19173: [518c9bda23d8]
19174:
19175: * config.h.in, configure, configure.in:
19176: Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
19177: possible. Silences a warning about isblank() on linux.
19178: [19c94d7ecdc8]
19179:
19180: * auth/pam.c:
19181: Fix typo (missing comma) that caused an incorrect number of args to
19182: be passed to log_error().
19183: [0099dfec560f]
19184:
19185: 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
19186:
19187: * pwutil.c:
19188: Don't try to destroy a tree we didn't create.
19189: [d43c4fe03aa4]
19190:
19191: 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
19192:
19193: * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
19194: auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
19195: auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
19196: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
19197: compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
19198: fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
19199: goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
19200: match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
19201: sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
19202: strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
19203: tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
19204: Add __unused to rcsids
19205: [ad6b4ac45705]
19206:
19207: 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
19208:
19209: * configure, configure.in:
19210: Fix error message when mixing invalid auth types
19211: [68069b3ff5bc]
19212:
19213: * INSTALL:
19214: PAM, AIX auth, BSD auth and login_cap are now on by default if the
19215: OS supports them.
19216: [4e44e9098cf0]
19217:
19218: * auth/sudo_auth.h, config.h.in:
19219: s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
19220: [2d569b43b23e]
19221:
19222: * configure.in:
19223: Better checking for conflicting authentication methods Display the
19224: authentication methods used at the end of configure Rename --with-
19225: authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
19226: --with-pam, --with-logincap by default on systems that support them
19227: unless disabled. Add OSMAJOR variable that replaces old OSREV; now
19228: OSREV has full version number
19229: [a21115b6fe9f]
19230:
19231: 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
19232:
19233: * def_data.c, def_data.in, sudo.c, sudoers.pod:
19234: s/-O/-C/
19235: [ee73f1b81923]
19236:
19237: 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
19238:
19239: * configure.in:
19240: Replace: test -n "$FOO" || FOO="bar"
19241:
19242: With: : ${FOO='bar'}
19243: [37552d9054fc]
19244:
19245: 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
19246:
19247: * pwutil.c, testsudoers.c, tsgetgrpw.c:
19248: Use function pointers to only call private passwd/group routines
19249: when using a nonstandard passwd/group file.
19250: [215908681dfb]
19251:
19252: 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
19253:
19254: * CHANGES:
19255: sync
19256: [2e55c03f5790]
19257:
19258: * tsgetgrpw.c:
19259: Can't use strtok() since it doesn't handle empty fields so add
19260: getpwent()/getgrent() functions and call those.
19261: [bdaa5b0db70e]
19262:
19263: 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
19264:
19265: * Makefile.in:
19266: Fix dummied out toke.c and gram.c dependencies.
19267: [4b909c8b2ebe]
19268:
19269: * Makefile.in:
19270: Rename PARSESRCS -> GENERATED since it is only used in the clean
19271: target Add devdir variable and use it to specify the path to parser
19272: sources
19273: [f27b3f41ca23]
19274:
19275: * configure:
19276: regen
19277: [22c6435dbd46]
19278:
19279: * configure.in:
19280: Add a devdir variables that defaults to $(srcdir) and is set to . if
19281: --devel was specified. Allows for proper dependecies building the
19282: parser.
19283: [a36d694c6d21]
19284:
19285: * testsudoers.c:
19286: Add support for custom passwd/group files.
19287: [296549ff4b87]
19288:
19289: * Makefile.in:
19290: Build private copy of pwutil.o for testsudoers with MYPW defined so
19291: it uses our own passwd/group routines.
19292: [bafa54ec78ca]
19293:
19294: * visudo.c:
19295: Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
19296: stubs instead. We can now just use the caching sudo_*{pw,gr}*
19297: functions in pwutil.c Add comment about wanting to call
19298: sudo_endpwent/sudo_endgrent in cleanup()
19299: [7e59d6b5510d]
19300:
19301: * tsgetgrpw.c:
19302: Remove caching; we will just use what is in pwutil.c Use global
19303: buffers for passwd/group structs Rename functions from sudo_* to
19304: my_*
19305: [8c1e068f574c]
19306:
19307: * logging.c, sudo.c:
19308: g/c pwcache_init/pwcache_destroy
19309: [60a24909b947]
19310:
19311: * sudo.h:
19312: Undo last commit and add sudo_setspent and sudo_endspent instead.
19313: [bac80db08296]
19314:
19315: * getspwuid.c, pwutil.c:
19316: Move all but the shadow stuff from getspwuid.c to pwutil.c and
19317: pwcache_get and pwcache_put as they are no longer needed. Also add
19318: preprocessor magic to use private versions of the passwd and group
19319: routines if MYPW is defined (for use by testsudoers).
19320: [a16b8678a426]
19321:
19322: * tsgetgrpw.c:
19323: zero out struct passwd/group before filling it in so if there are
19324: fields we don't handle they end up as 0.
19325: [274cb6a93301]
19326:
19327: * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
19328: Adapt to pwutil.c
19329: [43ebd04c8b82]
19330:
19331: * Makefile.in:
19332: Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
19333: readability.
19334: [7f88c6061e2d]
19335:
19336: * tsgetgrpw.c:
19337: Passwd and group lookup routines for testsudoers that support
19338: alternate passwd and group files.
19339: [d7803101d34e]
19340:
19341: * getspwuid.c, pwutil.c:
19342: Split off pw/gr cache and dup code into its own file. This allows
19343: visudo and testsudoers to use the pw/gr cache too.
19344: [ef333d3ffedf]
19345:
19346: 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
19347:
19348: * parse.c:
19349: Print Defaults info in "sudo -l" output and wrap lines based on the
19350: terminal width.
19351: [e559eae4250e]
19352:
19353: 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
19354:
19355: * match.c, testsudoers.c, visudo.c:
19356: Only check group vector in usergr_matches() if we are matching the
19357: invoking or list user. Always check the group members, even if
19358: there was a group vector.
19359: [d0c7ceb2a041]
19360:
19361: 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
19362:
19363: * LICENSE, Makefile.in, fnmatch.3:
19364: No longer bundle fnmatch.3
19365: [72db4a4ff4e1]
19366:
19367: * CHANGES, TODO:
19368: checkpoint
19369: [e92781bfd99c]
19370:
19371: 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
19372:
19373: * sudo.c:
19374: sort usage
19375: [15e3b876ec2c]
19376:
19377: * sudo.pod:
19378: Sort command line options
19379: [c1fa56584bc4]
19380:
19381: * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
19382: sudo.pod, sudoers.pod:
19383: Add closefrom sudoers option to start closing at a point other than
19384: 3. Add closefrom_override sudoers option and -C sudo flag to allow
19385: the user to specify a different closefrom starting point.
19386: [370652b099d1]
19387:
19388: * pathnames.h.in:
19389: Add _PATH_DEVNULL for those without it.
19390: [0c4c3e0ceb8b]
19391:
19392: * LICENSE:
19393: no more UCB strcasecmp
19394: [397a6298e07f]
19395:
19396: * strcasecmp.c:
19397: replace BSD licensed one with version derived from pdksh
19398: [d7cfda8c57a2]
19399:
19400: 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
19401:
19402: * sudo.c:
19403: Fix last commit.
19404: [7afb9a180532]
19405:
19406: * sudo.c:
19407: Make sure stdin, stdout and stderr are open and dup them to
19408: /dev/null if not.
19409: [590f387068bd]
19410:
19411: 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
19412:
19413: * ldap.c, mon_systrace.c, sudo.c, sudo.h:
19414: add sudo_ldap_close
19415: [4273a36765a7]
19416:
19417: * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
19418: Use TIME_WITH_SYS_TIME
19419: [c32b59bf15fb]
19420:
19421: * config.h.in, configure, configure.in:
19422: Add TIME_WITH_SYS_TIME_H
19423: [57cb146f451d]
19424:
19425: 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
19426:
19427: * env.c:
19428: Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
19429: unconditionally on darwin. From Toby Peterson.
19430: [d69959681c87]
19431:
19432: * getspwuid.c:
19433: Check rbinsert() return value. In the case of faked up entries
19434: there is usually a negative response cached that we need to
19435: overwrite.
19436:
19437: In pwfree() don't try to zero out a NULL pw_passwd pointer.
19438: [00b32d1a48c1]
19439:
19440: * mon_systrace.c:
19441: Use the double fork trick to avoid the monitor process being waited
19442: for by the main program run through sudo.
19443: [e0ce556712ff]
19444:
19445: 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
19446:
19447: * sudo.c:
19448: Call initgroups() in -U mode so group matches work normally.
19449: [2235bea15283]
19450:
19451: * def_data.h, mkdefaults:
19452: Don't print a trailing comma for the last entry in enum def_tupple
19453: [c43a96bb31df]
19454:
19455: 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
19456:
19457: * sudoers.cat, sudoers.man.in, sudoers.pod:
19458: Mention values when lecture, listpw and verifypw are used in boolean
19459: context.
19460: [a0b5c0abaccf]
19461:
19462: * def_data.c, def_data.in:
19463: verifypw when used in a boolean TRUE context should be "all", not
19464: "any".
19465: [2eb076ddd5e2]
19466:
19467: 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
19468:
19469: * def_data.in, defaults.c:
19470: Allow tuples that can be used as booleans to be used as boolean
19471: TRUE. In this case the 2nd possible value of the tuple is used for
19472: TRUE.
19473: [bd99aa77e88b]
19474:
19475: 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
19476:
19477: * configure, configure.in:
19478: Correct the test for 2-parameter timespecsub
19479: [d41c9cb26b97]
19480:
19481: * sudo.h:
19482: Add strub struct definitions for passwd, timeval and timespec
19483: [c4ce5c43d8c5]
19484:
19485: * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
19486: Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
19487: and fix a typo in the gettimeofday check.
19488: [8ac9893057ce]
19489:
19490: 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
19491:
19492: * match.c, testsudoers.c:
19493: Deal with user_stat being NULL as it is for visudo and testsudoers.
19494: [3605a6ff64d0]
19495:
19496: * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
19497: Add -U option to use in conjunction with -l instead of -u. Add
19498: support for "sudo -l command" to test a specific command.
19499: [99638789d415]
19500:
19501: * gram.c, gram.y, sudo.c:
19502: Set safe_cmnd after sudoers_lookup() if it has not been set.
19503: Previously it was set by sudo "ALL" in the parser but at that point
19504: the fully-qualified pathname has not yet been found.
19505: [ac30d98f8225]
19506:
19507: 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
19508:
19509: * parse.c, testsudoers.c:
19510: Correctly handle multiple privileges per userspec and runas
19511: inheritence.
19512: [a98a965181af]
19513:
19514: 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
19515:
19516: * defaults.c:
19517: Zero out sd_un for each entry in sudo_defs_table in init_defaults.
19518: [031d3cd4a848]
19519:
19520: 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
19521:
19522: * toke.c, toke.l:
19523: make per-command defaults work with sudoedit
19524: [e56fe33db916]
19525:
19526: * ldap.c, parse.c, sudo.c, sudo.h:
19527: Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
19528: Instead, we just set the approriate defaults variable.
19529: [756eeecc1d86]
19530:
19531: * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
19532: Document per-command Defaults.
19533: [92a0f84b91c1]
19534:
19535: * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
19536: sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
19537: Add support for command-specific Defaults entries. E.g.
19538: Defaults!/usr/bin/vi noexec
19539: [be3d52bf01cf]
19540:
19541: * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
19542: Change an occurence of user_matches() -> runas_matches() missed
19543: previously runas_matches(), host_matches() and cmnd_matches() only
19544: really need to pass in a list of members. user_matches() still
19545: needs to pass in a passwd struct because of "sudo -l"
19546: [833b22fc6fa0]
19547:
19548: * parse.c:
19549: Check def_authenticate, def_noexec and def_monitor when setting
19550: return flags. XXX May be better to just set the defaults directly
19551: and get rid of those flags.
19552: [b6db22b59d69]
19553:
19554: * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
19555: auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
19556: auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
19557: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
19558: defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
19559: getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
19560: gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
19561: mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
19562: strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
19563: sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
19564: visudo.c, zero_bytes.c:
19565: Use: #include <config.h> Not: #include "config.h" That way we get
19566: the correct config.h when build dir != src dir
19567: [97e5670a442b]
19568:
19569: * Makefile.in:
19570: Back out part of rev 1.263; fix -I order
19571: [197ea01cad5d]
19572:
19573: * toke.c, toke.l:
19574: More robust parsing if #include; could be much better still.
19575: [31bc3cd8f045]
19576:
19577: * sudo_edit.c, visudo.c:
19578: Make arg splitting in visudo and sudoedit consistent.
19579: [7bc74485f246]
19580:
19581: * Makefile.in, alias.c, gram.c, gram.y, parse.h:
19582: Split alias routines out into their own file.
19583: [d90f633cf9ae]
19584:
19585: * error.h:
19586: __attribute__ is already defined in compat.h
19587: [676ed3fe9203]
19588:
19589: * visudo.c:
19590: quit() should not be __noreturn__ as it is non-void on some
19591: platforms.
19592: [e528c2b6ba10]
19593:
19594: * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
19595: Add local error/warning functions like err/warn but that call an
19596: additional cleanup routine in the error case. This means we no
19597: longer need to compile a special version of alloc.o for visudo.
19598: [e78e8aae882e]
19599:
19600: * parse.h:
19601: Clarify comments about the data structures
19602: [ae894e266701]
19603:
19604: 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
19605:
19606: * visudo.c:
19607: Add support for VISUAL and EDITOR containing command line args. If
19608: env_editor is not set any args in VISUAL and EDITOR are ignored.
19609: Arguments are also now supported in def_editor.
19610: [ff7303b8e298]
19611:
19612: 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
19613:
19614: * parse.h:
19615: alias_matches() is no more
19616: [b59825e28084]
19617:
19618: * CHANGES, TODO:
19619: sync
19620: [2b8f5f63c1de]
19621:
19622: * Makefile.in:
19623: When regenerating the parser, don't replace gram.h unless it has
19624: changed.
19625: [819949668018]
19626:
19627: * Makefile.in:
19628: remove Makefile.binary for distclean
19629: [351eec8d00b2]
19630:
19631: * env.c:
19632: Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
19633: sure we can't overflow new_env.
19634: [3284d17b9c6d]
19635:
19636: * sudo_edit.c:
19637: paranoia when stripping trailing slashes from tempdir.
19638: [012f1aa2b81f]
19639:
19640: * sudo.c:
19641: Set user_ngroups to 0 if getgroups() returns an error.
19642: [c46d43e9449a]
19643:
19644: 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
19645:
19646: * config.h.in, configure, configure.in, sudo.c:
19647: Add configure check for getgroups()
19648: [5d8a214e2cef]
19649:
19650: * ldap.c:
19651: Use supplementary group vector in struct sudo_user.
19652: [3d0c463c034d]
19653:
19654: * match.c:
19655: Only do string comparisons on the group members if there is no
19656: supplemental group list.
19657: [be1c8362f7ef]
19658:
19659: * CHANGES, TODO:
19660: sync
19661: [db188bc5b975]
19662:
19663: * sudo_edit.c:
19664: On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
19665: chop off any trailing slashes we see and add an explicit one.
19666: [e1b477dafee1]
19667:
19668: * match.c:
19669: remove bogus XXX comment
19670: [8aecb8a28d40]
19671:
19672: * match.c:
19673: Get rid of alias_matches and correctly fall through to the non-alias
19674: cases when there is no alias with the specified name.
19675: [2cd555246f09]
19676:
19677: * getspwuid.c:
19678: Cache non-existent passwd/group entries too.
19679: [8de9a467d271]
19680:
19681: * gram.c:
19682: regen
19683: [9ece18c58f36]
19684:
19685: * getspwuid.c:
19686: fix typo
19687: [9a7ae371eac1]
19688:
19689: * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
19690: mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
19691: Implement group caching and use the passwd and group caches
19692: throughout.
19693: [f1d8c5015169]
19694:
19695: 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
19696:
19697: * match.c:
19698: Properly negate the return value of alias_matches() when
19699: appropriate.
19700: [ce59c4ce77ad]
19701:
19702: * match.c:
19703: Make hostname_matches() return TRUE for a match, else FALSE like the
19704: caller expects.
19705: [1dc03902d3a2]
19706:
19707: * Makefile.in:
19708: Add missing dependencies on gram.h
19709: [4f94bbb1d50c]
19710:
19711: * match.c:
19712: Use runas_matches in alias_matches() now that we have it.
19713: [284d22e91178]
19714:
19715: * parse.c, parse.h:
19716: Expand aliases in "sudo -l" mode
19717: [f67a38b79c44]
19718:
19719: * gram.y, match.c:
19720: Use ALIAS for the member type when storing an alias instead of
19721: HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
19722: more generic type. Expand runas_matches instead of calling
19723: user_matches() inside of it since user_matches() looks up
19724: USERALIASes, not RUNASALIASes.
19725: [52004d75232b]
19726:
19727: * CHANGES, getspwuid.c:
19728: Paranoia; zero out pw_passwd before freeing passwd entry.
19729: [bd1b22638f00]
19730:
19731: * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
19732: configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
19733: error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
19734: sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
19735: Add local error/warning functions like err/warn but that call an
19736: additional cleanup routine in the error case. This means we no
19737: longer need to compile a special version of alloc.o for visudo.
19738: [25000b676cfe]
19739:
19740: * match.c:
19741: Use userpw_matches() to compare usernames, not strcmp(), since the
19742: latter checks for "#uid".
19743: [fcbe4b859f66]
19744:
19745: * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
19746: Cache passwd db entries in 2 reb-black trees; one indexed by uid,
19747: the other by user name. The data returned from the cache should be
19748: considered read-only and is destroyed by sudo_endpwent().
19749: [ee2418ff3f86]
19750:
19751: * match.c:
19752: add cast to uid_t
19753: [eb6415302d84]
19754:
19755: * gram.y:
19756: missing free in alias_destroy
19757: [572ecb680ad8]
19758:
19759: * redblack.c:
19760: Can't use rbapply() for rbdestroy since the destructor is passed a
19761: data pointer, not a node pointer.
19762: [11ce713830c0]
19763:
19764: * getspwuid.c, logging.c, sudo.c, sudo.h:
19765: Create and use private versions of setpwent() and endpwent() that
19766: set/end the shadow password file too.
19767: [616bc76d23bf]
19768:
19769: * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
19770: Store aliases in a red-black tree.
19771: [ce017d540416]
19772:
19773: * Makefile.in, redblack.c, redblack.h:
19774: red-black tree implementation
19775: [cd5586e8f48b]
19776:
19777: * visudo.c:
19778: Edit all sudoers file if there were unused or undefined aliases and
19779: we are in strict mode.
19780: [b6d5f5bb7262]
19781:
19782: 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
19783:
19784: * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
19785: find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
19786: Bring back the "secure_path" Defaults option now that Defaults take
19787: effect before the path is searched.
19788: [2e52c0e27606]
19789:
19790: 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
19791:
19792: * logging.c, parse.c:
19793: A user can always list their own entries, even with -u. Better error
19794: message when failing to list another user's entries.
19795: [e2e24deb0071]
19796:
19797: * parse.c, sudo.c, sudo.h:
19798: The syntax to list another user's entries is now "-u otheruser -l".
19799: Only root or users with sudo "ALL" may list other user's entries.
19800: [3c0657e8f5fe]
19801:
19802: * sudo.cat, sudo.man.in, sudo.pod:
19803: Update env variable info in SECURITY NOTES
19804: [299716071024]
19805:
19806: * env.c:
19807: strip CDPATH too
19808: [9b97643b26f9]
19809:
19810: * env.c:
19811: strip exported bash functions from the environment.
19812: [9e5090c8284f]
19813:
19814: 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
19815:
19816: * sudo.c:
19817: Only reset sudo_user.pw based on SUDO_USER environment variables for
19818: real commands and sudoedit. This avoids a confusing message when a
19819: user tries "sudo -l" or "sudo -v" and is denied.
19820: [3ea6d0053274]
19821:
19822: * gram.c, gram.y, parse.h:
19823: Extend LIST_APPEND to deal with appending lists too
19824: [d963e42f622f]
19825:
19826: 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
19827:
19828: * logging.c:
19829: Convert some bitwise AND to ISSET
19830: [130dc40d268e]
19831:
19832: * lex.yy.c, toke.c:
19833: toke.c replaces lex.yy.c
19834: [048858df79e7]
19835:
19836: * CHANGES, TODO:
19837: sync
19838: [d19e7abf251c]
19839:
19840: * BUGS:
19841: new parser fixes most of the outstanding bugs
19842: [0891f66e3758]
19843:
19844: * configure:
19845: regen
19846: [1a3358cc7283]
19847:
19848: * visudo.c:
19849: Rework for the new parser. Now checks for unused aliases in sudoers.
19850: [ad462ede3094]
19851:
19852: * testsudoers.c:
19853: Rewrite for the new parser. Now supports a -d flag (dump) and adds
19854: a -h flag (host). It now defaults to the local hostname unless
19855: otherwise specified.
19856: [1b69685cc601]
19857:
19858: * sudo.h:
19859: Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
19860: [2e4fb3abfef0]
19861:
19862: * sudo.c:
19863: Update for new parse. We now call find_path() *after* we have
19864: updated the global defaults based on sudoers. Also adds support for
19865: listing other user's privs if you are root.
19866: [cf3db9fc3024]
19867:
19868: * mon_systrace.c:
19869: Working LDAP support; also remove a now-unneeded rewind().
19870: [649ecf1baf6b]
19871:
19872: * logging.c, logging.h:
19873: Add NO_STDERR flag.
19874: [6cb935af94e0]
19875:
19876: * ldap.c:
19877: Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
19878: udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
19879: connecto to LDAP, apply the default options, find the command in the
19880: user's path, and then check whether the user is allowed to run it.
19881: The important thing here is that the default runas user may be
19882: specified as a default option and that needs to be set before we
19883: search for the command.
19884: [fc0426abc6f1]
19885:
19886: * ldap.c:
19887: Add casts to unsigned char for isspace() to quiet a gcc warning.
19888: [e5358e3df439]
19889:
19890: * defaults.h:
19891: Add prototype for update_defaults()
19892: [564dac3db74e]
19893:
19894: * defaults.c:
19895: Don't warn about line numbers now that we operate on a set of data
19896: structures (or LDAP) and not a file.
19897: [bcd9ffb9b67c]
19898:
19899: * config.h.in:
19900: No long use lsearch()
19901: [9d048c587319]
19902:
19903: * Makefile.in:
19904: Update for new and changed file names.
19905: [6f424a7c4515]
19906:
19907: * LICENSE:
19908: no more BSD lsearch.c
19909: [463a96d89026]
19910:
19911: * match.c:
19912: foo_matches() routines now live in match.c Added user_matches(),
19913: runas_matches(), host_matches(), cmnd_matches() and alias_matches()
19914: that operate on the parsed sudoers file.
19915: [b14da8a0567e]
19916:
19917: * parse.lex, toke.l:
19918: Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
19919: WORD no longer needs to exclude '@' kill yywrap()
19920: [a922294eb7b7]
19921:
19922: * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
19923: sudo.tab.h:
19924: Rewritten parser that converts sudoers into a set of data
19925: structures. This eliminates ordering issues and makes it possible to
19926: apply sudoers Defaults entries before searching for the command.
19927: [30d2ec4d203c]
19928:
19929: * configure.in, emul/search.h, lsearch.c:
19930: We won't be using lsearch() any longer.
19931: [29c4d54bfac0]
19932:
19933: * ldap.c:
19934: sudo should not send mail if someone who runs 'sudo -l' has no
19935: entry.
19936: [6fc27a69fd9c]
19937:
19938: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
19939: visudo.man.in:
19940: regen
19941: [8166347917f3]
19942:
19943: * visudo.pod:
19944: Update warnings to match new visudo
19945: [004c0766798f]
19946:
19947: * sudoers.pod:
19948: The new parser doesn't have the old ordering constraints.
19949: [ffd43bd08661]
19950:
19951: * sudo.pod:
19952: Document that -l now takes an optional username argument
19953: [278f9557de8b]
19954:
19955: 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
19956:
19957: * RUNSON:
19958: AIX 5.2.0.0 works
19959: [523acd29d858]
19960:
19961: * ldap.c:
19962: If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
19963: a compilation problem with Solaris 9's native LDAP.
19964:
19965: Set FLAG_MONITOR when needed.
19966: [35824ade672d]
19967:
19968: 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
19969:
19970: * mon_systrace.c:
19971: Call sudo_goodpath() *after* changing the cwd to match the traced
19972: process. Fixes relative paths.
19973: [12ee111d0ad7]
19974:
19975: 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
19976:
19977: * testsudoers.c:
19978: Kill set_perms() stub--it is no longer needed.
19979: [116ed702935d]
19980:
19981: 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
19982:
19983: * sudoers.cat, sudoers.man.in, sudoers.pod:
19984: stay_setuid now requires set_reuid() or setresuid()
19985: [8511f67e25d5]
19986:
19987: * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
19988: configure.in, set_perms.c, sudo.c, sudo.h:
19989: Kill use of POSIX saved uids; they aren't worth bothering with.
19990: [b3b1f19f18c1]
19991:
19992: 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
19993:
19994: * glob.c:
19995: remove call to issetugid()
19996: [63f2e492c08f]
19997:
19998: * sudoers.cat, sudoers.man.in, sudoers.pod:
19999: Remove warning about wildcards. Now that we use glob() the bug is
20000: fixed.
20001: [b15729d32266]
20002:
20003: * parse.c:
20004: Use glob(3) instead of fnmatch(3) for matching pathnames and stat
20005: each result that matches the basename of the user's command. This
20006: makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
20007: /usr/bin/blah. Fixes bug #143.
20008: [e31eb6310340]
20009:
20010: * config.h.in, configure, configure.in:
20011: Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
20012: GLOB_BRACE)
20013: [677ed6661e17]
20014:
20015: * config.h.in, configure, configure.in:
20016: Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
20017: [aaa2329dd266]
20018:
20019: * LICENSE:
20020: reference glob
20021: [bedc9a923423]
20022:
20023: * glob.c:
20024: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
20025: removed.
20026: [81799451473c]
20027:
20028: * emul/glob.h:
20029: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
20030: removed.
20031: [0335cf31fb1e]
20032:
20033: 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
20034:
20035: * mon_systrace.c:
20036: Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
20037: means we are out of space in the stack gap...
20038: [5b02b702021e]
20039:
20040: * CHANGES:
20041: sync
20042: [be3826273e56]
20043:
20044: * mon_systrace.c:
20045: Take a stab at ldap sudoers support here.
20046: [9d023695b0de]
20047:
20048: * mon_systrace.c, mon_systrace.h:
20049: Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
20050: doesn't cause reboot to inadvertanly kill itself.
20051: [d4aab2365610]
20052:
20053: * mon_systrace.c:
20054: put "monitor" in the proctitle, not "systrace"
20055: [9a9025767d86]
20056:
20057: * mon_systrace.c:
20058: When modifying the environment, don't replace envp when we can get
20059: away with just rewriting pointers in the traced process.
20060: [c03622f7a2e2]
20061:
20062: * mon_systrace.c, mon_systrace.h:
20063: Add environment updating via STRIOCINJECT (if available).
20064: [037291016870]
20065:
20066: * sudoers.cat, sudoers.man.in:
20067: regen
20068: [869acc511046]
20069:
20070: 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
20071:
20072: * lex.yy.c:
20073: regen
20074: [4e61a9bd3c97]
20075:
20076: * parse.lex:
20077: Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
20078: [b70d7bd6e147]
20079:
20080: * mon_systrace.c:
20081: Include file is now mon_systrace.h
20082: [ead4e36d92ae]
20083:
20084: * Makefile.in, configure, configure.in, def_data.c, def_data.h,
20085: def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
20086: sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
20087: No longer call it tracing, it is now "monitoring" which should be
20088: more a obvious name to non-hackers.
20089: [aa811ded0789]
20090:
20091: 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
20092:
20093: * mon_systrace.c, mon_systrace.h:
20094: Fix some XXX
20095: [a271072dacc6]
20096:
20097: * mon_systrace.c, mon_systrace.h:
20098: No need to include syscall.h, use 1024 as the max # of entries (the
20099: max that systrace(4) allows).
20100:
20101: Only need to use SYSTR_POLICY_ASSIGN once
20102:
20103: Change check_syscall() -> find_handler() and have it return the
20104: handler instead of just running it. We need this since handler now
20105: have two parts: one part that generates and answer and another that
20106: gets called after the answer is accepted (to do logging).
20107:
20108: Add some missing check_exec for emul execv
20109: [a89d243f0525]
20110:
20111: * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
20112: Add $Sudo$ tags.
20113: [6f3fedb0daba]
20114:
20115: * config.h.in:
20116: Add missing HAVE_LINUX_SYSTRACE_H
20117: [ff75ab7bfc53]
20118:
20119: * Makefile.in:
20120: add trace_systrace.o dependency
20121: [88a408668ab2]
20122:
20123: 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
20124:
20125: * configure, configure.in:
20126: Also look for systrace.h in /usr/include/linux
20127: [98b98b436cf3]
20128:
20129: * mon_systrace.c, mon_systrace.h:
20130: Move all struct defs and prototypes into trace_systrace.h and mark
20131: all but systace_attach() static.
20132: [85511253b570]
20133:
20134: * mon_systrace.c, mon_systrace.h:
20135: Add support for tracing emulations. At the moment, all emulations
20136: are compiled in. It might make sense to #ifdef them in the future,
20137: though this impeeds readability.
20138: [87bb50abf277]
20139:
20140: * Makefile.in, configure, configure.in:
20141: rename systrace.c -> trace_systrace.c
20142: [31cfa4407d93]
20143:
20144: * parse.yacc, sudo.tab.c:
20145: Allow this to build with a K&R compiler again
20146: [32876af5bb98]
20147:
20148: * TODO:
20149: sync
20150: [46865bd70f7c]
20151:
20152: * compat.h, sudo.c, visudo.c:
20153: Use __attribute__((__noreturn__))
20154: [65bbad71fe89]
20155:
20156: * visudo.c:
20157: Exit() takes a negative value to indicate it was not called via
20158: signal.
20159: [b93032ed7b60]
20160:
20161: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
20162: visudo.man.in:
20163: regen
20164: [45bcf4661558]
20165:
20166: * Makefile.in, visudo.c:
20167: Define Err() and Errx() that are like err() and errx() but call
20168: Exit() instead of exit(). Build private copy of alloc.o for visudo
20169: that calls Err() and Errx().
20170: [c6d02bf42edd]
20171:
20172: 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
20173:
20174: * lex.yy.c, sudo.tab.c:
20175: regen
20176: [39de7e7c59da]
20177:
20178: * CHANGES:
20179: sync
20180: [ba481d9ed1aa]
20181:
20182: * visudo.c:
20183: Overhaul visudo for editing multiple files: o visudo has been
20184: broken out into functions (more work needed here) o each file is
20185: now edited before sudoers is re-parsed o if a #include line is
20186: added that file will be edited too
20187:
20188: TODO: o cleanup temp files when exiting via err() or errx() o
20189: continue breaking things out into separate functions
20190: [80c35cf534eb]
20191:
20192: * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
20193: Add keepopen arg to open_sudoers that open_sudoers can use to
20194: indicate to the caller that the fd should not be closed when it is
20195: done with it. To be used by visudo to keep locked fds from being
20196: closed prematurely (and thus losing the lock).
20197: [f330fe632470]
20198:
20199: * parse.yacc, sudo.c:
20200: Add errorfile global that contains the name of the file that caused
20201: the error.
20202: [98079c7a37ed]
20203:
20204: * parse.lex:
20205: return COMMENT to yacc grammar for a #include line
20206: [2024a8de4fa8]
20207:
20208: * parse.lex:
20209: Remove us of unput() in favor of yyless() which is cheaper.
20210: [c61291902beb]
20211:
20212: * parse.yacc:
20213: Allow an empty sudoers file.
20214: [62fb111db2e7]
20215:
20216: 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
20217:
20218: * mon_systrace.c:
20219: Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
20220: [9e15869ef597]
20221:
20222: * lex.yy.c, sudo.tab.c:
20223: regen
20224: [c29bdd43bfad]
20225:
20226: * visudo.c:
20227: Do signal setup before calling edit_sudoers(). Don't shadow the
20228: "quiet" global.
20229: [74252efd09ff]
20230:
20231: * visudo.c:
20232: If a sudoers file includes other files, edit those too. Does not yes
20233: deal with creating the new includes files itself.
20234: [06af7b9c173f]
20235:
20236: * testsudoers.c:
20237: init_parser now takes a path
20238: [b5ee186eb192]
20239:
20240: * parse.c, parse.h, parse.lex, parse.yacc:
20241: More scaffolding for dealing with multiple sudoers files: o
20242: init_parser() now takes a path used to populate the sudoers global
20243: o the sudoers global is used to print the correct file in yyerror()
20244: o when switching to a new sudoers file, perserve old file name and
20245: line number
20246: [d9be4970b8bd]
20247:
20248: * Makefile.in, pathnames.h.in:
20249: Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
20250: multiple sudoers files.
20251: [6ccc4e921c43]
20252:
20253: * parse.c, sudo.c:
20254: Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
20255: we start at the right file position when reading include files.
20256: [91fcb961e7a4]
20257:
20258: * sudoers.pod:
20259: document #include
20260: [fbb92a25a726]
20261:
20262: * lex.yy.c:
20263: regen
20264: [50cd7a4c9dff]
20265:
20266: * parse.lex:
20267: Add max depth of 128 for the include stack to avoid loops.
20268:
20269: Since yyerror() doesn't stop parsing, pass return values back to
20270: yylex and call yyterminate() on error.
20271: [e79dbffb729d]
20272:
20273: 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
20274:
20275: * sudoers.pod:
20276: document tracing
20277: [165a467eadd8]
20278:
20279: * sudo.pod:
20280: Mention PREVENTING SHELL ESCAPES section of sudoers man page
20281: [3217ccecd834]
20282:
20283: * lex.yy.c, sudo.tab.c:
20284: regen
20285: [fbd58d1d3a76]
20286:
20287: * parse.lex:
20288: Add support for #include in sudoers (visudo support TBD)
20289: [a78015ca81af]
20290:
20291: * parse.yacc:
20292: make yyerror()'s argument const
20293: [7d8e168c019a]
20294:
20295: * testsudoers.c, visudo.c:
20296: Add open_sudoers() stubs.
20297: [087466787198]
20298:
20299: * sudo.c, sudo.h:
20300: Rename check_sudoers() open_sudoers() and make it return a FILE *
20301: [142fc511fc65]
20302:
20303: 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
20304:
20305: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
20306: version.h:
20307: Crank version
20308: [1adc3f839480]
20309:
20310: * Makefile.in, sudo.psf:
20311: Better HP-UX depot construction
20312: [2d952b000e63]
20313:
20314: 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
20315:
20316: * mon_systrace.c:
20317: o Made children global so check_exec() can lookup a child. o
20318: Replaced uid in struct childinfo with struct passwd * (for runas) o
20319: new_child() now takes a parent pid so the runas info can be
20320: inherited o Added find_child() to lookup a child by its pid o
20321: update_child() now fills in a struct passwd o Converted the big
20322: if/else mess in set_policy to a switch o Syscalls that change uid
20323: are now "ask" so we get SYSTR_MSG_UGID events
20324: [29b9ea3f09a3]
20325:
20326: * getspwuid.c:
20327: Add flag to sudo_pwdup that indicates whether or not to lookup the
20328: shadow password. Will be used to a struct passwd that has the
20329: shadow password already filled in.
20330: [e19d43dd7238]
20331:
20332: * mon_systrace.c:
20333: add missing increment of addr in read_string()
20334: [f9eb0f060cb6]
20335:
20336: * mon_systrace.c:
20337: Remove bogus call to update_child() and some cosmetic fixes
20338: [701ab0b97fef]
20339:
20340: * mon_systrace.c:
20341: Don't leak /dev/systrace fd to tracee Make initialized global for
20342: simplicity If STRIOCATTACH returns EBUSY we are already being traced
20343: Check for user_args == NULL in setproctitle() call Add missing calls
20344: to STRIOCANSWER
20345: [1956edf9bc3a]
20346:
20347: * sudo.c:
20348: g/c sudo_pwdup proto
20349: [b7c4d6249ecb]
20350:
20351: * Makefile.in, sudo.psf:
20352: Add target for building a depot file
20353: [357019efd99b]
20354:
20355: * mon_systrace.c:
20356: trim includes
20357: [501534428471]
20358:
20359: 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
20360:
20361: * lex.yy.c, sudo.tab.c, sudo.tab.h:
20362: regen
20363: [52fd250c6986]
20364:
20365: * INSTALL:
20366: document --with-systrace
20367: [79623927c94e]
20368:
20369: * config.h.in, configure, configure.in:
20370: Add check for setproctitle
20371: [1730cf1c26ed]
20372:
20373: * mon_systrace.c:
20374: pass struct str_msg_ask in to syscall checker so it can set the
20375: error code
20376: [1703fd2fdef6]
20377:
20378: * mon_systrace.c:
20379: systrace(4) support for sudo. On systems with the systrace(4)
20380: kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
20381: intercept exec calls and check the exec args against the sudoers
20382: file. In other words, sudo can now control subcommands and shell
20383: escapes.
20384: [928c9217c386]
20385:
20386: * sudo.c, sudo.h:
20387: Call systrace_attach() if FLAG_TRACE is set.
20388: [014ba9402fa5]
20389:
20390: * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
20391: Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
20392: [a99904db5e56]
20393:
20394: * parse.c, sudo.c:
20395: Don't close sudoers_fp, keep it open and set close on exec flag
20396: instead.
20397: [43a9fec60bee]
20398:
20399: * def_data.c, def_data.h, def_data.in:
20400: Add trace option
20401: [5b643b86730a]
20402:
20403: * Makefile.in:
20404: Add systrace
20405: [47a0519c427c]
20406:
20407: * INSTALL:
20408: SunOS /bin/sh blows up with configure
20409: [005a23cc5615]
20410:
20411: * configure, configure.in:
20412: Include sys/param.h before systrace.h
20413: [9345bc8efecf]
20414:
20415: * configure:
20416: regen
20417: [a8f53fcbb254]
20418:
20419: * pathnames.h.in:
20420: _PATH_DEV_SYSTRACE
20421: [d2ad1e492a00]
20422:
20423: * configure.in:
20424: line up options in --help
20425: [fa51f2821d09]
20426:
20427: * config.h.in, configure.in:
20428: Add --with-systrace
20429: [a264d54bc413]
20430:
20431: 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
20432:
20433: * configure:
20434: regen
20435: [a4dad0bcc523]
20436:
20437: * aclocal.m4, configure.in:
20438: make this work with autoconf-2.59
20439: [c4a92b6a684a]
20440:
20441: 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
20442:
20443: * sudo_edit.c:
20444: Simplify logic around open & stat of files and do sanity on edited
20445: file even if we lack fstat (still racable but worth doing).
20446: [adda65ade70c]
20447:
20448: 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
20449:
20450: * HISTORY:
20451: Add support url
20452: [bf6590fbde9f]
20453:
20454: * Makefile.in:
20455: versino 1.6.8p1
20456: [b84ebfaf1552] [SUDO_1_6_8p1]
20457:
20458: * CHANGES:
20459: more changes for 1.6.8p1
20460: [e23a9c0393b6]
20461:
20462: * version.h:
20463: 1.6.8p1
20464: [872f14504b5f]
20465:
20466: * CHANGES, sudo_edit.c:
20467: Add sanity check so we don't try to edit something other than a
20468: regular file.
20469: [350134ec6d4e]
20470:
20471: 2004-09-15 Aaron Spangler <aaron777@gmail.com>
20472:
20473: * CHANGES:
20474: sync
20475: [3091ca9eae00]
20476:
20477: * INSTALL:
20478: document --with-ldap-conf-file
20479: [0e2cd6b896f1]
20480:
20481: 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
20482:
20483: * CHANGES, ins_csops.h:
20484: political correctness strikes again
20485: [428e8bc77f55]
20486:
20487: * RUNSON:
20488: sync
20489: [27f44bd423dc]
20490:
20491: 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
20492:
20493: * Makefile.binary.in, Makefile.in:
20494: Install sudoedit man link
20495: [19a55234fc1f]
20496:
20497: * INSTALL:
20498: Update PAM note and mention where HP-UX users can download gcc
20499: binaries.
20500: [d37cdbbabfd4]
20501:
20502: * Makefile.in:
20503: libtool wants to install stuff from .libs so fake one up for binary
20504: installations.
20505: [a681bc6fcfba]
20506:
20507: * Makefile.binary.in:
20508: rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
20509: [3e0c4b3372cc]
20510:
20511: * Makefile.in:
20512: Deal with "uname -m" having slashes in it rm -f old sudoedit link
20513: instead of using ln -f
20514: [cff33fb97e5b]
20515:
20516: * Makefile.binary, Makefile.binary.in:
20517: Makefile.binary -> Makefile.binary.in for config.status substitution
20518: Add support for installing noexec bits
20519: [37d8bb3483c6]
20520:
20521: * Makefile.in:
20522: Copy noexec bits into binary dists too No longer use my old arch
20523: script for making binary dists
20524: [e7058bab9e33]
20525:
20526: * Makefile.binary:
20527: Install sudoedit link.
20528: [417d1e101711]
20529:
20530: 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
20531:
20532: * emul/utime.h:
20533: avoid __P so there is no need for compat.h to be included
20534: [6d8d1f1abf7d]
20535:
20536: * utimes.c:
20537: Don't use HAVE_UTIME_H before including config.h.
20538: [013b7bb61181]
20539:
20540: 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
20541:
20542: * compat.h:
20543: Fix Solatis futimes macro
20544: [d4eda2ca0d29]
20545:
20546: 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
20547:
20548: * sudo_edit.c:
20549: Rename ots -> omtim for improved readability.
20550: [127ca5bb297c]
20551:
20552: 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
20553:
20554: * sudo_edit.c:
20555: Redo changes in revision 1.7. Don't really need to keep the temp
20556: file open; re-opening it with the invoking user's euid is
20557: sufficient.
20558: [55a883165a95]
20559:
20560: * CHANGES:
20561: sync
20562: [9015b291170d]
20563:
20564: * sudo.cat, sudo.man.in:
20565: regen
20566: [c0313f6ed783]
20567:
20568: * sudo.pod:
20569: back out revision 1.70; it is no long applicable
20570: [b641d503aff6]
20571:
20572: * env.c:
20573: Let the loader initialize nep
20574: [bec192139b02]
20575:
20576: * config.h.in, configure, configure.in:
20577: Removed unneed check for fchown Add check for gettimeofday Move
20578: autoheader template stuff into separate AH_TEMPLATE lines
20579: [bfc0edbd43f2]
20580:
20581: * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
20582: Use timespec throughout.
20583: [1a178a23b69b]
20584:
20585: * Makefile.in:
20586: gettime.[co]
20587: [6aeb48a7ab7f]
20588:
20589: * gettime.c:
20590: function to return the current time in a struct timespec
20591: [bf8eb12cb63f]
20592:
20593: * utimes.c:
20594: Not a darpa-sponsored file.
20595: [121ce5e2036c]
20596:
20597: 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
20598:
20599: * compat.h, config.h.in, configure, configure.in:
20600: Add a check for struct timespec and provide it for those without.
20601: [42124055030d]
20602:
20603: * config.h.in, configure, configure.in, sudo_edit.c:
20604: Add checks for st_mtim and st_mtimespec and add macros for pulling
20605: the mtime sec and nsec out of struct stat. These are used in
20606: sudo_edit() to better tell whether or not the file has changed.
20607: [23debfbb3fab]
20608:
20609: * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
20610: Add an extra param to touch() for nsec
20611: [56f7a4ba8ddb]
20612:
20613: * sudo_edit.c:
20614: Call mkstemp() as the in invoking user so we don't have to chown the
20615: file later. Only touch() the temp file if we can do it via the file
20616: descriptor. Don't check for modification of the temp file if we lack
20617: fstat(). Catch errors read()ing the temp file.
20618: [665f52c70836]
20619:
20620: * fileops.c:
20621: If path is NULL and fd == -1 return -1.
20622: [757a518a824c]
20623:
20624: * sudo_edit.c:
20625: closefrom() is overkill, the only extra fds are the ones we opened
20626: so just close those in the child.
20627: [f361c9d2a1f4]
20628:
20629: * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
20630: configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
20631: visudo.c:
20632: Use utimes() and futimes() instead of utime() in touch(), emulating
20633: as needed. Not all systems are able to support setting the times of
20634: an fd so touch() takes both an fd and a file name as arguments.
20635: [3d9276f29717]
20636:
20637: 2004-09-07 Aaron Spangler <aaron777@gmail.com>
20638:
20639: * env.c:
20640: Rare SEGV
20641: [8995f828782d]
20642:
20643: 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
20644:
20645: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
20646: visudo.man.in:
20647: regen
20648: [b8e9406711c5]
20649:
20650: * sudo.pod, sudoers.pod, visudo.pod:
20651: Add SUPPORT section and re-order some of the sections to match the
20652: order we use in OpenBSD.
20653: [fa37bd917e2c]
20654:
20655: 2004-09-06 Aaron Spangler <aaron777@gmail.com>
20656:
20657: * env.c:
20658: Openldap ~/.ldaprc fix
20659: [1a37afe6850f]
20660:
20661: 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
20662:
20663: * sudo.pod:
20664: Talk about how the editor must write its changes to the original
20665: file and not just use rename(2).
20666: [c55ed91c5ee9]
20667:
20668: * CHANGES:
20669: sync
20670: [62af26bd37a2]
20671:
20672: * sudo_edit.c:
20673: Keep the temp file open instead of re-opening after the editor has
20674: exited.
20675: [de41eeb6dcf2]
20676:
20677: * sample.pam:
20678: Update for current redhat/fedora core.
20679: [8cf083077333]
20680:
20681: 2004-09-03 Aaron Spangler <aaron777@gmail.com>
20682:
20683: * README.LDAP:
20684: tls_ examples
20685: [ba783d88a034]
20686:
20687: 2004-09-02 Aaron Spangler <aaron777@gmail.com>
20688:
20689: * ldap.c:
20690: config tls_* options
20691: [0b0e0797b3b9]
20692:
20693: 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
20694:
20695: * configure, configure.in:
20696: No need for -lcrypt when using pam.
20697: [41fff3a53e68]
20698:
20699: 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
20700:
20701: * configure:
20702: regen
20703: [75820aecce2c]
20704:
20705: 2004-08-27 Aaron Spangler <aaron777@gmail.com>
20706:
20707: * configure.in, ldap.c, pathnames.h.in:
20708: Allow --with-ldap-conf-file option to override LDAP_CONF
20709: [c9909bc484a5]
20710:
20711: * ldap.c:
20712: cleanup debug message
20713: [1f6ca4824d8d]
20714:
20715: 2004-08-26 Aaron Spangler <aaron777@gmail.com>
20716:
20717: * README.LDAP:
20718: more config info
20719: [f2e7147fd507]
20720:
20721: 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
20722:
20723: * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
20724: Add cmnd_base to struct sudo_user and set it in init_vars(). Add
20725: cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
20726: longer use gross statics in command_matches(). Also rename some
20727: variables for improved clarity.
20728: [7169a6c7bea4]
20729:
20730: 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
20731:
20732: * INSTALL:
20733: document HP's crippled compiler deficiency.
20734: [c405ea5a8d4c]
20735:
20736: * INSTALL:
20737: Fix some thinkos in --with-editor and --with-env-editor
20738: descriptions. Noticed by Norihiko Murase.
20739: [dd781de1c985]
20740:
20741: * configure, configure.in:
20742: --with-noexec takes an optional PATH argument.
20743: [8f6ab77f22cc]
20744:
20745: * INSTALL:
20746: document --with-noexec
20747: [50cb1fc627ce]
20748:
20749: 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
20750:
20751: * RUNSON, TODO:
20752: sync
20753: [f2503bd13373] [SUDO_1_6_8]
20754:
20755: * sudo_edit.c:
20756: Better warning message when sudoedit is unable to write to the
20757: destination file.
20758: [f78c18f2ffa8]
20759:
20760: * sudo.cat, sudo.man.in:
20761: regen
20762: [7e2bf63d6d9a]
20763:
20764: * sudo.pod:
20765: Don't italicize the string "sudoedit"
20766: [c691643bd269]
20767:
20768: 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
20769:
20770: * HISTORY:
20771: Mention GratiSoft.
20772: [dc53de581b2d]
20773:
20774: 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
20775:
20776: * sudo.tab.c:
20777: regen
20778: [8ae0484dfc38]
20779:
20780: * parse.yacc:
20781: Reset used_runas to FALSE when re-intializing the parser.
20782: [b7403f353a02]
20783:
20784: 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
20785:
20786: * config.guess:
20787: Correct OpenBSD mips support
20788: [314fc7afc165]
20789:
20790: * config.guess:
20791: Add OpenBSD/mips
20792: [ac87d0a773ef]
20793:
20794: 2004-08-07 Aaron Spangler <aaron777@gmail.com>
20795:
20796: * README.LDAP:
20797: More behavior notes
20798: [13be1d212b47]
20799:
20800: * README.LDAP:
20801: Updates on current behavior
20802: [d498a8866d6f]
20803:
20804: 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
20805:
20806: * sudoers.pod:
20807: =back does not take an indentlevel (makes no difference to formatted
20808: files).
20809: [9c8523bb382a]
20810:
20811: * sudo.pod:
20812: =back does not take an indentlevel (makes no difference to formatted
20813: files).
20814: [e5f479e24fa8]
20815:
20816: * CHANGES:
20817: new
20818: [2dbd9aba8b33]
20819:
20820: * sudo.c:
20821: Consistency. Use same error for bad -u #uid when targetpw is set as
20822: we do when a bad -u username is specified.
20823: [922961c4a9d6]
20824:
20825: * TODO:
20826: Add checksum idea from Steve Mancini
20827: [e6ece1b766ba]
20828:
20829: * sudoers.cat, sudoers.man.in:
20830: regen
20831: [370d2317829f]
20832:
20833: * sudo.cat, sudo.man.in:
20834: regen
20835: [f93d41fc38b1]
20836:
20837: * sudo.pod, sudoers.pod:
20838: Document the restriction on uids specified via -u when targetpw is
20839: set.
20840: [878fedb455db]
20841:
20842: * sudo.c:
20843: Error out when targetpw is enabled and sudo is run with -u #uid but
20844: #uid does not exist in the passwd database. We can't do target
20845: authentication when the target is not in passwd!
20846: [27c5888c86eb]
20847:
20848: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
20849: regen
20850: [ceb65711050c]
20851:
20852: * TODO:
20853: Some more todo for the next release.
20854: [7b7417be7601]
20855:
20856: * INSTALL:
20857: Make it clear that PAM should be used for DCE support when possible.
20858: [7502029fd385]
20859:
20860: * sudoers.pod:
20861: o Document problems with wildcards and relative paths. o Make the
20862: order requirements more prominent. o Change a "set" to "reset" for
20863: clarity.
20864: [bacdd181b33f]
20865:
20866: 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
20867:
20868: * sudo.pod:
20869: Mention --with-secure-path, not SECURE_PATH.
20870: [41283ddde5e1]
20871:
20872: 2004-08-03 Aaron Spangler <aaron777@gmail.com>
20873:
20874: * ldap.c:
20875: reflect changes to parse.c
20876: [8880fe9b724d]
20877:
20878: 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
20879:
20880: * sudo.tab.c:
20881: regen
20882: [a57658ca9177]
20883:
20884: * parse.c, parse.h, testsudoers.c, visudo.c:
20885: Don't pass user_cmnd and user_args to command_matches(), just use
20886: the globals there. Since we keep state with statics anyway it is
20887: misleading to pretend that passing in different cmnd and cmnd_args
20888: will work.
20889: [0a2544991fd6]
20890:
20891: * parse.yacc:
20892: Don't pass user_cmnd and user_args to command_matches(), just use
20893: the globals there. Since we keep state with statics anyway it is
20894: misleading to pretend that passing in different cmnd and cmnd_args
20895: will work.
20896: [a4910bf6032b]
20897:
20898: * parse.c:
20899: Fix a bug introduced in rev. 1.149. When checking for pseudo-
20900: commands check for a '/' anywhere in cmnd, not just the first
20901: character.
20902: [ce98142f03ca]
20903:
20904: 2004-07-31 Aaron Spangler <aaron777@gmail.com>
20905:
20906: * sudo.man.in, sudo.pod:
20907: Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
20908: [a91800e094b1]
20909:
20910: * sudoers.man.in, sudoers.pod:
20911: Add ignore_local_sudoers
20912: [741ddcbf7083]
20913:
20914: * README.LDAP:
20915: Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
20916: janth@moldung.no
20917: [742c02e07cd9]
20918:
20919: 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
20920:
20921: * CHANGES:
20922: typo
20923: [e7cdefbd7a9a]
20924:
20925: 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
20926:
20927: * CHANGES:
20928: sync
20929: [734dafc4a85e]
20930:
20931: * parse.c:
20932: Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
20933: PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
20934: [151b7f593568]
20935:
20936: 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
20937:
20938: * CHANGES:
20939: PAM change
20940: [d8fb6d6a22d0]
20941:
20942: 2004-07-08 Aaron Spangler <aaron777@gmail.com>
20943:
20944: * ldap.c:
20945: Better debugging of ALL command
20946: [9db3e84029dc]
20947:
20948: 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
20949:
20950: * parse.c:
20951: When matching for "sudoedit" in sudoers check both the command the
20952: user typed *and* the command that is listed in the sudoers entry.
20953: [f36ca1f94095]
20954:
20955: 2004-07-04 Aaron Spangler <aaron777@gmail.com>
20956:
20957: * ldap.c:
20958: Added !command feature
20959: [ed539574611b]
20960:
20961: 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
20962:
20963: * auth/pam.c:
20964: Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
20965: [2be8e0e8813a]
20966:
20967: 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
20968:
20969: * LICENSE:
20970: License is ISC-style, not BSD-style
20971: [ac0589e1dd5d]
20972:
20973: * CHANGES:
20974: sync
20975: [16058a30f404]
20976:
20977: 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
20978:
20979: * sudo.cat, sudo.man.in:
20980: regen
20981: [8820eb9c809b]
20982:
20983: * sudo.pod:
20984: o Update some out of date bits to reality o Change the shell promt
20985: in examples to bourne-shell style o Clarify some details o Add a
20986: CAVEAT about "sudo cd /foo"
20987: [b0af373214b6]
20988:
20989: * check.c:
20990: Don't ask for a password if invoking user == target user.
20991: [dd5c96141132]
20992:
20993: * sudo.c:
20994: typo in comment
20995: [278d20f9b249]
20996:
20997: 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
20998:
20999: * sudoers.cat, sudoers.man.in:
21000: regen
21001: [9036c6f39eff]
21002:
21003: * sudoers.pod:
21004: Expand on NOEXEC a little.
21005: [9a13756aebe4]
21006:
21007: * TODO:
21008: sync
21009: [8d2c1af48de8]
21010:
21011: * visudo.cat, visudo.man.in:
21012: regen
21013: [3921f01607c8]
21014:
21015: * sudo.tab.c:
21016: regen
21017: [9338c3d68250]
21018:
21019: * visudo.pod:
21020: Add a check in visudo for runas_default being set after it has
21021: already been used.
21022: [6700358d7ad8]
21023:
21024: * CHANGES, parse.yacc, visudo.c:
21025: Add a check in visudo for runas_default being set after it has
21026: already been used.
21027: [803560986a8a]
21028:
21029: * sudo.tab.c:
21030: regen
21031: [b60636e2cf63]
21032:
21033: * parse.yacc:
21034: Add a MATCHED macro for testing whether foo_matches has been set to
21035: TRUE or FALSE. This is more readable than checking for >=0 or < 0.
21036: Doesn't change the actual code generated.
21037: [f376da8ccdc8]
21038:
21039: 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
21040:
21041: * sudoers.cat:
21042: regen
21043: [6cceb6d6c9bd]
21044:
21045: * sudoers.man.in:
21046: regen
21047: [5acd12b730b3]
21048:
21049: * sudoers.pod:
21050: Correct description of where Defaults specs should go.
21051: [6b11ff53d7ad]
21052:
21053: * sudoers:
21054: Correct description of where Defaults specs should go.
21055: [868db857630d]
21056:
21057: * testsudoers.c, visudo.c:
21058: update (c) year
21059: [272c8a53604c]
21060:
21061: * logging.h:
21062: update (c) year
21063: [3cec76d400ce]
21064:
21065: * ldap.c:
21066: update (c) year
21067: [f264632488a0]
21068:
21069: * find_path.c:
21070: update (c) year
21071: [40c227af9227]
21072:
21073: * auth/pam.c:
21074: update (c) year
21075: [87149e0eed50]
21076:
21077: * auth/bsdauth.c, auth/kerb5.c:
21078: update (c) year
21079: [d72eb434c068]
21080:
21081: 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
21082:
21083: * sudo.tab.c:
21084: regen
21085: [83408d9e9d2e]
21086:
21087: * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
21088: Remove trailing spaces, no actual code changes.
21089: [4c3bf2819293]
21090:
21091: * tgetpass.c:
21092: Remove trailing spaces, no actual code changes.
21093: [96f6e0a24c26]
21094:
21095: * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
21096: Remove trailing spaces, no actual code changes.
21097: [c7075d1cbed5]
21098:
21099: * getcwd.c:
21100: Remove trailing spaces, no actual code changes.
21101: [776cc0374547]
21102:
21103: * find_path.c:
21104: Remove trailing spaces, no actual code changes.
21105: [7ed7099f3c71]
21106:
21107: * compat.h, defaults.c, env.c:
21108: Remove trailing spaces, no actual code changes.
21109: [893e83c33795]
21110:
21111: * check.c:
21112: Remove trailing spaces, no actual code changes.
21113: [f77750f8803b]
21114:
21115: * sudo.tab.c:
21116: regen
21117: [62e0ed883b31]
21118:
21119: * parse.yacc:
21120: Fix a >=0 that should be <0 that was improperly converted when
21121: UNSPEC was added.
21122: [ad1531a55a49]
21123:
21124: * parse.yacc:
21125: Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
21126: NOMATCH when resetting it.
21127: [ae017a12870a]
21128:
21129: * parse.yacc:
21130: Fix pastos introduced in SETNMATCH addition.
21131: [6ea1c9d80681]
21132:
21133: 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
21134:
21135: * README.LDAP:
21136: Update for configure changes
21137: [637a635da287]
21138:
21139: * sudo.tab.c:
21140: regen
21141: [4753c2788713]
21142:
21143: * sudo.h:
21144: Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
21145: these in parse.yacc. Also in parse.yacc initialize the *_matches
21146: vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
21147: when setting *_matches to a value that may be
21148: NOMATCH/UNSPEC/TRUE/FALSE.
21149: [2ba622e15a4d]
21150:
21151: * parse.yacc:
21152: Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
21153: these in parse.yacc. Also in parse.yacc initialize the *_matches
21154: vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
21155: when setting *_matches to a value that may be
21156: NOMATCH/UNSPEC/TRUE/FALSE.
21157: [746b519e41a6]
21158:
21159: * parse.yacc:
21160: Initialize runas to -2, not -1 since we need to be able to
21161: distinguish between the initialized value and the value of a non-
21162: match when passing along the runas value to multiple commands.
21163:
21164: The result of this is that an unmatched runas is now set to -1, not
21165: 0. This is required now that parse.c treats a FALSE value for runas
21166: as being explicitly denied.
21167: [7791ed3621f6]
21168:
21169: 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
21170:
21171: * sudo.c, visudo.c:
21172: Error out if argc < 1.
21173: [ce6b2a9eda3c]
21174:
21175: * getprogname.c:
21176: Error out if argc < 1.
21177: [c566cce8dc78]
21178:
21179: * configure, configure.in:
21180: Add tests for what libs we need to link with for ldap and for
21181: whether or not lber.h needs to be explicitly included.
21182: [b2e9729cc4e7]
21183:
21184: 2004-06-03 Aaron Spangler <aaron777@gmail.com>
21185:
21186: * ldap.c:
21187: Solaris native LDAP build fix
21188: [39929e40eb11]
21189:
21190: 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
21191:
21192: * ldap.c:
21193: Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
21194: unset variable.
21195: [6a4c20a66f98]
21196:
21197: * sudo.h:
21198: Add prototype for sudo_ldap_list_matches
21199: [443b007a8dab]
21200:
21201: * configure, configure.in:
21202: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
21203: version too. Added check for dd_fd in `DIR' if no dirfd is found;
21204: this is now used to confitionally define the dirfd macro in
21205: compat.h.
21206: [567656978f7e]
21207:
21208: * config.h.in:
21209: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
21210: version too. Added check for dd_fd in `DIR' if no dirfd is found;
21211: this is now used to confitionally define the dirfd macro in
21212: compat.h.
21213: [34eace4faec8]
21214:
21215: * compat.h:
21216: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
21217: version too. Added check for dd_fd in `DIR' if no dirfd is found;
21218: this is now used to confitionally define the dirfd macro in
21219: compat.h.
21220: [8d50ff1bbf2a]
21221:
21222: * closefrom.c:
21223: Only check /proc/$$/fd if we have the dirfd function/macro.
21224: [15e3ccce7553]
21225:
21226: * compat.h, config.h.in, configure, configure.in:
21227: Add a check for a dirfd() function (like Linux) and add a dirfd
21228: macro in compat.h if there is no dirfd() function or macro.
21229: [1e95756edb50]
21230:
21231: * closefrom.c, getcwd.c:
21232: dirfd() is now defined in compat.h as needed.
21233: [bb1d79271188]
21234:
21235: * CHANGES:
21236: Clarify closefrom() note.
21237: [f4e4a5508dda]
21238:
21239: * parse.c:
21240: When checking for a command in the directory, only copy the base dir
21241: once.
21242: [7a3276808b87]
21243:
21244: * closefrom.c:
21245: If there is a /proc/$$/fd directory, behave like the Solaris
21246: closefrom() and only close the descriptors listed therein.
21247: [19de23779e84]
21248:
21249: * alloc.c:
21250: compat.h guarantees INT_MAX is defined.
21251: [1bf0c79d4606]
21252:
21253: * compat.h:
21254: Add definitions of OPEN_MAX and INT_MAX for those without it and
21255: remove definition of RLIM_INFINITY (now unused).
21256: [f827d1ebf96e]
21257:
21258: * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
21259: sudo.c, sudo.h, visudo.c:
21260: Use PATH_MAX, not MAXPATHLEN since the former is standardized.
21261: [59788f211c24]
21262:
21263: 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
21264:
21265: * CHANGES:
21266: sync
21267: [d32fa124f1ad]
21268:
21269: * RUNSON:
21270: Add some entries that were mailed in a while ago
21271: [ff8d5bfec54e]
21272:
21273: * closefrom.c:
21274: o sysconf returns a long, not an int. o check for negative return
21275: value from sysconf/getdtablesize and use OPEN_MAX in this case. o
21276: define OPEN_MAX to 256 for those without it (a fair guess...)
21277: [ccf81ae6deb2]
21278:
21279: 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
21280:
21281: * UPGRADE:
21282: Mention change in parse order for RunAs entries.
21283: [dc73b0bca617]
21284:
21285: * configure:
21286: regen
21287: [07cce8e0534e]
21288:
21289: 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
21290:
21291: * INSTALL, README.LDAP, config.h.in, configure.in:
21292: o --with-ldap now takes an optional dir as a parameter o added
21293: check for ldap_initialize() and start_tls_s()
21294: [2b846c7974c6]
21295:
21296: * README.LDAP:
21297: Fix some typos, word choice and formatting issues.
21298: [00dc8ca84b10]
21299:
21300: 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
21301:
21302: * tgetpass.c:
21303: Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
21304: read/write as it is simpler.
21305: [30f5446ee8b0]
21306:
21307: * configure, configure.in:
21308: Remove hack overriding cross-compiler check. It should no longer be
21309: needed.
21310: [22a6cbd88608]
21311:
21312: * compat.h:
21313: Remove select() compat bits since we no longer use select().
21314: [d7bbf7cd36f5]
21315:
21316: * CHANGES, tgetpass.c:
21317: Use alarm() instead of select() for the timeout for systems that
21318: don't fully/properly implement select().
21319: [d7cc60f15800]
21320:
21321: 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
21322:
21323: * CHANGES:
21324: synbc
21325: [132a39788e07]
21326:
21327: * RUNSON:
21328: update
21329: [61ef508380c6]
21330:
21331: * set_perms.c:
21332: Deal with systems that have no way of setting the effective uid such
21333: as nsr-tandem-nsk.
21334: [306e00e9b5a4]
21335:
21336: * configure, configure.in:
21337: Define NO_SAVED_IDS if we don't find seteuid()
21338: [8588f18345cf]
21339:
21340: * config.h.in, configure, configure.in:
21341: Add back check for setreuid() since NSK doesn't have it.
21342: [43127bd703d1]
21343:
21344: * sudoers.cat, sudoers.man.in:
21345: regen
21346: [af4f4b20e422]
21347:
21348: * CHANGES:
21349: sync
21350: [29ca3b699c24]
21351:
21352: * BUGS:
21353: sync
21354: [3593f17f72ed]
21355:
21356: * parse.c:
21357: In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
21358: explicitly denied and the command matched. This fixes a long-
21359: standing bug and makes: foo machine = (ALL) /usr/bin/blah
21360: foo machine = (!bar) /usr/bin/blah
21361:
21362: equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
21363: [2f5ee244985a]
21364:
21365: * sudoers.pod:
21366: Clarify mail_noperm
21367: [3238b2d41989]
21368:
21369: 2004-05-20 Aaron Spangler <aaron777@gmail.com>
21370:
21371: * Makefile.in:
21372: Missing DESTDIR in make install for sudo_noexec.la
21373: [91431e821525]
21374:
21375: 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
21376:
21377: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
21378: visudo.man.in:
21379: regen
21380: [cdfde0dcb556]
21381:
21382: * TODO:
21383: sync
21384: [4799b7d8b62c]
21385:
21386: * sudoers.pod:
21387: Remove fastboot/fasthalt (who still remembers these?) and add a
21388: minimal sudoedit example.
21389: [19d299f233cd]
21390:
21391: * sample.sudoers:
21392: Remove fastboot/fasthalt (who still remembers these?) and add a
21393: minimal sudoedit example.
21394: [b1bca73d6250]
21395:
21396: * UPGRADE, sudo.c, visudo.c:
21397: filesystem -> file system
21398: [1e1afaf30469]
21399:
21400: * TROUBLESHOOTING:
21401: filesystem -> file system
21402: [39fb594e9338]
21403:
21404: * CHANGES, INSTALL:
21405: filesystem -> file system
21406: [85948b608ffe]
21407:
21408: * sudo.pod, sudoers.pod:
21409: Fix some minor typos and formatting goofs
21410: [e94d243a0b90]
21411:
21412: * lex.yy.c:
21413: regen
21414: [2eed0ab1f4c4]
21415:
21416: * visudo.pod:
21417: remove my email addr
21418: [b63262c0389b]
21419:
21420: * sudo.pod, sudoers.pod, visudo.pod:
21421: Use @mansectform@ and @mansectsu@ everywhere Make man page
21422: references links with L<>
21423: [f459f4b9ddb9]
21424:
21425: * parse.lex:
21426: Accept quoted globbing characters and pass them verbatim for
21427: fnmatch()
21428: [8248b86e9380]
21429:
21430: * UPGRADE:
21431: Document that /tmp/.odus is gone.
21432: [3667b66af5bb]
21433:
21434: * pathnames.h.in:
21435: No longer use /tmp/.odus as a possible timestamp dir unless
21436: specifically configured to do so. Instead, if no /var/run exists,
21437: use /var/adm/sudo or /usr/adm/sudo.
21438: [48d94c9f9ad4]
21439:
21440: * configure:
21441: No longer use /tmp/.odus as a possible timestamp dir unless
21442: specifically configured to do so. Instead, if no /var/run exists,
21443: use /var/adm/sudo or /usr/adm/sudo.
21444: [058d7b8cf07b]
21445:
21446: * aclocal.m4:
21447: No longer use /tmp/.odus as a possible timestamp dir unless
21448: specifically configured to do so. Instead, if no /var/run exists,
21449: use /var/adm/sudo or /usr/adm/sudo.
21450: [cf52c4c2803f]
21451:
21452: * CHANGES:
21453: No longer use /tmp/.odus as a possible timestamp dir unless
21454: specifically configured to do so. Instead, if no /var/run exists,
21455: use /var/adm/sudo or /usr/adm/sudo.
21456: [6058c4cefcec]
21457:
21458: * set_perms.c, sudo.c, tgetpass.c, visudo.c:
21459: Preliminary changes to support nsr-tandem-nsk. Based on patches
21460: from Tom Bates.
21461: [2e5f81834383]
21462:
21463: * logging.c:
21464: Preliminary changes to support nsr-tandem-nsk. Based on patches
21465: from Tom Bates.
21466: [934bbe6872b6]
21467:
21468: * check.c, compat.h:
21469: Preliminary changes to support nsr-tandem-nsk. Based on patches
21470: from Tom Bates.
21471: [390b698b5924]
21472:
21473: 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
21474:
21475: * CHANGES:
21476: There was no 1.6.7p6.
21477: [8013d2e6b062]
21478:
21479: * BUGS, CHANGES:
21480: sync
21481: [c38b41f32857]
21482:
21483: * Makefile.in:
21484: add missing files to DISTFILES
21485: [e6a80ad03039]
21486:
21487: * sudo.cat, sudoers.cat, visudo.cat:
21488: regen
21489: [027bc9746dd5]
21490:
21491: * sudoers.man.in:
21492: regen
21493: [f5e85ef686cf]
21494:
21495: * Makefile.in:
21496: Fix some line wrap and update (c) year
21497: [bad1f46aa1ca]
21498:
21499: 2004-04-28 Aaron Spangler <aaron777@gmail.com>
21500:
21501: * README.LDAP:
21502: Build Note
21503: [7a061248249b]
21504:
21505: 2004-04-07 Aaron Spangler <aaron777@gmail.com>
21506:
21507: * Makefile.in:
21508: Fix install-dirs
21509: [be0726dd92e7]
21510:
21511: 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
21512:
21513: * sudo.tab.c:
21514: regen
21515: [3f4f0d1ab8b9]
21516:
21517: * visudo.c:
21518: In Exit() when used as a signal handler, emsg is a pointer so
21519: sizeof() is wrong so make it a #define instead. Also avoid using a
21520: negative exit value. Found by Aaron Campbell
21521: [78716a3a3fdc]
21522:
21523: 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
21524:
21525: * sudoers.pod:
21526: Remove bogus sentence about uids in a User_List. Document usernames
21527: vs. uid parsing in a Runas_List.
21528: [7ca510b5031c]
21529:
21530: * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
21531: If the user specified a uid with the -u flag and the uid exists in
21532: the passwd file, set runas_user to the name, not the uid.
21533:
21534: When comparing usernames in sudoers, if a name is really a uid
21535: (starts with '#') compare it numerically to pw_uid.
21536: [8d6935d04673]
21537:
21538: 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
21539:
21540: * auth/kerb5.c:
21541: krb5_mcc_ops should be const; Johnny C. Lam
21542: [aa8c753e426e]
21543:
21544: 2004-02-28 Aaron Spangler <aaron777@gmail.com>
21545:
21546: * CHANGES, config.h.in, ldap.c:
21547: Added start_tls support
21548: [7ef864c15b69]
21549:
21550: 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
21551:
21552: * Makefile.in:
21553: Clean up libtool stuff for 'make distclean' and add def_data.c,
21554: def_data.h to PARSESRCS.
21555: [bf9bb6bb06ab]
21556:
21557: 2004-02-14 Aaron Spangler <aaron777@gmail.com>
21558:
21559: * strlcat.c, strlcpy.c:
21560: Un-Fix last license munge
21561: [42654b77ac71]
21562:
21563: 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
21564:
21565: * configure:
21566: regen
21567: [e4de6b23a4dc]
21568:
21569: * CHANGES, RUNSON, TODO:
21570: checkpoint
21571: [94e1ace84d5c]
21572:
21573: * lex.yy.c, sudo.tab.c:
21574: regen
21575: [8ce784505643]
21576:
21577: * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
21578: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
21579: emul/search.h, emul/utime.h:
21580: More to a less restrictive, ISC-style license.
21581: [a31b20e48003]
21582:
21583: * auth/kerb5.c, auth/pam.c:
21584: More to a less restrictive, ISC-style license.
21585: [e41f92b41216]
21586:
21587: * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
21588: More to a less restrictive, ISC-style license.
21589: [87534c164a52]
21590:
21591: * auth/bsdauth.c:
21592: More to a less restrictive, ISC-style license.
21593: [e21be6594b58]
21594:
21595: * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
21596: More to a less restrictive, ISC-style license.
21597: [6d234be91c5e]
21598:
21599: * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
21600: visudo.man.in, visudo.pod:
21601: More to a less restrictive, ISC-style license.
21602: [b02aea324fd6]
21603:
21604: * sudo_noexec.c:
21605: More to a less restrictive, ISC-style license.
21606: [a6da7631e0b2]
21607:
21608: * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
21609: sudo_edit.c:
21610: More to a less restrictive, ISC-style license.
21611: [71cdcc241e94]
21612:
21613: * sigaction.c, strerror.c:
21614: More to a less restrictive, ISC-style license.
21615: [4bccdedca58a]
21616:
21617: * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
21618: set_perms.c:
21619: More to a less restrictive, ISC-style license.
21620: [64d772d70ab3]
21621:
21622: * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
21623: ins_goons.h, insults.h, interfaces.c, interfaces.h:
21624: More to a less restrictive, ISC-style license.
21625: [520381c60a54]
21626:
21627: * find_path.c, getprogname.c:
21628: More to a less restrictive, ISC-style license.
21629: [f605d5eab6f1]
21630:
21631: * fileops.c:
21632: More to a less restrictive, ISC-style license.
21633: [4129a8b38a67]
21634:
21635: * env.c:
21636: More to a less restrictive, ISC-style license.
21637: [d5bd859757de]
21638:
21639: * defaults.h:
21640: More to a less restrictive, ISC-style license.
21641: [008f5d5743f5]
21642:
21643: * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
21644: defaults.c:
21645: More to a less restrictive, ISC-style license.
21646: [d8d7bfc8a18b]
21647:
21648: * utime.c, version.h:
21649: More to a less restrictive, ISC-style license.
21650: [e2e038ad8209]
21651:
21652: * parse.lex, parse.yacc:
21653: More to a less restrictive, ISC-style license.
21654: [2f5942e847a1]
21655:
21656: * Makefile.binary:
21657: More to a less restrictive, ISC-style license.
21658: [1ed561734535]
21659:
21660: 2004-02-13 Aaron Spangler <aaron777@gmail.com>
21661:
21662: * sudoers2ldif:
21663: Merged in LDAP Support
21664: [3994c4d05947]
21665:
21666: * ldap.c, sudo.c, sudo.h:
21667: Merged in LDAP Support
21668: [547eaa346fcc]
21669:
21670: * def_data.c, def_data.h, def_data.in:
21671: Merged in LDAP Support
21672: [8fb255280e42]
21673:
21674: * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
21675: Merged in LDAP Support
21676: [1038092a161e]
21677:
21678: 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
21679:
21680: * sudo.h, sudo_noexec.c:
21681: Only do "extern int errno" if errno is not a macro.
21682: [b2e02a08be8b]
21683:
21684: 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
21685:
21686: * set_perms.c:
21687: setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
21688: euid first, then just call setuid(0) to set the real uid too.
21689: [f08546e2e0ee]
21690:
21691: * set_perms.c:
21692: Use setresuid() and setreuid() for PERM_RUNAS when appropriate
21693: instead of seteuid() which may not exist.
21694: [ba508581befb]
21695:
21696: 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
21697:
21698: * LICENSE:
21699: 2004
21700: [37425513a342]
21701:
21702: * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
21703: Add --with-pc-insults configure option
21704: [7daa5294c17b]
21705:
21706: * visudo.man.in:
21707: Prefer VISUAL over EDITOR like old vipw did.
21708: [996252a4ab65]
21709:
21710: 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
21711:
21712: * sudo.man.in, sudoers.man.in:
21713: regen
21714: [a247f1c52eb9]
21715:
21716: * sudoers.pod:
21717: Add a note that noexec is not a cure-all.
21718: [9e7fc535367d]
21719:
21720: * sudoers.pod:
21721: Mention that disabling "root_sudo" is pretty pointless.
21722: [f38a415afba0]
21723:
21724: * configure, configure.in:
21725: Substitute for root_sudo in sudoers.pod
21726: [ce483cfc86be]
21727:
21728: * sudo.pod:
21729: Add sudoedit to the NAME section
21730: [51bc453ec2f6]
21731:
21732: * sudoers.pod:
21733: Document that fact that setting ignore_dot in sudoers has no effect
21734: due to the fact that find_path() is called *before* sudoers is read.
21735: [6808df7e417c]
21736:
21737: 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
21738:
21739: * sudo_edit.c:
21740: Do not require _PATH_USRTMP to be set.
21741: [546f3270dd10]
21742:
21743: * BUGS, CHANGES, TODO:
21744: sync
21745: [4205ddeab781]
21746:
21747: * sudo.man.in:
21748: regen
21749: [e2143690a88a]
21750:
21751: * sudo.pod:
21752: Clarify that when sudo is run by root with the SUDO_USER variable
21753: set, the sudoers lookup happens for root and not the SUDO_USER user.
21754: [47207bec1bdf]
21755:
21756: 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
21757:
21758: * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
21759: set_perms.c, sigaction.c, sudo.c, tgetpass.c:
21760: Use the SET, CLR and ISSET macros.
21761: [a8b0d7f1e8fd]
21762:
21763: * fnmatch.c:
21764: Use the SET, CLR and ISSET macros.
21765: [1afbcba22ba6]
21766:
21767: * defaults.c, env.c:
21768: Use the SET, CLR and ISSET macros.
21769: [2f39431e0a49]
21770:
21771: * interfaces.h:
21772: MAIN was replaced with _SUDO_MAIN some time ago.
21773: [ea1b38f2ac9d]
21774:
21775: * sudo.c:
21776: Don't look at prev_user until after we've parsed sudoers and done
21777: the password check. That way, if sudo/sudoedit is run from a root
21778: process that was invoked by sudo, we check sudoers for root, not the
21779: previous user. This makes sudoedit much more useful and means that
21780: for the sudo case, we get correct logging on who actually ran the
21781: command.
21782: [431dfbf20552]
21783:
21784: 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
21785:
21786: * sudo_edit.c:
21787: Add a comment describing why we need to be notified about our child
21788: stopping.
21789: [0bec3ce4b49d]
21790:
21791: 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
21792:
21793: * def_data.c, def_data.in:
21794: Update the noexec variable descriptions
21795: [9cb7f1aa0e57]
21796:
21797: * sudoers.man.in, sudoers.pod:
21798: noexec now replaces more than just execve()
21799: [23cbdc0ee95c]
21800:
21801: * sudo_noexec.c:
21802: Alas, all the world does not go through execve(2). Many systems
21803: still have an execv(2) system call, Linux 2.6 provides fexecve(2)
21804: and it is not uncommon for libc to have underscore ('_') versions of
21805: the functions to be used internally by the library. Instead of
21806: stubbing all these out by hand, define a macro and let it do the
21807: work. Extra exec functions pointed out by Reznic Valery.
21808: [9fa0cd871b0c]
21809:
21810: * sudo.c, sudo_edit.c:
21811: Fix suspending the editor in -e mode. Because we do a fork() first
21812: we need to be notified when the child has been stopped and then send
21813: that same signal to ourself so the shell can do its job control
21814: thing.
21815: [773165eb6057]
21816:
21817: * visudo.c:
21818: Use WIFEXITED and WEXITSTATUS macros. If there are systems out
21819: there that want to run sudo that still don't support these we can
21820: try to deal with that later.
21821: [6af68e4aff60]
21822:
21823: * lex.yy.c:
21824: regen
21825: [403435317d5d]
21826:
21827: * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
21828: Document sudo -e / sudoedit
21829: [a80f6ea910af]
21830:
21831: * configure, configure.in:
21832: fix typo
21833: [5020fcdc27f4]
21834:
21835: * config.h.in, configure.in:
21836: Add SET/CLR/ISSET
21837: [03ff57286e7e]
21838:
21839: 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
21840:
21841: * sudo.c:
21842: Allow non-exclusive flags when invoked as sudoedit. Pretty print the
21843: long usage() line to not wrap (assumes 80 char display)
21844: [3941fa4004bb]
21845:
21846: * Makefile.in, sudo.c:
21847: If sudo is invoked as "sudoedit" the -e flag is implied and no other
21848: flags are permitted.
21849: [929670b01293]
21850:
21851: * sudo.h:
21852: Add a new flag, -e, that makes it possible to give users the ability
21853: to edit files with the editor of their choice as the invoking user,
21854: not the runas user. Temporary files are used for the actual edit
21855: and the temp file is copied over the original after the editor is
21856: done.
21857: [c4051414c1f4]
21858:
21859: * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
21860: Add a new flag, -e, that makes it possible to give users the ability
21861: to edit files with the editor of their choice as the invoking user,
21862: not the runas user. Temporary files are used for the actual edit
21863: and the temp file is copied over the original after the editor is
21864: done.
21865: [37ac05c8ac3c]
21866:
21867: * env.c, sudo.c:
21868: If real uid == 0 and the SUDO_USER environment variables is set, use
21869: that to determine the invoking user's true identity. That way the
21870: proper info gets logged by someone who has done "sudo su" but still
21871: uses sudo to as root. We can't do this for non-root users since
21872: that would open up a security hole, though perhaps it would be
21873: acceptable to use getlogin(2) on OSes where this a system call (and
21874: doesn't just look in the utmp file).
21875: [c2f9198708a1]
21876:
21877: * pathnames.h.in:
21878: Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
21879: [7d9e5768df93]
21880:
21881: * config.h.in, configure, configure.in:
21882: Add check for fchown(2)
21883: [a85df18798ed]
21884:
21885: 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
21886:
21887: * sudo.c:
21888: Back out portions of the -i commit that set NewArgv[0] in
21889: set_runaspw. It is far to late to set NewArgv[0] there and will have
21890: no effect anyway as cmnd and safe_cmnd have already been set.
21891: [c2d343430c1c]
21892:
21893: * visudo.c, visudo.pod:
21894: Prefer VISUAL over EDITOR like old vipw did.
21895: [ae32f477cea3]
21896:
21897: 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
21898:
21899: * env.c, sudo.c:
21900: In -i mode always set new environment based on the runas user's
21901: passwd entry.
21902: [fa653b7887a8]
21903:
21904: 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
21905:
21906: * sudo.man.in, sudo.pod:
21907: Document the new -i flag and sync SYNOPSIS section with usage() in
21908: sudo.c. Also sort the flags in the OPTIONS section.
21909: [6aabc0ffc47e]
21910:
21911: * sudo.c, sudo.h:
21912: o Add -i that acts similar to "su -", based on patches from David J.
21913: MacKenzie o Sort the flags in the usage message
21914: [c0fe7d6beffd]
21915:
21916: * sudoers.man.in, sudoers.pod:
21917: Add a missing @runas_default@ substitution.
21918: [60516fe2d090]
21919:
21920: 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
21921:
21922: * sudo.c:
21923: Change euid to runas user before calling find_path().
21924: Unfortunately, though runas_user can be modified in sudoers we
21925: haven't parsed sudoers yet.
21926: [f469fdf2e313]
21927:
21928: * sudoers.man.in, sudoers.pod:
21929: Add missing defintion of Parameter_List and use single pipes in the
21930: Defaults EBNF definition.
21931: [f7bed6e909bf]
21932:
21933: * sudo.c:
21934: Fix a bug when set_runaspw() is used as a callback. We don't want
21935: to reset the contents of runas_pw if the user specified a user via
21936: the -u flag.
21937:
21938: Avoid unnecessary passwd lookups in set_authpw(). In most cases we
21939: already have the info in runas_pw.
21940: [efc35623ba09]
21941:
21942: 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
21943:
21944: * check.c:
21945: Add Stan Lee / Uncle Ben quote to the lecture from RedHat
21946: [ebd5a76ccd7e]
21947:
21948: * sudo.h:
21949: Update sudo_getepw() proto and add one for set_runaspw()
21950: [6ed65795c17f]
21951:
21952: * parse.c:
21953: If we can't stat the command as root, try as the runas user instead.
21954: [ae713fca0e15]
21955:
21956: * testsudoers.c, visudo.c:
21957: Add stub set_runaspw() function
21958: [42aa37050053]
21959:
21960: * sudo.c:
21961: Add set_runaspw() function to fill in runas_pw. This will be used
21962: as a callback to update runas_pw when the runas user changes.
21963: [e570aa0088d0]
21964:
21965: * env.c, sudo.c:
21966: PERM_RUNAS -> PERM_FULL_RUNAS
21967: [51eec6f9e89a]
21968:
21969: * set_perms.c, sudo.h:
21970: Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
21971: changes the euid.
21972: [877c6fe4d12c]
21973:
21974: * getspwuid.c:
21975: Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
21976: one chunk for easy free()ing. Also change it from static to extern.
21977: [ab503260a7ec]
21978:
21979: * defaults.c, defaults.h:
21980: Add callback support
21981: [a61c4ca983fb]
21982:
21983: * mkdefaults:
21984: Add a callback field and use it for runas_default
21985: [96b69c27df5e]
21986:
21987: * def_data.c, def_data.in:
21988: Add a callback field and use it for runas_default
21989: [d3e9f06872b8]
21990:
21991: 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
21992:
21993: * auth/fwtk.c:
21994: Add support for chalnecho and display server responses used by fwtk
21995: >= 2.0
21996: [b1870f7aaf0d]
21997:
21998: 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
21999:
22000: * sudoers.man.in, sudoers.pod:
22001: ld.so is ld.so.1 on solaris
22002: [2bf9a123fa4c]
22003:
22004: * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
22005: Use closefrom() instead of doing the equivalent inline.
22006: [7e3ef6072884]
22007:
22008: * closefrom.c:
22009: closefrom(3) for systems w/o it
22010: [35caf58bb636]
22011:
22012: 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
22013:
22014: * sudoers.man.in:
22015: Update from .pod file.
22016: [d4c94fc0e0c9]
22017:
22018: * configure, configure.in:
22019: Substitute noexec_file for the sudoers man page
22020: [203d3376a551]
22021:
22022: * sudo.man.in, sudo.pod:
22023: Mention noexec
22024: [014375ddbb06]
22025:
22026: * sudoers.man.in, sudoers.pod:
22027: Document noexec
22028: [49a65d06201f]
22029:
22030: * auth/pam.c, config.h.in, configure.in:
22031: Move PAM_CONST macro definition from config.h to pam.c where it
22032: belongs. We can't have this in config.h since that gets included too
22033: early.
22034: [e64748071637]
22035:
22036: * auth/pam.c, config.h.in, configure, configure.in:
22037: Some PAM implementations put their headers in /usr/include/pam
22038: instead of /usr/include/security.
22039: [8cc749e9575c]
22040:
22041: * configure.in:
22042: I missed changing the EXEC macro -> EXECV here when I changed this
22043: in config.h.in and sudo.c a while ago.
22044: [6f5afac7789f]
22045:
22046: * acsite.m4:
22047: OpenBSD vax/m88k/hppa don't do shared libs
22048: [e4901d958bb7]
22049:
22050: * configure, configure.in:
22051: o merge the hpux case entries into a single entry w/ its own sub-
22052: case statement. o HP-UX >= 11 support getspnam(), use it in
22053: preference to getprpwuid()
22054: [0caad428894e]
22055:
22056: * configure, configure.in:
22057: eval $shrext so that it expands nicely on MacOS X
22058: [40419343eef8]
22059:
22060: * Makefile.in:
22061: Don't lie about making a module, it does the wrong thing on mach
22062: [7629b28f5688]
22063:
22064: * ltmain.sh:
22065: Remove requirement that libs must begin with "lib". They don't when
22066: we point directly at the lib using LD_PRELOAD or its equivalent.
22067: [d66f3de6ec85]
22068:
22069: * acsite.m4:
22070: Disable support for c++, f77 and java. We don't need it, it takes a
22071: lot of time, and it hosed our check for shared lib support.
22072: [4f5749c52ce4]
22073:
22074: * configure:
22075: regen
22076: [160865e9d15f]
22077:
22078: * configure.in:
22079: Call AC_ENABLE_SHARED and check the status of enable_shared to know
22080: when shared libs are available.
22081: [42504c1668fc]
22082:
22083: * acsite.m4:
22084: Duh, OpenBSD suports shared libs too
22085: [8e3cd9417475]
22086:
22087: * config.h.in, configure.in:
22088: Only OpenPAM and Linux PAM use const qualifiers.
22089: [b2f76476e866]
22090:
22091: * configure, configure.in:
22092: o No need to check for sed, libtool config does that for us o move
22093: check for --with-noexec until after libtool magic is run so we can
22094: use $can_build_shared and $shrext
22095: [668c656e89cc]
22096:
22097: * ltmain.sh:
22098: Don't print a bunch of crap about library installs since we are not
22099: really installing a library.
22100: [83fbcad29fe4]
22101:
22102: * env.c:
22103: Make format_env() varargs Add noexec support for Darwin, MacOS X,
22104: Irix, and Tru64
22105: [468885d75d10]
22106:
22107: * acsite.m4, ltconfig, ltmain.sh:
22108: Update to libtool 1.5 with local changes: o no ldconfig in the
22109: finish step o assume no libprefix or version is needed
22110: [4961cffc3797]
22111:
22112: * sudo_noexec.c:
22113: Fix compilation under K&R
22114: [8b309bf0b1b2]
22115:
22116: 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
22117:
22118: * CHANGES:
22119: checkpoint
22120: [3c368badab32]
22121:
22122: * sudo_noexec.c:
22123: stub execve() that just returns EACCES; used for noexec
22124: functionality
22125: [1297acae283a]
22126:
22127: * sudo.tab.h:
22128: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
22129: generated code.
22130: [dcab78c49273]
22131:
22132: * sudo.tab.c:
22133: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
22134: generated code.
22135: [0a61c735eabe]
22136:
22137: 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
22138:
22139: * def_data.c, def_data.h, def_data.in:
22140: Move the environment defaults to the end and shorten a few of the
22141: descriptions.
22142: [66787b9c612c]
22143:
22144: * configure, configure.in:
22145: no shared libs on ultris or convexos
22146: [2c5f3c456e32]
22147:
22148: * Makefile.in, configure, configure.in:
22149: Build sudo_noexec shared object using libtool; could use some
22150: cleanup.
22151: [373f483555dd]
22152:
22153: * acsite.m4, ltconfig, ltmain.sh:
22154: libtool scaffolding
22155: [c903a42e3d90]
22156:
22157: * parse.yacc, sudo.tab.c:
22158: Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
22159: important.
22160: [c6e8a34639a4]
22161:
22162: * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
22163: parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
22164: update copyright year
22165: [a16372ae1711]
22166:
22167: * configure, configure.in, defaults.c, env.c, pathnames.h.in:
22168: Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
22169: option. The default value of noexec_file is set to this.
22170: [7d88e1d3c494]
22171:
22172: * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
22173: parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
22174: sudo.tab.h:
22175: Add support for preloading a shared object containing a dummy
22176: execve() function that just sets error and returns -1. This adds a
22177: "noexec_file" option to load the filename as well as a "noexec" flag
22178: to enable it unconditionally. There is also a NOEXEC tag that can
22179: be attached to specific commands and an EXEC tag to disable it.
22180: [c8b6712feb91]
22181:
22182: * mkdefaults:
22183: add missing newline to usage statement
22184: [e84746618362]
22185:
22186: * config.h.in, sudo.c:
22187: Rename EXEC macro -> EXECV
22188: [ddaa0c027299]
22189:
22190: * logging.c:
22191: Don't truncate usernames to 8 characters in the log message.
22192: [f62a20f27075]
22193:
22194: * check.c, sudoers.man.in, sudoers.pod:
22195: Update copyright year
22196: [ca9964054085]
22197:
22198: * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
22199: sudoers.pod:
22200: Add a new option, lecture_file, that can be used to point to a
22201: custom sudo lecture.
22202: [940133231216]
22203:
22204: 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
22205:
22206: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
22207: auth/sudo_auth.c:
22208: Add a zero_bytes() function to do the equivalent of bzero in such a
22209: way that will heopfully not be optimized away by sneaky compilers.
22210: [161b6d74bfb4]
22211:
22212: * zero_bytes.c:
22213: Add a zero_bytes() function to do the equivalent of bzero in such a
22214: way that will heopfully not be optimized away by sneaky compilers.
22215: [d035abf0af94]
22216:
22217: * Makefile.in, sudo.h:
22218: Add a zero_bytes() function to do the equivalent of bzero in such a
22219: way that will heopfully not be optimized away by sneaky compilers.
22220: [ff136de3e255]
22221:
22222: * err.c:
22223: Use #ifdef __STDC__, not #if __STDC__.
22224: [6889dd6bc51a]
22225:
22226: 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
22227:
22228: * mkdefaults:
22229: Always put at least one space between the def_* macro name and its
22230: definition.
22231: [6b3ad0e6619a]
22232:
22233: * configure, configure.in:
22234: Adjust code for --without-lecture to match new values.
22235: [062aa788a6b9]
22236:
22237: * visudo.man.in:
22238: regen after pasto fix
22239: [3deec16906c0]
22240:
22241: * sudoers.man.in, sudoers.pod:
22242: Document that "lecture" has changed from a flag to a tuple.
22243: [e2c03062b533]
22244:
22245: * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
22246: defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
22247: Add support for tuples in def_data.in; these are implemented as an
22248: enum type. Currently there is only a single tuple enum but in the
22249: future we may have one tuple enum per T_TUPLE entry in def_data.in.
22250: Currently listpw, verifypw and lecture are tuples. This avoids the
22251: need to have two entries (one ival, one str) for pwflags and syslog
22252: values.
22253:
22254: lecture is now a tuple with the following values: never, once,
22255: always
22256:
22257: We no longer use both an int and string entry for syslog facilities
22258: and priorities. Instead, there are logfac2str() and logpri2str()
22259: functions that get used when we need to print the string values.
22260: [5293f946c836]
22261:
22262: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
22263: auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
22264: check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
22265: logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
22266: sudo.tab.c, visudo.c:
22267: Create def_* macros for each defaults value so we no longer need the
22268: def_{flag,ival,str,list,mode} macros (which have been removed). This
22269: is a step toward more flexible data types in def_data.in.
22270: [009c02934106]
22271:
22272: * TODO:
22273: checkpoint
22274: [0a99a4bb5d15]
22275:
22276: 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
22277:
22278: * sudo.c:
22279: If we are in -k/-K mode, just spew to stderr. It is not unusual for
22280: users to place "sudo -k" in a .logout file which can cause sudo to
22281: be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
22282: Previously, this would result in useless mail and logging.
22283: [d282e7ed63af]
22284:
22285: 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
22286:
22287: * visudo.pod:
22288: fix pasto in VISUAL description
22289: [1c6a6148b5f9]
22290:
22291: 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
22292:
22293: * configure:
22294: regen
22295: [f44312c63799]
22296:
22297: * CHANGES:
22298: checkpoint
22299: [0c42e38f78d5]
22300:
22301: * TROUBLESHOOTING:
22302: Some OSes (like Solaris) allow export w/ nosuid too
22303: [973ce85ffa12]
22304:
22305: 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
22306:
22307: * compat.h:
22308: We don't use FD_ZERO anymore so just define FD_SET (if not already
22309: there).
22310: [d1c8c11905cd]
22311:
22312: 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
22313:
22314: * auth/pam.c:
22315: Fix a core dump on Solaris by preserving the pam_handle_t we used
22316: during authentication for pam_prep_user(). If we didn't
22317: authenticate (ie: ticket still valid), we call pam_init() from
22318: pam_prep_user(). This is something of a hack; it may be better to
22319: change the auth API and add an auth_final() function that acts like
22320: pam_prep_user().
22321: [f787de49b175]
22322:
22323: 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
22324:
22325: * set_perms.c:
22326: Add explicit declaration of printerr variable in function header
22327: (was defaulting to int which is OK but oh so K&R :-). From Theo.
22328: [492c2358783f]
22329:
22330: 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
22331:
22332: * config.h.in, configure.in:
22333: s/HAVE_STOW/USE_STOW/
22334: [4b99e1824ece]
22335:
22336: * logging.c:
22337: Also exit waitpid() loop when pid == 0. Fixes a problem where the
22338: sudo process would spin eating up CPU until sendmail finished when
22339: it has to send mail.
22340: [ec3d5792b9b4]
22341:
22342: 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
22343:
22344: * fnmatch.c:
22345: Remove advertising clause, UCB has disavowed it
22346: [43a26bbd6628]
22347:
22348: * fnmatch.3:
22349: Remove advertising clause, UCB has disavowed it
22350: [3ff24291bcfa]
22351:
22352: 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
22353:
22354: * parse.c:
22355: Don't assume that getgrnam() calls don't modify contents of struct
22356: passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
22357: Based on a patch from Kirk Webb.
22358: [5574c68f60f3]
22359:
22360: 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
22361:
22362: * configure.in:
22363: missing ;;
22364: [22378f2a9d31]
22365:
22366: * configure.in:
22367: darwin has a broken setreuid() in at least some versions
22368: [d572aed930d2]
22369:
22370: * env.c:
22371: Fix an off by one error when reallocating the environment; Kevin Pye
22372: [3d98e7cf097a]
22373:
22374: 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
22375:
22376: * sudoers.pod:
22377: Fix User_Spec definition; SEKINE Tatsuo
22378: [49b0da65e090]
22379:
22380: 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
22381:
22382: * HISTORY:
22383: More info on the early days from Coggs.
22384: [9381ca10b06b]
22385:
22386: 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
22387:
22388: * auth/kerb5.c:
22389: remove errant semicolon that prevented compilation under heimdal
22390: [d2f2bb73a598]
22391:
22392: 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
22393:
22394: * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
22395: add DARPA credit on affected files
22396: [7020785ee50d]
22397:
22398: * sudoers.pod:
22399: add DARPA credit on affected files
22400: [83b46318750b]
22401:
22402: * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
22403: sudoers.man.in:
22404: add DARPA credit on affected files
22405: [d8adf1c2ba22]
22406:
22407: * set_perms.c:
22408: add DARPA credit on affected files
22409: [3d79fdabb582]
22410:
22411: * pathnames.h.in:
22412: add DARPA credit on affected files
22413: [e334cdda422f]
22414:
22415: * logging.c, parse.c:
22416: add DARPA credit on affected files
22417: [8f75f822755b]
22418:
22419: * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
22420: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
22421: find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
22422: interfaces.h:
22423: add DARPA credit on affected files
22424: [da66e28fb3f5]
22425:
22426: * auth/kerb5.c, auth/pam.c:
22427: add DARPA credit on affected files
22428: [15da3021b49c]
22429:
22430: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
22431: auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
22432: version.h:
22433: add DARPA credit on affected files
22434: [868d54cbddea]
22435:
22436: * env.c:
22437: add DARPA credit on affected files
22438: [90239f51ef0a]
22439:
22440: * defaults.c, defaults.h:
22441: add DARPA credit on affected files
22442: [6a64205fd1eb]
22443:
22444: * compat.h:
22445: add DARPA credit on affected files
22446: [316a735783c4]
22447:
22448: * Makefile.in, alloc.c, check.c:
22449: add DARPA credit on affected files
22450: [cd939e05c810]
22451:
22452: * LICENSE:
22453: slightly different wording for the darpa credit
22454: [e468909c4a21]
22455:
22456: 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
22457:
22458: * LICENSE:
22459: Add DARPA credit
22460: [8eb20e2cd63e]
22461:
22462: 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
22463:
22464: * auth/kerb5.c:
22465: Use krb5_princ_component() instead of krb5_princ_realm() for MIT
22466: Kerberos like we did before I messed things up ;-)
22467:
22468: Use krb5_principal_get_comp_string() to do the same thing w/
22469: Heimdal. I'm not sure if the component should be 0 or 1 in this
22470: case.
22471:
22472: #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
22473: older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
22474: should be a configure check for this I guess.
22475: [74919a3933fe]
22476:
22477: 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
22478:
22479: * sample.sudoers:
22480: builtin -> built-in; Jason McIntyre
22481: [027f2187923e]
22482:
22483: * TROUBLESHOOTING, config.h.in, configure, configure.in:
22484: builtin -> built-in; Jason McIntyre
22485: [70b81ac48943]
22486:
22487: * sudoers.pod:
22488: built in -> built-in; Jason McIntyre
22489: [da658ef5138d]
22490:
22491: 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
22492:
22493: * CHANGES:
22494: checkpoint for 1.6.7p3
22495: [da85f989fadf]
22496:
22497: * HISTORY:
22498: Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
22499: Amazingly, sudo source from 1985 is available via groups.google.com
22500: [39e0fc85b89f]
22501:
22502: * sudo.c:
22503: Don't change rl.rlim_max for RLIMIT_CORE. We need only set
22504: rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
22505: RLIMIT_CORE restoration on some OSes.
22506: [7e2c1a7adfd8]
22507:
22508: 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
22509:
22510: * auth/kerb5.c:
22511: Make this compile on Heimdal and MIT Kerberos 5
22512: [44c07d615868]
22513:
22514: * config.h.in, configure, configure.in:
22515: Check for heimdal even if we found krb5-config and define
22516: HAVE_HEIMDAL.
22517: [aba0126f0059]
22518:
22519: * auth/kerb5.c:
22520: Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
22521: no longer defined by MIT kerb5 (though it used to be and indeed
22522: remains so in Heimdal).
22523: [e5a6c64d7cd5]
22524:
22525: 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
22526:
22527: * mkinstalldirs:
22528: Remove newer stuff that passes multiple (possibly duplicate)
22529: directories to "mkdir -p" since that seems to break on Tru64 Unix at
22530: least. This basically brings back what shipped with sudo 1.6.6.
22531: [f2a1abd872b3]
22532:
22533: 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
22534:
22535: * auth/kerb5.c:
22536: Correct number of args to krb5_principal_get_realm() and fix an
22537: unclosed comment that hid the bug.
22538: [0b37f8ce7824]
22539:
22540: * configure:
22541: regen
22542: [1876cb840fe0]
22543:
22544: * configure.in:
22545: ++version
22546: [480aff7c048e]
22547:
22548: * README:
22549: ++version
22550: [488e0bbff613]
22551:
22552: * Makefile.in:
22553: ++version
22554: [97ef63cedc38]
22555:
22556: * INSTALL.binary:
22557: ++version
22558: [a506204e77d0]
22559:
22560: * INSTALL:
22561: ++version
22562: [555aeba5c2bf]
22563:
22564: * CHANGES, version.h:
22565: ++version
22566: [f66985a64063]
22567:
22568: * BUGS:
22569: ++version
22570: [ea3573432412]
22571:
22572: * configure.in:
22573: use krb5-config to determine Kerberos V details if it exists
22574: [7b46bbdaf774]
22575:
22576: * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
22577: auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
22578: find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
22579: testsudoers.c, visudo.c:
22580: Use warn/err and getprogname() throughout. The main exception is
22581: openlog(). Since the admin may be filtering logs based on the
22582: program name in the log files, hard code this to "sudo".
22583: [9f180d015cfa]
22584:
22585: * Makefile.in:
22586: Add getprogname.c and err.c
22587: [d411c54a07dc]
22588:
22589: * configure:
22590: regen
22591: [6d585d391acc]
22592:
22593: * config.h.in, configure.in:
22594: Add checks for getprognam(), __progname and err.h
22595: [bcbccf61d34a]
22596:
22597: * emul/err.h:
22598: For systems withour err/warn functions.
22599: [1b33118884d9]
22600:
22601: * err.c:
22602: For systems withour err/warn functions.
22603: [26721f6b041f]
22604:
22605: * getprogname.c:
22606: For systems neither getprogname() nor __progname; uses Argv[0].
22607: [841cf42af1eb]
22608:
22609: 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
22610:
22611: * CHANGES:
22612: checkpoint for 1.6.7p1
22613: [5bfdaf441dce]
22614:
22615: * sudo.c, testsudoers.c:
22616: fix strlcpy() rval check (innocuous)
22617: [e05ac7e0d1f3]
22618:
22619: * check.c:
22620: oflow detection in expand_prompt() was faulty (false positives). The
22621: count was based on strlcat() return value which includes the length
22622: of the entire string.
22623: [086c5a0acb25]
22624:
22625: 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
22626:
22627: * RUNSON, TODO:
22628: checkpoint for the sudo 1.6.7 release
22629: [096bab4da29a] [SUDO_1_6_7]
22630:
22631: * CHANGES:
22632: checkpoint for the sudo 1.6.7 release
22633: [87322187ed78]
22634:
22635: 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
22636:
22637: * logging.c:
22638: g/c unused variable
22639: [c57cd4a17765]
22640:
22641: * configure:
22642: regen
22643: [e7c1f581dfac]
22644:
22645: * configure.in:
22646: use man sections 8 and 5 for csops
22647: [87de581bda88]
22648:
22649: 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
22650:
22651: * configure:
22652: regen
22653: [cb1433a9c7a1]
22654:
22655: * configure.in:
22656: Add -lskey or -lopie directly to SUDO_LIBS instead of having
22657: AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
22658: [ac5667978939]
22659:
22660: * configure:
22661: regen
22662: [638459118a2a]
22663:
22664: * configure.in:
22665: Add --with-blibpath for AIX. An alternate libpath may be specified
22666: or
22667: -blibpath support can be disabled. Also change conifgure such that
22668: -blibpath is not specified if no -L libpaths were added to
22669: SUDO_LDFLAGS.
22670: [c7d17b480cad]
22671:
22672: * aclocal.m4:
22673: Add --with-blibpath for AIX. An alternate libpath may be specified
22674: or
22675: -blibpath support can be disabled. Also change conifgure such that
22676: -blibpath is not specified if no -L libpaths were added to
22677: SUDO_LDFLAGS.
22678: [37022e991575]
22679:
22680: * INSTALL:
22681: Add --with-blibpath for AIX. An alternate libpath may be specified
22682: or
22683: -blibpath support can be disabled. Also change conifgure such that
22684: -blibpath is not specified if no -L libpaths were added to
22685: SUDO_LDFLAGS.
22686: [4b4bbe5bbe1b]
22687:
22688: * configure.in:
22689: add AIX blibpath support
22690: [16ba788bf086]
22691:
22692: * INSTALL, configure.in:
22693: --with-skey and --with-opie now take an option directory argument
22694: This obsoletes a --with-csops hack (/tools/cs/skey)
22695:
22696: Also remove the remaining direct uses of "echo"
22697: [5b4986a90c03]
22698:
22699: 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
22700:
22701: * configure.in:
22702: Detect KTH Kerberos IV and deal with it. Also make -lroken optional
22703: for KTH Kerberos IV and V.
22704: [119f97b48e18]
22705:
22706: * aclocal.m4:
22707: Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
22708: -R/path/to/dir if $with_rpath) to the specified variable.
22709: [e55e49d076ce]
22710:
22711: * INSTALL, configure.in:
22712: Add -R/path/to/libs for Solaris and SVR4. There is a new configure
22713: option, --with-rpath to control this behavior.
22714: [d4730c5399ab]
22715:
22716: * configure.in:
22717: for kerb4 put libdes after libkrb on the link line
22718: [5c566100eab6]
22719:
22720: * auth/kerb4.c:
22721: typo
22722: [6541b72b64a3]
22723:
22724: * configure.in:
22725: fix kerberos lib check when a path is specified
22726: [ae833a914c6f]
22727:
22728: * logging.c:
22729: Fix boolean thinko in SIGCHLD reaper and call reapchild after
22730: sending mail instead of doing a conditional sudo_waitpid.
22731: [86fa9a35df5a]
22732:
22733: 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
22734:
22735: * configure:
22736: regen
22737: [e6275cf528ba]
22738:
22739: * configure.in:
22740: replace =DIR with [=DIR] where sensible
22741: [c39a59173b38]
22742:
22743: * configure.in:
22744: o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
22745: detection based on openssh's configure.in
22746: [5b7a340912df]
22747:
22748: * INSTALL:
22749: --with-kerb4 and --with-kerb5 now take an optional argument.
22750: [71ed87fc9c64]
22751:
22752: 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
22753:
22754: * auth/securid.c:
22755: Kill remaining strcpy(), the programmer's guide says username is 32
22756: bytes.
22757: [bdba70fcd08d]
22758:
22759: * auth/kerb4.c:
22760: trat uid_t as unsigned long for printf and use snprintf, not sprintf
22761: [8072f5f8966d]
22762:
22763: * auth/rfc1938.c:
22764: use snprintf
22765: [fc0c70c665fe]
22766:
22767: 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
22768:
22769: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
22770: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
22771: auth/rfc1938.c, auth/sudo_auth.c:
22772: update copyright year
22773: [b0a10ccb1d0e]
22774:
22775: * sudo.man.in, sudoers.man.in, visudo.man.in:
22776: update copyright year
22777: [8fce0034eb51]
22778:
22779: * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
22780: configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
22781: parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
22782: sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
22783: update copyright year
22784: [d541e75fe520]
22785:
22786: * check.c, env.c, sudo.c:
22787: Cast [ug]ids to unsigned long and printf with %lu
22788: [2ede64d3592b]
22789:
22790: * configure:
22791: regen
22792: [c7c3245bdf3e]
22793:
22794: * configure.in:
22795: correct error messages for --with-sudoers-{mode,uid,gid}
22796: [77fc15b1c9db]
22797:
22798: * alloc.c:
22799: make the malloc(0) error specific to each function to aid tracking
22800: down bugs.
22801: [a58c34374b4b]
22802:
22803: * alloc.c:
22804: deal with platforms where size_t is signed and there is no SIZE_MAX
22805: or SIZE_T_MAX
22806: [7192abb4ab4e]
22807:
22808: * auth/kerb5.c:
22809: Make this compile w/ Heimdal and fix some gcc warnings.
22810: [f52f026f31c2]
22811:
22812: * sudo.c:
22813: Use stat_sudoers macro so --with-stow can work
22814: [c3674735c139]
22815:
22816: * INSTALL, config.h.in, configure, configure.in:
22817: Add support for --with-stow based on patches from Robert Uhl
22818: [b274cc1dd52c]
22819:
22820: * env.c:
22821: fix indentation
22822: [110d9f1721b1]
22823:
22824: * configure.in:
22825: back out rev 1.352
22826: [1eee91c83f11]
22827:
22828: * lex.yy.c:
22829: regen
22830: [72fba1c9590b]
22831:
22832: * parse.lex:
22833: use strlcpy, not strncpy
22834: [4faccbaeccef]
22835:
22836: * set_perms.c:
22837: Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
22838: [33bf0d18fdc1]
22839:
22840: * logging.c:
22841: use pid_t
22842: [3e0536993d2c]
22843:
22844: 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
22845:
22846: * strlcat.c, strlcpy.c:
22847: Make gcc shutup about unused rcsid
22848: [1669a0c74e9e]
22849:
22850: * interfaces.c:
22851: Move the n == 0 check for the non-getifaddrs cas
22852: [2460be061b2a]
22853:
22854: * auth/rfc1938.c:
22855: skeychallenge() on NetBSD take a size parameter
22856: [05acc2012801]
22857:
22858: * configure:
22859: regen
22860: [24bccf4749e8]
22861:
22862: * configure.in:
22863: put -ldl after -lpam, not before; fixes static linking on Linux
22864: [7f06b7b2b4d8]
22865:
22866: * interfaces.c:
22867: Avoid malloc(0) and fix the loop invariant for the getifaddrs()
22868: case.
22869: [239a55068646]
22870:
22871: * sudo.cat, sudoers.cat, visudo.cat:
22872: regen
22873: [4a2eed3981ca]
22874:
22875: * sudo.man.in, sudoers.man.in, visudo.man.in:
22876: regen
22877: [2c96ea2cf930]
22878:
22879: * Makefile.in:
22880: Preserve copyright notice from .pod file in .man.in file
22881: [519fbd09aebc]
22882:
22883: * visudo.pod:
22884: Add sudoers(5) to SEE ALSO
22885: [77ecfe3aedf1]
22886:
22887: 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
22888:
22889: * lex.yy.c:
22890: regen
22891: [6f5751ce0b74]
22892:
22893: * parse.lex:
22894: Don't assume libc can realloc() a NULL string. If malloc/realloc
22895: fails, make sure we just return; yyerror() is not terminal.
22896: [1b8618623708]
22897:
22898: * lex.yy.c:
22899: regen
22900: [5d31b46191c6]
22901:
22902: * parse.lex:
22903: simplify fill_args a little and use strlcpy for paranoia
22904: [0ea35a55542b]
22905:
22906: * sudo.tab.c:
22907: regen
22908: [5a8d508d708b]
22909:
22910: * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
22911: testsudoers.c:
22912: Use strlc{at,py} for paranoia's sake and exit on overflow. In all
22913: cases the strings were either pre-allocated to the correct size of
22914: length checks were done before the copy but a little paranoia can go
22915: a long way.
22916: [e73d28f1d14e]
22917:
22918: * sudo.h:
22919: Add strlc{at,py} protos
22920: [748ffc7fc7f4]
22921:
22922: * env.c, interfaces.c:
22923: Use erealloc3()
22924: [47f2cb46aba8]
22925:
22926: * configure:
22927: regen
22928: [e7e2fb79f935]
22929:
22930: * alloc.c:
22931: Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
22932: memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
22933: [7e0fa4d6fc1d]
22934:
22935: * sudo.c:
22936: snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
22937: configure.
22938: [09ea4d3959e9]
22939:
22940: * aclocal.m4:
22941: In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
22942: [31b4fdfdb8bf]
22943:
22944: 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
22945:
22946: * sudo.c:
22947: Use snprintf() for paranoia
22948: [a2659ceb46de]
22949:
22950: * parse.yacc:
22951: Use emalloc2 and erealloc3
22952: [90a069842401]
22953:
22954: * Makefile.in:
22955: strlc{at,py} for those w/o it
22956: [bac82dc916ee]
22957:
22958: * strlcat.c, strlcpy.c:
22959: stlc{at,py} for those w/o it.
22960: [ce7254f5db09]
22961:
22962: * config.h.in, configure, configure.in:
22963: Add stlc{at,py} for those w/o it.
22964: [00f08219657a]
22965:
22966: * alloc.c, sudo.h:
22967: Add erealloc3(), a realloc() version of emalloc2().
22968: [c96eaf08bbed]
22969:
22970: * interfaces.c, sudo.c:
22971: Use emalloc2() to allocate N things of a certain size.
22972: [1e0aba365555]
22973:
22974: * alloc.c, sudo.h:
22975: Add emalloc2() -- like calloc() but w/o the bzero and with
22976: error/oflow checking.
22977: [292150bc4153]
22978:
22979: * alloc.c:
22980: Error out on malloc(0); suggested by theo
22981: [995279e81326]
22982:
22983: 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
22984:
22985: * configure, configure.in:
22986: fix a typo; David Krause
22987: [f161213a17ab]
22988:
22989: 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
22990:
22991: * sudo.pod:
22992: fix typo
22993: [3ae5ad9a351a]
22994:
22995: 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
22996:
22997: * env.c:
22998: Remove DYLD_ from the environment for MacOS X; from bbraun
22999: [38caad5a3935]
23000:
23001: 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
23002:
23003: * config.h.in, configure.in:
23004: not not; Anil Madhavapeddy
23005: [d4f4f0bfc66b]
23006:
23007: 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
23008:
23009: * sudo.pod, sudoers.pod, visudo.pod:
23010: typos; jmc@openbsd.org
23011: [868c0f09bf9e]
23012:
23013: 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
23014:
23015: * parse.yacc:
23016: Add some missing ';' rule terminators that bison warns about.
23017: [535b0b8dcce5]
23018:
23019: * config.sub:
23020: fix typo I introduced in last merge
23021: [81db4e4f43fe]
23022:
23023: * configure:
23024: regenerate with autoconf 2.57
23025: [ca0c1e9564f8]
23026:
23027: * config.h.in:
23028: Add missing "$HOME"
23029: [209186197ad1]
23030:
23031: * configure.in:
23032: Add some more square backets to make autoconf 2.57 happy
23033: [b5639c14faf7]
23034:
23035: * config.sub, mkinstalldirs:
23036: Updates from autoconf-2.57
23037: [36be35eb331b]
23038:
23039: * config.guess:
23040: Updates from autoconf-2.57
23041: [ea0f8ca622af]
23042:
23043: 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
23044:
23045: * sudo.tab.h:
23046: regen
23047: [13a65a421567]
23048:
23049: * lex.yy.c, sudo.tab.c:
23050: regen
23051: [0b529db7cb6d]
23052:
23053: * parse.lex, parse.yacc, sudoers.pod:
23054: Add support for Defaults>RunasUser
23055: [20d726373175]
23056:
23057: 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
23058:
23059: * visudo.c:
23060: fclose() yyin after each yyparse() is done and use fopen() instead
23061: of using freopen().
23062: [587f8a2df857]
23063:
23064: * parse.lex:
23065: Better fix for sudoers files w/o a newline before EOF. It looks
23066: like the issue is that yyrestart() does not reset the start
23067: condition to INITIAL which is an issue since we parse sudoers
23068: multiple times.
23069: [920f8326968a]
23070:
23071: 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
23072:
23073: * parse.lex:
23074: Work around what appears to be a flex bug when dealing with files
23075: that lack a final newline before EOF. This adds a rule to match EOF
23076: in the non-initial states which resets the state to INITIAL and
23077: throws an error.
23078: [b94943bb1f81]
23079:
23080: * visudo.c:
23081: o The parser needs sudoers to end with a newline but some editors
23082: (emacs) may not add one. Check for a missing newline at EOF and
23083: add one if needed. o Set quiet flag during initial sudoers parse (to
23084: get options) o Move yyrestart() call and always use freopen() to
23085: open yyin after initial sudoers parse.
23086: [12d12f9b07aa]
23087:
23088: 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
23089:
23090: * set_perms.c:
23091: Fix pasto/thinko in setresgid()/setregid() usage. Want to set
23092: effective gid, not real gid, when reading sudoers.
23093: [c7d18b810fcd]
23094:
23095: * set_perms.c:
23096: don't compile set_perms_posix if we have setreuid or setresuid
23097: [b9cea7a81a29]
23098:
23099: 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
23100:
23101: * sudo.pod, sudoers.pod:
23102: document new prompt escapes
23103: [2f088076b640]
23104:
23105: * check.c:
23106: Add %U and %H escapes and redo prompt rewriting. "%%" now gets
23107: collapsed to "%" as was originally intended. This also gets rid of
23108: lastchar (does lookahead instead of lookback) which should simplify
23109: the logic slightly.
23110: [4b707b77b3c7]
23111:
23112: 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
23113:
23114: * tgetpass.c:
23115: Write the prompt *after* turning off echo to avoid some password
23116: characters being echoed on heavily-loaded machines with fast
23117: typists.
23118: [d38c57775915]
23119:
23120: * config.sub:
23121: Add support for mipseb; wiz@danbala.tuwien.ac.at
23122: [cfdac87ed5c8]
23123:
23124: * configure.in:
23125: Fix IRIX fallout from name changes in man dir/sect Makefile
23126: variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
23127: [9a7618755c23]
23128:
23129: * auth/pam.c:
23130: Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
23131: the global copy. Problem noted by Peter Pentchev.
23132: [d0a3e189cb06]
23133:
23134: 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
23135:
23136: * sudo.tab.c:
23137: regen
23138: [23b931359087]
23139:
23140: * parse.yacc:
23141: Add missing yyerror() calls; YYERROR does not seem to call this for
23142: us.
23143: [0be7aeb3ac57]
23144:
23145: 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
23146:
23147: * sudo.c:
23148: fix typo in comment; Pedro Bastos
23149: [d7406c460e99]
23150:
23151: 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
23152:
23153: * INSTALL:
23154: document --disable-setresuid
23155: [fbd03d03a027]
23156:
23157: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
23158: auth/sudo_auth.c:
23159: Sprinkle some volatile qualifiers to prevent over-enthusiastic
23160: optimizers from removing memset() calls.
23161: [5370ac0e6129]
23162:
23163: * logging.c, parse.yacc:
23164: minor sign fixes pointed out by gcc -Wsign-compare
23165: [db872438337f]
23166:
23167: * set_perms.c, sudo.c, sudo.h:
23168: Revamp set_perms. We now use a version based on setresuid() or
23169: setreuid() when possible since that allows us to support the
23170: stay_setuid option and we always know exactly what the semantics
23171: will be (various Linux kernels have broken POSIX saved uid support).
23172: [523bc212396c]
23173:
23174: * config.h.in, configure:
23175: regen from configure.in
23176: [351877ea2624]
23177:
23178: * configure.in:
23179: Add checks for setresuid() and a way to disable using it
23180: [a5b21653d169]
23181:
23182: * compat.h:
23183: No long need to emulate set*[ug]id() via setres[ug]id() or
23184: setre[ug]id(). The new set_perms stuff only uses things it knows are
23185: there.
23186: [47884bd5d1d9]
23187:
23188: * sudo.c:
23189: Before exec, restore state of signal handlers to be the same as when
23190: we were initialy invoked instead of just reseting to SIG_DFL. Fixes
23191: a problem when using sudo with nohup. Based on a patch from Paul
23192: Markham.
23193: [f8f5a1484faa]
23194:
23195: * sudo.c:
23196: o timestamp_uid should be uid_t, not int o clarify error message
23197: when sudo is run by root and no_root_sudo is set
23198: [19dda0734264]
23199:
23200: 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
23201:
23202: * README:
23203: update ftp link for bison
23204: [98bc191016e3]
23205:
23206: 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
23207:
23208: * set_perms.c:
23209: Error out if setusercontext() fails and the runas user is not root.
23210: [089f9ade4686]
23211:
23212: 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
23213:
23214: * auth/securid5.c:
23215: Fix rcsid
23216: [07e9e85dcc2f]
23217:
23218: * configure.in:
23219: Fix SecurID API test
23220: [5ec201f454a5]
23221:
23222: 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
23223:
23224: * env.c:
23225: typo in comment
23226: [9d385c9ac533]
23227:
23228: * configure.in:
23229: securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
23230: but I don't see a better way at the moment.
23231: [f89e55cbb313]
23232:
23233: * Makefile.in, auth/securid5.c:
23234: SecurID API version 5 support from Michael Stroucken
23235: [68500ac7e531]
23236:
23237: * configure.in:
23238: Add check for SecurID 5.0 API
23239: [1ee242e6de6b]
23240:
23241: 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
23242:
23243: * strerror.c:
23244: We actually do still need config.h to get the 'const' definition for
23245: K&R C.
23246: [d9c982032d85]
23247:
23248: 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
23249:
23250: * configure:
23251: regen with autoconf 2.5.3
23252: [c71fc086eef5]
23253:
23254: * configure.in:
23255: Don't set sysconfdir to '/etc' if the user has specified a --prefix.
23256: [d90da1efafd9]
23257:
23258: * configure.in:
23259: Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
23260: LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
23261: [dd67afefa90d]
23262:
23263: * env.c, sudo.c, sudo.h:
23264: No need for dump_badenv() now that dump_defaults() knows how to dump
23265: lists.
23266: [6bcda468501d]
23267:
23268: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
23269: version.h:
23270: ++version
23271: [44e3b8f95f0b]
23272:
23273: * sudoers.pod:
23274: document timestampowner
23275: [37ebd69e9dd1]
23276:
23277: * check.c:
23278: Don't call set_perms() when doing timestamp stuff unless
23279: timestamp_uid != 0.
23280: [63a63d41d18c]
23281:
23282: * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
23283: sudo.h, testsudoers.c:
23284: g/c second arg to set_perms--it is no longer used
23285: [7ac4ce50c612]
23286:
23287: 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
23288:
23289: * check.c, set_perms.c, sudo.c, sudo.h:
23290: Add support for non-root timestamp dirs. This allows the timestamp
23291: dir to be shared via NFS (though this is not recommended).
23292: [faa83dd2b7fb]
23293:
23294: * def_data.c, def_data.h, def_data.in:
23295: Add timestampowner, "Owner of the authentication timestamp dir"
23296: [d47640d4c86a]
23297:
23298: 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
23299:
23300: * env.c:
23301: Don't try to pre-compute the size of the new envp, just allocate
23302: space up front and realloc as needed. Changes to the new env
23303: pointer must all be made through insert_env() which now keeps track
23304: of spaced used and allocates as needed.
23305: [39bc934a9f2c]
23306:
23307: 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
23308:
23309: * configure:
23310: regen
23311: [0e12c09bb790]
23312:
23313: * configure.in:
23314: Fix two typo/pastos; from jrj@purdue.edu
23315: [b718a4bf1181]
23316:
23317: 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
23318:
23319: * INSTALL.binary, README:
23320: ++version
23321: [a1e33027278c] [SUDO_1_6_6]
23322:
23323: * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
23324: visudo.cat, visudo.man.in:
23325: regen
23326: [19eb2be283ef]
23327:
23328: * CHANGES, RUNSON, TODO:
23329: Sync with 1.6.6
23330: [2ff9a9087f63]
23331:
23332: * check.c:
23333: The the loop used to expand %h and %u, the lastchar variable was not
23334: being initialized. This means that if the last char in the prompt
23335: is '%' and the first char is 'h' or 'u' a extra copy of the host or
23336: user name would be copied, for which space had not been allocated.
23337: [b2e27197857d]
23338:
23339: 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
23340:
23341: * BUGS, INSTALL, Makefile.in, configure.in, version.h:
23342: crank version to 1.6.6
23343: [cfd08689e597]
23344:
23345: * auth/afs.c:
23346: #undef VOID to get rid of an AFS warning
23347: [b40760564dc1]
23348:
23349: * env.c:
23350: Use easprintf instead of emalloc + sprintf for some things.
23351: [e7bfe2e69a03]
23352:
23353: 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
23354:
23355: * lex.yy.c, sudo.tab.c:
23356: regen
23357: [35327104383d]
23358:
23359: * parse.c, parse.lex, parse.yacc, testsudoers.c:
23360: Remove Chris Jepeway's email address so people don't bug him ;-)
23361: [c03410747a69]
23362:
23363: 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
23364:
23365: * sudo.c:
23366: Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
23367: endgrent() at the same time.
23368: [28b6097d5d1a]
23369:
23370: 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
23371:
23372: * INSTALL:
23373: Make it clear which configure options take arguments.
23374: [38529e7efad0]
23375:
23376: 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
23377:
23378: * compat.h:
23379: HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
23380: RLIM_INFINITY, just pretend it is -1. This works because we only
23381: check for RLIM_INFINITY and do not set anything to that value.
23382: [53173d34e6eb]
23383:
23384: 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
23385:
23386: * auth/pam.c:
23387: Zero and free allocated memory when there is a conversation error.
23388: [e342133db579]
23389:
23390: * auth/bsdauth.c:
23391: Use sigaction() not signal()
23392: [126c2790561f]
23393:
23394: * INSTALL:
23395: Mention that some linux kernels have broken POSIX saved ID support
23396: [571ef1a893d3]
23397:
23398: * CHANGES:
23399: checkpoint for 1.6.5p2
23400: [9e9e456f7f43]
23401:
23402: * configure:
23403: regen
23404: [d53703a46708]
23405:
23406: * configure.in:
23407: Add --disable-setreuid flag
23408: [3b9f2679cb55]
23409:
23410: * INSTALL:
23411: Document new --disable-setreuid option and change description for
23412: --disable-saved-ids to match new error message.
23413: [14fd3e5f60a5]
23414:
23415: * set_perms.c:
23416: fatal() now takes an argument that determines whether or not to call
23417: perror().
23418: [d826b25e62ff]
23419:
23420: * TROUBLESHOOTING:
23421: Update for new error messages from set_perms()
23422: [78007c3f76a9]
23423:
23424: * PORTING:
23425: Update for new error messages from set_perms()
23426: [60c545a6bcff]
23427:
23428: 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
23429:
23430: * auth/pam.c:
23431: Make this compile w/o warnings
23432: [b90843a29af5]
23433:
23434: * auth/pam.c:
23435: Mention that we can't use pam_acct_mgmt()
23436: [1dfc5a6e0479]
23437:
23438: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
23439: The user's password was not zeroed after use when AIX
23440: authentication, BSD authentication, FWTK or PAM was in use.
23441: [b18fff30b1e7]
23442:
23443: 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
23444:
23445: * auth/pam.c:
23446: Avoid giving PAM a NULL password response, use the empty string
23447: instead. This avoids a log warning when the user hits ^C at the
23448: password prompt when PAM is in use.
23449: [c3315805e4e4]
23450:
23451: * auth/pam.c:
23452: Don't check the return value of pam_setcred(). In Linux-PAM 0.75
23453: pam_setcred() returns the last saved return code, not the return
23454: code for the setcred module. Because we haven't called
23455: pam_authenticate(), this is not set and so pam_setcred() returns
23456: PAM_PERM_DENIED.
23457: [73db145fa179]
23458:
23459: * Makefile.in:
23460: Don't need a '/' between $(DESTDIR) and a directory.
23461: [0901ca618176]
23462:
23463: * Makefile.binary:
23464: Don't need a '/' between $(DESTDIR) and a directory.
23465: [cd7eb6098b87]
23466:
23467: 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
23468:
23469: * configure:
23470: regen
23471: [41b12c039282]
23472:
23473: * configure.in:
23474: o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
23475: setreuid() o new NetBSD has a real setreuid() o add check for
23476: freeifaddrs() if getifaddrs() exists.
23477: [a82ee3b01733]
23478:
23479: * config.h.in, interfaces.c:
23480: Older BSDi releases lack freeifaddrs() so add a test for that and if
23481: it is not present just use free().
23482: [6270671ea9d5]
23483:
23484: 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
23485:
23486: * CHANGES, RUNSON:
23487: Checkpoint for 1.6.5p1
23488: [26134ecf9b36]
23489:
23490: * auth/passwd.c:
23491: Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
23492: to normal passwords, not AUTH_FATAL (which just causes an exit).
23493: [785e0f4bc0e2]
23494:
23495: * visudo.c:
23496: Don't use memory after it has been freed.
23497: [c60492739fdb]
23498:
23499: * auth/passwd.c:
23500: skeyaccess() wants a struct passwd * not a char *; Patch from
23501: Phillip E. Lobbes
23502: [65a1d3806fcd] [SUDO_1_6_5]
23503:
23504: * BUGS:
23505: ++version
23506: [b2e1825e692e]
23507:
23508: * CHANGES, RUNSON, TODO:
23509: checkpoint for sudo 1.6.5
23510: [d730945622e7]
23511:
23512: 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
23513:
23514: * configure:
23515: regen
23516: [49744c403ac9]
23517:
23518: * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
23519: version 1.6.5
23520: [ec30a5f7fc45]
23521:
23522: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
23523: visudo.man.in:
23524: sudo version 1.6.5
23525: [458a3bed535d]
23526:
23527: * logging.c:
23528: o when invoking the mailer as root use a hard-coded environment that
23529: doesn't include any info from the user's environment. Basically
23530: paranoia.
23531:
23532: o Add support for the NO_ROOT_MAILER compile-time option and run the
23533: mailer as the user and not root if NO_ROOT_MAILER is defined.
23534: [4df351ec92ce]
23535:
23536: * set_perms.c, sudo.h:
23537: Bring back PERM_FULL_USER
23538: [edb6039bb284]
23539:
23540: * configure:
23541: regen
23542: [3eb2943afa03]
23543:
23544: * version.h:
23545: version 1.6.5
23546: [044fc9a0c72b]
23547:
23548: * INSTALL, config.h.in, configure.in:
23549: Add --disable-root-mailer option to run the mailer as the user and
23550: not root.
23551: [e9f805397963]
23552:
23553: * CHANGES:
23554: checkpoint for 1.6.4p2
23555: [b58aae5aa98a]
23556:
23557: * PORTING:
23558: Mention the "seteuid(0): Operation not permitted" problem here too
23559: just for good measure.
23560: [90135b37a691]
23561:
23562: 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
23563:
23564: * env.c, getspwuid.c, sudo.c:
23565: The SHELL environment variable was preserved from the user's
23566: environment instead of being reset based on the passwd database when
23567: the "env_reset" option was used. Now it is reset as it should be.
23568: [300066ef3c71]
23569:
23570: * configure:
23571: regen
23572: [a47d779e6552]
23573:
23574: * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
23575: sudo.c:
23576: Add a configure option to turn off use of POSIX saved IDs
23577: [fb18cc8e94d0]
23578:
23579: * configure:
23580: regen
23581: [d4f2f20025b6]
23582:
23583: * configure.in:
23584: add --with-efence option
23585: [45c4f33a8e88]
23586:
23587: * sudo.c:
23588: Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
23589: "sudo -l" would not work if always_set_home was set.
23590: [c3a6de6c4800]
23591:
23592: * lex.yy.c:
23593: regen
23594: [417424452998]
23595:
23596: * parse.lex:
23597: Quoted commas were not being treated correctly in command line
23598: arguments.
23599: [753415541b37]
23600:
23601: * sudo.c:
23602: o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
23603: Otherwise, the set_home option has no effect.
23604:
23605: o Fix use of freed memory when the "fqdn" flag is set. This was
23606: introduced by the fix for the "segv when gethostbynam() fails" bug.
23607: Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
23608: there is no need to check the "fqdn" flag in set_fqdn() itself.
23609: [4b6a4245c04e]
23610:
23611: * env.c:
23612: Add 'continue' statements to optimize the switch statement. From
23613: Solar.
23614: [a82c76975ae5]
23615:
23616: 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
23617:
23618: * sudoers.cat, sudoers.man.in:
23619: Regen from new sudoers.pod
23620: [6ecc07b3d0e1] [SUDO_1_6_4]
23621:
23622: * sudoers.pod:
23623: Add caveat about stay_setuid flag
23624: [9d228a7bea1b]
23625:
23626: * sudo.c:
23627: If set_perms == set_perms_posix and the stay_setuid flag is not set,
23628: set all uids to 0 and use set_perms_fallback().
23629: [c4e54d1ec86f]
23630:
23631: * set_perms.c, sudo.h:
23632: Remove PERM_FULL_USER (which is no longer used) and add
23633: PERM_FULL_ROOT (used when exec'ing the mailer).
23634: [15406c522ea2]
23635:
23636: * logging.c:
23637: Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
23638: never want to run the mailer setuid.
23639: [2294853e0666]
23640:
23641: 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
23642:
23643: * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
23644: visudo.pod:
23645: Use sudo.ws instead of courtesan.com in URLs
23646: [55204002a308]
23647:
23648: * Makefile.binary, Makefile.in:
23649: Fix mansect substitution
23650: [b7b5cbc3aa91]
23651:
23652: * Makefile.in:
23653: Substitute man sections in Makefile.binary
23654: [040deb785e56]
23655:
23656: * Makefile.binary:
23657: Sync install targets with Makefile.in and substitute in man
23658: sections.
23659: [77882a275281]
23660:
23661: * INSTALL, INSTALL.binary:
23662: version is 1.6.4
23663: [0f87aabbcb70]
23664:
23665: * Makefile.in:
23666: Repair bindist target
23667: [8d43bfe7e2d1]
23668:
23669: * CHANGES:
23670: sync for 1.6.4
23671: [13ca3d4a0a72]
23672:
23673: 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
23674:
23675: * install-sh:
23676: Fix case where neither whoami nor id are found
23677: [424dd270bc47]
23678:
23679: 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
23680:
23681: * install-sh:
23682: If neither whoami nor id exists, just assume we are root.
23683: [2d2644e42c53]
23684:
23685: * alloc.c:
23686: Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
23687: on AIX which for some reason isn't pulling in the malloc prototype.
23688: [231440d2ee3b]
23689:
23690: 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
23691:
23692: * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
23693: (c) 2002
23694: [700e3b41a68e]
23695:
23696: * CHANGES:
23697: checkpoint
23698: [33e604bd8d5b]
23699:
23700: * sudo.c:
23701: Defer assigning new environment until right before the exec.
23702: [f13c49e75c1c]
23703:
23704: * parse.c:
23705: kill extra blank line
23706: [12ef22e9dae3]
23707:
23708: 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
23709:
23710: * configure:
23711: regen
23712: [a6cd2d788f74]
23713:
23714: * configure.in:
23715: Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
23716: compiler doesn't recognise -O2.
23717: [5234aa543692]
23718:
23719: * HISTORY:
23720: Clarify origins of Root Group sudo a bit based on info from
23721: billp@rootgroup.com
23722: [4deef01c4208]
23723:
23724: 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
23725:
23726: * LICENSE:
23727: 2002
23728: [6c8e089dbd1a]
23729:
23730: * CHANGES:
23731: checkpoint for 1.6.4rc1
23732: [3349eb87a49f]
23733:
23734: 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
23735:
23736: * config.h.in:
23737: now generated via autoheader
23738: [84657d303cb9]
23739:
23740: * configure:
23741: regen
23742: [207bfa6a13f6]
23743:
23744: * compat.h:
23745: Move in some stuff that was previously in config.h.
23746: [e576d8b6480f]
23747:
23748: * aclocal.m4, configure.in:
23749: Add info for autoheader.
23750: [0549cd5da27c]
23751:
23752: 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
23753:
23754: * Makefile.in:
23755: o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
23756: -g to facilitate non-root installs
23757: [619216038f56]
23758:
23759: * install-sh:
23760: Add -M option (like -m but only for root) If we can't find "whoami",
23761: use "id" w/ some sed.
23762: [b39121c8b792]
23763:
23764: * configure:
23765: regen
23766: [b39b93ff9804]
23767:
23768: * configure.in:
23769: allow user to always override mansectsu and mansectform
23770: [0fca5e63bd90]
23771:
23772: 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
23773:
23774: * mkinstalldirs:
23775: update from autoconf 2.52
23776: [07bd75a508c3]
23777:
23778: * config.guess, config.sub:
23779: Update from autoconf 2.52
23780: [857b90fe31b7]
23781:
23782: * configure:
23783: regen with autoconf 2.52
23784: [08e7d1ea2aeb]
23785:
23786: * configure.in:
23787: o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
23788: mode o Remove compiler-specific checks for HP-UX now that we use
23789: AC_PROG_CC_STDC
23790: [d433a70b6208]
23791:
23792: * RUNSON:
23793: Checkpoint
23794: [babf6d2235d1]
23795:
23796: * auth/pam.c:
23797: o Add pam_prep_user function to call pam_setcred() for the target
23798: user; on Linux this often sets resource limits. o When calling
23799: pam_end(), try to convert the auth->result to a PAM_FOO value.
23800: This is a hack--we really need to stash the last PAM_FOO value
23801: received and use that instead.
23802: [6ad6f340dd2a]
23803:
23804: * set_perms.c, sudo.h:
23805: o Add pam_prep_user function to call pam_setcred() for the target
23806: user; on Linux this often sets resource limits.
23807: [67795421ac82]
23808:
23809: * env.c:
23810: Fix off by one error in number of bytes allocated via malloc (does
23811: not affected any released version of sudo).
23812: [5f5915360111]
23813:
23814: 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
23815:
23816: * lex.yy.c:
23817: regen
23818: [8208c0277775]
23819:
23820: * parse.lex:
23821: Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
23822: requiring that they be quoted.
23823: [ae59bc8f68dd]
23824:
23825: * sudoers.cat, sudoers.man.in, sudoers.pod:
23826: Mention that no double quotes are needed when
23827: adding/deleting/assigning a single value to a list.
23828: [25efc940a1f0]
23829:
23830: * Makefile.in:
23831: Don't rely on mkdefaults being executable, call perl explicitly.
23832: [6edc97ba5f1d]
23833:
23834: * sudo.tab.c:
23835: regen
23836: [49130b2e7e4d]
23837:
23838: * parse.yacc:
23839: Remove some XXX that are no longer relevant.
23840: [d460ac0d3767]
23841:
23842: * defaults.c:
23843: o Roll our own loop instead of using strpbrk() for better
23844: grokability o When adding to a list we must malloc() and use
23845: memcpy(), not strdup() since we must only copy len bytes from str.
23846: [649bef08e1f0]
23847:
23848: 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
23849:
23850: * sudo.tab.c:
23851: regen
23852: [f0bbf2c38c0e]
23853:
23854: * parse.yacc:
23855: typo in comment
23856: [2563711ff593]
23857:
23858: 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
23859:
23860: * CHANGES:
23861: checkpoint
23862: [a6d8a29fb30e]
23863:
23864: * configure:
23865: regen
23866: [bdfcaaf3bd13]
23867:
23868: * configure.in:
23869: avoid the -g flag unless --with-devel was specified
23870: [a976707bef30]
23871:
23872: * Makefile.in:
23873: mkdefaults, def_data.in and sigaction.c were missing from the
23874: tarball
23875: [6917ffbaa412]
23876:
23877: * Makefile.in:
23878: def_data.c was missing
23879: [87c78b11453d]
23880:
23881: 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
23882:
23883: * env.c:
23884: Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
23885: allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
23886: [fc8698e6a45e]
23887:
23888: * TODO:
23889: Another TODO item
23890: [6f251d6cd466]
23891:
23892: * sudoers:
23893: Add comment for Default section so folks know where it should go.
23894: [7edba626f392]
23895:
23896: 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
23897:
23898: * tgetpass.c:
23899: Use TCSETAF, not TCSETA to set terminal in termio case
23900: [fbd172f6c5d3]
23901:
23902: * sudoers.cat, sudoers.man.in:
23903: regen from sudoers.pod
23904: [64edd2de816e]
23905:
23906: * sudoers.pod:
23907: o Typo, Runas_User_List should be Runas_List o a User_List can not
23908: contain a uid o mention that the Defaults section should come after
23909: Alias definitions but before the user specifications
23910: [54070ba2092b]
23911:
23912: 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
23913:
23914: * sudoers.cat, sudoers.man.in:
23915: regen
23916: [e62d1d97693c]
23917:
23918: * sudoers.pod:
23919: Fix listpw and verifypw sections, they were not being formatted
23920: properly.
23921: [123868c2f3e9]
23922:
23923: * sudoers.cat, sudoers.man.in:
23924: regen
23925: [f94841f8b374]
23926:
23927: * sudoers.pod:
23928: fix typos
23929: [f278f1c1184e]
23930:
23931: * configure:
23932: regen
23933: [d2270049ba9f]
23934:
23935: * config.h.in, configure.in:
23936: use AC_SYS_POSIX_TERMIOS instead of rolling our own
23937: [c1a13f1354b9]
23938:
23939: * README:
23940: Reference sudo.ws not courtesan.com
23941: [ca13be67ebd7]
23942:
23943: * PORTING:
23944: Add notes on shadow passwords
23945: [aa13863f2314]
23946:
23947: * BUGS:
23948: In list mode (sudo -l), characters escaped with a backslash are
23949: shown verbatim with the backslash.
23950: [1a75a2858be2]
23951:
23952: * sudoers:
23953: Add simple examples from OpenBSD (Marc Espie)
23954: [3ae9a9ae4125]
23955:
23956: * tgetpass.c:
23957: Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
23958: [f8817699ee10]
23959:
23960: * CHANGES:
23961: minor prettyification
23962: [f523587929b9]
23963:
23964: * CHANGES:
23965: Updated change log
23966: [39d9010ee7a8]
23967:
23968: * testsudoers.c:
23969: Fix CIDR handling here too.
23970: [c91db8344c32]
23971:
23972: * auth/pam.c:
23973: Apparently a NULL response is OK
23974: [83bae61078d9]
23975:
23976: * TODO:
23977: Checkpoint for upcoming beta release
23978: [efb95c09df2a]
23979:
23980: * TROUBLESHOOTING:
23981: Many people believe that adding a runas spec should obviate the need
23982: for the -u flag. It does not.
23983: [c698bad85b0e]
23984:
23985: * RUNSON:
23986: checkpoint update for upcoming 1.6.4 beta
23987: [009e465a0a45]
23988:
23989: * config.h.in:
23990: o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
23991: if HAVE_STRING_H is defined -- this is safe now
23992: [d27c035f4e14]
23993:
23994: * PORTING:
23995: Add signals section
23996: [2d24c13cb3c8]
23997:
23998: * configure:
23999: regen
24000: [2b80a939e2ed]
24001:
24002: * configure.in:
24003: Fix check for sigaction_t
24004: [6fa41c89ab20]
24005:
24006: * sudo.c:
24007: XXX - should call find_path() as runas user, not root. Can't do
24008: that until the parser changes though.
24009: [f0b4f85651bd]
24010:
24011: * sudo.c:
24012: If find_path() fails as root, try again as the invoking user (useful
24013: for NFS). Idea from Chip Capelik.
24014: [e03fa7872692]
24015:
24016: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
24017: Regenerate after pod file changes
24018: [48e4bd75ec21]
24019:
24020: * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
24021: sudo.pod, sudoers.pod:
24022: Add new sudoers option "preserve_groups". Previously sudo would not
24023: call initgroups() if the target user was root. Now it always calls
24024: initgroups() unless the -P command line option or the
24025: "preserve_groups" sudoers option is set. Idea from TJ Saunders.
24026: [4f730359f101]
24027:
24028: 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
24029:
24030: * compat.h, config.h.in:
24031: Use new HAVE_SIGACTION_T define
24032: [dfb25f3cae5b]
24033:
24034: * logging.c:
24035: Fix compilation on K&C
24036: [7355e3275e34]
24037:
24038: * configure:
24039: regen
24040: [a710584f92f0]
24041:
24042: * configure.in:
24043: Add check for sigaction_t -- IRIX already defines this so don't
24044: redefine it.
24045: [df9c5737f6da]
24046:
24047: * snprintf.c:
24048: fix typo
24049: [3d782b8134c8]
24050:
24051: * interfaces.c:
24052: need stdlib.h here too
24053: [c789d8973ab2]
24054:
24055: * configure:
24056: regen
24057: [44822856bf46]
24058:
24059: * configure.in:
24060: Remove redundant checks for string.h, strings.h and unistd.h
24061: [933c94f8bbf4]
24062:
24063: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
24064: visudo.man.in:
24065: Regen from pod files
24066: [ad18c590f638]
24067:
24068: * BUGS:
24069: Update for 1.6.4
24070: [26bc88b69d22]
24071:
24072: * configure, lex.yy.c, sudo.tab.c:
24073: regen
24074: [bef89fd6fa2d]
24075:
24076: * strerror.c:
24077: Return EINVAL if errnum > sys_nerr
24078: [0512374e6661]
24079:
24080: * auth/sudo_auth.h:
24081: o Update copyright year
24082: [a877016db6e2]
24083:
24084: * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
24085: config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
24086: sudo.pod:
24087: o Update copyright year
24088: [e15a1b39039f]
24089:
24090: * configure.in:
24091: o Don't define STDC_HEADERS unconditionally for IRIX o Update
24092: copyright year
24093: [82a8cb819e07]
24094:
24095: * README:
24096: update version
24097: [d82e523a16b4]
24098:
24099: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
24100: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
24101: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
24102: auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
24103: set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
24104: visudo.c:
24105: o Reorder some headers and use STDC_HEADERS define properly o Update
24106: copyright year
24107: [fe39f76b3795]
24108:
24109: * lsearch.c:
24110: o Reorder some headers and use STDC_HEADERS define properly o Update
24111: copyright year
24112: [764ba3d4fa13]
24113:
24114: * getspwuid.c, goodpath.c, interfaces.c:
24115: o Reorder some headers and use STDC_HEADERS define properly o Update
24116: copyright year
24117: [fb46d46140d4]
24118:
24119: * getcwd.c:
24120: o Reorder some headers and use STDC_HEADERS define properly o Update
24121: copyright year
24122: [b199d70ac7ab]
24123:
24124: * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
24125: fnmatch.c:
24126: o Reorder some headers and use STDC_HEADERS define properly o Update
24127: copyright year
24128: [dab8f192a3ed]
24129:
24130: * configure:
24131: regen
24132: [156658f25cea]
24133:
24134: * tgetpass.c:
24135: flags set in signal handlers should be volatile sig_atomic_t
24136: [c22931a5535e]
24137:
24138: * config.h.in, configure.in:
24139: Add checks for volatile and sig_atomic_t
24140: [b03b3341381d]
24141:
24142: * configure, lex.yy.c:
24143: regen
24144: [ed9daba88217]
24145:
24146: * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
24147: sudo.c, sudoers.pod:
24148: Remove "secure_path" Defaults option since it cannot work with the
24149: existing parser.
24150: [c9e54a0f5971]
24151:
24152: * find_path.c, sudo.c:
24153: Unset "secure_path" if user_is_exempt()
24154: [fb7544565ae8]
24155:
24156: * env.c, pathnames.h.in:
24157: o Remove assumption that PATH and TERM are not listed in env_keep o
24158: If no PATH is in the environment use a default value o If TERM is
24159: not set in the non-reset case also give it a default value.
24160: [c987eb7df268]
24161:
24162: * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
24163: _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
24164: systems that define in paths.h
24165: [51865b0cdebf]
24166:
24167: * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
24168: Add support for skeyaccess(3) if it is present in libskey.
24169: [8add77c7d3e7]
24170:
24171: 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
24172:
24173: * sudo.c:
24174: Only need to do 'lc = login_getclass(NULL)' if lc == NULL
24175: [5a3d3cbf2c6d]
24176:
24177: * parse.lex:
24178: '\\' is a perfectly legal character to have in a command line
24179: argument.
24180: [c15a466ef00e]
24181:
24182: * sudo.c:
24183: o Defer call to set_fqdn() until it is safe to use log_error() o
24184: Don't print errno string value if gethostbyname fails, it is not
24185: relevant
24186: [c0c6bcf08bcb]
24187:
24188: * parse.c:
24189: Fix CIDR -> in_addr_t conversion.
24190: [2f307ebeb63f]
24191:
24192: 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
24193:
24194: * sudoers.pod:
24195: Remove an extra "User_List" in the User_Spec definition From
24196: ybertrand AT snoopymail.com
24197: [97bde59ea280]
24198:
24199: * parse.c:
24200: Make 'listpw=never' work for users who are not explicitly mentioned
24201: in sudoers.
24202: [258f0f30a428]
24203:
24204: * sudoers.pod:
24205: Remove gratuitous '=' in EBNF grammar; era AT iki.fi
24206: [4b0f03872ee1]
24207:
24208: * sudoers.pod:
24209: Document new list Defaults type and convert env_keep and env_delete
24210: to lists. Document new env_check option.
24211: [a07f1f079fe3]
24212:
24213: * lex.yy.c, sudo.tab.c, sudo.tab.h:
24214: regen parser
24215: [e39ac6c6581b]
24216:
24217: * parse.lex:
24218: Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
24219: to #[0-9-]+.
24220: [69c5388908f3]
24221:
24222: * configure:
24223: regen
24224: [0f1877b88cb3]
24225:
24226: * aclocal.m4:
24227: Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
24228: [6545503ae361]
24229:
24230: * config.h.in, configure.in:
24231: Add check for skeyaccess(3)
24232: [6caf69fe6359]
24233:
24234: * visudo.pod:
24235: Document new -c, -f, and -q options
24236: [13d0203c21d3]
24237:
24238: * visudo.c:
24239: o Add -f option (alternate sudoers file) o Convert to use getopt(3)
24240: [4c2b664d617d]
24241:
24242: * configure:
24243: regen
24244: [6d5bd932e7b5]
24245:
24246: * aclocal.m4, config.h.in, configure.in:
24247: Add check for isblank and a replacement macro if it doesn't exist.
24248: [b524f5e4f953]
24249:
24250: 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
24251:
24252: * visudo.c:
24253: In check-only mode, don't create sudoers if it does not already
24254: exist.
24255: [c748a2d5acad]
24256:
24257: * parse.yacc:
24258: o Add a new token, DEFVAR, to indicate a Defaults variable name o
24259: Add support for "+=" and "-=" list operators o replace some 1 and 0
24260: with TRUE and FALSE for greater legibility.
24261: [554cb174b37e]
24262:
24263: * parse.lex:
24264: o Use exclusive start conditions to remove some ambiguity in the
24265: lexer. Also reorder some things for clarity. o Add support for
24266: "+=" and "-=" list operators. o Use the new DEFVAR token to denote
24267: a Defaults variable name.
24268: [3a2cf8323e26]
24269:
24270: * sudo.h:
24271: Prototype init_envtables()
24272: [b74916469dab]
24273:
24274: * env.c:
24275: o Convert environment handling to use lists instead of strings.
24276: This greatly simplifies routines that need to do "foreach" type
24277: operations. o Add new init_envtables() function to set env_check
24278: and env_delete defaults based on initial_badenv_table and
24279: initial_checkenv_table (formerly sudo_badenv_table).
24280: [0a8b404658b6]
24281:
24282: * defaults.c, defaults.h:
24283: o Add a new LIST type and functions to manipulate it. o This is for
24284: use with environment handling variables. o Call new
24285: init_envtables() routine inside init_defaults() to initialize the
24286: environment lists.
24287: [ae73e64f0902]
24288:
24289: * def_data.c, def_data.h, def_data.in:
24290: Convert environment options to use the new LIST type and add a new
24291: one, env_check that only deletes if the sanity check fails.
24292: [3019503936de]
24293:
24294: * testsudoers.c:
24295: Add dummy version of init_envtables()
24296: [9d9e3ee609d9]
24297:
24298: * parse.yacc:
24299: honor quiet mode
24300: [8330fba6167c]
24301:
24302: * visudo.c:
24303: Add check-only mode
24304: [dab411bc8c35]
24305:
24306: * mkdefaults:
24307: Fix generation of entries with NULL descriptions.
24308: [ea75b9fed02e]
24309:
24310: 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
24311:
24312: * tgetpass.c:
24313: Use sigaction_t and quiet a gcc warning.
24314: [6f67d719c452]
24315:
24316: * sudo.c:
24317: Must reset signal handlers before we exec
24318: [300418120e1a]
24319:
24320: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
24321: auth/sudo_auth.c:
24322: Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
24323: version needs testing. Set SIGTSTP to SIG_DFL during password entry
24324: so user can suspend us.
24325: [00304aa58747]
24326:
24327: * tgetpass.c:
24328: Add support for interrupting/suspending tgetpass via keyboard input.
24329: If you suspend sudo from the password prompt and resume it will re-
24330: prompt you.
24331: [4af2b5101d32]
24332:
24333: * sudo.c:
24334: Don't block keyboard interrupt signals, just set them to SIG_IGN.
24335: [d46d7f67ef6b]
24336:
24337: 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
24338:
24339: * config.h.in:
24340: add back HAVE_SIGACTION
24341: [c9c7702c603e]
24342:
24343: * configure:
24344: regen
24345: [09fe669d337f]
24346:
24347: * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
24348: Kill POSIX_SIGNALS define and old signal support now that we emulate
24349: POSIX ones Also be sure to correctly initialize struct sigaction.
24350: [4bc2a6dbb2be]
24351:
24352: * strerror.c:
24353: Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
24354: [1ad64a19f328]
24355:
24356: * compat.h:
24357: Add scaffolding for POSIX signal emulation
24358: [945861d4c93b]
24359:
24360: * sigaction.c:
24361: o Add missing ';' so this compiles o Can't use NULL since we don't
24362: include stdio.h
24363: [04d0cac7438f]
24364:
24365: * sigaction.c:
24366: Emulate sigaction() using sigvec()
24367: [d0b54a989875]
24368:
24369: 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
24370:
24371: * sudoers.pod:
24372: Document new behavior of negative values of timestamp_timeout Fix a
24373: typo
24374: [4c0716570d01]
24375:
24376: * sudo.pod:
24377: Add security note about command not being logged after 'sudo su' and
24378: friends.
24379: [43294851a33c]
24380:
24381: * sudo.pod:
24382: Mention that -V prints default values when run as root, including
24383: the list of environment variables to clear.
24384: [d9e5e550a8c3]
24385:
24386: * Makefile.in:
24387: Run pod2man with --quotes=none to avoid stupid quoting of C<>
24388: entries.
24389: [997b23c35dbe]
24390:
24391: 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
24392:
24393: * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
24394: Add mail_badpass option Also modify mail_always behavior to also
24395: send mail when the password is wrong
24396: [838d40ccafce]
24397:
24398: * env.c, sudo.c, sudo.h:
24399: Dump default bad env table when 'sudo -V' is run by root.
24400: [f67f1b8048b0]
24401:
24402: * sudoers.pod:
24403: document env_delete
24404: [d74f893663a2]
24405:
24406: * env.c:
24407: Add support for '*' in env_keep when not resetting the environment
24408: (ie: the normal case).
24409: [fd4fb62ea8fd]
24410:
24411: * env.c:
24412: Add env_delete variable that lets the user replace/add to the
24413: bad_env_table. Allow '*' wildcard in env_keep entries.
24414: [aa728bc35e29]
24415:
24416: 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
24417:
24418: * mkinstalldirs:
24419: Force umask to 022 to guarantee sane directory permissions.
24420: [9ab3cfe70569]
24421:
24422: 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
24423:
24424: * Makefile.in:
24425: add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
24426: [671010465e6f]
24427:
24428: * mkdefaults:
24429: fix breakage in last commit
24430: [8318f8851e56]
24431:
24432: * Makefile.in:
24433: acsite.m4 -> aclocal.m4
24434: [30c146873a01]
24435:
24436: * check.c:
24437: fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
24438: [4dc8b39954da]
24439:
24440: * def_data.c:
24441: regenerated from def_data.in
24442: [915ea16ce1eb]
24443:
24444: * check.c, defaults.c, defaults.h:
24445: Add new T_UINT type that most things use instead of T_INT If
24446: timestamp_timeout is < 0 then treat the ticket as never expiring (to
24447: be expired manually by the user).
24448: [3a3a636a2a5d]
24449:
24450: * def_data.in:
24451: change most T_INT -> T_UINT
24452: [a2228d2457af]
24453:
24454: * mkdefaults:
24455: fix warning when no args
24456: [ca70a5394af5]
24457:
24458: * visudo.c:
24459: Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
24460: we are a signal handler. We no longer print the signal number but
24461: the user can just check the exit value for that.
24462: [dc424f631fef]
24463:
24464: 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
24465:
24466: * logging.c:
24467: when setting up pipes in child process check for case where stdin ==
24468: pipe fd 0
24469: [518112d76184]
24470:
24471: 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
24472:
24473: * visudo.c:
24474: Ignore editor exit value since XPG4 says vi's exit value is the
24475: count of editing errors made (failed searches, etc).
24476: [b9d952284865]
24477:
24478: 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
24479:
24480: * configure:
24481: regen
24482: [cb3aa586f03b]
24483:
24484: * configure.in:
24485: sco now is identified by config.guess as *-sco-*
24486: [46664bbdea61]
24487:
24488: * configure.in:
24489: Check for getspnam() in -lgen if not in -lc for UnixWare.
24490: [0f152ad1ba93]
24491:
24492: 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
24493:
24494: * sudoers.pod, visudo.pod:
24495: "upper case" -> "uppercase"
24496: [f9151f232326]
24497:
24498: * sudoers.pod:
24499: fix typos and grammar; pjanzen@foatdi.harvard.edu
24500: [2855d73d0237]
24501:
24502: 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
24503:
24504: * sudoers.pod:
24505: Missing word (specify); krapht@secureops.com
24506: [65523eb37a2c]
24507:
24508: 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
24509:
24510: * sudo.c:
24511: If we fail to lookup a login class, apply the default one.
24512: [d4869faa6816]
24513:
24514: * logging.c:
24515: In log_error() free message, not logline unconditionally, then free
24516: logline if it is not the same as message. No function change but
24517: this mirrors how they are allocated.
24518: [565e5f6cc643]
24519:
24520: 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
24521:
24522: * configure:
24523: regenerate
24524: [834a48f548a2]
24525:
24526: * configure.in:
24527: remove some backslash quotes that are unneeded
24528: [50d401d6e2ca]
24529:
24530: * configure.in:
24531: o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
24532: instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
24533: can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
24534: to AC_DEFINE things manually.
24535: [f502c5f15f92]
24536:
24537: * config.guess, config.sub:
24538: Updated from autoconf-2.50
24539: [6140205915ef]
24540:
24541: 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
24542:
24543: * README:
24544: Update mailing list section. We use mailman now, not majordomo.
24545: [b9a8ca45e6dc]
24546:
24547: 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
24548:
24549: * getspwuid.c, logging.c, sudo.c:
24550: Use setpwent()/endpwent() + all the shadow variants to make sure we
24551: don't inadvertantly leak an fd to the child. Apparently Linux's
24552: shadow routines leave the fd open even if you don't call setspent().
24553: Reported by mike@gistnet.com; different patch used.
24554: [d33792ef6c01]
24555:
24556: 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
24557:
24558: * sudoers.pod:
24559: s/eg./e.g./
24560: [bd32a0acaf93]
24561:
24562: * tgetpass.c:
24563: select() may return EAGAIN. If so, continue like we do for EINTR.
24564: [5f202c943818]
24565:
24566: * logging.c:
24567: Fix a non-exploitable buffer overflow in the word splitting code.
24568: This should really be rewritten.
24569: [4c724363863a]
24570:
24571: * Makefile.in:
24572: FAQ link goes away
24573: [1d26dd6c8972]
24574:
24575: * INSTALL:
24576: Tell people to look in sample.syslog.conf for examples, not FAQ
24577: [affcae3f43ca]
24578:
24579: * TROUBLESHOOTING:
24580: Update list of env vars that are cleared
24581: [234e56f1435a]
24582:
24583: * sudo.c:
24584: remove struct env_table decl since that stuff has all moved to env.c
24585: [5dd923148777]
24586:
24587: 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
24588:
24589: * fileops.c:
24590: Fix a pasto in flock-style unlocking and include <sys/file.h> for
24591: flock on older systems; twetzel@gwdg.de
24592: [d5420d9d2861]
24593:
24594: * configure:
24595: regen to get NeXT lockf/flock fix
24596: [d3ba6ed70e15]
24597:
24598: * configure.in:
24599: force NeXT to use flock since lockf is broken
24600: [bd5391dca1bb]
24601:
24602: 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
24603:
24604: * check.c:
24605: Use stashed user_gid when checking against exempt gid since sudo
24606: sets its gid to a a value that makes sudoers readable. Previously
24607: if you used gid 0 as the exempt group everyone would be exempt. From
24608: Paul Kranenburg <pk@cs.few.eur.nl>
24609: [0b140cc3a817]
24610:
24611: 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
24612:
24613: * configure:
24614: regen
24615: [cc455408f32b]
24616:
24617: * aclocal.m4:
24618: #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
24619: some types (such as ssize_t) therein.
24620: [b6aee85ca331]
24621:
24622: 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
24623:
24624: * defaults.c:
24625: Fix negation of paths in a boolean context. Problem found by
24626: apt@UH.EDU
24627: [8aee217a7cdf]
24628:
24629: 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
24630:
24631: * visudo.c:
24632: pasto
24633: [ad32b277bf68]
24634:
24635: 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
24636:
24637: * visudo.c:
24638: SA_RESETHAND means the opposite of what I was thinking--oops To
24639: block all signals in old-style signals use ~0, not 0xffffffff
24640: [6ecdd793590a]
24641:
24642: 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
24643:
24644: * defaults.c:
24645: coerce difference of pointers to int when used in a string length
24646: printf format; deraadt@openbsd.org
24647: [a9d10f07180d]
24648:
24649: 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
24650:
24651: * visudo.c:
24652: Block all signals in Exit() to avoid a signal race. There is still
24653: a tiny window but I'm not going to worry about it.
24654: [6661805c0458]
24655:
24656: 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
24657:
24658: * env.c:
24659: glibc uses the LANGUAGE env var so clear that too; Solar Designer
24660: [d4ba95628afb]
24661:
24662: * lex.yy.c:
24663: Regenerate with a fix to flex.skl that preserves errno from
24664: clobbering by isatty().
24665: [607eec736e19]
24666:
24667: 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
24668:
24669: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
24670: auth/sia.c, auth/sudo_auth.c:
24671: Some defaults I_ defines got renamed.
24672: [ec19b23caaf3]
24673:
24674: * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
24675: defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
24676: set_perms.c, sudo.c, sudo.tab.c:
24677: Move defaults info into its own files from which we generate .h and
24678: .c files. This makes adding or rearranging variables much simpler.
24679: [e91b880b5043]
24680:
24681: 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
24682:
24683: * configure, configure.in:
24684: fix typo in last commit
24685: [10a6ee2bae71]
24686:
24687: * compat.h, config.h.in, configure, configure.in:
24688: Add check + emulation for setegid (like seteuid).
24689: [29492092bd2f]
24690:
24691: * env.c:
24692: Make env_keep override badenv_table as documented Fix traversal of
24693: badenv_table (broken in last commit)
24694: [37c9f0d22673]
24695:
24696: * set_perms.c, sudo.c, sudo.h:
24697: Don't try and build saved uid version of set_perms on systems w/o
24698: them. Rename set_perms_saved_uid() -> set_perms_posix() Make
24699: set_perms_setreuid simply be set_perms_fallback() and simply include
24700: the appropriate function at compile time (setreuid() vs. setuid()).
24701: [3107333c062c]
24702:
24703: * sudoers.cat, sudoers.man.in, sudoers.pod:
24704: PATH is also preserved when env_reset is in effect
24705: [90e45c5711ff]
24706:
24707: * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
24708: configure.in, defaults.c, defaults.h, env.c, find_path.c,
24709: getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
24710: sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
24711: visudo.c, visudo.cat, visudo.man.in:
24712: New Defaults options: o stay_setuid - sudo will remain setuid if
24713: system has saved uids or setreuid(2) o env_reset - reset the
24714: environment to a sane default o env_keep - preserve environment
24715: variables that would otherwise be cleared
24716:
24717: No longer use getenv/putenv/setenv functions--do environment munging
24718: by hand. Potentially dangerous environment variables can be cleared
24719: only if they contain '/' pr '%' characters to protect buggy
24720: programs. Moved environment routines into env.c (new file)
24721: [c2f97651db4c]
24722:
24723: * INSTALL:
24724: Clear up --without-passwd description
24725: [2f336dab6733]
24726:
24727: * putenv.c, sudo_setenv.c:
24728: We now build up a new environment from scratch and assign it to
24729: "environ".
24730: [6ae6152f2238]
24731:
24732: 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
24733:
24734: * sudo.pod, visudo.pod:
24735: Grammatical fixes from Paul Janzen
24736: [e03ead2e56f8]
24737:
24738: 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
24739:
24740: * visudo.c:
24741: If there was a syntax error and the user just wants to quit, unlink
24742: sudoers if it is zero length.
24743: [74ba7921f520]
24744:
24745: * visudo.c:
24746: 'Q' means ignore parse error, not 'q'
24747: [e8d0e4491fe6]
24748:
24749: * visudo.c:
24750: Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
24751: <dim@xs4all.nl>
24752: [b24990a72491]
24753:
24754: 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
24755:
24756: * set_perms.c:
24757: Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
24758: [41a8db10e076]
24759:
24760: 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
24761:
24762: * config.guess, config.sub:
24763: Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
24764: [6052da895d2e]
24765:
24766: 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
24767:
24768: * sudo.c, visudo.c:
24769: Use exit(127), not exit(-1)
24770: [9ff0c3eada34]
24771:
24772: * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
24773: Move set_perms() to its own file and use POSIX saved uid or
24774: setreuid() if available.
24775:
24776: Added stay_setuid option for systems that have libraries that
24777: perform extra paranoia checks in system libraries for setuid
24778: programs (ie: anything with issetugid(2)).
24779: [28960f842698]
24780:
24781: * sudo.c:
24782: strip more bits from the environment and add a facility for
24783: stripping things only if they contain '/' or '%' to address printf
24784: format string vulnerabilities in other programs.
24785: [b98d6375f299]
24786:
24787: 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
24788:
24789: * configure:
24790: regen
24791: [7e74e5c91049]
24792:
24793: * configure.in:
24794: For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
24795: strcasecmp().
24796: [a418e9e70442]
24797:
24798: * configure:
24799: regen
24800: [bbff244a52bc]
24801:
24802: * configure.in:
24803: Check for strcasecmp(3) in -lc89 for NCR Unix
24804: [361c99576681]
24805:
24806: 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
24807:
24808: * config.h.in:
24809: Define HAVE_INNETGR #ifdef HAVE__INNETGR
24810: [473cdb92b6db]
24811:
24812: * configure:
24813: regen
24814: [4e6364a195e0]
24815:
24816: * compat.h, config.h.in, configure.in:
24817: Add check for _innetgr(3) since NCR systems have that instead of
24818: innetgr(3).
24819: [25e6852e7494]
24820:
24821: 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
24822:
24823: * auth/securid.c:
24824: check return value of creadcfg() call sd_close() after sd_auth()
24825: store username in sd->username so we don't rely on the USER env
24826: variable
24827: [d106b4f42722]
24828:
24829: 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
24830:
24831: * INSTALL:
24832: document --with-bsdauth
24833: [f1518ecc2ee9]
24834:
24835: * configure:
24836: regen
24837: [dceb35071ea8]
24838:
24839: * configure.in:
24840: --with-bsdauth assumes --with-logincap
24841: [4200778083fd]
24842:
24843: * auth/bsdauth.c, auth/fwtk.c:
24844: When prompting for a response to a challenge, if the user just hits
24845: return then reprompt with echo turned on.
24846: [a539b6474a97]
24847:
24848: 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
24849:
24850: * sudo.c:
24851: Remove debugging code that should not have been committed, oops.
24852: [9862607b77a7]
24853:
24854: * auth/bsdauth.c:
24855: Use lower-level routines and get the password ourselves. Checks for
24856: a challenge and if there is one echo is not turned off.
24857: [2d8fcd166baa]
24858:
24859: * auth/pam.c, auth/sudo_auth.h:
24860: minor housekeeping, no real code changes
24861: [d0074a277fb4]
24862:
24863: 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
24864:
24865: * sudo.c:
24866: Fix a coredump in the logging functions if gethostname(2) fails by
24867: deferring the call to log_error() until things are better setup.
24868:
24869: Fix return value of set_loginclass() in non-BSD-auth case.
24870:
24871: Hard-code 'sudo' in the usage message so we can fit more options on
24872: a line
24873: [d9d1b7579818]
24874:
24875: * logging.c:
24876: Fix errant ';' (typo) that broken MSG_ONLY
24877: [849b2276a470]
24878:
24879: 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
24880:
24881: * sudo.cat, sudo.man.in:
24882: regen
24883: [bb3c8c6704d1]
24884:
24885: * sudo.pod:
24886: Document -a flag
24887: [e18316cebaac]
24888:
24889: * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
24890: configure, configure.in, getspwuid.c, sudo.c:
24891: Add support for BSD authentication.
24892: [f374cfd9ca0d]
24893:
24894: 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
24895:
24896: * sudoers.pod:
24897: Fix typo; from sato@complex.eng.hokudai.ac.jp
24898: [3085fee9766e]
24899:
24900: 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
24901:
24902: * sudoers.pod:
24903: Mention negating umask
24904: [c9e410294dae]
24905:
24906: * defaults.c:
24907: Allow user to specify umask of 0777 (same as !umask)
24908: [bb771daa96fe]
24909:
24910: 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
24911:
24912: * sudo.pod, visudo.pod:
24913: Fix a typo and give a URL for the sudo history.
24914: [77f73199aedb]
24915:
24916: 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
24917:
24918: * defaults.c, sudo.pod:
24919: fix typos; pepper@reppep.com
24920: [5532c7421340]
24921:
24922: 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
24923:
24924: * sudo.c, sudo.h, sudo_setenv.c:
24925: sudo_setenv() now exits on memory alloc failure instead of returning
24926: -1.
24927: [71f1cf18f47b]
24928:
24929: 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
24930:
24931: * sudo.c:
24932: Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
24933: and possibly others.
24934: [b69d985b0d22]
24935:
24936: * logging.c:
24937: Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
24938: that "%m" won't be expanded but we don't use that anyway since the
24939: logging routines may splat to stderr as well.
24940: [8d37a544d0c0]
24941:
24942: * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
24943: sudoers.pod:
24944: Add always_set_home variable
24945: [dbcaff646e07]
24946:
24947: * configure, configure.in:
24948: Have to hard code default values in help since the defaults are set
24949: _after_ the help stuff.
24950: [7b5d6d72f55c]
24951:
24952: 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
24953:
24954: * lex.yy.c, parse.lex:
24955: Allow special characters (including '#') to be embedded in pathnames
24956: if quoted by a '\\'. The quoted chars will be dealt with by
24957: fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
24958: [3ed33cf09977]
24959:
24960: 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
24961:
24962: * install-sh:
24963: Better path searching for programs we need.
24964: [60517cb1f0d6]
24965:
24966: * TROUBLESHOOTING:
24967: Add section on "C compiler cannot create executables" errors.
24968: [e4ada6eaee59]
24969:
24970: * Makefile.binary, Makefile.in, version.h:
24971: Crank version
24972: [93d1bd5b7f5e]
24973:
24974: * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
24975: sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
24976: visudo.man.in, visudo.pod:
24977: Substitute values from configure into man pages.
24978: [619854c356c1]
24979:
24980: 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
24981:
24982: * parse.c, sudo.c:
24983: The listpw and verifypw sudoers options would not take effect
24984: because the value of the default was checked *before* sudoers was
24985: parsed. Instead of passing in the value of PWCHECK_* to
24986: sudoers_lookup(), pass in the arg for def_ival() so the check can be
24987: deferred until after sudoers is parsed.
24988: [4f596e358f72]
24989:
24990: 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
24991:
24992: * tgetpass.c:
24993: When writing prompt, no need to write the NUL as well;
24994: hag@linnaean.org
24995: [fbcdd7b431ee]
24996:
24997: 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
24998:
24999: * install-sh:
25000: When looking for chown, check in /sbin too
25001: [657ba6653f8c]
25002:
25003: 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
25004:
25005: * visudo.c:
25006: Remove extraneous call to init_defaults() and set runas_user to NULL
25007: betweem parses so init_defaults will reset it each time, thus
25008: avoiding a reference to free()d data.
25009: [7421fcd692af]
25010:
25011: 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
25012:
25013: * config.h.in, interfaces.c, interfaces.h, sudo.c:
25014: Add support for using getifaddrs() to get the list of ip addr /
25015: netmask pairs. Currently IPv4-only.
25016: [a35bc4f7306d]
25017:
25018: * visudo.c:
25019: Add a missing check for UserEditor == NULL Add missing '+' before
25020: line number when invoking editor to fix a syntax error
25021: [f0d4635f6082]
25022:
25023: 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
25024:
25025: * sudo.c:
25026: Call clean_env very early in main() for paranoia's sake. Idea from
25027: Marc Esipovich.
25028: [f8d72ebd0115]
25029:
25030: 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
25031:
25032: * sudo.h:
25033: Update proto for evasprintf and easprintf
25034: [d147d6e58419]
25035:
25036: * alloc.c:
25037: Make easprintf() and evasprintf() return an int.
25038: [b2ca5d089667]
25039:
25040: * check.c:
25041: If the targetpw flag is set, use target username as part of the
25042: timestamp path. If tty tickets are in effect cat the tty and the
25043: target username with a ':' as the separator.
25044: [de11abc693c2]
25045:
25046: 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
25047:
25048: * auth/pam.c:
25049: Backout part of last change; setting PAM_USER to the invoking user
25050: breaks things like targetpw.
25051: [427218a7387f]
25052:
25053: * auth/pam.c:
25054: set tty and username via pam_set_item
25055: [85d1922dbcc9]
25056:
25057: * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
25058: Fix root, runas, and target authentication for non-passwd file auth
25059: methods.
25060: [a14535e7b30c]
25061:
25062: 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
25063:
25064: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
25065: sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
25066: Use B<-Z> not C<-Z> for command line flags in all places. This is
25067: more consistent and works around a bug in Pod::Man.
25068: [64b5a05f30c5]
25069:
25070: * sudoers.cat, sudoers.man.in, sudoers.pod:
25071: Fix an occurence of 'semicolon' that should be 'colon'
25072: [4ea5aacae3fb]
25073:
25074: 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
25075:
25076: * configure, configure.in:
25077: Fix --with-badpri help line
25078: [3cc40977c043]
25079:
25080: 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
25081:
25082: * defaults.c, logging.c, sudo.c:
25083: Bracket calls to syslog with an openlog() and closelog() since some
25084: authentication methods (like PAM) may do their own logging via
25085: syslog. Since we don't use syslog much (usually just once per
25086: session) this doesn't really incur a performance penalty. It also
25087: Fixes a SEGV with pam_kafs.
25088: [fe1cc28529f6]
25089:
25090: 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
25091:
25092: * sudo.c:
25093: Fix -H flag. runas_homedir is only valid after
25094: set_perms(PERM_RUNAS, mode)
25095: [ce9b1c6f68a6]
25096:
25097: 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
25098:
25099: * INSTALL:
25100: Clarify the fact that insults are not enabled just by including them
25101: in the binary.
25102: [d5a31d48320c]
25103:
25104: 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
25105:
25106: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
25107: visudo.man.in:
25108: Regenerated with perl 5.6.0 pod2man
25109: [21751433768b]
25110:
25111: * Makefile.in:
25112: Give date string to pod2man since its default is ugly and it ain't
25113: got no alibi.
25114: [0080b2f6298f]
25115:
25116: * Makefile.in:
25117: Do section substitution on the output of pod2man and remove hack
25118: needed for old pod2man.
25119: [1ef843d5c78b]
25120:
25121: * sudo.pod, sudoers.pod, visudo.pod:
25122: Put back real man sections, we will do the substitution later.
25123: [f728c1abad7e]
25124:
25125: 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
25126:
25127: * configure, configure.in:
25128: Don't bother checking for the path to vi if user specified --with-
25129: editor
25130: [bf698487e0d5]
25131:
25132: 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
25133:
25134: * CHANGES, visudo.c:
25135: Visudo now does its own fork/exec instead of calling system(3).
25136: [99bbcd88863b]
25137:
25138: * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
25139: sudoers.pod, visudo.c:
25140: Visudo now checks for the existence of an editor and gives a
25141: sensible error if it does not exist.
25142:
25143: The path to the editor for visudo is now a colon-separated list of
25144: allowable editors. If the user has $EDITOR set and it matches one
25145: of the allowed editors that editor will be used. If not, the first
25146: editor in the list that actually exists is used.
25147: [cc86eb9f5440]
25148:
25149: * sudo.cat, sudo.man.in, sudo.pod:
25150: Clear up confusion wrt sudo's return value.
25151: [9385b12d8e79]
25152:
25153: 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
25154:
25155: * Makefile.in:
25156: Strip sudo and visudo for bindist target
25157: [a995ddd79177]
25158:
25159: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
25160: sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
25161: Use @mansectsu@ and @mansectform@ in the man page bodies as well.
25162: [5eb9e60a726f] [SUDO_1_6_3]
25163:
25164: * visudo.cat, visudo.man.in, visudo.pod:
25165: Typo: @sysconf@ -> @sysconfdir@
25166: [f07f52fcd099]
25167:
25168: * Makefile.in:
25169: 'make dist' should not cause any files to be modified so remove its
25170: dependencies.
25171: [7f44a2666a9c]
25172:
25173: * CHANGES:
25174: Whoops, forgot to add release marker
25175: [16c0f16b35b8]
25176:
25177: 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
25178:
25179: * CHANGES:
25180: Final change for 1.6.3 (or so I hope)
25181: [473c89da6123]
25182:
25183: * sudo.cat, sudoers.cat, visudo.cat:
25184: Use SYSV man sections since BSD systems will have nroff...
25185: [0a6bd154324e]
25186:
25187: 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
25188:
25189: * parse.yacc, sudo.tab.c:
25190: When checking to see if the host/user matches in a defaults spec,
25191: check against TRUE, not just non-zero since it might be -1.
25192: [41f2b7ad3fdd]
25193:
25194: * configure, configure.in:
25195: OSF/1 puts file formats in section 4, not 5.
25196: [d77c1301afa9]
25197:
25198: * CHANGES, INSTALL, sudo.c:
25199: Make login class support work on BSD/OS
25200: [e9bbe3c08ade]
25201:
25202: * RUNSON:
25203: Update for 1.6.3
25204: [c40ce1d76c4d]
25205:
25206: * configure, configure.in:
25207: If there is no inet_addr but there *is* an __inet_addr that's ok
25208: since inet_addr is probably just a macro then. The better thing to
25209: do would be to look for the macro, but this is fine for now.
25210: [1b8865ae4d68]
25211:
25212: * configure, configure.in:
25213: Don't use shlicc for BSD/OS 4.x
25214: [83fbf6dedd2c]
25215:
25216: * Makefile.in, configure, configure.in:
25217: *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
25218: configure variable so we can deal with this. Also, only remove *.man
25219: for 'distclean' not 'clean'.
25220: [30d56e6de214]
25221:
25222: * sudo.c:
25223: set_loginclass() should be static like the proto says
25224: [d570a2d55fb8]
25225:
25226: 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
25227:
25228: * fnmatch.c:
25229: Add #ifdef __STDC__ around the rangematch function header to avoid
25230: promotion of test to int, thus violating the prototype. Gcc handles
25231: this gracefully but more std ANSI compilers will complain.
25232: [7d98c3e332b2]
25233:
25234: * emul/fnmatch.h:
25235: Pull in newer fnmatch(3) that supports FNM_CASEFOLD
25236: [4e1320852f8b]
25237:
25238: * aclocal.m4, configure, fnmatch.3, fnmatch.c:
25239: Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
25240: FNM_CASEFOLD in configure
25241: [9ef952bf1896]
25242:
25243: * CHANGES, TODO:
25244: update for 1.6.3
25245: [e4ba6368a0c5]
25246:
25247: * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
25248: Fully qualified hosts w/ wildcards were not matching the FQHOST
25249: token type. There's really no need for a separate token for fully-
25250: qualified vs. unqualified anymore so FQHOST is now history and
25251: hostname_matches now decides which hostname (short or long) to check
25252: based on whether or not the pattern contains a '.'.
25253: [fbd2887d9811]
25254:
25255: * parse.h:
25256: Fully qualified hosts w/ wildcards were not matching the FQHOST
25257: token type. There's really no need for a separate token for fully-
25258: qualified vs. unqualified anymore so FQHOST is now history and
25259: hostname_matches now decides which hostname (short or long) to check
25260: based on whether or not the pattern contains a '.'.
25261: [dd7bbe223461]
25262:
25263: * lex.yy.c, parse.c, parse.lex, parse.yacc:
25264: Fully qualified hosts w/ wildcards were not matching the FQHOST
25265: token type. There's really no need for a separate token for fully-
25266: qualified vs. unqualified anymore so FQHOST is now history and
25267: hostname_matches now decides which hostname (short or long) to check
25268: based on whether or not the pattern contains a '.'.
25269: [630d9d205397]
25270:
25271: * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
25272: sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
25273: Add support for wildcards in the hostname.
25274: [d8d821ed4238]
25275:
25276: * Makefile.in:
25277: Add targets for *.man.in, using config.status to generate *.man from
25278: *.man.in
25279: [640e50ede485]
25280:
25281: * sudoers.cat, sudoers.man.in, sudoers.pod:
25282: Document set_logname option and enbolden refs to sudo and visudo.
25283: [9622b3a48707]
25284:
25285: * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
25286: sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
25287: visudo.cat, visudo.man.in, visudo.pod:
25288: Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
25289: from Michael D. Marchionna. configure now does substitution on the
25290: man pages, allowing us to fix up the paths and set the section
25291: correctly. Based on an idea from Michael D. Marchionna.
25292: [463e928a0a2f]
25293:
25294: * auth/passwd.c:
25295: Better fix for handling HP-UX aging info.
25296: [3950f42d8549]
25297:
25298: * sudo.c:
25299: Add support for set_logname run-time default
25300: [c6a7cc76b8b4]
25301:
25302: * sudo.man.in, sudoers.man.in, visudo.man.in:
25303: configure does substitution on these to produce *.man
25304: [b83fc3c1bfc9]
25305:
25306: * sudo.man, sudoers.man, visudo.man:
25307: These files now get generated from *.man.in at configure time.
25308: [c499061f79e0]
25309:
25310: 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
25311:
25312: * defaults.c, defaults.h:
25313: Add set_logname option so users can turn off setting of LOGNAME/USER
25314: environment variables.
25315: [6316869180b8]
25316:
25317: * lsearch.c, parse.c, testsudoers.c:
25318: kill register
25319: [6e104e653748]
25320:
25321: 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
25322:
25323: * auth/passwd.c:
25324: HP-UX adds extra info at the end for password aging so when
25325: comparing the result of crypt to pw_passwd we only compare the first
25326: len(epass) bytes *unless* the user entered an empty string for a
25327: password.
25328: [3d24d4e4e889]
25329:
25330: * logging.c:
25331: Get rid of grandchild hack, it was causing problems and there is
25332: really no need for it. This fixes a bug where we spin eating up CPU
25333: when the user runs a long-running process like a shell.
25334: [5743b10b1e81]
25335:
25336: 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
25337:
25338: * sudo.c:
25339: User can always specify a login class if he/she is already root.
25340: [710d160cef9f]
25341:
25342: * config.h.in, configure, configure.in, defaults.c, defaults.h,
25343: sudo.c, sudo.h:
25344: FreeBSD login class (login.conf) support.
25345: [026b981d6328]
25346:
25347: 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
25348:
25349: * auth/sudo_auth.c:
25350: HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
25351: [9cd4929f1a78]
25352:
25353: 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
25354:
25355: * auth/passwd.c:
25356: Truncate unencrypted password to 8 chars if encrypted password is
25357: exactly 13 characters (indicateing standard a DES password). Many
25358: versions of crypt() do this for you, but not all (like HP-UX's).
25359: [a9d0259cb193]
25360:
25361: 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
25362:
25363: * INSTALL, RUNSON:
25364: Mention that gcc on dynix may have problems
25365: [77b97fa5bf1b]
25366:
25367: 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
25368:
25369: * Makefile.in:
25370: Link visudo with NET_LIBS since we now call syslog via defaults.c
25371: [9e3830b277cc]
25372:
25373: * defaults.c:
25374: Use Argv[0] as the first arg to openlog() since visudo uses this
25375: too.
25376: [e61078f328ec]
25377:
25378: 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
25379:
25380: * sudo.c:
25381: Stash coredumpsize resource limit and retsore it before the exec()
25382: Otherwise the child ends up with a coredumpsize of 0.
25383: [f6a4783835a3]
25384:
25385: 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
25386:
25387: * sudo.cat, sudo.man, sudo.pod:
25388: document -S flag
25389: [3ebd805b7142]
25390:
25391: * sudo.c:
25392: fix usage string
25393: [66b2dfa47fe8]
25394:
25395: * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
25396: auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
25397: Added -S flag (read passwd from stdin) and tgetpass_flags global
25398: that holds flags to be passed in to tgetpass(). Change echo_off
25399: param to tgetpass() into a flags field. There are currently 2
25400: possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
25401: tgetpass(), abstract the echo set/clear via macros and if (flags &
25402: TGP_ECHO) but echo is not set on the terminal, but sure to set it.
25403: [a4fcbb712cd0]
25404:
25405: * tgetpass.c:
25406: Fixed a bug that caused an infinite loop when the password timeout
25407: was disabled.
25408: [2be1ffc5a39f]
25409:
25410: 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
25411:
25412: * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
25413: sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
25414: Add rootpw, runaspw, and targetpw options.
25415: [2d4563e46df7]
25416:
25417: * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
25418: visudo.c:
25419: enveditor -> env_editor
25420: [ddc5f856e583]
25421:
25422: 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
25423:
25424: * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
25425: sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
25426: visudo.man:
25427: crank versino to 1.6.3
25428: [a5f7d3e74360]
25429:
25430: * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
25431: sudoers.pod, visudo.c:
25432: Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
25433: them. This means that visudo will now parse the sudoers file
25434: *before* it is edited so a bogus sudoers file will cause a warning
25435: to go to stderr. Also, visudo checks the variables once--it does not
25436: check them after each editor run since that could be confusing.
25437: [9f5af18e9212]
25438:
25439: 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
25440:
25441: * RUNSON:
25442: 1.6.2 -> 1.6.2p1
25443: [e25b74f1d1af]
25444:
25445: * check.c, sudo.c, sudo.h:
25446: Move user_is_exempt prototype into sudo.h
25447: [daf26a6ded8a]
25448:
25449: 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
25450:
25451: * configure, configure.in:
25452: Fix thinko, some && should have been || in the last commit
25453: [4b9b2d487ded]
25454:
25455: * configure, configure.in:
25456: Don't initialized Makefile variables to be NULL since the user may
25457: want to import variables from their environment.
25458: [7be019f4422c]
25459:
25460: 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
25461:
25462: * configure, configure.in:
25463: typo
25464: [38f4d8971f0a]
25465:
25466: 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
25467:
25468: * sudo.tab.c:
25469: fix a yacc (skeleton.c) warning
25470: [a2da228a937b]
25471:
25472: 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
25473:
25474: * INSTALL, RUNSON, configure, configure.in:
25475: Make pam work on HP-UX 11.0;jaearick@colby.edu
25476: [b94de0ff6f42]
25477:
25478: * CHANGES:
25479: recent changes; prepare for 1.6.2p1
25480: [b291635ea141]
25481:
25482: * find_path.c:
25483: Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
25484: [4306285c4f6e]
25485:
25486: 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
25487:
25488: * sudo.tab.c:
25489: Regen with yacc that has a memory leak plugged.
25490: [e26383a04eb7]
25491:
25492: * sudoers.cat, sudoers.man, sudoers.pod:
25493: Expanded docs on sudoers 'defaults' options based on INSTALL file
25494: info.
25495: [54c3d62d6c74]
25496:
25497: * INSTALL:
25498: Fix some while lies
25499: [d15311782150]
25500:
25501: 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
25502:
25503: * Makefile.in:
25504: When making a bindist, link FAQ to TROUBLESHOOTING instead of
25505: copying.
25506: [2d88a6ac88cf]
25507:
25508: * sudoers.cat, sudoers.man, sudoers.pod:
25509: Add netgroup caveat
25510: [28d119f466e3] [SUDO_1_6_2]
25511:
25512: * RUNSON:
25513: Last minute updates
25514: [89fb4ed22d52]
25515:
25516: * TROUBLESHOOTING:
25517: PAM entry
25518: [a9fd59f39457]
25519:
25520: * auth/pam.c:
25521: correct a comment
25522: [a29627225ba9]
25523:
25524: * CHANGES, RUNSON:
25525: update for 1.6.2
25526: [b7f1c40ea732]
25527:
25528: * auth/pam.c:
25529: Better detection of PAM errors and fix custom prompts with PAM.
25530: Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
25531: [ff69234b94a5]
25532:
25533: 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
25534:
25535: * snprintf.c:
25536: Cast ULONG_MAX to unsigned long long when comparing to an unsigned
25537: long long value.
25538: [9d918c3a2ecd]
25539:
25540: 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
25541:
25542: * CHANGES, config.h.in, configure, configure.in, visudo.c:
25543: Fix sudoers locking in visudo. We now lock the sudoers file itself,
25544: not the temp file (since locking the temp file can foul up editors).
25545: The previous locking scheme didn't work because the fd was closed
25546: too early.
25547: [de2011bb11ed]
25548:
25549: * config.h.in, configure, configure.in:
25550: Don't need test for ftruncate() any more.
25551: [e5f71c848104]
25552:
25553: * configure, configure.in:
25554: Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
25555: the unbundled HP-UX cc.
25556: [2c373612c644]
25557:
25558: 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
25559:
25560: * sudoers.cat, sudoers.man, sudoers.pod:
25561: "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
25562: [05360d2c314e]
25563:
25564: 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
25565:
25566: * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
25567: parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
25568: version.h, visudo.c:
25569: update copyright year on changed files
25570: [5792a2a28a4c]
25571:
25572: * RUNSON:
25573: updates
25574: [edf8f19aa403]
25575:
25576: * CHANGES:
25577: aix fix
25578: [4d4a243b31e2]
25579:
25580: * INSTALL:
25581: Crank version to 1.6.2
25582: [bcb5cb411624]
25583:
25584: * configure:
25585: Crank version to 1.6.2
25586: [32a19f33427f]
25587:
25588: * sudo.c:
25589: When using rlimit check for RLIM_INFINITY When computing the value
25590: of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
25591: [8c16166802e5]
25592:
25593: * CHANGES:
25594: recent changes
25595: [09fc7112e44d]
25596:
25597: * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
25598: sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
25599: Crank version to 1.6.2
25600: [055fa61a7c61]
25601:
25602: * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
25603: Add 'shell_noargs' runtime option back in. We have to defer
25604: checking until after the sudoers file has been parsed but since
25605: there are now other options that operate that way this one can too.
25606: Based on a patch from bguillory@email.com.
25607: [231db7a007a6]
25608:
25609: * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
25610: Add "listpw" and "verifypw" options.
25611: [190683bac878]
25612:
25613: * sudoers.cat, sudoers.man, sudoers.pod:
25614: o Fix some typos/omissions o Add section on verifypw and listpw o
25615: Define how NOPASSWD interacts with the -v and -l flags
25616: [6feb7350eb79]
25617:
25618: 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
25619:
25620: * configure, configure.in:
25621: For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
25622: -D_HPUX_SOURCE to CPPFLAGS.
25623: [06cc35d89dc8]
25624:
25625: * defaults.c, defaults.h:
25626: In struct sudo_defs_types, move the union to the end and don't
25627: initialize the union member since that only works with an ANSI
25628: compiler. We set the value of the union by hand in init_defaults()
25629: anyway. This allows sudo to compile on a K&R compiler again.
25630: [623487e1fcfa]
25631:
25632: 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
25633:
25634: * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
25635: netgr_matches needs to check shost as well as host since they may be
25636: different.
25637: [3f43ace23d3e]
25638:
25639: * tgetpass.c:
25640: End on \r as well as \n
25641: [cb7c6e6f4202]
25642:
25643: 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
25644:
25645: * sudo.c:
25646: Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
25647: from 0400 to whatever SUDOERS_MODE is (converting from the old
25648: sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
25649: 0400 which should always be the case.
25650: [34cd83d49d20]
25651:
25652: * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
25653: Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
25654: w/o a passwd if there is *any* entry for the user on the host with a
25655: NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
25656: the user on the host w/ the specified runas user have the NOPASSWD
25657: flag set.
25658: [4b3b85697653]
25659:
25660: * Makefile.in:
25661: add check target
25662: [3d24d34a76fd]
25663:
25664: 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
25665:
25666: * visudo.c:
25667: Treat EOF at whatnow prompt like 'x' instead of looping.
25668: [5deffc27114c]
25669:
25670: 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
25671:
25672: * CHANGES:
25673: recent changes
25674: [5836a9452568] [SUDO_1_6_1]
25675:
25676: 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
25677:
25678: * config.h.in, configure, configure.in, sudo.c:
25679: Add check for initgroups() since old SYSV lacks this.
25680: [657a6005a569]
25681:
25682: * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
25683: parse.c, testsudoers.c:
25684: o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
25685: exists.
25686: [17d081e917d6]
25687:
25688: 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
25689:
25690: * auth/sudo_auth.c:
25691: Don't allow insults to be enabled if the insults[] array is empty.
25692: Otherwise there would be division by zero.
25693: [b20c14db6029]
25694:
25695: * insults.h:
25696: Don't allow insults to be enabled if the insults[] array is empty.
25697: Otherwise there would be division by zero.
25698: [028f130204b0]
25699:
25700: * CHANGES, RUNSON:
25701: Don't allow insults to be enabled if the insults[] array is empty.
25702: Otherwise there would be division by zero.
25703: [974f4780254b]
25704:
25705: * insults.h:
25706: Don't care about USE_INSULTS #define since the insult stuff may be
25707: overridden at runtime.
25708: [b873df8b299c]
25709:
25710: * auth/sudo_auth.c:
25711: Honor insults flag.
25712: [756111640fdc]
25713:
25714: * CHANGES, parse.c:
25715: Don't ask the user for a password if the user is not allowed to run
25716: the command and the authenticate flag (in sudoers) is false.
25717: [cea9fdc09c76]
25718:
25719: * CHANGES, RUNSON, lex.yy.c, parse.lex:
25720: o Whenever we get a bare newline we change to the INITIAL state. o
25721: Enter GOTRUNAS when we see Runas_Alias
25722:
25723: This allows #uid to work in a RunasAlias.
25724: [a475513e7c7a]
25725:
25726: 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
25727:
25728: * CHANGES, parse.yacc, sudo.tab.c:
25729: fix parsing of runas lists: o oprunasuser and runaslist now return a
25730: value o in a runasspec, if a runaslist does not return TRUE, set
25731: runas_matches to FALSE. Normally, a runaslist only returns FALSE
25732: for explicitly denied users. o since runaslist does not modify the
25733: stack there is no need for a push/pop in runasalias.
25734: [82b305b34a8c]
25735:
25736: * check.c, sudo.c:
25737: Don't kill the user's tickets until after sudoers has been parsed
25738: since tty_tickets and ticket_dir could be set in sudoers.
25739: [f43e25367f3a]
25740:
25741: * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
25742: configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
25743: sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
25744: crank version to 1.6
25745: [95f8bdcf9bb2]
25746:
25747: * testsudoers.c:
25748: add set_fqdn() stub
25749: [bbc81af5b41a]
25750:
25751: 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
25752:
25753: * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
25754: sudoers.man, sudoers.pod, visudo.c:
25755: o Kill shell_noargs option, it cannot work since the command needs
25756: to be set before sudoers is parsed. o Fix the "set_home" sudoers
25757: option (only worked at compile time). o Fix "fqdn" sudoers option.
25758: We now set host/shost via set_fqdn which gets called when the
25759: "fqdn" option is set in sudoers. o Move the openlog() to
25760: store_syslogfac() so this gets overridden correctly from the
25761: sudoers file.
25762: [3dca861f0f5d]
25763:
25764: * auth/securid.c:
25765: SecurID support should compile now.
25766: [a544e5c6ea34]
25767:
25768: 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
25769:
25770: * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
25771: visudo.man, visudo.pod:
25772: fix some syntactic goofs
25773: [b3451f0d5239]
25774:
25775: 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
25776:
25777: * Makefile.in, sudo.html, sudoers.html, visudo.html:
25778: No longer need the .html files as they are generated automatically
25779: on the web site.
25780: [1b4aa4204584]
25781:
25782: * CHANGES, LICENSE:
25783: kill characters that made wml unhappy
25784: [b988fbc6da56]
25785:
25786: * HISTORY:
25787: typo
25788: [a418963f7fce]
25789:
25790: 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
25791:
25792: * README:
25793: majordomo@cs.colorado.edu -> majordomo@courtesan.com
25794: [5d151e8ffd3b]
25795:
25796: * Makefile.in, configure:
25797: Wrap script execution w/ /bin/sh for the benefit of ctm
25798: [3a9c4766b2c3]
25799:
25800: 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
25801:
25802: * sudo.c:
25803: Make the -s flag be exclusive too. Also reorder the flags in the
25804: exclusive usage message so they are alphabetical.
25805: [4c7af200db34]
25806:
25807: 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
25808:
25809: * auth/pam.c:
25810: make pam errors other than PAM_PERM_DENIED fatal
25811: [64bcb3fd2baf]
25812:
25813: * auth/API:
25814: fix typo
25815: [f3134c88b12e]
25816:
25817: * INSTALL:
25818: make it clear that /etc/pam.d/sudo is required on linux
25819: [213cc3eaad82]
25820:
25821: * auth/pam.c:
25822: fix a warning on redhat and spew an error if pam_authenticate()
25823: returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
25824: [7e46dd19da89]
25825:
25826: * sudo.cat, sudo.html, sudo.man, sudo.pod:
25827: Be very clear that the password required is the user's not root's
25828: [a6da127347e5]
25829:
25830: 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
25831:
25832: * Makefile.in:
25833: add sample.syslog.conf to DISTFILES and BINFILES
25834: [8661c27c007e]
25835:
25836: 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
25837:
25838: * RUNSON:
25839: updates from Brian Jackson + some formatting
25840: [6d31c6fa63f8]
25841:
25842: 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
25843:
25844: * INSTALL.binary, Makefile.binary, README, RUNSON:
25845: o One RUNSon update o Changes for automating real binary releases
25846: [dd9585f4406c]
25847:
25848: * Makefile.in:
25849: Add bindist target
25850: [546ed3fa94bb]
25851:
25852: 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
25853:
25854: * TROUBLESHOOTING:
25855: talk about run-time options in addition to compile-time options
25856: [1eb813ff0a9a] [SUDO_1_6_0]
25857:
25858: * CHANGES:
25859: fix typos
25860: [65e92bb70a7b]
25861:
25862: * sudo.c:
25863: need sys/time.h if HAVE_SETRLIMIT
25864: [ce31655a8a60]
25865:
25866: * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
25867: sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
25868: get rid of references to sudo-bugs. Now mention the web site or the
25869: sudo@ alias
25870: [a9db861fd8c6]
25871:
25872: * sudoers.html:
25873: repair pod2html damage
25874: [62ece4277f1f]
25875:
25876: * RUNSON, TODO:
25877: Update for 1.6 release
25878: [98569c57ba2a]
25879:
25880: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
25881: Add warning about using ALL in a command context.
25882: [6c77685ab280]
25883:
25884: 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
25885:
25886: * visudo.c:
25887: Call yyrestart() on a parse error to reset the lexer state.
25888: [1370a27acdb2]
25889:
25890: * lex.yy.c, parse.lex:
25891: Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
25892: since it might not get called in yywrap if we get a parse error
25893: (and we only reread the file on error anyway).
25894: [37f4b449e28e]
25895:
25896: * lex.yy.c, parse.lex:
25897: Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
25898: might still exist. Call yyrestart() instead of using the deprecated
25899: YY_NEW_FILE macro.
25900: [7d0d873046c6]
25901:
25902: * lex.yy.c, parse.lex:
25903: flex doesn't need %N table size declarations
25904: [268b020fd60a]
25905:
25906: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
25907: Mention what characters need to be escaped in names.
25908: [72ccbb6b0f31]
25909:
25910: 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
25911:
25912: * configure:
25913: regen
25914: [65827abb5c7b]
25915:
25916: * INSTALL:
25917: clarify Mac OS X entry
25918: [8da1549a71f5]
25919:
25920: * RUNSON:
25921: update
25922: [0cff8df7459f]
25923:
25924: * configure.in:
25925: o Use AC_MSG_ERROR throughout o Check syslog configure options for
25926: danity
25927: [4cb81e642e5c]
25928:
25929: 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
25930:
25931: * defaults.c:
25932: Fix printing of type T_MODE in dump_defaults()
25933: [a868bb6f5515]
25934:
25935: * strcasecmp.c:
25936: missing sys/types.h
25937: [ca694ca325b6]
25938:
25939: * INSTALL:
25940: Break out options that may be overridden at run time into their own
25941: section. Add a not about Max OS X and correct some lies.
25942: [d8bcfd120593]
25943:
25944: 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
25945:
25946: * CHANGES, config.h.in, configure, configure.in, sudo.c:
25947: o Now use getrlimit to find the highest fd when closing all non-std
25948: fd's o Turn off core dumps via setrlimit for the sake of paranoia
25949: [dd9f651b6def]
25950:
25951: * RUNSON:
25952: updates
25953: [f581841fe615]
25954:
25955: 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
25956:
25957: * CHANGES:
25958: updates
25959: [553baa1d44c7]
25960:
25961: * tgetpass.c:
25962: When read()'ing, do a single character at a time to be sure we don't
25963: go oast the newline.
25964: [907d33f55bb4]
25965:
25966: * sudo.c:
25967: For the sudo_root option, check against user_uid, not getuid() since
25968: at this point, ruid == euid == 0.
25969: [92d5c51939b4]
25970:
25971: * RUNSON:
25972: some updates
25973: [e3ed0c1f312b]
25974:
25975: * logging.h:
25976: Fix compilation problem when --with-logging=file was specified.
25977: This means that syslog is now required to build sudo but that should
25978: not be a problem. If it is it can be fixed trivially with a
25979: configure check for syslog() or syslog.h.
25980: [839a4b069190]
25981:
25982: * tgetpass.c:
25983: Make this work again for things like "sudo echo hi | more" where the
25984: tty gets put into character at a time mode. We read until we read
25985: end of line or we run out of space (similar to fgets(3)).
25986: [c8f746df2e63]
25987:
25988: 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
25989:
25990: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
25991: change ital to bold
25992: [f860978e530a]
25993:
25994: * RUNSON:
25995: update
25996: [9bcfbb405568]
25997:
25998: 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
25999:
26000: * defaults.c:
26001: Error out if syslog parameters are given without a value. For
26002: Ultrix or 4.2BSD "syslog" is allowed without a value since there are
26003: no facilities in the 4.2BSD syslog.
26004: [69e7a686f5f0]
26005:
26006: 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
26007:
26008: * defaults.c:
26009: Ignore the syslog facility for systems w/ old syslog like Ultrix.
26010: [5c250adbbb84]
26011:
26012: * TROUBLESHOOTING:
26013: people with "." early in their path can have problems running sudo
26014: from the build dir ;-)
26015: [20a1744a24a4]
26016:
26017: 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
26018:
26019: * sudo.cat, sudo.html, sudo.man, sudo.pod:
26020: Remove -r realm option
26021: [127caa537f95]
26022:
26023: * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
26024: configure.in, sudo.c:
26025: New krb5 code from Frank Cusack <fcusack@iconnet.net>.
26026: [7177a3893a62]
26027:
26028: * CHANGES:
26029: update to reality
26030: [766cfbb512d6]
26031:
26032: 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
26033:
26034: * auth/fwtk.c:
26035: include <auth.h> to get function prototypes.
26036: [d6c7c12d09fe]
26037:
26038: * sudo.cat, sudo.html, sudo.man, sudo.pod:
26039: document -L flag
26040: [dc803e1ce0d7]
26041:
26042: 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
26043:
26044: * sudo.c:
26045: in set_perms(), always call setuid(0) before changing the ruid/euid
26046: so we always know it will succeed.
26047: [8cced1b862bf]
26048:
26049: * defaults.h:
26050: #undef T_FOO to avoid conflicts with system defines (like on
26051: ULTRIX).
26052: [d9f0aac092b0]
26053:
26054: * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
26055: sudoers.pod:
26056: Docuement "Defaults" lines in /etc/sudoers. Still needs some
26057: fleshing out but this is a start.
26058: [521a1e629bbc]
26059:
26060: 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
26061:
26062: * use strtol, not strtoul since not everyone has not strtoul
26063: [988462f093cc]
26064:
26065: * defaults.c:
26066: use strtol, not strtoul since not everyone has not strtoul
26067: [fce835ce62e3]
26068:
26069: * lex.yy.c, parse.lex:
26070: last {WORD} rule should only apply in the INITIAL state
26071: [9b57570bfa83]
26072:
26073: * lex.yy.c, parse.lex:
26074: o Add support for escaped characters in the WORD macro o Modify
26075: fill() to squash escape chars
26076: [87572d59e4e0]
26077:
26078: * defaults.c, defaults.h:
26079: o Add T_PATH flag to allow simple sanity checks for default values
26080: that are supposed to be pathnames. o Fix a duplicate free when
26081: visudo finds an error.
26082: [bdc6855a6c6d]
26083:
26084: 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
26085:
26086: * defaults.c, defaults.h, logging.c:
26087: mail_if_foo -> mail_foo
26088: [cbee9415875d]
26089:
26090: 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
26091:
26092: * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
26093: o Add requiretty option o Move O_NOCTTY to compat.h
26094: [65b8bf0e1795]
26095:
26096: * logging.c:
26097: The exit() in log_error() was mistakenly removed in a previous
26098: version. Put it back...
26099: [9473449130a4]
26100:
26101: 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
26102:
26103: * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
26104: auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
26105: configure, configure.in, defaults.c, defaults.h, find_path.c,
26106: getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
26107: o Change defaults stuff to put the value right in the struct. o
26108: Implement mailer_flags o Store syslog stuff both in int and string
26109: form. Setting the string form magically updates the int version.
26110: o Add boolean attribute to strings where it makes sense to say !foo
26111: [4698953f9a36]
26112:
26113: * tgetpass.c:
26114: add O_NOCTTY when opening /dev/tty just in case
26115: [4c6d1d1bb300]
26116:
26117: 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
26118:
26119: * auth/API:
26120: cleanup function no longer takes a status arg
26121: [0819edbfe7f8]
26122:
26123: * INSTALL:
26124: the the
26125: [19aadb65ea28]
26126:
26127: 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
26128:
26129: * TODO, config.h.in, configure, configure.in, logging.c:
26130: Use strftime() instead of ctime() if it is available.
26131: [fb60ea63b514]
26132:
26133: 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
26134:
26135: * defaults.c:
26136: fix copyright date
26137: [4a53b54aa72f]
26138:
26139: * RUNSON:
26140: update ReliantUNIX entry
26141: [de618a4f67d9]
26142:
26143: * defaults.c, defaults.h, logging.c:
26144: add log_year option
26145: [251a9e20568a]
26146:
26147: * configure, configure.in:
26148: add --without-sendmail to help output
26149: [93162f199902]
26150:
26151: * configure, configure.in:
26152: enforce an otctal arg for --with-suoders-mode
26153: [45e1b04ccad3]
26154:
26155: 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
26156:
26157: * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
26158: auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
26159: auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
26160: defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
26161: parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
26162: testsudoers.c, version.c, visudo.c:
26163: Add support for "Defaults" line in sudoers to make configuration
26164: variables changable at runtime (and on a global, per-host and per-
26165: user basis). Both the names and the internal representation are
26166: still subject to change. It was necessary to make sudo_user.runas
26167: but a char ** instead of a char * since this value can be changed by
26168: a Defaults line. There is a similar (but more complicated) issue
26169: with sudo_user.prompt but it is handled differently at the moment.
26170:
26171: Add a "-L" flag to list the name of options with their descriptions.
26172: This may only be temporary.
26173:
26174: Move some prototypes to parse.h
26175:
26176: Be much less restrictive on what is allowed for a username.
26177: [f71abf7ba80c]
26178:
26179: * sample.syslog.conf:
26180: Add more info
26181: [e952e6f42d4d]
26182:
26183: 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
26184:
26185: * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
26186: strcasecmp.c:
26187: UCB has dropped the advertising clause from their license.
26188: [a5602b36a341]
26189:
26190: 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
26191:
26192: * auth/sudo_auth.h:
26193: move dce_verofy proto to correct section
26194: [972c815af558]
26195:
26196: * auth/dce.c:
26197: remove XXX
26198: [820631855be0]
26199:
26200: 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
26201:
26202: * emul/fnmatch.h:
26203: Add fnmatch() prototype
26204: [79e84576d92a]
26205:
26206: * fnmatch.c, parse.c, testsudoers.c:
26207: Move inclusion of emul/fnmatch.h to be after sudo.h for __P
26208: [1182c89fa811]
26209:
26210: * sudo.h:
26211: add strcasecmp proto
26212: [512d1d8a6a0c]
26213:
26214: * auth/sudo_auth.c:
26215: add check for case where there are no auth methods
26216: [e4af2b91b43e]
26217:
26218: * configure, configure.in:
26219: Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
26220: SunOS4 w/ gcc
26221: [746ce8bcec23]
26222:
26223: * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
26224: include strings.h everywhere we include string.h
26225: [6f7d5d437e7b]
26226:
26227: * version.c:
26228: nicer output when showing auth methods
26229: [0eac4b977f9d]
26230:
26231: * version.c:
26232: Add support for SEND_MAIL_WHEN_NO_HOST
26233: [9f20a3a3fae6]
26234:
26235: * config.h.in, configure, configure.in:
26236: Add _GNU_SOURCE for Linux
26237: [c7bd8c511847]
26238:
26239: * lex.yy.c, parse.lex:
26240: fix definition of OCTECT
26241: [4af30e63244d]
26242:
26243: * configure, configure.in:
26244: aix_auth.o not authenticate.o
26245: [fe95dfb08df4]
26246:
26247: 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
26248:
26249: * sudo.c:
26250: Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
26251: keyboard). Since we run with ruid/euid == 0 the user can't really
26252: signal us in nasty ways.
26253: [a7f6487c0f48]
26254:
26255: * visudo.c:
26256: Don't need to worry about catching too many signals since we do
26257: locking on the tmp file. If a lockfile is really stale, it will be
26258: detected and overwritten.
26259: [28983db3e749]
26260:
26261: * INSTALL, Makefile.in:
26262: include auth/API in tarball
26263: [014991600252]
26264:
26265: * auth/sudo_auth.c:
26266: move memset() of plaintext pw outside of verify loop and only do the
26267: memset if we are *not* in standalone mode.
26268: [66f8e87567e2]
26269:
26270: * auth/sudo_auth.c, auth/sudo_auth.h:
26271: DCE is not a standalone method
26272: [34963e2d8a1b]
26273:
26274: * sudo.c:
26275: fix --enable-noargs-shell
26276: [4234062abbb0]
26277:
26278: * snprintf.c:
26279: "#ifdef __STDC__" not "#if __STDC__" (I missed one)
26280: [c430b80454c6]
26281:
26282: * auth/fwtk.c, auth/sia.c:
26283: _cleanup() function returns an int.
26284: [d1a1cc071ec1]
26285:
26286: * auth/dce.c:
26287: there were still some return(0)'s hanging around, make them
26288: AUTH_FAILURE
26289: [1002aa1962c3]
26290:
26291: * parse.c:
26292: typo in comment
26293: [5abc410dbfd2]
26294:
26295: * version.c:
26296: add missing semicolon
26297: [a262283b52a5]
26298:
26299: * auth/sudo_auth.h:
26300: missing backslash
26301: [bf89f6bd2900]
26302:
26303: 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
26304:
26305: * CHANGES, config.h.in, configure, configure.in:
26306: Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
26307: [f1a9bca0cf67]
26308:
26309: * Makefile.in:
26310: add parse.h to HDRS
26311: [a3d054987766]
26312:
26313: * Makefile.in, configure, configure.in:
26314: Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
26315: LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
26316: network libs like -lsocket, -lnsl go in NET_LIBS. This allows
26317: testsudoers to build on Solaris and is a bit cleaner in general.
26318: [4e6239e97002]
26319:
26320: * UPGRADE:
26321: mention ptmp -> sudoers.tmp
26322: [ec3baa0fe8a1]
26323:
26324: * config.h.in, configure, configure.in:
26325: Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
26326: [6f93dc7f39f5]
26327:
26328: * RUNSON:
26329: add 2 reports
26330: [ce0fcc00ee4e]
26331:
26332: * auth/kerb5.c:
26333: Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
26334: return a value more like a system function
26335: [0dd56aa21424]
26336:
26337: * auth/dce.c:
26338: Add an XXX
26339: [58fc8562c212]
26340:
26341: * TODO:
26342: more things todo!
26343: [5a459d0cf339]
26344:
26345: * sample.sudoers:
26346: update based on what is in the man page
26347: [1a0477db96fa]
26348:
26349: * parse.yacc, sudo.tab.c:
26350: minor change to first line printed in -l mode
26351: [69eb57d96952]
26352:
26353: * sudo.cat, sudo.html, sudo.man, sudo.pod:
26354: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
26355: standard and add "EXAMPLES" section
26356: [7e543335ebe1]
26357:
26358: * visudo.cat, visudo.html, visudo.man, visudo.pod:
26359: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
26360: standard
26361: [f82d87ed65c2]
26362:
26363: * logging.c, parse.c, sudo.h:
26364: add FLAG_NO_CHECK
26365: [c7d69176a2d7]
26366:
26367: * lex.yy.c, parse.lex:
26368: make an OCTET really be limited to 0-255
26369: [6ee568dd6a02]
26370:
26371: * UPGRADE:
26372: mention timestamp changes
26373: [e44d5302bf60]
26374:
26375: * PORTING:
26376: cosmetic cleanup
26377: [36fa3a2664dd]
26378:
26379: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
26380: new sudoers(8) man page
26381: [e674d06283d0]
26382:
26383: 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
26384:
26385: * version.c:
26386: Update comments about syslog name tables
26387: [63830a782dcb]
26388:
26389: * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
26390: strcasecmp.c, sudo.tab.c:
26391: include strcasecmp() for those without it
26392: [a0d8e2488bbc]
26393:
26394: * sample.sudoers:
26395: Use the : operator some more and fix a typo
26396: [18804c70da86]
26397:
26398: * HISTORY:
26399: update the history of sudo
26400: [9d9b3d5279b3]
26401:
26402: * parse.c, parse.lex, testsudoers.c:
26403: CIDR-style netmask support
26404: [768644467353]
26405:
26406: * CHANGES:
26407: recent changes
26408: [a4319e9d07cb]
26409:
26410: * sudo.tab.c, sudo.tab.h:
26411: these should be generated with byacc, not bison
26412: [f57b9489b752]
26413:
26414: * lex.yy.c:
26415: regen
26416: [522461f95dfa]
26417:
26418: * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
26419: In "sudo -l" mode, the type of the stored (expanded) alias was not
26420: stored with the contents. This could lead to incorrect output if
26421: the sudoers file had different alias types with the same name.
26422: Normal parsing (ie: not in '-l' mode) is unaffected.
26423: [823fe2bc4b79]
26424:
26425: 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
26426:
26427: * configure, configure.in:
26428: define _XOPEN_SOURCE to get at crypt() proto on some systems
26429: [1b3769b86fb9]
26430:
26431: 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
26432:
26433: * snprintf.c:
26434: fix comment
26435: [fc1264df00f7]
26436:
26437: * tgetpass.c:
26438: don't need limits.h
26439: [f1631829af45]
26440:
26441: * snprintf.c:
26442: kill bogus reference to vfprintf
26443: [a0b99b25d389]
26444:
26445: * sample.sudoers, sudoers:
26446: better examples
26447: [b4d87ea64cc8]
26448:
26449: * snprintf.c:
26450: Add some const in the K&R defs. This is safe since we define const
26451: away if the compiler doesn't grok it.
26452: [614d6e83d45e]
26453:
26454: * aclocal.m4, configure:
26455: Better test for working long long support. Ultrix compiler supports
26456: basic long long but not all operations on them.
26457: [5da1508710ed]
26458:
26459: * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
26460: snprintf.c, sudo.c:
26461: Add check for LONG_IS_QUAD #undef MAXINT before including
26462: hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
26463: in snprintf.c and use LONG_IS_QUAD
26464: [a1f7993367fc]
26465:
26466: 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
26467:
26468: * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
26469: snprintf.c:
26470: UCB-derived snprintf + asprintf support. Supports quads if the
26471: compiler does. No floating point yet, perhaps later...
26472: [0caf05aba945]
26473:
26474: 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
26475:
26476: * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
26477: goodpath.c, logging.c, parse.c, sudo.c:
26478: Run most of the code as root, not the invoking user. It doesn't
26479: really gain us anything to run as the user since an attacker can
26480: just have an setuid(0) in their egg. Running as root solves
26481: potential problems wrt signalling.
26482: [408e530dda01]
26483:
26484: * sudo.tab.c:
26485: regen
26486: [f8cfb37e37de]
26487:
26488: 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
26489:
26490: * logging.c, sudo.c:
26491: Don't wait for child to finish in log_error(), let the signal
26492: handler get it if we are still running, else let init reap it for
26493: us. The extra time it takes to wait lets the user know that mail is
26494: being sent.
26495:
26496: Install SIGCHLD handler in main() and for POSIX signals, block
26497: everything
26498: *except* SIGCHLD.
26499: [d2b6ab0ef3be]
26500:
26501: * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
26502: parse.yacc, sudo.c, sudo.h:
26503: sudoers_lookup() now returns a bitmap instead of an int. This makes
26504: it possible to express things like "failed to validate because user
26505: not listed for this host". Some thigns that were previously
26506: VALIDATE_FOO are now FLAG_FOO. This may change later on.
26507:
26508: Reorganized code in log_auth() and sudo.c to deal with above
26509: changes.
26510:
26511: Safer versions of push/pushcp with in the do { ... } while (0) style
26512:
26513: parse.yacc now saves info on the stack to allow parse.c to determine
26514: if a user was listed, but not for the host he/she tried to run on.
26515:
26516: Added --with-mail-if-no-host option
26517: [63326cb01efc]
26518:
26519: 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
26520:
26521: * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
26522: visudo.man, visudo.pod:
26523: o NewArgv and NewArgc don't need to be externally visible. o If
26524: pedantic > 1, it is a parse error. o Add -s (strict) option to
26525: visudo which sets pedantic to 2.
26526: [5d7d81b55cd5]
26527:
26528: * HISTORY, INSTALL:
26529: Just have sudo-bugs contact info in one place
26530: [e7f6588ea683]
26531:
26532: * sudo.cat, sudo.html, sudo.man, sudo.pod:
26533: Add BUGS section
26534: [6607d96ea510]
26535:
26536: * Makefile.in, configure, configure.in:
26537: Add testsudoers to default build target if --with-devel Don't clean
26538: generated parser files unless "distclean".
26539: [5827b769dc57]
26540:
26541: * parse.yacc, sudo.tab.c:
26542: In pedantic mode we need to save *all* the aliases, not just those
26543: that match, or we get spurious warnings.
26544: [24f5b1f0e1de]
26545:
26546: * TROUBLESHOOTING:
26547: reference samples.sylog.conf
26548: [11841668380a]
26549:
26550: 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
26551:
26552: * sample.syslog.conf:
26553: Sample entries for syslog.conf
26554: [0f7697d878a1]
26555:
26556: * CHANGES:
26557: recent changes
26558: [8bca8810c6bd]
26559:
26560: * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
26561: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
26562: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
26563: auth/sudo_auth.c, auth/sudo_auth.h:
26564: In struct sudo_auth, turn need_root and configured into flags and
26565: add a flag to specify an auth method is running alone (the only
26566: one). Pass auth methods their sudo_auth pointer, not the data
26567: pointer. This allows us to get at the flags and tell if we are the
26568: only auth method. That, in turn, allows the method to be able to
26569: decide what should/should not be a fatal error. Currently only
26570: rfc1938 uses it this way, which allows us to kill the OTP_ONLY
26571: define and te hackery that went with it. With access to the
26572: sudo_auth struct, methods can also get at a string holding their
26573: cannonical name (useful in error messages).
26574: [b7e320fc6511]
26575:
26576: * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
26577: getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
26578: sudo.tab.h:
26579: o --with-otp deprecated, use --without-passwd instead o real
26580: dependencies in the Makefile o --with-devel option to enable yacc,
26581: lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
26582: back to being a token, not a string but don't leak memory o rename
26583: hsotspec -> host in parse.yacc
26584: [912c45226cb2]
26585:
26586: 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
26587:
26588: * BUGS, CHANGES:
26589: recent changes
26590: [801fa6e55687]
26591:
26592: * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
26593: sudo.c, sudo.h:
26594: o Digital UNIX needs to check for *snprintf() before -ldb is added
26595: to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
26596: for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
26597: functions in snprintf.c to fix -Wall o Add missing includes to fix
26598: more -Wall
26599: [8d207203e126]
26600:
26601: * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
26602: configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
26603: visudo.c:
26604: o Add a "pedentic" flag to the parser. This makes sudo warn in
26605: cases where an alias may be used before it is defined. Only turned
26606: on for visudo and testsudoers. o Add --disable-authentication option
26607: that makes sudo not require authentication by default. The PASSWD
26608: tag can be used to require authentication for an entry. We no
26609: longer overload --without-passwd.
26610: [f307e09adf98]
26611:
26612: * lex.yy.c, parse.lex:
26613: Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
26614: username can contain just about anything so be very permissive. Also
26615: drop the unused \. punctuation.
26616: [06a50614ff89]
26617:
26618: 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
26619:
26620: * parse.yacc, sudo.tab.c:
26621: o add a 'val' element to aliasinfo struct and move -> parse.h o
26622: find_alias() now returns an aliasinfo * instead of boolean o
26623: add_alias() now takes a value parameter to store in the
26624: aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
26625: return: 1) positive match 0) negative match (due to '!')
26626: -1) no match This means setting $$ explicitly in all cases, which I
26627: should have done in the first place. It also means that we always
26628: store a value that is != -1 and when we see a '!' we can set
26629: *_matches to !rv if rv != -1. The upshot of all of this is that '!'
26630: now works the way it should in lists and some of the rules are more
26631: uniform and sensible.
26632: [ad8e73b5d581]
26633:
26634: * Makefile.in:
26635: add parse.h dependency
26636: [4ccccd464d30]
26637:
26638: * parse.h:
26639: kill unused *_matched macros
26640: [02cba6dcb732]
26641:
26642: * parse.yacc:
26643: Allow a list of users as the first thing in a user spec, not just a
26644: single entry. This makes things more uniform, though it does allow
26645: you to write user specs that are hard to read.
26646: [3c4c91c508ca]
26647:
26648: * sudo.tab.c:
26649: parse.yacc
26650: [feca81881bb6]
26651:
26652: * configure:
26653: regen
26654: [6f247010bb3b]
26655:
26656: * configure.in:
26657: fix check for crypt() in libufc
26658: [82770736f4b0]
26659:
26660: 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
26661:
26662: * README:
26663: sudo-users list now exists
26664: [4716d2bb0bbf]
26665:
26666: * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
26667: Update to reality.
26668: [1eda2d57e42a]
26669:
26670: * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
26671: config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
26672: version.c, visudo.c:
26673: o Move lock_file() and touch() into fileops.c so visudo can use them
26674: o Visudo now locks the sudoers temp file instead of bailing when the
26675: temp file already exists. This fixes the problem of stale temp
26676: files but it does *require* that you not try to put the temp file in
26677: a world-writable directory. This shoud not be an issue as the temp
26678: file should live in the same dir as sudoers. o Visudo now only
26679: installs the temp file as sudoers if it changed.
26680: [2517cd06c070]
26681:
26682: 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
26683:
26684: * logging.c:
26685: add fcntl locking
26686: [c304adeaf515]
26687:
26688: * config.h.in, configure, configure.in, logging.c:
26689: Lock the log file.
26690: [d8652704fbdf]
26691:
26692: * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
26693: visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
26694: o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
26695: temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
26696: -> _PATH_SUDOERS_TMP
26697: [68cad8975807]
26698:
26699: 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
26700:
26701: * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
26702: o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
26703: root sudo -V config reporting
26704: [cdd2613a9dcf]
26705:
26706: * configure, configure.in:
26707: aix_auth.o not authenticate.o
26708: [d972e35f6730]
26709:
26710: * config.h.in:
26711: Add --with-goodpri and --with-badpri configure options to specify
26712: the syslog priority to use.
26713: [2595ae50ab86]
26714:
26715: * INSTALL, configure, configure.in, logging.h:
26716: Add --with-goodpri and --with-badpri configure options to specify
26717: the syslog priority to use.
26718: [8276ee9b2b49]
26719:
26720: * compat.h:
26721: kill crufty AIX stuff
26722: [a4f35ef9854e]
26723:
26724: * Makefile.in:
26725: Sigh, some versions of make (like Solaris's) don't deal with $< like
26726: I would expect. Both GNU and BSD makes get this right but... So, we
26727: just expand $< inline at the cost of some ugliness.
26728: [b1b456f8801f]
26729:
26730: * version.c:
26731: If the invoking user is root, sudo will now print configure info in
26732: -V mode. Currently just prints logging info, to be expanded later.
26733: [392f7ed99267]
26734:
26735: * logging.c, logging.h, sudo.c, sudo.h:
26736: o new defines for syslog facility and priority o use new
26737: print_version() functino for -V mode
26738: [78abc5142985]
26739:
26740: * check.c:
26741: Don't need version.c
26742: [db9a830ad893]
26743:
26744: * aclocal.m4, config.h.in, configure, configure.in:
26745: Add check for syslog facilities and priorities tables in syslog.h
26746: [b86213e5fc5c]
26747:
26748: * Makefile.in:
26749: o authenticate -> aix_auth o add version.c
26750: [44b6b9a8d0f5]
26751:
26752: * auth/sudo_auth.c:
26753: Missed a prompt -> user_prompt conversion
26754: [e4c60b1f210c]
26755:
26756: 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
26757:
26758: * TODO:
26759: sudo should lock its logfile
26760: [6d2830b28b07]
26761:
26762: * parse.yacc, sudo.tab.c:
26763: o Add '!' correctly when expanding Aliases. o Add shortcut macros
26764: for append() to make things more readable. o The separator in
26765: append() is now a string instead of a char. o In append(), only
26766: prepend the separator if the last char is not a '!'. This is a
26767: hack but it greatly simplifies '!' handling. o In -l mode, Runas
26768: lists and NOPASSWD/PASSWD tags are now inherited across entries in
26769: a list (matches current behavior). o Fix formatting in -l mode such
26770: that items in a list are separated by a space. Greatlt improves
26771: readability. o Space for name field in struct aliasinfo is now
26772: allocated dyanically instead of using a (big) buffer. o In
26773: add_alias(), only search the list once (lsearch instead of lfind +
26774: lsearch)
26775: [51f7e07addb9]
26776:
26777: * lex.yy.c, sudo.tab.c, sudo.tab.h:
26778: regen
26779: [5c19bb05dc21]
26780:
26781: * configure, configure.in:
26782: Solais pam doesn't require anye xtra setup
26783: [a25ba03d91d1]
26784:
26785: * parse.yacc:
26786: o Simpler '!' support now that the lexer deals with multiple !'s for
26787: us. o In the case of opFOO, have FOO give a boolean return value and
26788: set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
26789: it gets fill()'d in parse.lex--fixes a small memory leak. In the
26790: long run it may be better to just fix parse.lex and make ALL back
26791: into a token. However, having it be a string is useful since it
26792: can be easily passed back to the parent rule if we so desire.
26793: [b3c64b443018]
26794:
26795: * parse.lex:
26796: o Remove some unnecessary backslashes o collapse multiple !'s by
26797: using !+ and checking if yyleng is even or odd. this allows us to
26798: simplify ! handling in parse.yacc
26799: [76330e8da8e3]
26800:
26801: * sudo.c:
26802: -u flag was being ignored
26803: [e30283207585]
26804:
26805: 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
26806:
26807: * Makefile.in:
26808: correct fix
26809: [a0e2377dec8f]
26810:
26811: * Makefile.in:
26812: work around pod2man stupididy
26813: [7c755640b67f]
26814:
26815: * Makefile.in:
26816: correct dependencies for .cat
26817: [5ed7b0653b68]
26818:
26819: * sudo.cat, sudo.man, visudo.cat, visudo.man:
26820: regen
26821: [b74510dd6a0a]
26822:
26823: * sudo.pod, visudo.pod:
26824: Add copyright Update to reality
26825: [188e9b046c15]
26826:
26827: * parse.c, sudo.c, sudo.h:
26828: rename validate() to the more descriptive sudoers_lookup()
26829: [7a1cb652f379]
26830:
26831: * auth/aix_auth.c:
26832: use tgetpass
26833: [b8ba5daec40a]
26834:
26835: 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
26836:
26837: * CHANGES:
26838: updates
26839: [e61460cdf4a0]
26840:
26841: * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
26842: configure, configure.in, sudo.c:
26843: Sudo, not CU Sudo
26844: [9061b3573c0c]
26845:
26846: * LICENSE:
26847: add 4th term to license similar to term 5 in the apache license
26848: [92712e895afb]
26849:
26850: * emul/search.h, emul/utime.h:
26851: add 4th term to license similar to term 5 in the apache license
26852: [4f93a8b9396e]
26853:
26854: * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
26855: auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
26856: auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
26857: auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
26858: logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
26859: pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
26860: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
26861: visudo.c:
26862: add 4th term to license similar to term 5 in the apache license
26863: [afae9f2bf9ec]
26864:
26865: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
26866: add 4th term to license similar to term 5 in the apache license
26867: [c389d3fdafac]
26868:
26869: * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
26870: getspwuid.c, goodpath.c:
26871: add 4th term to license similar to term 5 in the apache license
26872: [969e63dbd38e]
26873:
26874: * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
26875: insults.h, logging.c, sudo.c, sudo.h:
26876: there was a 1995 release too
26877: [5963fd89457a]
26878:
26879: 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
26880:
26881: * CHANGES:
26882: updates
26883: [254b794f16ab]
26884:
26885: * check.c:
26886: Use dirs instead of files for timestamp. This allows tty and non-
26887: tty schemes to coexist reasonably. Note, however, that when you
26888: update a tty ticket, the mtime on the user dir gets updated as well.
26889: [44bfac32f799]
26890:
26891: * configure, configure.in:
26892: Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
26893: when linking test program, not just -lprot. Also add check for
26894: getspnam(). The SCO docs indicate that /etc/shadow can be used but
26895: this may be a lie.
26896: [2ba21d36cc1e]
26897:
26898: 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
26899:
26900: * auth/API:
26901: first cut at auth API description
26902: [3d10df021eb8]
26903:
26904: 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
26905:
26906: * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
26907: auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
26908: auth/sudo_auth.h:
26909: auth API change. There is now an init method that gets run before
26910: the main loop. This allows auth routines to differentiate between
26911: initialization that happens once vs. setup that needs to run each
26912: time through the loop.
26913: [76df1c0d3478]
26914:
26915: * auth/kerb5.c, logging.c:
26916: use easprintf() and evasprintf()
26917: [fd97d96dc12f]
26918:
26919: * alloc.c, sudo.h:
26920: add easprintf() and evasprintf(), error checking versions of
26921: asprintf() and vasprintf()
26922: [f54385de20b7]
26923:
26924: * TODO:
26925: remove 2 items. One done, one won't do.
26926: [64513b47bc7a]
26927:
26928: * lex.yy.c, sudo.tab.c:
26929: regen
26930: [4aa299de2752]
26931:
26932: * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
26933: visudo.html, visudo.man:
26934: regen
26935: [553c0d1209be]
26936:
26937: * CHANGES:
26938: new changes
26939: [d7be00b7e36b]
26940:
26941: * sudo.pod:
26942: o Document -K flag and update meaning of -k flag. o BSD-style
26943: copyright o Document clearing of BIND resolver environment variables
26944: o Clarify bit about shared libs o suggest rc files create /tmp/.odus
26945: if your OS gives away files
26946: [4a4092be1455]
26947:
26948: * visudo.pod:
26949: BSD license
26950: [ad0bfd0a4630]
26951:
26952: * version.h:
26953: BSD-style copyright
26954: [ecc6479325be]
26955:
26956: * tgetpass.c:
26957: o BSD copyright o no need to block signals, we now do that in main()
26958: o cosmetic changes
26959: [61958beda7ab]
26960:
26961: * testsudoers.c, visudo.c:
26962: o BSD-style copyright o Use "struct sudo_user" instead of old
26963: globals. o some cometic cleanup
26964: [88c0c6924082]
26965:
26966: * sudo_setenv.c:
26967: BSD-style copyright
26968: [df20290129a0]
26969:
26970: * sudo.h:
26971: o BSD copyright o logging and parser bits moved to their own .h
26972: files o new "struct sudo_user" to encapsulate many of the old
26973: globals.
26974: [50fc86bf25cb]
26975:
26976: * sudo.c:
26977: o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
26978: logging routines o simplified flow of control o BIND resolver
26979: additions to badenv_table
26980: [8c53f15bfcb0]
26981:
26982: * strerror.c:
26983: BSD-style copyright
26984: [7c906c3a82ac]
26985:
26986: * snprintf.c:
26987: Now compiles on more K&R compilers
26988: [07ab1d3231c7]
26989:
26990: * putenv.c:
26991: BSD-style copyright, cosmetic changes
26992: [c42371295881]
26993:
26994: * pathnames.h.in:
26995: BSD-style copyright
26996: [e5c34ebd4cf1]
26997:
26998: * parse.c, parse.h, parse.lex, parse.yacc:
26999: BSD-style copyright. Move parser-specific defines and structs into
27000: parse.h + other cosmetic changes
27001: [d3088efb6228]
27002:
27003: * logging.h:
27004: defines for logging routines
27005: [13147941c02d]
27006:
27007: * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
27008: BSD-style copyright, cosmetic changes
27009: [e8205e91a4fa]
27010:
27011: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
27012: interfaces.h:
27013: BSD-style copyright
27014: [b9499da7cdce]
27015:
27016: * configure.in:
27017: o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
27018: kill --disable-tgetpass o add --without-passwd o changes to fill in
27019: AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
27020: v?asprintf() o replace --with-AuthSRV with --with-fwtk
27021: [9a3f39b9c128]
27022:
27023: * config.h.in:
27024: BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
27025: HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
27026: HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
27027: [9a09054db53a]
27028:
27029: * compat.h:
27030: BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
27031: [25509c566975]
27032:
27033: * alloc.c:
27034: BSD-style copyright
27035: [4967be892363]
27036:
27037: * TROUBLESHOOTING:
27038: no more --with-getpass
27039: [afd5b670c196]
27040:
27041: * TODO:
27042: Take out things I've done...
27043: [375420c8270e]
27044:
27045: * README:
27046: Refer to LICENSE
27047: [c486c8db30f6]
27048:
27049: * PORTING:
27050: --with-getpass no longer exists
27051: [db48202df1bb]
27052:
27053: * Makefile.in:
27054: BSD-style copyright. Update to reflect reality wrt new files and
27055: new auth modules.
27056: [61a2ca7940fb]
27057:
27058: * INSTALL:
27059: Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
27060: --without-passwd.
27061: [64e8f9e1c05e]
27062:
27063: * HISTORY:
27064: Update history a bit
27065: [df60c0a871b8]
27066:
27067: * COPYING, LICENSE:
27068: Now distributed under a BSD-style license
27069: [d1a184ccabe1]
27070:
27071: * auth/sudo_auth.c:
27072: o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
27073: options. o skey/opie replaced by rfc1938 code o new struct sudo_user
27074: global
27075: [891b57060868]
27076:
27077: * auth/pam.c, auth/sia.c:
27078: BSD-style copyright and use new log functions
27079: [65c44445ea84]
27080:
27081: * auth/kerb5.c:
27082: o BSD-style copyright o Use new log functiongs o Use asprintf() and
27083: snprintf() where sensible.
27084: [1ff0feaacf95]
27085:
27086: * check.c:
27087: Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
27088: done more reasonably--better sanity checks and tty-based stamps are
27089: now done as files in a directory with the same name as the invoking
27090: user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
27091: to mix tty and non-tty based ticket schemes but this may change in
27092: the future (it requires sudo to use a directory instead of a file in
27093: the non-tty case). Also, ``sudo -k'' now sets the ticket back to
27094: the epoch and ``sudo -K'' really deletes the file. That way you
27095: don't get the lecture again just because you killed your ticket in
27096: .logout. BSD-style copyright now.
27097: [ec3460f85be8]
27098:
27099: * logging.c:
27100: o rewritten logging routines. log_error() now takes printf-style
27101: varargs and log_auth() for the return value of validate(). o BSD-
27102: style copyright
27103: [438292025c4e]
27104:
27105: * auth.c, check_sia.c, dce_pwent.c, secureware.c:
27106: superceded by new auth API
27107: [412060590da7]
27108:
27109: * auth/kerb4.c:
27110: BSD-style copyright
27111: [cc4e800833c7]
27112:
27113: * auth/fwtk.c:
27114: Use snprintf() where it makes sense and add a BSD-style copyright
27115: [1b7502388a74]
27116:
27117: * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
27118: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
27119: BSD-style copyright
27120: [42583bedae5c]
27121:
27122: * emul/utime.h, utime.c:
27123: BSD-style copyright
27124: [3985c90aba47]
27125:
27126: * emul/search.h:
27127: this has been rewritten so use my BSD-style copyright
27128: [176df1b0de6f]
27129:
27130: 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
27131:
27132: * snprintf.c:
27133: include malloc.h if no stdlib.h
27134: [7b123f1d1d03]
27135:
27136: * snprintf.c:
27137: KTH snprintf()/asprintf() for systems w/o them
27138: [3ca9aefb9d01]
27139:
27140: * strerror.c:
27141: strerror() for systems w/o it
27142: [7f0bd8a1c1b4]
27143:
27144: 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
27145:
27146: * visudo.c:
27147: stylistic changes
27148: [6f99aceb7170]
27149:
27150: * parse.c, parse.lex, parse.yacc:
27151: Add contribution info in the main comment
27152: [e50cec10acd6]
27153:
27154: 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
27155:
27156: * auth/pam.c:
27157: remove missed ref to PAM_nullpw
27158: [a43e59692cdb]
27159:
27160: * auth/sudo_auth.h:
27161: pasto
27162: [891ff138ab89]
27163:
27164: * auth/kerb5.c:
27165: more or less complete now--still untested
27166: [21036732faa0]
27167:
27168: * auth/afs.c, auth/pam.c:
27169: don't use user_name macro, it will go away
27170: [def7cf727349]
27171:
27172: * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
27173: combine skey/opie code into rfc1938.c
27174: [44d88ca93d3e]
27175:
27176: * auth/dce.c, auth/sudo_auth.h:
27177: DCE authentication method; basically unchanged from dce_pwent.c
27178: [4d468473dd6f]
27179:
27180: * auth/aix_auth.c, auth/sudo_auth.h:
27181: AIX authenticate() support. Could probably be much better
27182: [000013321a33]
27183:
27184: * auth/sia.c:
27185: Fix an uninitialized variable and some cleanup. Now works (tested)
27186: [fd6ad88ff055]
27187:
27188: * auth/sia.c, auth/sudo_auth.h:
27189: SIA support for digital unix
27190: [5335f3e70eab]
27191:
27192: * auth/pam.c:
27193: don't use prompt global, it will go away
27194: [fadd22dd6ce4]
27195:
27196: * auth/secureware.c:
27197: correct copyright years
27198: [6aa07c49f51b]
27199:
27200: * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
27201: auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
27202: auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
27203: New authentication API and methods
27204: [9debe9b59c79]
27205:
27206: 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
27207:
27208: * sudo.tab.c:
27209: regen
27210: [84578e82c1a6]
27211:
27212: * parse.yacc:
27213: only save an entry if user_matches && host_matches, even if the
27214: stack is empty (fix for previous commit)
27215: [00984b078d8a]
27216:
27217: * sudo.tab.c:
27218: regen
27219: [66acf160b4b7]
27220:
27221: * parse.yacc:
27222: 1) Always save an entry on the stack if it is empty. This fixes the
27223: -l and -v flags that were broken by earlier parser changes.
27224:
27225: 2) In a Runas list, don't negate FALSE -> TRUE since that would make
27226: !foo match any time the user specified a runas user (via -u) other
27227: than foo.
27228: [f322eb54b015]
27229:
27230: * testsudoers.c:
27231: interfaces and num_interfaces are now auto, not extern
27232: [113add5c6518]
27233:
27234: 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
27235:
27236: * auth.c:
27237: use a static global to keep stae about empty passwords
27238: [bc02e30807d8]
27239:
27240: * check_sia.c:
27241: make PASSWORD_NOT_CORRECT logging consistent with other modules
27242: [21962549d5fd]
27243:
27244: 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
27245:
27246: * auth.c:
27247: PAM prompt code was wrong, looks like we have to kludge it after
27248: all.
27249: [91f246155ead]
27250:
27251: * auth.c:
27252: In the PAM code, when a user hits return at the first password
27253: prompt, exit without a warning just like the normal auth code
27254: [918f59bacdb7]
27255:
27256: * configure, configure.in:
27257: kludge around cross-compiler false positives
27258: [5e5fc8356400]
27259:
27260: * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
27261: New (correct) PAM code Tgetpass now takes an echo flag for use with
27262: PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
27263: useless umask setting Change error from BAD_ALLOCATION ->
27264: BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
27265: for consistency
27266: [e71397f09dd8]
27267:
27268: * sudo.c:
27269: Some -Wall and kill some trailing spaces
27270: [8229b43d5c4e]
27271:
27272: * configure.in:
27273: define -D__EXTENSIONS__ for solaris so we get crypt() proto
27274: [7533e4436cab]
27275:
27276: 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
27277:
27278: * RUNSON:
27279: add Dynix 4.4.4
27280: [b69f773efbce]
27281:
27282: * INSTALL, config.h.in, configure, configure.in:
27283: for kerberos V < version, fall back on old kerb4 auth code
27284: [d685ed3a1d8e]
27285:
27286: * INSTALL:
27287: clarify some things
27288: [2f5ba2e8e53a]
27289:
27290: * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
27291: typos
27292: [8925a109c093]
27293:
27294: 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
27295:
27296: * sudo.c:
27297: mention why DONT_LEAK_PATH_INFO is not the default
27298: [0346260cb4ec]
27299:
27300: 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
27301:
27302: * tgetpass.c:
27303: Fix open(2) return value checking, was NULL for fopen, should be -1
27304: for open
27305: [355878bf6d8a]
27306:
27307: * configure:
27308: regen
27309: [68bf82871862]
27310:
27311: * configure.in:
27312: better wording for solaris pam notice
27313: [04e88c7a6c42]
27314:
27315: * CHANGES:
27316: document recent changes
27317: [7c922c5622ef]
27318:
27319: * TROUBLESHOOTING:
27320: Update shadow password section
27321: [e8448bae7d66]
27322:
27323: * auth.c:
27324: move authentication code from check.c to auth.c
27325: [e9f6ecae2399]
27326:
27327: * Makefile.in, check.c, sudo.h:
27328: move authentication code to auth.c
27329: [124cded85f46]
27330:
27331: 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
27332:
27333: * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
27334: getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
27335: logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
27336: sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
27337: visudo.c:
27338: Move interface-related defines to interfaces.h so we don't have to
27339: include <netinet/in.h> everywhere.
27340: [e7599d8ea0bf]
27341:
27342: 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
27343:
27344: * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
27345: parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
27346: o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
27347: turns out the old DES crypt does the right thing with passwords
27348: longert than 8 characters. o Fix common typo (necesary ->
27349: necessary) o Update TODO list
27350: [ad75007a6f13]
27351:
27352: 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
27353:
27354: * sudo.c:
27355: set $LOGNAME when we set $USER
27356: [391596210fd7]
27357:
27358: 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
27359:
27360: * INSTALL:
27361: add comment about digital unix and interfaces.c warning with gcc
27362: [e20f815901cc]
27363:
27364: 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
27365:
27366: * sample.sudoers:
27367: use modern paths and give examples for some of the new parser
27368: features
27369: [e7b2e507c695]
27370:
27371: 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
27372:
27373: * parse.c:
27374: fix comment
27375: [5eb0d005a65f]
27376:
27377: * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
27378: getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
27379: parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
27380: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
27381: Function names should be flush with the start of the line so they
27382: can be found trivially in an editor and with grep
27383: [3c400abde574]
27384:
27385: * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
27386: sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
27387: free(3) is already void, no need to cast it
27388: [6981e1ebda0f]
27389:
27390: * logging.c, sudo.c, sudo.h:
27391: catch case where cmnd_safe is not set (this should not be possible)
27392: [3e1e3038546c]
27393:
27394: * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
27395: testsudoers.c, visudo.c:
27396: Stash the "safe" path (ie: the one listed in sudoers) to the command
27397: instead of stashing the struct stat. Should be safer.
27398: [aa2883fcf57e]
27399:
27400: 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
27401:
27402: * INSTALL, Makefile.in, UPGRADE:
27403: notes on updating from an earlier release
27404: [df9fffa4ab2c]
27405:
27406: * CHANGES:
27407: updated
27408: [574f5065d15a]
27409:
27410: 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
27411:
27412: * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
27413: sudoers.man, sudoers.pod:
27414: You can now specifiy a host list instead of just a host or alias.
27415: Ie: user = host1,host2,ALIAS,!host3 my_command now works.
27416: [e3942bb78021]
27417:
27418: * testsudoers.c:
27419: Quiet -Wall
27420: [a3edc8b08c3a]
27421:
27422: * parse.yacc, sudo.tab.c:
27423: Move the push from the beginning of cmndspec to the end. This means
27424: we no longer have to do a push at the end of privilege, just reset
27425: some values.
27426: [8ea66e5860c6]
27427:
27428: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
27429: runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
27430: use "!" most everywhere
27431: [aadae4d1c9d5]
27432:
27433: 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
27434:
27435: * sudoers.pod:
27436: modernize paths and update su example based on sample.sudoers one
27437: [3f6a37e16c83]
27438:
27439: * sample.sudoers:
27440: New runas semantics
27441: [756ee92865b7]
27442:
27443: * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
27444: strdup.c, sudo.h:
27445: In estrdup(), do the malloc ourselves so we don't need to rely on
27446: the system strdup(3) which may or may not exist. There is now no
27447: need to provide strdup() for those w/o it. Also, the prototype for
27448: estrdup() was wrong, it returns char * and its param is const.
27449: [5f1f984da8e3]
27450:
27451: * getcwd.c:
27452: $Sudo tag
27453: [e4188a35e68c]
27454:
27455: * check.c:
27456: buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
27457: [2aec87c86cde]
27458:
27459: * CHANGES, TODO, parse.yacc, sudo.tab.c:
27460: It is now possible to use the '!' operator in a runas list as well
27461: as in a Cmnd_Alias, Host_Alias and User_Alias.
27462: [a4fdaabda990]
27463:
27464: * logging.c, sudo.h:
27465: Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
27466: [73d0376785ae]
27467:
27468: * sudo.h:
27469: Definitions of *_matched were wrong--user top, not top-2 as
27470: subscript.
27471: [5f8350a57362]
27472:
27473: * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
27474: Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
27475: command but the NOPASSWD flag was set. Make runasspec, runaslist,
27476: runasuser, and nopasswd typeless in parse.yacc Add support for '!'
27477: in the runas list Fix double printing of '%' and '+' for groups and
27478: netgroups respectively Add *_matched macros (no need for local stack
27479: variable). Should only be used directly after a pop (since top must
27480: be >= 2).
27481: [392b1400c4e6]
27482:
27483: * aclocal.m4, configure.in:
27484: Add copyright, somewhat silly
27485: [55c2cdd82dca]
27486:
27487: 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
27488:
27489: * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
27490: compat.h, config.h.in, configure, configure.in, dce_pwent.c,
27491: emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
27492: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
27493: lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
27494: putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
27495: sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
27496: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
27497: visudo.man:
27498: Crank version to 1.6 and combine copyright statements
27499: [0e1c791658ae]
27500:
27501: * sample.sudoers:
27502: Use ! not ^ to do negation
27503: [1480a0761730]
27504:
27505: * lex.yy.c, sudo.tab.c:
27506: regen
27507: [89ca5a46684b]
27508:
27509: * parse.lex, parse.yacc:
27510: Make runas and NOPASSWD tags persistent across entris in a command
27511: list. Add a PASSWD tag to reverse NOPASSWD. When you override a
27512: runas or *PASSWD tag the value given becomes the new default for the
27513: rest of the command list.
27514: [f1bbb4066542]
27515:
27516: 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
27517:
27518: * CHANGES, RUNSON:
27519: update for 1.5.9
27520: [a1ae9d4a7d54] [SUDO_1_5_9]
27521:
27522: * visudo.c:
27523: Shift return value of system(3) by 8 to get real exit value and if
27524: it is not 1 or 0 print the retval along with the error message.
27525: [c1ff50d743fb]
27526:
27527: 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
27528:
27529: * Makefile.in:
27530: testsudoers needs LIBOBJS too
27531: [972571b4e4bf]
27532:
27533: * parse.c, parse.yacc, sudo.tab.c:
27534: Fix another parser bug. For a sudoers entry like this: millert
27535: ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
27536: as root.
27537: [51968e1eb33d]
27538:
27539: * CHANGES:
27540: new change
27541: [271c6110bb62]
27542:
27543: * parse.yacc, sudo.tab.c:
27544: Save entries that match a ! command on the matching stack too
27545: [5afb5107116c]
27546:
27547: * sudo.c:
27548: Make sudo's usage info better when mutually exclusive args are given
27549: and don't rely on argument order to detect this; nick@zeta.org.au
27550: [2422753c88fd]
27551:
27552: 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
27553:
27554: * CHANGES, Makefile.in, RUNSON:
27555: updates from CU
27556: [b37381e3dafb]
27557:
27558: * Makefile.in:
27559: use gzip
27560: [94a64e52a166]
27561:
27562: * parse.yacc, sudo.tab.c:
27563: Fix off by one error introduced in *alloc changes
27564: [95ede581153a]
27565:
27566: * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
27567: check_sia.c, compat.h, config.h.in, configure, configure.in,
27568: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
27569: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
27570: interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
27571: pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
27572: sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
27573: sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
27574: visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
27575: ++version
27576: [c6d88f024e37]
27577:
27578: * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
27579: interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
27580: putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
27581: sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
27582: Use emalloc/erealloc/estrdup
27583: [44221d97361a]
27584:
27585: * alloc.c:
27586: error checking memory allocation routines
27587: [5f8c1e7bbc71]
27588:
27589: * parse.yacc, sudo.tab.c:
27590: Still not right, this fixes it for real
27591: [ad553b6f5339]
27592:
27593: * parse.yacc, sudo.tab.c:
27594: Fix for previous commit
27595: [4d6f989f9bf2]
27596:
27597: * CHANGES, INSTALL, parse.yacc:
27598: Fix a parser bug that was exposed when mixing different runas specs
27599: and ! commands. For example: millert ALL=(daemon)
27600: /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
27601: as well as daemon when it should just allow daemon. The problem was
27602: that comma-separated commands in a list shared the same entry on the
27603: matching stack. Now they get their own entry iff there is a full
27604: match. It may be better to just make the runas spec persistent
27605: across all commands in a list like the user and host entries of the
27606: matching stack. However, since that is a fairly major change it
27607: should gets its own minor rev increase.
27608: [c4b939cdcc8e]
27609:
27610: 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
27611:
27612: * check.c, config.h.in:
27613: Simplify PAM code and fix a PAM-related warning on Linux
27614: [2468399523b6]
27615:
27616: 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
27617:
27618: * CHANGES:
27619: updates
27620: [29d4a997769c]
27621:
27622: * sample.sudoers:
27623: better su entry
27624: [76d8285a72ba]
27625:
27626: * configure:
27627: regen
27628: [b7450cc6975d]
27629:
27630: * check.c, configure.in:
27631: new pam code that works on solaris, should work on linux too;
27632: aelberg@home.com
27633: [84c16c0ff259]
27634:
27635: 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
27636:
27637: * RUNSON:
27638: more entries
27639: [b6bef8660759]
27640:
27641: * config.h.in:
27642: only include strings.h if there is no string.h
27643: [b66054a32b00]
27644:
27645: 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
27646:
27647: * config.guess:
27648: Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
27649: [c086d2fe63af]
27650:
27651: 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
27652:
27653: * sudo.c:
27654: shost must be set before log functions are called #ifdef HOST_IN_LOG
27655: [d49a7944358f]
27656:
27657: 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
27658:
27659: * CHANGES, lex.yy.c, parse.lex:
27660: Fix a bug wrt quoting characters in command args. Stop processing
27661: an arg when you hit a backslash so the quoted-character detection
27662: can catch it.
27663: [2281438d7f41]
27664:
27665: 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
27666:
27667: * interfaces.c:
27668: include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
27669: [31118a9e9916]
27670:
27671: 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
27672:
27673: * configure, configure.in:
27674: add missing case statement so --without-sendmail works
27675: [ca25614f7dd9]
27676:
27677: 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
27678:
27679: * CHANGES:
27680: more
27681: [4d70e44f7f93]
27682:
27683: 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
27684:
27685: * configure, configure.in:
27686: only search for -lsun in irix <= 4.x
27687: [e604238317b1]
27688:
27689: * configure, configure.in:
27690: back out last configure.in change now that I've hacked autoconf to
27691: fix the real problem and add a missing newline
27692: [2dabf59a79b5]
27693:
27694: * CHANGES:
27695: updated
27696: [bb35d526552f]
27697:
27698: * getcwd.c:
27699: add def of dirfd() for those without it
27700: [95f0173d8441]
27701:
27702: * configure, configure.in:
27703: When falling back to checking for socket() when linking with
27704: "-lsocket -lnsl" check for main() instead since autoconf has already
27705: cached the results of checking for socket() in -lsocket. This is
27706: really an autoconf bug as it should use the extra libs as part of
27707: the cache variable name.
27708: [a845f8b710ad]
27709:
27710: * configure.in:
27711: typo
27712: [a7d62f62a478]
27713:
27714: 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
27715:
27716: * configure.in:
27717: fix occurrence of $with_timeout that should be
27718: $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
27719: bochum.de
27720: [8c4da2cf73d1]
27721:
27722: 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
27723:
27724: * sudo.cat, sudo.html, sudo.man, sudo.pod:
27725: fix grammar; espie@openbsd.org
27726: [7031d9dfbc3e] [SUDO_1_5_8]
27727:
27728: 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
27729:
27730: * parse.yacc, sudo.c, testsudoers.c:
27731: add cast for strdup in places it does not have it
27732: [7ce4478d3b0f]
27733:
27734: 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
27735:
27736: * configure, configure.in:
27737: define for_BSD_TYPES irix
27738: [858337ff4af8]
27739:
27740: 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
27741:
27742: * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
27743: Make it clear that it is the user's password, not root's, that we
27744: want.
27745: [ae0f51b35ee4]
27746:
27747: * check.c, sudo.h:
27748: If the user enters an empty password and really has no password,
27749: accept the empty password they entered. Perviously, they could
27750: enter anything
27751: *but* an empty password. Also, add GETPASS macro that calls either
27752: tgetpass() or getpass() depending on how sudo was configured.
27753: Problem noted by jdg@maths.qmw.ac.uk
27754: [2fde21ce94c1]
27755:
27756: 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
27757:
27758: * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
27759: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
27760: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
27761: interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
27762: pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
27763: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
27764: visudo.c:
27765: add explicate copyright
27766: [d3b4449834a5]
27767:
27768: * CHANGES:
27769: mention -lsocket, -lnsl configure changes
27770: [9140af4ad8ae]
27771:
27772: 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
27773:
27774: * sudo.c:
27775: Don't clobber errno after calling check_sudoers().
27776: [59bd581b2654]
27777:
27778: 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
27779:
27780: * configure, configure.in:
27781: When linking with both -lsocket and -lnsl be sure to do so in that
27782: order. Also, when we can't find socket() or inet_addr() and have to
27783: try linking with both libs, issue a warning.
27784: [0ee547163067]
27785:
27786: * sudo.cat, sudo.man, sudo.pod:
27787: clarify bad timestamp and fmt
27788: [70e42cf56c75]
27789:
27790: 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
27791:
27792: * INSTALL, RUNSON:
27793: be clear that pam is linux-only and add a RUNSON entry
27794: [7fdeab875e0d]
27795:
27796: 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
27797:
27798: * CHANGES, INSTALL, configure, configure.in:
27799: fix and correctly document --with-umask; problem noted by
27800: adap@adap.org
27801: [11cd0481d63a]
27802:
27803: 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
27804:
27805: * configure, configure.in:
27806: only use /usr/{man,catman}/local to store man pages if suer didn't
27807: override prefix or mandir
27808: [781ad2cbe9be]
27809:
27810: * INSTALL, configure, configure.in:
27811: fix typo, make --with-SecurID take an arg
27812: [026a9b4014fc]
27813:
27814: 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
27815:
27816: * RUNSON:
27817: updates from users
27818: [2286982b31e6]
27819:
27820: * CHANGES, INSTALL, check.c, configure, configure.in:
27821: FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
27822: [23aa4e5c6b02]
27823:
27824: * configure, configure.in:
27825: better fix for the problem of unresolved symbols in -lnsl or
27826: -lsocket
27827: [82fe70fc287f]
27828:
27829: * configure, configure.in:
27830: when checking for functions in -lnsl and -lsocket link with both of
27831: them to avoid unresolved symbols on some weirdo systems
27832: [1734a591808e]
27833:
27834: 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
27835:
27836: * BUGS, CHANGES, RUNSON, TODO:
27837: old changes that didn't make it into RCS before the RCS->CVS switch
27838: [846eb2b8f9aa]
27839:
27840: 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
27841:
27842: * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
27843: configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
27844: getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
27845: ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
27846: lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
27847: secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
27848: sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
27849: visudo.pod:
27850: add sudo tags
27851: [962f81eaa5ab]
27852:
27853: * sudo.h:
27854: testing Sudo tag
27855: [e84cbc521129]
27856:
27857: * version.h:
27858: testing Sudo tag
27859: [a8c3a3998b88]
27860:
27861: * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
27862: config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
27863: find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
27864: ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
27865: logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
27866: secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
27867: sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
27868: utime.c, version.h, visudo.c, visudo.cat, visudo.man:
27869: crank version and regen files
27870: [23eacf00a1a4]
27871:
27872: * Makefile.in:
27873: kill rcs goop in update_version and fix now that version is a const
27874: [e6e50bd8d1e1]
27875:
27876: * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
27877: sudo.c, sudo.h, sudo.pod:
27878: kerb5 support from fcusack@iconnet.net
27879: [8134027986e2]
27880:
27881: * realpath.c, sudo_realpath.c:
27882: we no longer use realpath
27883: [0f5f64abc646]
27884:
27885: * qualify.c:
27886: replaced by find_path.c
27887: [9e32a87e09c4]
27888:
27889: * options.h:
27890: all options are now configure flags
27891: [ee6bd9610102]
27892:
27893: * lex.yy.c:
27894: regen
27895: [bdbf8a18161f]
27896:
27897: * getwd.c:
27898: superceded by getcwd.c
27899: [1e54ee0990b4]
27900:
27901: * getpass.c:
27902: superceded by tgetpass.c
27903: [4e0d1edc30e3]
27904:
27905: * SUPPORTED:
27906: superceded by RUNSON
27907: [854c5a21cb53]
27908:
27909: * OPTIONS:
27910: No longer used now that we have configure options for everything.
27911: [9b1ae1c89259]
27912:
27913: * configure:
27914: regen based on configure.in
27915: [3a4d73936973]
27916:
27917: * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
27918: sudoers.man, visudo.cat, visudo.html, visudo.man:
27919: regen based on sudo.pod, sudoers.pod, and visudo.pod
27920: [c267beb90778]
27921:
27922: 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
27923:
27924: * check.c:
27925: fix tty tickets in remove_timestamp (didn't use ':')
27926: [fd964a74a32b]
27927:
27928: 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
27929:
27930: * interfaces.c:
27931: close sock when we are done with it
27932: [95de0380f8a4]
27933:
27934: 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
27935:
27936: * parse.yacc:
27937: never say "error on line -1"
27938: [361db1491121]
27939:
27940: 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
27941:
27942: * configure.in:
27943: check for -lnsl before -lsocket
27944: [8e966d6bbcb5]
27945:
27946: * configure.in:
27947: quote '[', ']' used in ranges correctly
27948: [fa4f9c6ff651]
27949:
27950: 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
27951:
27952: * config.h.in:
27953: add missing NO_ROOT_SUDO noted by drno@tsd.edu
27954: [c969f25d1667]
27955:
27956: 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
27957:
27958: * version.h:
27959: 1.5.7
27960: [7a22de0bc148]
27961:
27962: * INSTALL:
27963: more info for 1.5.7
27964: [30ad9e784799]
27965:
27966: * README:
27967: update for 1.5.7
27968: [cd03a0a27cd2]
27969:
27970: * parse.yacc:
27971: make increases of cm_list_size and ga_list_size be similar to
27972: increases of stacksize (ie: >= not > in initial compare).
27973: [6bd450a896c7]
27974:
27975: * parse.yacc:
27976: when we get a syntax error, report it for the previous line since
27977: that's generally where the error occurred.
27978: [c4ac84058f0b]
27979:
27980: 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
27981:
27982: * config.h.in, configure.in, interfaces.c:
27983: add back check for sys/sockio.h but only use it if SIOCGIFCONF is
27984: not defined
27985: [d197f31fd1e4] [SUDO_1_5_7]
27986:
27987: * config.h.in:
27988: define BSD_COMP for svr4
27989: [87ac1147ff79]
27990:
27991: * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
27992: goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
27993: parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
27994: testsudoers.c, tgetpass.c, utime.c, visudo.c:
27995: more -Wall
27996: [d98e2d32db2a]
27997:
27998: * configure.in:
27999: kill check for sockio,h
28000: [4399779014c1]
28001:
28002: * config.h.in:
28003: no more HAVE_SYS_SOCKIO_H
28004: [67484528e347]
28005:
28006: * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
28007: goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
28008: parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
28009: testsudoers.c, tgetpass.c, utime.c, visudo.c:
28010: -Wall
28011: [2b7e83976788]
28012:
28013: 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
28014:
28015: * sudo.c:
28016: add missing inform_user()
28017: [8689528c6d55]
28018:
28019: 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
28020:
28021: * find_path.c:
28022: return NOT_FOUND if given fully qualified path and it does not exist
28023: previously it would perror(ENOENT) which bypasses the option to not
28024: leak path info
28025: [ccbc3d0130ae]
28026:
28027: * configure.in:
28028: for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
28029: -ldes
28030: [c77d3b484ece]
28031:
28032: 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
28033:
28034: * INSTALL:
28035: tty tickets are user:tty now
28036: [a53a303a614d]
28037:
28038: * check.c:
28039: when using tty tickets make it user:tty not user.tty as a username
28040: could have a '.' in it
28041: [3160b3f5c890]
28042:
28043: 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
28044:
28045: * sudo.c:
28046: add "ignoring foo found in ." for auth successful case
28047: [24257169e0bd]
28048:
28049: 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
28050:
28051: * sudo.c:
28052: add missing printf param
28053: [8c905124f777]
28054:
28055: 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
28056:
28057: * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
28058: go back to printing "command not found" unless --disable-path-info
28059: specified. Also, tell user when we ignore '.' in their path and it
28060: would have been used but for --with-ignore-dot.
28061: [066e118c11e4]
28062:
28063: * check.c, sudo.c:
28064: Only one space after a colon, not two, in printf's
28065: [38452f4c8007]
28066:
28067: 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
28068:
28069: * sudo.pod:
28070: document setting $USER
28071: [80557fe6aede]
28072:
28073: * check.c:
28074: fix bugs with prompt expansion
28075: [44c4fca5f009]
28076:
28077: * sudo.c:
28078: set $USER for root too
28079: [4b525e1c6269]
28080:
28081: 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
28082:
28083: * getspwuid.c:
28084: typo
28085: [5107446f43e0]
28086:
28087: * configure.in:
28088: HP-UX's iscomsec is in -lsec, not libc
28089: [03c9f700b795]
28090:
28091: * configure.in:
28092: remove some entries in the OS case statement that did nothing
28093: [ea96e7e0f624]
28094:
28095: * TROUBLESHOOTING:
28096: add "cd" section and flush out syslog section
28097: [5107f7363b78]
28098:
28099: * Makefile.in:
28100: no more sudo-lex.yy.c
28101: [ed50826efbbc]
28102:
28103: * check_sia.c:
28104: add custom prompt support
28105: [6a285cea10b7]
28106:
28107: * testsudoers.c:
28108: kill perror("malloc") since we already have a good error messages
28109: pw_ent -> pw for brevity
28110: [eee31052921e]
28111:
28112: * sudo.c:
28113: kill perror("malloc") since we already have a good error messages
28114: pw_ent -> pw for brevity set $USER if -u specified
28115: [9f3753461f8a]
28116:
28117: * parse.yacc:
28118: kill perror("malloc") since we already have a good error messages
28119: [849459088ac3]
28120:
28121: * parse.c:
28122: kill perror("malloc") since we already have a good error messages
28123: pw_ent -> pw for brevity when checking if %group matches, look up
28124: user in password file so that %groups works in a RunAs spec.
28125: [0489b4ecc59a]
28126:
28127: * logging.c:
28128: kill perror("malloc") since we already have a good error messages
28129: [3191a18b3526]
28130:
28131: * check.c, getspwuid.c, interfaces.c:
28132: kill perror("malloc") since we already have a good error messages
28133: pw_ent -> pw for brevity
28134: [7193fdb38cf9]
28135:
28136: 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
28137:
28138: * tgetpass.c:
28139: the prompt is expanded before tgetpass is called
28140: [0f408f508041]
28141:
28142: * sudo.h:
28143: tgetpass now has the same args as getpass again
28144: [b6778cd9d79f]
28145:
28146: * getspwuid.c:
28147: add iscomsec, issecure support
28148: [007be7ec7ae7]
28149:
28150: * check.c:
28151: we now expand any %h or %u in the prompt before passing to tgetpass
28152: [f3db8c9ee387]
28153:
28154: * configure.in:
28155: add check for syslog(3) in -lsocket, -lnsl, -linet
28156: [5a96f902ce00]
28157:
28158: * config.h.in:
28159: add HAVE_ISCOMSEC and HAVE_ISSECURE
28160: [f640b0d4cf05]
28161:
28162: * configure.in:
28163: add check for iscomsec in HP-UX
28164: [b28b249040f0]
28165:
28166: * configure.in:
28167: check for issecure if we have getpwanam on SunOS some options are
28168: incompatible with DUNIX SIA check for dispcrypt on DUNIX
28169: [a49d05d9c913]
28170:
28171: 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
28172:
28173: * config.h.in:
28174: add HAVE_DISPCRYPT
28175: [7376d543d8d6]
28176:
28177: * secureware.c:
28178: add back support for non-dispcrypt based checking for older DUNIX
28179: [977b98e936be]
28180:
28181: * INSTALL:
28182: sia changes
28183: [c5387c06e30f]
28184:
28185: * configure.in:
28186: SIA becomes the default on Digital UNIX now havbe --disable-sia to
28187: turn it off...
28188: [3b647558ea13]
28189:
28190: * check.c:
28191: move local includes after system ones
28192: [b2abad4c4aef]
28193:
28194: 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
28195:
28196: * check.c, check_sia.c, sudo.h:
28197: add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
28198: stderr
28199: [547cbf299661]
28200:
28201: * check_sia.c:
28202: fix while loop in sia_attempt_auth() that checks the password. Only
28203: the first iteration was working.
28204: [1886fd1ac831]
28205:
28206: 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
28207:
28208: * aclocal.m4:
28209: don't trust UID_MAX or MAXUID
28210: [2aeddb1654d8]
28211:
28212: * configure.in:
28213: fix two pastos
28214: [c18f0a10b75d]
28215:
28216: * configure.in:
28217: fix typo
28218: [1eb3190ef12d]
28219:
28220: * getspwuid.c, secureware.c:
28221: init crypt_type to INT_MAX since it is legal to be negative in DUNX
28222: 5.0
28223: [cefbde04822d]
28224:
28225: * configure.in:
28226: for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
28227: -ldb since DUNX < 4.0 lacks it
28228: [e6b11d971068]
28229:
28230: 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
28231:
28232: * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
28233: secureware.c, sudo.c, tgetpass.c:
28234: getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
28235: minutes if the shadow files don't exist).
28236: [2f297d095004]
28237:
28238: 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
28239:
28240: * INSTALL:
28241: updated --with-editor blurb
28242: [77d8a3ea7328]
28243:
28244: * TROUBLESHOOTING:
28245: tell how to put sudoers in a different dir
28246: [456cd20eb1d0]
28247:
28248: * configure.in:
28249: add missing quotes around $with_editor
28250: [22881748ab1b]
28251:
28252: * configure.in:
28253: typo in --with-editor bits
28254: [ab6964580681]
28255:
28256: * INSTALL:
28257: I don't expect it to work on Solaris
28258: [1c2fceaaf56e]
28259:
28260: * check.c:
28261: add back security/pam_misc.h
28262: [6ffd30033c1e]
28263:
28264: 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
28265:
28266: * INSTALL:
28267: remove dunix note since configure checks for this now
28268: [e9904512b8e8]
28269:
28270: * configure.in:
28271: add check for broken dunix prot.h (4.0 < 4.0D is bad)
28272: [8a4c1e6aef3b]
28273:
28274: * getspwuid.c, secureware.c, tgetpass.c:
28275: new dunix shadow code, use dispcrypt(3)
28276: [1b936bc7268c]
28277:
28278: * config.h.in:
28279: add HAVE_INITPRIVS
28280: [4369f4c4f914]
28281:
28282: * sudo.c:
28283: call initprivs() if we have it for getprpwuid later on
28284: [11cf5915d826]
28285:
28286: * Makefile.in:
28287: clean pathnames.h too
28288: [5f1df3262613]
28289:
28290: * configure.in:
28291: quote "Sorry, try again." with [] since it has a comma in it set
28292: LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
28293: getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
28294: initprivs later.
28295: [e226b0a3f250]
28296:
28297: * INSTALL:
28298: update Digital UNIX note about acl.h
28299: [80132b71d73a]
28300:
28301: * INSTALL:
28302: add --with-sia
28303: --without-root-sudo -> --disable-root-sudo some reordering
28304: [198386358818]
28305:
28306: * secureware.c:
28307: add whitespace
28308: [4aadaf1a54b0]
28309:
28310: * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
28311: add SIA support
28312: [fa3ddbb9cc51]
28313:
28314: * check_sia.c:
28315: Initial revision
28316: [2968551d40e4]
28317:
28318: 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
28319:
28320: * configure.in:
28321: when checking for -lsocket, -lnsl, and -linet, check for the
28322: specific functions we need from them.
28323: [8d33e64362a3]
28324:
28325: * config.h.in, sudo.h:
28326: move Syslog_* defs into sudo.h
28327: [03d1774f25c7]
28328:
28329: * Makefile.in, sudo.h:
28330: added check_secureware
28331: [e46e3cbb9a97]
28332:
28333: * configure.in:
28334: finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
28335: [dbefe1856503]
28336:
28337: * insults.h:
28338: don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
28339: defined. configure now does that for us
28340: [e4520ea0581f]
28341:
28342: * configure.in:
28343: move some --with options around change a bunch of echo's to
28344: AC_MSG_CHECKING, AC_MSG_RESULT pairs
28345: [ffdf6869fdd7]
28346:
28347: * configure.in:
28348: change $with_foo-bar -> $with_foo_bar kill extra " that caused a
28349: syntax error add some echo verbage
28350: [3278c49bf74b]
28351:
28352: 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
28353:
28354: * check.c:
28355: moved SecureWare stuff into secureware.c
28356: [42d3d3ac35dc]
28357:
28358: * secureware.c:
28359: Initial revision
28360: [aa7f72a249cf]
28361:
28362: * INSTALL:
28363: update url to solaris gcc bins
28364: [36a3eb668777]
28365:
28366: * INSTALL:
28367: change option formatter and flesh out someentries
28368: [6fbd1db4a8ad]
28369:
28370: * TROUBLESHOOTING, sudo.pod, visudo.pod:
28371: environmental variable -> environment variable
28372: [6f14d708e32d]
28373:
28374: * BUGS:
28375: everything is now done via configure
28376: [c217858f58ab]
28377:
28378: * README:
28379: prev rev was 1.5.6
28380: [7b4177103c35]
28381:
28382: * Makefile.in:
28383: passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
28384: [31c6b0a5e0e2]
28385:
28386: * config.h.in:
28387: SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
28388: [d406a1ef6d25]
28389:
28390: * Makefile.in:
28391: merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
28392: sudoers_mode from configure
28393: [1c509500655a]
28394:
28395: * configure.in:
28396: SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
28397: the Makefile, not config.h
28398: [d4482f1492fe]
28399:
28400: * INSTALL:
28401: document all --with/--enable options
28402: [22d81b312d7f]
28403:
28404: 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
28405:
28406: * insults.h:
28407: options.h is no more
28408: [560946a33f7f]
28409:
28410: * config.h.in:
28411: assimilated options.h
28412: [dd8ce74613c1]
28413:
28414: * configure.in:
28415: moved options from options.h to configure
28416: [d39662f71b4e]
28417:
28418: * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
28419: logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
28420: sudo_setenv.c, visudo.c:
28421: no more options.h
28422: [43924bf0858d]
28423:
28424: * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
28425: remove references to options.h
28426: [ef3474295395]
28427:
28428: * dce_pwent.c, interfaces.c, sudo.c:
28429: kill sys/time.h
28430: [4d833f0034e4]
28431:
28432: * tgetpass.c:
28433: if select return < -1 still prompt for pw
28434: [e0009e5c93a2]
28435:
28436: * options.h:
28437: convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
28438: configure options
28439: [e60a1e546516]
28440:
28441: * parse.c:
28442: FAST_MATCH is no longer an optino
28443: [c448dbb3464b]
28444:
28445: * check.c:
28446: remove_timestamp() if timestamp is preposterous
28447: [70d9a86c6ecd]
28448:
28449: * options.h:
28450: convert more options to --with/--enable
28451: [34646d9b09dc]
28452:
28453: * INSTALL, aclocal.m4:
28454: logfile -> logpath
28455: [42de502bc637]
28456:
28457: * configure.in:
28458: convert more options into --with and --enable
28459: [92d0898c9844]
28460:
28461: * tgetpass.c:
28462: catch EINTR in select and restart
28463: [f045d2f234d7]
28464:
28465: * logging.c:
28466: sys/errno -> errno
28467: [7f0c5beab6f2]
28468:
28469: 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
28470:
28471: * sudo.c:
28472: UMASK -> SUDO_UMASK.
28473: [48f308661514]
28474:
28475: * check.c, logging.c:
28476: time.h, not sys/time.h
28477: [91de049c79e4]
28478:
28479: 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
28480:
28481: * logging.c:
28482: MAILER -> _PATH_SENDMAIL
28483: [df65d6896639]
28484:
28485: * INSTALL, configure.in:
28486: no more --with-C2, now it is --disable-shadow
28487: [18bfcab3b9ab]
28488:
28489: * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
28490: getspwuid.c, sudo.c, tgetpass.c:
28491: new shadow password scheme. Always include shadow support if the
28492: platform supports it and the user did not disable it via configure
28493: [2135d93bb4a9]
28494:
28495: 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
28496:
28497: * configure.in:
28498: --with-getpass -> --{enable,disable}-tgetpass
28499: [451b33fdd4c7]
28500:
28501: * Makefile.in:
28502: pathnames.h -> pathnames.h.in
28503: [b109022eca69]
28504:
28505: * check.c:
28506: fix version string
28507: [761b25c314ea]
28508:
28509: * check.c:
28510: move pam_conv to be static to auth function remove pam_misc.h
28511: (solaris doesn't have one)
28512: [a682e4da987a]
28513:
28514: * aclocal.m4:
28515: _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
28516: [e6005d0599b5]
28517:
28518: * configure.in:
28519: munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
28520: [24c0ac2155ef]
28521:
28522: * pathnames.h.in:
28523: convert to pathnames.h.in
28524: [013bddf7f684]
28525:
28526: 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
28527:
28528: * configure.in:
28529: fix typo in sysv4 matching case /.
28530: [2994c4f88cf5]
28531:
28532: 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
28533:
28534: * check.c:
28535: pam stuff needs to run as root, not user, for shadow passwords
28536: [d94ff75de503]
28537:
28538: 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
28539:
28540: * BUGS, INSTALL, README, configure.in:
28541: updated version
28542: [775adc7de7ac]
28543:
28544: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
28545: emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
28546: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
28547: logging.c, options.h, parse.c, parse.lex, parse.yacc,
28548: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
28549: testsudoers.c, tgetpass.c, utime.c, visudo.c:
28550: updated version
28551: [5ca599fb6b93]
28552:
28553: * check.c:
28554: user version.h for long message
28555: [47a52ac7e542]
28556:
28557: * check.c:
28558: this is version 1.5.6
28559: [8451ac79eee2]
28560:
28561: 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
28562:
28563: * Makefile.in:
28564: remove errant backslash
28565: [0222a8a650ff]
28566:
28567: 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
28568:
28569: * options.h, parse.yacc, pathnames.h.in:
28570: fix version string
28571: [fdee73255d64] [SUDO_1_5_6]
28572:
28573: * BUGS, CHANGES, TODO:
28574: updtaed for 1.5.6
28575: [752443bf7f26]
28576:
28577: * RUNSON:
28578: updated for 1.5.6
28579: [0f878123fe6a]
28580:
28581: 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
28582:
28583: * interfaces.c:
28584: kill unused localhost_mask var copy if name to ifr_tmp after we zero
28585: it
28586: [8e89c364cef2]
28587:
28588: 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
28589:
28590: * INSTALL:
28591: Better description of new vs. old sudoers modes fix some typos
28592: better description of /usr/ucb/cc gotchas on slowaris
28593: [c00b2a6fc1e8]
28594:
28595: * Makefile.in:
28596: add sample.pam
28597: [ec7f6cc19b00]
28598:
28599: * sudo.c:
28600: set NewArgv[0] to user_shell, not basename(user_shell)
28601: [1e907cbc9f7b]
28602:
28603: 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
28604:
28605: * README:
28606: mention TROUBLESHOOTING more fix some typos
28607: [2c2e6907d4a4]
28608:
28609: * configure.in:
28610: move --enable/--disable to be after --with
28611: [9b30097f76c1]
28612:
28613: * INSTALL:
28614: document --enable/--disable
28615: [c522362e38a8]
28616:
28617: * INSTALL:
28618: document --with-pam
28619: [7e38932c78ac]
28620:
28621: 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
28622:
28623: * configure.in:
28624: Add message for pam users
28625: [d224f277e3cd]
28626:
28627: * sample.pam:
28628: Initial revision
28629: [3a84d7045f54]
28630:
28631: * config.h.in:
28632: fix HAVE_PAM
28633: [2f0f303ebd88]
28634:
28635: * check.c, config.h.in, configure.in:
28636: pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
28637: [ea3e0a72d707]
28638:
28639: 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
28640:
28641: * config.h.in:
28642: add HOST_IN_LOG and WRAP_LOG
28643: [822c36eeb6a8]
28644:
28645: * logging.c:
28646: add WRAP_LOG and HOST_IN_LOG
28647: [3cf6052bd27e]
28648:
28649: * configure.in:
28650: add --enable-log-host and --enable-log-wrap
28651: [c968cc12b353]
28652:
28653: * aclocal.m4:
28654: use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
28655: [915fef7e11a1]
28656:
28657: 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
28658:
28659: * compat.h:
28660: add howmany macro
28661: [9107a057a7c8]
28662:
28663: * tgetpass.c:
28664: include sys/param.h to get howmany macro
28665: [7e908b5e1f32]
28666:
28667: 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
28668:
28669: * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
28670: add RUNAS_DEFAULT
28671: [1e76398ea3fd]
28672:
28673: 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
28674:
28675: * fnmatch.c:
28676: bring in stdio.h for NULL
28677: [69c016610cbb]
28678:
28679: * aclocal.m4:
28680: allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
28681: [15ab2972f8d0]
28682:
28683: * sudo.c:
28684: use HAVE_SET_AUTH_PARAMETERS
28685: [8abfdc8c80f7]
28686:
28687: * config.h.in:
28688: add HAVE_SET_AUTH_PARAMETERS
28689: [673a5ebd5539]
28690:
28691: * configure.in:
28692: add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
28693: [a401f5a7469a]
28694:
28695: * config.sub:
28696: add support for HI-UX/MPP SR220001 02-03 0 SR2201
28697: [cb657b7acaae]
28698:
28699: * interfaces.c:
28700: initialize previfname
28701: [26a1902f56dc]
28702:
28703: * interfaces.c:
28704: Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
28705: it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
28706: kludging it
28707: [fa5c890c313b]
28708:
28709: * configure.in:
28710: typo
28711: [bff579fbe95c]
28712:
28713: * Makefile.in:
28714: don't need special build line for sudo.tab.o
28715: [10c0a0a912e4]
28716:
28717: * Makefile.in:
28718: don't clean sudo.tab.[ch]
28719: [c40d5968efbb]
28720:
28721: * sudo.c:
28722: Sudo should prompt for a password before telling the user that a
28723: command could not be found.
28724: [d718c85a0047]
28725:
28726: * BUGS:
28727: for 1.5.6
28728: [0cc1fe5b9129]
28729:
28730: * INSTALL, README:
28731: no longer require yacc
28732: [d9096fc5b8b6]
28733:
28734: * Makefile.in:
28735: typo
28736: [70feb1aefbd5]
28737:
28738: * Makefile.in:
28739: y.tab -> sudo.tab include pre-yacc'd parse.yacc
28740: [cc802025fd44]
28741:
28742: * parse.lex:
28743: include sudo.tab.h, not y.tab.h don't break out of command args if
28744: you get a '='
28745: [728ad26dbda5]
28746:
28747: * insults.h:
28748: fix version ,
28749: [242bbce1b2d4]
28750:
28751: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
28752: fix version
28753: [2bb9086fea1e]
28754:
28755: * compat.h:
28756: fix version
28757: [7e634d498ce6]
28758:
28759: * getcwd.c:
28760: getcwd(3) from OpenBSD for those without it.
28761: [6c68d0df8f6c]
28762:
28763: * sudo.h:
28764: HAVE_GETWD -> HAVE_GETCWD
28765: [2ad1e64d60c0]
28766:
28767: * configure.in:
28768: pretend sunos doesn't have getcwd(3) since it opens a pipe to
28769: getpwd!
28770: [677992ba5a6a]
28771:
28772: * parse.c:
28773: use NAMLEN() macro
28774: [8f5685aa3165]
28775:
28776: * fnmatch.c:
28777: remove duplicate include of string.h
28778: [6024f3051ac3]
28779:
28780: * configure.in:
28781: call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
28782: [3d82a9c22cc2]
28783:
28784: * aclocal.m4:
28785: add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
28786: [53fbc47282f9]
28787:
28788: * config.h.in:
28789: add dev_t and ino_t
28790: [5929bb0c7e1a]
28791:
28792: 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
28793:
28794: * check.c:
28795: fix OTP_ONLY for opie
28796: [7edcfa78f2ec]
28797:
28798: 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
28799:
28800: * testsudoers.c, tgetpass.c:
28801: include stdlib.h for malloc proto
28802: [c9f4b99a2fe9]
28803:
28804: 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
28805:
28806: * Makefile.in:
28807: make update_version saner
28808: [d522f93ee04a]
28809:
28810: * config.h.in:
28811: add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
28812: [c9a2d21dc608]
28813:
28814: * configure.in:
28815: check for waitpid and wait3 or no waitpid
28816: [1f18c3224184]
28817:
28818: * logging.c:
28819: used waitpid or wait3 if we have 'em
28820: [391c3279ee65]
28821:
28822: 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
28823:
28824: * visudo.c:
28825: fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
28826: [fbf53b18178f]
28827:
28828: 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
28829:
28830: * configure.in:
28831: don't need to explicately mention -lsocket -lnsl for sequent
28832: [1898dc055352]
28833:
28834: 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
28835:
28836: * configure.in:
28837: dynix should not link with -linet
28838: [278a4b9cfe2a]
28839:
28840: 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
28841:
28842: * INSTALL:
28843: mention that HP-UX doesn't ship with yacc
28844: [bde5147198c0]
28845:
28846: 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
28847:
28848: * check.c:
28849: ignore kerberos if we can't get the local realm
28850: [1e311a091a27]
28851:
28852: 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
28853:
28854: * BUGS, INSTALL, README, configure.in:
28855: ++version
28856: [499ffc746018]
28857:
28858: * version.h:
28859: ++
28860: [35ba1ee01bd3]
28861:
28862: * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
28863: find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
28864: logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
28865: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
28866: updated version
28867: [b4990a513f31]
28868:
28869: * check.c, sudo.h:
28870: fix version
28871: [5710795834e8]
28872:
28873: * getcwd.c:
28874: don't use popen/pclose. Do it inline.
28875: [29e57b0646a4]
28876:
28877: * lsearch.c:
28878: add rcsid
28879: [b2b55c39858d]
28880:
28881: * sudo.c:
28882: typo
28883: [d381ac39ed0f]
28884:
28885: * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
28886: ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
28887: sudo.h:
28888: updated version
28889: [462d6e1a2d75]
28890:
28891: * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
28892: MAX* + 1 -> MAX*
28893: [2c2eeb78d34f]
28894:
28895: * Makefile.in:
28896: getwd.c -> getcwd.c
28897: [7d718c32fc02]
28898:
28899: * config.h.in:
28900: kill HAVE_GETWD
28901: [6ad3d702343f]
28902:
28903: * configure.in:
28904: getcwd, not getwd
28905: [33e5b9841f58]
28906:
28907: * getcwd.c:
28908: use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
28909: purpose
28910: [24e58d340161]
28911:
28912: 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
28913:
28914: * OPTIONS, options.h:
28915: add STUB_LOAD_INTERFACES
28916: [d747cb23ca83]
28917:
28918: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
28919: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
28920: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
28921: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
28922: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
28923: testsudoers.c, tgetpass.c, utime.c, visudo.c:
28924: updated version
28925: [0798229312cc]
28926:
28927: * configure.in:
28928: support *-ccur-sysv4 and fix two typos
28929: [24a823ad7cc9]
28930:
28931: 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
28932:
28933: * configure.in:
28934: don't echo about with_logfile and with_timedir
28935: [31e4a1e2d9ad]
28936:
28937: * INSTALL:
28938: document --with-logfile and --with-timedir
28939: [674f811a40e0]
28940:
28941: * aclocal.m4:
28942: support --with-logfile and --with-timedir
28943: [2fc36b35db12]
28944:
28945: * configure.in:
28946: Add --with-logfile and --with-timedir
28947: [09045bf07e29]
28948:
28949: * sudo.c:
28950: change size computation of NewArgv for UNICOS
28951: [b50df07da3a1]
28952:
28953: 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
28954:
28955: * configure.in:
28956: treate -*-sysv4* like *-*-svr4
28957: [471b7ef4dbf2]
28958:
28959: 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
28960:
28961: * configure.in:
28962: fix spacing for --with-authenticate help
28963: [8321cb37c410]
28964:
28965: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
28966: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
28967: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
28968: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
28969: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
28970: testsudoers.c, tgetpass.c, utime.c, visudo.c:
28971: updated version
28972: [dc1ab97312eb]
28973:
28974: * parse.yacc:
28975: fix off by one error in push macro
28976: [bece59c8c3a9]
28977:
28978: 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
28979:
28980: * configure.in:
28981: removed bogus alloca hack
28982: [a68dd720462d]
28983:
28984: * check.c:
28985: added AIX 4.x authenticate() support
28986: [12985eb448a0]
28987:
28988: * parse.yacc:
28989: include alloca.h if using bison and not gcc and it exists. fixes an
28990: alloca problem on hpux 10.x
28991: [e3b5c4f26072]
28992:
28993: * INSTALL:
28994: mention --with-authenticate
28995: [78a1c96820e7]
28996:
28997: * configure.in:
28998: added AIX authenticate() support
28999: [c983193ec252]
29000:
29001: * config.h.in:
29002: add HAVE_AUTHENTICATE
29003: [7b0e5f5db5d9]
29004:
29005: * interfaces.c:
29006: dynamically size ifconf buffer
29007: [10afb0e9b2f9]
29008:
29009: * configure.in:
29010: quote '[' and ']'
29011: [8fc38a4defad]
29012:
29013: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
29014: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
29015: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
29016: logging.c, options.h, parse.c, parse.lex, parse.yacc,
29017: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
29018: testsudoers.c, tgetpass.c, utime.c, visudo.c:
29019: updated version
29020: [5f66de71ec61]
29021:
29022: * visudo.pod:
29023: add ERRORS section
29024: [3df3edb73cf6]
29025:
29026: 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
29027:
29028: * TROUBLESHOOTING:
29029: add busy stmp file explanation
29030: [6c555d469b6f]
29031:
29032: 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
29033:
29034: * configure.in:
29035: the name of the cached var that signals whether or not you are cross
29036: compiling changed. It is now ac_cv_prog_cc_cross
29037: [123911c0658c]
29038:
29039: 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
29040:
29041: * INSTALL:
29042: mention glibc 2.07 is fixed wrt lsearch()\.
29043: [ded758524582]
29044:
29045: 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
29046:
29047: * sample.sudoers, sudoers.pod:
29048: better example of su but not root su
29049: [b3199610be21]
29050:
29051: 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
29052:
29053: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
29054: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
29055: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
29056: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
29057: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
29058: testsudoers.c, tgetpass.c, utime.c, visudo.c:
29059: updated version
29060: [46922b84e86b]
29061:
29062: * Makefile.in:
29063: correct regexp for updating version
29064: [8032728b2a8a]
29065:
29066: * tgetpass.c:
29067: remove bogus flush of stderr spew prompt before turning off echo.
29068: Seems to fix a weird problem where if sudo complained about a bogus
29069: stamp file the user would sometimes not have a chance to enter a
29070: password
29071: [7aa1493cc141]
29072:
29073: * check.c:
29074: fix bogus flush of stderr
29075: [6d047871c5e8]
29076:
29077: * sudo.c:
29078: close fd's <=2 not <=3 and move that chunk of code up
29079: [553e4faac195]
29080:
29081: * configure.in:
29082: support hpux1[0-9] not just hpux10
29083: [5a34a000ff8a]
29084:
29085: 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
29086:
29087: * parse.c:
29088: set sudoers_fp to nil after closing
29089: [221a8b4bbf34]
29090:
29091: 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
29092:
29093: * config.guess, config.sub:
29094: updated from autoconf 2.12
29095: [6fc86a0fc61b]
29096:
29097: * configure.in:
29098: add *-*-svr4 rule
29099: [38f0427f7c9d]
29100:
29101: 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
29102:
29103: * tgetpass.c:
29104: fix select usage for high fd's (dynamically allocate readfds)
29105: [c2d1f76e0321]
29106:
29107: * check.c:
29108: kill extra whitespace
29109: [d784b6c9c514]
29110:
29111: * sudo.c:
29112: do an initgroups() before running a command, unless the target user
29113: is root.
29114: [4ca561287480]
29115:
29116: 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
29117:
29118: * TROUBLESHOOTING:
29119: tell people to use tabs, not spaces, in syslog.conf
29120: [8ae90a205134]
29121:
29122: 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
29123:
29124: * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
29125: parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
29126: updated version
29127: [4d855ff5de26]
29128:
29129: * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
29130: logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
29131: updated version
29132: [8e007e178b33]
29133:
29134: * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
29135: insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
29136: updated version
29137: [9ddea5c8814d]
29138:
29139: * Makefile.in:
29140: more tweaks to update_version
29141: [047698752855]
29142:
29143: * Makefile.in:
29144: fixed up update_version rule
29145: [47b6fa34b77f]
29146:
29147: * configure.in:
29148: ++version
29149: [c1ca664e30b7]
29150:
29151: * Makefile.in:
29152: removed supe of check.c
29153: [8f340a05296a]
29154:
29155: * INSTALL:
29156: ++version I missed
29157: [a298e6c17491]
29158:
29159: * RUNSON:
29160: updated
29161: [a14f6057bc15]
29162:
29163: * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
29164: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
29165: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
29166: insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
29167: parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
29168: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
29169: visudo.c:
29170: updated version
29171: [02231b1a3ab3]
29172:
29173: * CHANGES:
29174: updated for 1.5.5
29175: [634e5fcaf40b]
29176:
29177: * Makefile.in:
29178: add rules to update version stuff in files so I don't need to do it
29179: by hand
29180: [3620ad60485a]
29181:
29182: * sudo.h:
29183: sudoers_fp is now extern
29184: [88c6e9b9ea84]
29185:
29186: * sudo.c:
29187: in check_sudoers, cache the sudoers file handle in sudoers_fp so we
29188: don't have to open it again in the parse. This may help with weird
29189: solaris problems where EAGAIN sometime occurrs.
29190: [d3c26451ed1d]
29191:
29192: * parse.c:
29193: sudoers file open is now done only in check_sudoers() so we just do
29194: a rewind() instead of an open. May help people on solaris who were
29195: getting EAGAIN.
29196: [c8b8c7722fa5]
29197:
29198: 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
29199:
29200: * INSTALL:
29201: mention that newer glibc is fixed
29202: [20f06f5d3ef3]
29203:
29204: 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
29205:
29206: * sudo.c:
29207: newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
29208: _RLD* instead of _RLD_*
29209: [1e22c588d602]
29210:
29211: * parse.c:
29212: typo
29213: [d0b7cb85f08a]
29214:
29215: * parse.c:
29216: fix that bug for real
29217: [5a6eeca6d04b]
29218:
29219: * INSTALL:
29220: document Linux's libc6 brokenness.
29221: [0246c1aa64ee]
29222:
29223: * parse.yacc:
29224: -Wall
29225: [d0e452fb1e2d]
29226:
29227: * RUNSON:
29228: updated
29229: [4949a1bbd0a9] [SUDO_1_5_4]
29230:
29231: * TROUBLESHOOTING:
29232: remind people to HUP syslogd
29233: [590962faa4f0]
29234:
29235: * Makefile.in:
29236: add -O flag to tar
29237: [622d02de339d]
29238:
29239: * RUNSON:
29240: updated
29241: [a72930d6e615]
29242:
29243: * TODO:
29244: updated
29245: [4a51bd458390]
29246:
29247: * sudo.pod:
29248: remove author's email addr. people should mail sudo-bugs
29249: [9b6bbdb3a6d9]
29250:
29251: * INSTALL:
29252: fix version
29253: [246274c6c8af]
29254:
29255: * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
29256: find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
29257: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
29258: logging.c, options.h, parse.c, parse.lex, parse.yacc,
29259: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
29260: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
29261: ++version
29262: [f532ff4ee766]
29263:
29264: * RUNSON:
29265: updated
29266: [62d5c71358b5]
29267:
29268: * INSTALL, Makefile.in:
29269: ++version
29270: [1a7c7628edfc]
29271:
29272: * CHANGES:
29273: updated fort 1.5.4
29274: [7e4873508c99]
29275:
29276: * check.c:
29277: exit(1) if user enters no passwd
29278: [f382c0e35e4e]
29279:
29280: * BUGS:
29281: ++version
29282: [fab6a867ab67]
29283:
29284: * parse.c:
29285: commands can start with ./* not just /* -- fixes a serious security
29286: hole.
29287: [244d2fe35ee3]
29288:
29289: 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
29290:
29291: * sudo.c:
29292: Don't set the tty variable to NULL when we lack a tty, leave it as
29293: "unknown".
29294: [193b26daba03]
29295:
29296: 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
29297:
29298: * sample.sudoers:
29299: fix usage of (username) in conjunction with , and !
29300: [7ae68607f68f]
29301:
29302: * visudo.c:
29303: catch the case where the user is not in the passwd file
29304: [31650258deb0]
29305:
29306: * tgetpass.c:
29307: use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
29308: select(2)
29309: [60ab2d9a9ee8]
29310:
29311: * sudo.c:
29312: define tty global to an initial value to avoid dumping core in
29313: logging functions when passwd file is unavailable.
29314: [77056c7bc908]
29315:
29316: * sudo.c:
29317: do the set_perms(PERM_USER, sudo_mode) after we have gotten the
29318: passwd entry
29319: [1fdb8e579a5a]
29320:
29321: * sudo.pod:
29322: talk about problem of ALL
29323: [1cd1905c9f6f]
29324:
29325: 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
29326:
29327: * README:
29328: new web location
29329: [d24dc26f6da5]
29330:
29331: * INSTALL:
29332: fdesc bug is fixed in Open/Net BSD
29333: [7d4d81b08ac3]
29334:
29335: * HISTORY:
29336: updates from Nieusma
29337: [3a43769a1b78]
29338:
29339: 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
29340:
29341: * dce_pwent.c:
29342: move compat.h after the system includes
29343: [5ea43a5968ac]
29344:
29345: 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
29346:
29347: * logging.c:
29348: save errno from being clobbered by wait(). From Theo
29349: [f2d1c48cd592]
29350:
29351: 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
29352:
29353: * compat.h:
29354: fix an occurence of setresuid -> setreuid (typo)
29355: [394de35c9b1c]
29356:
29357: 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
29358:
29359: * install-sh:
29360: check for path to strip
29361: [2b7ef824bd55]
29362:
29363: 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
29364:
29365: * logging.c:
29366: deal with maxfilelen < 0 case
29367: [f0af095178d7]
29368:
29369: * OPTIONS:
29370: fixed descriptin
29371: [629f60bd4b5f]
29372:
29373: 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
29374:
29375: * sudo.c:
29376: correct error message if mode/owner wrong and not statable by owner
29377: but is statable by root.
29378: [cb631ce2e85e]
29379:
29380: 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
29381:
29382: * config.guess, config.sub:
29383: autoconf 2.11
29384: [f3cbe59e0756]
29385:
29386: 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
29387:
29388: * CHANGES, RUNSON, TODO:
29389: sudo 1.5.3.
29390: [2be3229b8626]
29391:
29392: 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
29393:
29394: * parse.yacc, sudo.h:
29395: command_alias -> generic_alias
29396: [c404ca8c510d] [SUDO_1_5_3]
29397:
29398: * sample.sudoers:
29399: added Runas_Alias example and fixed syntax errors
29400: [c304053f4a8a]
29401:
29402: * OPTIONS, options.h:
29403: updated MAILSUBJECT
29404: [18d1573fcd2a]
29405:
29406: * logging.c:
29407: added %h expansion
29408: [a4bff9b284fd]
29409:
29410: * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
29411: configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
29412: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
29413: insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
29414: parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
29415: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
29416: visudo.c:
29417: ++version
29418: [211ff20f956f]
29419:
29420: * BUGS, emul/utime.h:
29421: ++version
29422: [cde5376579e3]
29423:
29424: * sudoers.pod:
29425: document Runas_Alias
29426: [b1a58f28fb2c]
29427:
29428: * visudo.pod:
29429: q (uid) -> Q
29430: [d256649a0e6b]
29431:
29432: * visudo.c:
29433: buffer oflow checking q (uit) -> Q if yyparse() fails drop into
29434: whatnow
29435: [1cb183d15626]
29436:
29437: * parse.yacc:
29438: add size params to sprintf
29439: [9228f698921f]
29440:
29441: * parse.lex:
29442: allow trailing space after '\\' but before '\n'
29443: [f51dbbf69fdf]
29444:
29445: * find_path.c:
29446: off by one error in path size check
29447: [a6d75ccd7632]
29448:
29449: * check.c:
29450: sprintf paranoia
29451: [3ffb12d198dd]
29452:
29453: 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
29454:
29455: * parse.yacc:
29456: fixed more_aliases
29457: [aab12f2a50af]
29458:
29459: * visudo.c:
29460: now warns if killed by signal ./
29461: [310c186a0fd7]
29462:
29463: 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
29464:
29465: * parse.yacc:
29466: fix Runas_Alias stuff Alias's in runas list now get expanded (but it
29467: is gross)
29468: [45590b83120f]
29469:
29470: * sudo.c:
29471: Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
29472: [d53e01c14c58]
29473:
29474: * parse.yacc:
29475: add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
29476: [7a4a040aae2d]
29477:
29478: * parse.lex:
29479: Add Runas_Alias and simplify a rule.
29480: [6f794a769a37]
29481:
29482: * parse.yacc:
29483: always store User_Alias's since they can be used inside of a runas
29484: list. Sigh. Really need a Runas_Alias instead.
29485: [3bab058a873e]
29486:
29487: 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
29488:
29489: * visudo.c:
29490: deal with case where there is no sudoers file
29491: [fa38b3bb244d]
29492:
29493: 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
29494:
29495: * TROUBLESHOOTING:
29496: added one
29497: [e61346d06725]
29498:
29499: 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
29500:
29501: * HISTORY, testsudoers.c:
29502: developement -> development
29503: [4df55e293941]
29504:
29505: * INSTALL:
29506: added a note
29507: [3845fb83dbc0]
29508:
29509: * RUNSON:
29510: for 1.5.2
29511: [5489b7298942]
29512:
29513: * CHANGES:
29514: updated
29515: [0741834929e6]
29516:
29517: 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
29518:
29519: * PORTING:
29520: removed seteuid() notes
29521: [1010a60f281d] [SUDO_1_5_2]
29522:
29523: 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
29524:
29525: * compat.h:
29526: better seteuid() emulatino
29527: [e807623b662c]
29528:
29529: * configure.in:
29530: added check for seteuid
29531: [8cf9fabc6f4f]
29532:
29533: * config.h.in:
29534: added HAVE_SETEUID
29535: [596db46aa828]
29536:
29537: 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
29538:
29539: * configure.in:
29540: first stab at sequent support
29541: [b85a7bfcac76]
29542:
29543: * config.h.in:
29544: added HAVE_SYS_SELECT_H
29545: [93ecdd042463]
29546:
29547: * compat.h:
29548: sequent -> _SEQUENT_
29549: [63a38b6da98c]
29550:
29551: * compat.h:
29552: added seteuid() macro for DYNIX
29553: [695bd63c5ea6]
29554:
29555: * tgetpass.c:
29556: _AIX -> HAVE_SYS_SELECT_H
29557: [b31221211bc2]
29558:
29559: 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
29560:
29561: * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
29562: parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
29563: testsudoers.c, tgetpass.c, utime.c, visudo.c:
29564: ++version
29565: [8052992fd453]
29566:
29567: * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
29568: getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
29569: ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
29570: pathnames.h.in, version.h:
29571: ++version
29572: [f7ad15e1598a]
29573:
29574: * sudo.pod:
29575: added -H and SUDO_PS1
29576: [bb965241e30c]
29577:
29578: * configure.in:
29579: use SUDO_FUNC_FNMATCH
29580: [6a8350d85fb2]
29581:
29582: * aclocal.m4:
29583: added SUDO_FUNC_FNMATCH
29584: [45b32c91c4ba]
29585:
29586: * sudo.c:
29587: added -H flag
29588: [11ebc6872fd6]
29589:
29590: * sudo.h:
29591: added MODE_RESET_HOME /
29592: [67a7f8bcbbd6]
29593:
29594: 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
29595:
29596: * INSTALL:
29597: mention OPIE
29598: [5723515d5bbd]
29599:
29600: * options.h:
29601: SKEY -> OTP
29602: [c1d268130bc4]
29603:
29604: * configure.in:
29605: added opie support
29606: [123872b41b20]
29607:
29608: * compat.h, config.h.in:
29609: added HAVE_OPIE
29610: [528c71afc1e5]
29611:
29612: * check.c:
29613: added HAVE_OPIE and changed to *_OTP_*
29614: [4c62f5db872a]
29615:
29616: * OPTIONS:
29617: SKEY -> OTP
29618: [bd858e5e9652]
29619:
29620: 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
29621:
29622: * check.c:
29623: moved fclose() in skey stuff.
29624: [11f7dc8431a6]
29625:
29626: 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
29627:
29628: * putenv.c:
29629: index -> strchr remove unnecesary stuff
29630: [af2d05238062]
29631:
29632: * check.c:
29633: now call skeychallenge() to get challenge instead of making one up
29634: ourselves. this way, we get extra goodies in the prompt.
29635: [49b770d98d3a]
29636:
29637: 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
29638:
29639: * CHANGES:
29640: added one
29641: [3f5149357e2a] [SUDO_1_5_1]
29642:
29643: * parse.lex:
29644: allow logins to start with a number (YUCK!)
29645: [7ed7ef324741]
29646:
29647: 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
29648:
29649: * TROUBLESHOOTING:
29650: added soalris 2.5 vs 2.4 note
29651: [16160a251aae]
29652:
29653: * configure.in:
29654: DUNIX doesn't need -lnsl
29655: [be924cc322c3]
29656:
29657: * CHANGES:
29658: *** empty log message ***
29659: [1b2937521981]
29660:
29661: * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
29662: getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
29663: ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
29664: options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
29665: strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
29666: utime.c, version.h, visudo.c:
29667: courtesan
29668: [5f203589bbfe]
29669:
29670: * PORTING, README, RUNSON:
29671: courtesan
29672: [d72517f4937e]
29673:
29674: * INSTALL, Makefile.in, TROUBLESHOOTING:
29675: courtesan
29676: [5c007e3c7a71]
29677:
29678: * visudo.pod:
29679: *** empty log message ***
29680: [37ebe85bd4e1]
29681:
29682: * sudo.pod, visudo.pod:
29683: courtesan
29684: [37f02e2130ea]
29685:
29686: 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
29687:
29688: * HISTORY:
29689: added courtesan ./
29690: [b01435226276]
29691:
29692: 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
29693:
29694: * sudo.c:
29695: added $SUDO_PROMPT support
29696: [cb1fa72c093d]
29697:
29698: 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
29699:
29700: * check.c:
29701: print long skey challemged to stderr, not stdout
29702: [750fc775b3b2]
29703:
29704: 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
29705:
29706: * CHANGES:
29707: updated for 1.5.1
29708: [9b615f393057]
29709:
29710: * emul/utime.h:
29711: ++version
29712: [a94de18deafb]
29713:
29714: 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
29715:
29716: * RUNSON:
29717: updated for 1.5.1
29718: [4092f20ab634]
29719:
29720: 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
29721:
29722: * check.c:
29723: use shost, not host for tgetpass
29724: [6061c49ff9be]
29725:
29726: * sudo.pod:
29727: documented %u and %h
29728: [6d2922d29897]
29729:
29730: * OPTIONS:
29731: documented %u and %h
29732: [1a71da13a864]
29733:
29734: * configure.in:
29735: fixed typo
29736: [1230dec2b062]
29737:
29738: * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
29739: dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
29740: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
29741: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
29742: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
29743: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
29744: ++version
29745: [65ce8eabf77a]
29746:
29747: * BUGS:
29748: ++version
29749: [afecab53aab7]
29750:
29751: 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
29752:
29753: * Makefile.in, configure.in, version.h:
29754: ++version
29755: [fb3ff940d672]
29756:
29757: * sudo.h:
29758: new tgetpass() params
29759: [9eccc5b0f8ae]
29760:
29761: * check.c:
29762: pass use and host to tgetpass
29763: [c56d9d13c401]
29764:
29765: * tgetpass.c:
29766: added %u and %h escapes
29767: [04ae775d3e5d]
29768:
29769: * OPTIONS, check.c, options.h:
29770: added NO_MESSAGE
29771: [3927dad19057]
29772:
29773: * configure.in:
29774: added cray (unicos) support
29775: [1122210c5fb1]
29776:
29777: 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
29778:
29779: * OPTIONS, options.h, sudo.c:
29780: added SHELL_SETS_HOME
29781: [0b26909b0929]
29782:
29783: 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
29784:
29785: * INSTALL:
29786: added note about "make install"
29787: [7e56ea76d4b4]
29788:
29789: * parse.yacc:
29790: changed length/size params from int to size_t
29791: [5654e5ceb1b3]
29792:
29793: * OPTIONS:
29794: now get CSOPS insults as well by default
29795: [297323d0179a]
29796:
29797: * insults.h:
29798: use csops insults too by default
29799: [07fafc136169]
29800:
29801: * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
29802: version = 1.5
29803: [4b8772b11e3b]
29804:
29805: * sudo.c:
29806: added runas_homedir
29807: [b0e0d4417a15]
29808:
29809: * TODO:
29810: updated for 1.5
29811: [66259df825d5]
29812:
29813: * RUNSON:
29814: updated for 1.5
29815: [e08bc9ebfe95]
29816:
29817: * CHANGES:
29818: 1.5 release
29819: [8c16942fea41]
29820:
29821: * INSTALL:
29822: added "upgrading" notes
29823: [210d968964ff]
29824:
29825: 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
29826:
29827: * visudo.c:
29828: now do chmod and chown after edit of temp file and before rename
29829: [de174e34faa7] [SUDO_1_5_0]
29830:
29831: 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
29832:
29833: * Makefile.in:
29834: ++version added INSTALL.configure
29835: [c9e9214f52ae]
29836:
29837: * configure.in, version.h:
29838: ++version
29839: [5985abed3eb2]
29840:
29841: * TROUBLESHOOTING:
29842: *** empty log message ***
29843: [d65c540ec52e]
29844:
29845: * parse.yacc:
29846: added missing cast
29847: [e7247319a7d5]
29848:
29849: * sudo.c:
29850: sets $HOME to pw_dir of runas user
29851: [d3f7f4d05752]
29852:
29853: * sudo.pod:
29854: document $HOME change
29855: [854454d458c4]
29856:
29857: 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
29858:
29859: * sudo.pod:
29860: fixed up some wording
29861: [b0c8582f2c97]
29862:
29863: * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
29864: interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
29865: strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
29866: visudo.c:
29867: ++version
29868: [748be723fd8b]
29869:
29870: * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
29871: insults.h, options.h, pathnames.h.in, sudo.h:
29872: ++version
29873: [acdf8b1b2a1b]
29874:
29875: * emul/utime.h:
29876: ++version
29877: [b3f35298ab8d]
29878:
29879: * sudo.h:
29880: name nad type changes
29881: [db24ab3da141]
29882:
29883: * testsudoers.c:
29884: now works with new sudo
29885: [379346c42cc2]
29886:
29887: * parse.yacc:
29888: fixed some XXX
29889: [f5fe4c990052]
29890:
29891: * parse.yacc:
29892: some variable name changes + comment headers for functions.
29893: [3dc3bd9aa73d]
29894:
29895: * tgetpass.c:
29896: added extra paren's to make compilers happy
29897: [9e4968a34d56]
29898:
29899: * sudo.c:
29900: *** empty log message ***
29901: [70c924c1ed69]
29902:
29903: * parse.c:
29904: now uses init_parser() if not in sudoers and tries "list" or
29905: "validate" scold but don't be nasty.
29906: [c0d8fb3f8c9e]
29907:
29908: * TROUBLESHOOTING:
29909: now can use upper case login names
29910: [c772fffcefe5]
29911:
29912: * visudo.c:
29913: now uses init_parser()
29914: [b9efae7243fd]
29915:
29916: * INSTALL, README:
29917: updated
29918: [27dc8283fdc8]
29919:
29920: * PORTING:
29921: added info about PASSWORD_TIMEOUT
29922: [980e15d892f8]
29923:
29924: * INSTALL.configure:
29925: Initial revision
29926: [8292e89a08d3]
29927:
29928: * BUGS:
29929: fixed a bug ,
29930: [c6e46f5624f9]
29931:
29932: * parse.yacc:
29933: now dynamically allocates memory for the stacks -- no more
29934: overflows!
29935: [8615c35b6ad3]
29936:
29937: * sudo.pod:
29938: -l now explands command aliases
29939: [39f45605935d]
29940:
29941: * parse.yacc:
29942: hacks to expand command aliases for `sudo -l'
29943: [e4eb752608f9]
29944:
29945: * sudo.c:
29946: remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
29947: [01327ca5084b]
29948:
29949: * sudo.h:
29950: added struct command_alias
29951: [dd2f32764082]
29952:
29953: * sudo.pod:
29954: fixed a bug
29955: [e708ff08d2eb]
29956:
29957: * lsearch.c:
29958: in compar() key should be first arg
29959: [fc14c3fa62ee]
29960:
29961: 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
29962:
29963: * BUGS:
29964: fixed some bugs
29965: [639dfe425bd5]
29966:
29967: * parse.yacc:
29968: can now deal with upcase HOST and USER names
29969: [c6aa7bcfb00d]
29970:
29971: * sudo.c:
29972: don't yell too loudly at non-sudoers if they do "sudo -l"
29973: [4ef146128d89]
29974:
29975: * sudo.pod:
29976: fixed thinko
29977: [830f2f0f22e7]
29978:
29979: * parse.c:
29980: fix comment
29981: [d20ce9e17ddc]
29982:
29983: 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
29984:
29985: * parse.c, parse.yacc:
29986: added support for new `sudo -l' stuff
29987: [7dceaef3c733]
29988:
29989: * sudo.c:
29990: now uses list_matches()
29991: [293364821b61]
29992:
29993: * sudo.h:
29994: added struct sudo_match
29995: [b2684179d179]
29996:
29997: * configure.in:
29998: now more -lgnumalloc
29999: [4f8ae42617d8]
30000:
30001: 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
30002:
30003: * install-sh:
30004: added more paths for chown and whoami
30005: [6e685a19426c]
30006:
30007: 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
30008:
30009: * check.c:
30010: typo
30011: [3adfa01c04bc]
30012:
30013: 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
30014:
30015: * aclocal.m4:
30016: fixed DUNIX check for shadow pw
30017: [c25324bcd27b]
30018:
30019: * tgetpass.c:
30020: now only turn off echo if it is already on. this fixes a race when
30021: you use sudo in a pipelin
30022: [28388c2de21c]
30023:
30024: * INSTALL:
30025: updated
30026: [b45ac9366b7e]
30027:
30028: * configure.in:
30029: changed "test -z $foo && do_this" to if; then construct
30030: [2183c4426bca]
30031:
30032: 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
30033:
30034: * configure.in:
30035: added missing defines of SHADOW_TYPE
30036: [be89ea68a7f3]
30037:
30038: 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
30039:
30040: * check.c:
30041: protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
30042: only in dunix 4.x
30043: [1e7c1c677263]
30044:
30045: * getspwuid.c:
30046: added AUTH_CRYPT_C1CRYPT support
30047: [88d6b0058b20]
30048:
30049: * parse.c:
30050: no longer return VALIDATE_NOT_OK if there was a runas that didn't
30051: match. Now we can have runas stuff on more than one line.
30052: [52b68920d7b7]
30053:
30054: * getspwuid.c, sudo.c, tgetpass.c:
30055: use SHADOW_TYPE instead of HAVE_C2_SECURITY
30056: [cf401dfcbc06]
30057:
30058: * configure.in:
30059: got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
30060: something
30061: [c7a233c4dd93]
30062:
30063: * config.h.in:
30064: removed HAVE_C2_SECURITY added SPW_BSD
30065: [8314405e9754]
30066:
30067: * compat.h:
30068: use SHADOW_TYPE instead of HAVE_C2_SECURITY
30069: [6f94870df17f]
30070:
30071: * check.c:
30072: SHADOW_TYPE is always defined so just against its value
30073: [72c69a55d02f]
30074:
30075: * aclocal.m4:
30076: added SUDO_CHECK_SHADOW_DUNIX
30077: [ef025ae9d496]
30078:
30079: 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
30080:
30081: * sudoers.pod:
30082: * -> ?* in one example added another instance of (runas) and one of
30083: NOPASSWD:
30084: [d74fe1dcbe7d]
30085:
30086: 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
30087:
30088: * configure.in:
30089: added back check for config.cache from other host type
30090: [0ba87871f585]
30091:
30092: * parse.lex:
30093: removed an instance of \"
30094: [1e008d3709f6]
30095:
30096: * sample.sudoers:
30097: added an example
30098: [dbfcf68ee330]
30099:
30100: * sudoers.pod:
30101: updated wrt new wildcard matching
30102: [193fa44a475b]
30103:
30104: * configure.in:
30105: new check for shadow passwords if we don't know anything
30106: [67465df7dc9a]
30107:
30108: * aclocal.m4:
30109: new SUDO_CHECK_SHADOW_GENERIC
30110: [3563b16a41b8]
30111:
30112: * configure.in:
30113: added back check for -lsocket (oops)
30114: [a80882ee1cb6]
30115:
30116: * configure.in:
30117: better (working) check for shadow passwd type if we know to use C2.
30118: [3cdd2a59a641]
30119:
30120: * configure.in:
30121: now uses AC_CANONICAL_HOST to figure out os type
30122: [80db7fe6e704]
30123:
30124: * Makefile.in:
30125: added config.{guess,sub}
30126: [c6be7e3ca384]
30127:
30128: * aclocal.m4:
30129: removed unused stuff to figure out os type
30130: [c9a0f3b57123]
30131:
30132: * config.sub:
30133: added openbsd
30134: [bfc6bfec3668]
30135:
30136: * config.sub:
30137: Initial revision
30138: [e6e06ce0d17d]
30139:
30140: * config.guess:
30141: Initial revision
30142: [99dd06f79199]
30143:
30144: * testsudoers.c:
30145: don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
30146: pathname. need to check against sudoers_args even if user_args is
30147: nil
30148: [66e6cf77f5d6]
30149:
30150: * parse.c:
30151: don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
30152: pathname need to check against sudoers_args even if user_args is nil
30153: [74374df17311]
30154:
30155: 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
30156:
30157: * check.c:
30158: added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
30159: [cbb00261c415]
30160:
30161: * testsudoers.c:
30162: now takes command line args and uses cmnd_args
30163: [f0c2fd35a527]
30164:
30165: * parse.lex:
30166: fill_args was adding an extra leading space
30167: [692fc999b2e8]
30168:
30169: 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
30170:
30171: * visudo.c:
30172: fixed dummy command_matches()
30173: [93d9543db6e2]
30174:
30175: * parse.yacc:
30176: fixed prototype
30177: [7b0addfbd429]
30178:
30179: * sudo.h:
30180: added cmnd_args
30181: [8f47c4ae65ef]
30182:
30183: * parse.yacc:
30184: now uses flat args string
30185: [016e65877da3]
30186:
30187: * parse.c, parse.lex:
30188: now uses flat arg string
30189: [5b5f2e3f4c09]
30190:
30191: * visudo.c:
30192: added cmnd_args def
30193: [876867134775]
30194:
30195: * sudo.c:
30196: now sets cmnd_args global
30197: [e6fee70cb59b]
30198:
30199: * logging.c:
30200: cmnd_args is now exported from sudo.[ch]
30201: [7a9cd36e356f]
30202:
30203: 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
30204:
30205: * parse.yacc:
30206: can't rely on cmnd_matches as much as I thought -- added some $$
30207: stuff back in to prevent namespace pollution problems.
30208: [3c45fedb5af3]
30209:
30210: * parse.yacc:
30211: Simplified parse rules wrt runas and NOPASSWD (more consistent).
30212: [e6d838c8a4c7]
30213:
30214: 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
30215:
30216: * parse.lex:
30217: NOPASSWD may now have blanks before the ':' '(' only starts a
30218: 'runas' if in the initial state to avoid collision with command args
30219: [c5c01172f499]
30220:
30221: * configure.in:
30222: added checks for specific shadow passwd schemes
30223: [b7e3d1f7b84f]
30224:
30225: * aclocal.m4:
30226: added routines to check for specific shadow passwd types
30227: [e5e1d19960a6]
30228:
30229: 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
30230:
30231: * configure.in:
30232: added support for ncr boxen
30233: [bea9dc5aae7f]
30234:
30235: * aclocal.m4:
30236: added support for detecting ncr boxen
30237: [8653a158a924]
30238:
30239: 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
30240:
30241: * configure.in:
30242: added sinix support
30243: [5de2b2173ee1]
30244:
30245: 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
30246:
30247: * TROUBLESHOOTING:
30248: added info about "config.cache from other other" error.
30249: [845b10198e0b]
30250:
30251: * aclocal.m4:
30252: now makes sure you don't have a config.cache file from another OS
30253: [4fe32571c021]
30254:
30255: * configure.in:
30256: now sets $LIBS when needed to configure links with libs when doing
30257: tests hpux10 now uses SPW_SECUREWARE for C2 added check for
30258: bigcrypt(3) if SPW_SECUREWARE
30259: [2df6b8ca538f]
30260:
30261: * getspwuid.c:
30262: fixed typo
30263: [fe1cb1d792d6]
30264:
30265: * tgetpass.c:
30266: now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
30267: [f71138372c07]
30268:
30269: * getspwuid.c:
30270: no more SPW_HPUX10
30271: [cfdeb18bc16b]
30272:
30273: * config.h.in:
30274: no more SPW_HPUX10 added HAVE_BIGCRYPT
30275: [00d296479a61]
30276:
30277: * compat.h:
30278: now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
30279: [6c6d9e680417]
30280:
30281: * check.c:
30282: SPW_SECUREWARE now uses bigcrypt
30283: [be71fc66690f]
30284:
30285: 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
30286:
30287: * sample.sudoers:
30288: fixed 2 syntax errors
30289: [45eee19ef4ac]
30290:
30291: * sudoers:
30292: root may now run ALL as ALL
30293: [1b54c6b9b212]
30294:
30295: 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
30296:
30297: * interfaces.c:
30298: fixed a typo/thinko that broke BSD's with sa_len
30299: [603438360126]
30300:
30301: 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
30302:
30303: * check.c, configure.in:
30304: updated AFS support
30305: [e572eb8d177a]
30306:
30307: * TROUBLESHOOTING:
30308: added entry about /usr/ucb/cc
30309: [025b353aa9d3]
30310:
30311: * INSTALL:
30312: prep no longer holds gcc binaries
30313: [8b0942958049]
30314:
30315: * INSTALL:
30316: updated AFS note
30317: [7af6efd5abe4]
30318:
30319: * Makefile.in:
30320: added @AFS_LIBS@
30321: [97b6fe6ad7d6]
30322:
30323: * compat.h:
30324: AFS allows long passwords
30325: [5fb17122c302]
30326:
30327: * testsudoers.c:
30328: fixed -u user support
30329: [b1a0c1648639]
30330:
30331: * parse.c:
30332: sudo -v now groks VALIDATE_OK_NOPASS
30333: [74fc03fffe7e]
30334:
30335: * parse.yacc:
30336: fixed no_passwd vs. runas_matched
30337: [549a9b791a6a]
30338:
30339: * TROUBLESHOOTING:
30340: took out stuff about NFS-mounting since it is no longer an issue
30341: [d95ab7fbbc61]
30342:
30343: * INSTALL:
30344: added --with-libraries > --with-libpath --with-incpath
30345: [d5d15a7a0f4c]
30346:
30347: * parse.yacc:
30348: was setting runas_matches to -1 in wrong place
30349: [db2b1deb8d33]
30350:
30351: * check.c:
30352: removed usersec.h which is not present in new AFS versions
30353: [618b016dd17f]
30354:
30355: * tgetpass.c:
30356: now deals with timeout <= 0
30357: [ba53a1257255]
30358:
30359: * OPTIONS:
30360: updated
30361: [75093bd8fdca]
30362:
30363: * configure.in:
30364: BSD/OS >= 2.0 now uses shlicc instead of just gcc
30365: [ff6dbf7825c2]
30366:
30367: * sudo.c:
30368: fixed backwards compatibility with sudo 1.4 sudoers mode for root
30369: readable/writable filesystems
30370: [2694ed627221]
30371:
30372: * Makefile.in:
30373: now gives INSTALL -c flag
30374: [63db055a2fd1]
30375:
30376: * parse.yacc:
30377: slightly simpler initialization of no_passwd and runas_matches
30378: [463a1b5fa323]
30379:
30380: * testsudoers.c:
30381: added -u username support
30382: [38b072fcd6b3]
30383:
30384: * configure.in:
30385: improved --with-libraries support
30386: [047dbc5f0af2]
30387:
30388: 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
30389:
30390: * configure.in:
30391: added --with-incpath, --with-libpath, --with-libraries
30392: [20f20d6c718c]
30393:
30394: * parse.yacc:
30395: now initializes some fields that weren't getting set to -1 pretty
30396: gross -- need a rewrite.
30397: [021c160390c6]
30398:
30399: 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
30400:
30401: * alloca.c:
30402: removed emacs'isms
30403: [9d4ec2efe057]
30404:
30405: * configure.in:
30406: no longer add -lPW to *_LIBS since we include alloca.c
30407: [a626d1bbea80]
30408:
30409: * config.h.in:
30410: added HAVE_ALLOCA_H
30411: [15491e2a6cff]
30412:
30413: * Makefile.in:
30414: added alloca.c
30415: [0400f25e1fe4]
30416:
30417: * alloca.c:
30418: Initial revision
30419: [06d033aa4882]
30420:
30421: * configure.in:
30422: ++version
30423: [f52c0fb98f90]
30424:
30425: 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
30426:
30427: * sudo.c:
30428: now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
30429: not always set to a valid uid.
30430: [c2669f77704d]
30431:
30432: * OPTIONS:
30433: fixed entry for SUDO_MODE
30434: [d7272f6035b8]
30435:
30436: * sudo.c:
30437: Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
30438: being set to -2. Now beat NFS to the punch and set uid to "nobody"
30439: ourselves, preserving group 0 to read sudoers.
30440: [b1fbc5dd1e34]
30441:
30442: * parse.c:
30443: moved set_perms(PERM_ROOT) to be before yyparse()
30444: [7619d8080735]
30445:
30446: * logging.c:
30447: fixed a typo
30448: [318acc48cde0]
30449:
30450: * configure.in:
30451: no longer need AC_PROG_INSTALL
30452: [de01b1336dc8]
30453:
30454: * Makefile.in:
30455: always use install-sh to avoid install(1)'s that use get{pw,gr}nam
30456: [ea2351986406]
30457:
30458: * INSTALL:
30459: make clean -> make distclean
30460: [704a98e8ba10]
30461:
30462: 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
30463:
30464: * parse.yacc:
30465: removed some unnecsary if's
30466: [f00db6508132]
30467:
30468: * Makefile.in, version.h:
30469: ++version
30470: [bdb6740b24c8]
30471:
30472: * parse.c, testsudoers.c:
30473: now includes netgroup.h
30474: [93f5a06352bc]
30475:
30476: * interfaces.c:
30477: removed cats of ioctl to int since they didn't shut up -Wall
30478: [83e9f912cd7a]
30479:
30480: * interfaces.c:
30481: explicately cast ioctl() to int since it it not always declared
30482: [2ff9294e469e]
30483:
30484: * sudo.h:
30485: added declarations for yyparse() and yylex()
30486: [6071321ab771]
30487:
30488: * parse.yacc:
30489: fixed an occurence of '==' -> '='
30490: [2c46d2e11d57]
30491:
30492: * config.h.in, configure.in:
30493: added check for netgroup.h
30494: [73403050f4e3]
30495:
30496: * sudo.c:
30497: fixed 2 compiler warnings
30498: [680929b0bd97]
30499:
30500: * sudo.c:
30501: SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
30502: initialized
30503: [18707ecd07c2]
30504:
30505: 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
30506:
30507: * sudo.pod:
30508: fixed a typo
30509: [e4b5c12aa130]
30510:
30511: 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
30512:
30513: * parse.yacc:
30514: fixed a formatting thingie
30515: [c79327b6f19b]
30516:
30517: * parse.c, parse.yacc:
30518: fixed -u support with multiple user lists on a line
30519: [e4d1066adca2]
30520:
30521: * configure.in:
30522: unixware needs -lgen
30523: [b5bf9bca63cc]
30524:
30525: * README:
30526: updated ftp location
30527: [b25a033f7921]
30528:
30529: * sudoers.pod:
30530: add net_addr/netmask support
30531: [674e83516d1e]
30532:
30533: * sample.sudoers:
30534: added net_addr/mask example
30535: [774878e89b28]
30536:
30537: * parse.c, parse.lex:
30538: added support for net_addr/netmask
30539: [e33de27325d8]
30540:
30541: 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
30542:
30543: * sudoers.pod:
30544: ^ -> !
30545: [1a084950d6ef]
30546:
30547: 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
30548:
30549: * RUNSON:
30550: updated for 1.4.3
30551: [c82019025d09]
30552:
30553: * CHANGES:
30554: udpated for 1.4.3
30555: [ceaa81adb8f0]
30556:
30557: * BUGS, TODO, TROUBLESHOOTING:
30558: updated
30559: [ff94fae4b853]
30560:
30561: * sample.sudoers:
30562: updated with examples of new stuff
30563: [99d0b4cb4c9c]
30564:
30565: * INSTALL, README:
30566: ++version
30567: [b763b80fe836]
30568:
30569: * sudoers.pod:
30570: updated wrt -u and NOPASSWD
30571: [0b5b722ea0f4]
30572:
30573: * sudo.pod:
30574: updated wrt -u and CAVEATS
30575: [71d5d53b5d18]
30576:
30577: 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
30578:
30579: * sudo.c:
30580: fixed usage()
30581: [114c7d09b550]
30582:
30583: * parse.lex:
30584: now use :foo: character classes (makes no diff for generated lexer)
30585: [7b0aeb737a02]
30586:
30587: 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
30588:
30589: * check.c:
30590: fixed LONG_SKEY_PROMPT stuff
30591: [0efe78b4bdda]
30592:
30593: 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
30594:
30595: * visudo.c:
30596: fixed a comment
30597: [3d289017104b]
30598:
30599: * lsearch.c:
30600: make more like NetBSD one -- now compiles w/o warnings
30601: [932206296a54]
30602:
30603: * emul/search.h:
30604: fixed decls of lsearch()
30605: [c58cf4584c45]
30606:
30607: * config.h.in, configure.in, getspwuid.c:
30608: added SPW_HPUX10
30609: [d74e5eaa5f17]
30610:
30611: * check.c:
30612: hpux 10 uses bigcrypt() if C2
30613: [359eb63f4021]
30614:
30615: 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
30616:
30617: * parse.c:
30618: now always uses fnmatch to match args
30619: [a9d91f35256a]
30620:
30621: * tgetpass.c:
30622: back to using stdio instead of raw i/o since that caused some
30623: problems
30624: [e7ce2bc92974]
30625:
30626: 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
30627:
30628: * sudo.c:
30629: now give usage warning if use -l,-v,-k with args
30630: [6b48180c4fea]
30631:
30632: 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
30633:
30634: * sudo.c:
30635: NewArgc is now set to 1 for -l, -v, -k
30636: [7497cb1416a8]
30637:
30638: * sudo.c:
30639: now sets sudoers to correct group if mode is 0400
30640: [484c43d99718]
30641:
30642: * install-sh:
30643: updated to version used by inn and bind
30644: [28683ad8725a]
30645:
30646: * configure.in:
30647: now uses -lgnumalloc if it exists
30648: [3651ca4415a2]
30649:
30650: * Makefile.in:
30651: "make install" now sets uid/gid and mode on sudoers if it exists
30652: [1f5216191ae9]
30653:
30654: * sudo.c:
30655: rmeoved debugging statements
30656: [aeda278e2c26]
30657:
30658: * parse.yacc:
30659: added a missing free()
30660: [592c9482a159]
30661:
30662: * sudo.c:
30663: now uses user_gid instead of getegid (which was wrong anyway) to set
30664: SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
30665: (logging.c depends on args being in the environment)
30666: [9f5328a3b942]
30667:
30668: * logging.c:
30669: now uses SUDO_COMMAND envariable to get command args rather than
30670: building it up again.
30671: [7f8edc5bccb7]
30672:
30673: * parse.c:
30674: now uses user_gid
30675: [4b9303ae45fe]
30676:
30677: * sudo.c:
30678: fixed off by one error in allocation NewArgv
30679: [921ea1a4e7c6]
30680:
30681: * parse.c:
30682: in sudoers, 'command ""' now means command with no args
30683: [a5273648ace2]
30684:
30685: * configure.in:
30686: added check for fnmatch(3) and fnmatch.h
30687: [258916a7866f]
30688:
30689: * config.h.in:
30690: added HAVE_FNMATCH
30691: [b9860d361e93]
30692:
30693: * Makefile.in:
30694: replaced wildcat.* with fnmatch.*
30695: [03ad9ee21a1c]
30696:
30697: * testsudoers.c:
30698: now uses fnmatch()
30699: [5a7f7de987a9]
30700:
30701: 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
30702:
30703: * parse.c:
30704: now uses fnmatch() instead of wildmat a trailing star (*) by itself
30705: now matches multiple args added support for wildcards in the
30706: pathname in sudoers
30707: [1f7fb950b868]
30708:
30709: 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
30710:
30711: * fnmatch.c:
30712: now includes compat.h and config.h
30713: [090206b95cf8]
30714:
30715: * config.h.in:
30716: added HAVE_FNMATCH_H
30717: [90eb42150173]
30718:
30719: * configure.in:
30720: now checks for alloca() (if needed by bison or dce) and links with
30721: -lPW if it contains alloca() and libv and compiler do not.
30722: [cfa2b3cef49a]
30723:
30724: * emul/fnmatch.h, fnmatch.3, fnmatch.c:
30725: Initial revision
30726: [20b1f762a32a]
30727:
30728: 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
30729:
30730: * sudo.c:
30731: now fixes mode on sudoers if set to 0400 to aid in upgrade
30732: [d4bdfd521820]
30733:
30734: 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
30735:
30736: * Makefile.in:
30737: fixed pod2man usage
30738: [5adf2ec77b27]
30739:
30740: * Makefile.in, configure.in, version.h:
30741: ++version
30742: [b4029de876d0]
30743:
30744: * testsudoers.c, visudo.c:
30745: runas_user is now initialized to "root"
30746: [8537d97bff39]
30747:
30748: * sudo.h:
30749: removed PERM_FULL_ROOT
30750: [241f8bbf647f]
30751:
30752: * sudo.c:
30753: runas_user defaults to "root" so no more need to PERM_RUNAS
30754: [fc0c0dfc72ba]
30755:
30756: * parse.c:
30757: will now only running commands as root if there was no runas list
30758: (or if root is in the runas list)
30759: [40c587666c81]
30760:
30761: * logging.c:
30762: now logs "USER=%s"
30763: [b733504c87fd]
30764:
30765: * parse.yacc:
30766: runas_matches is now set to false if we get a negative match
30767: [5495b150b300]
30768:
30769: * parse.lex:
30770: make #uid work + some minor cleanup
30771: [07851bbce03a]
30772:
30773: * sample.sudoers:
30774: added support for NOPASSWD and "runas" from garp@opustel.com /
30775: [7a9c67b51fa5]
30776:
30777: * visudo.c:
30778: added support for "runas" from garp@opustel.com replaced
30779: SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
30780: SUDOERS_MODE
30781: [e714209b9885]
30782:
30783: * testsudoers.c:
30784: added support for "runas" from garp@opustel.com
30785: [b837f856da10]
30786:
30787: * sudo.h:
30788: added support for NO_PASSWD and runas from garp@opustel.com replaced
30789: SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
30790: fro SUDOERS_MODE
30791: [cea6f26679b7]
30792:
30793: * sudo.c:
30794: added support for NO_PASSWD and runas from garp@opustel.com replaced
30795: SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
30796: SUDOERS_MODE
30797: [61b5434237c5]
30798:
30799: * parse.yacc:
30800: added support for NO_PASSWD and runas from garp@opustel.com
30801: [72ebd3056f22]
30802:
30803: * parse.c, parse.lex:
30804: added support for NO_PASSWD and runas from garp@opustel.com
30805: [fef6dbdd114d]
30806:
30807: * logging.c:
30808: added support for SUDOERS_WRONG_MODE and "runas"
30809: [e794efc2b443]
30810:
30811: * configure.in:
30812: added --with-CC only link with -lshadow on linux (with shadow pw) if
30813: libc lacks getspnam()
30814: [3ecf4ae21002]
30815:
30816: * OPTIONS, options.h:
30817: removed NO_PASSWD since it is not possible to do this in the sudoers
30818: file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
30819: SUDOERS_GID. Added SUDOERS_MODE.
30820: [2eaa4891ef48]
30821:
30822: * Makefile.in:
30823: now uses SUDOERS_UID and SUDOERS_GID
30824: [8d615f0fdb2a]
30825:
30826: 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
30827:
30828: * INSTALL:
30829: added --with-CC
30830: [a1b8286a81b8]
30831:
30832: 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
30833:
30834: * parse.lex:
30835: added double quote support
30836: [a5e4fc7e3a2b]
30837:
30838: * sudoers.pod:
30839: documented double quoting
30840: [c6ea47969a44]
30841:
30842: 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
30843:
30844: * mkinstalldirs:
30845: Initial revision
30846: [dcb86d65ad8f]
30847:
30848: * check.c:
30849: fixed some indentation
30850: [4d1c5ab8072b]
30851:
30852: * Makefile.in:
30853: fixed a typo
30854: [0d27eebc7227]
30855:
30856: * Makefile.in:
30857: added install-dirs .
30858: [f499b99b8be7]
30859:
30860: 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
30861:
30862: * dce_pwent.c:
30863: new version from "Jeff A. Earickson" <jaearick@colby.edu>
30864: [422481be5fbd]
30865:
30866: 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
30867:
30868: * configure.in:
30869: $CSOPS -> $with_csops (whoops, missed one)
30870: [b04c6948130e]
30871:
30872: * BUGS:
30873: updated
30874: [c4d5713e227d]
30875:
30876: * parse.lex:
30877: FQHOST now has same constraints as non-FQHOST
30878: [e1c3bf2381d1]
30879:
30880: * INSTALL:
30881: added note about OS's w/ shadow passwords turned on by default
30882: [166257f43be4]
30883:
30884: 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
30885:
30886: * configure.in:
30887: fixed a typo
30888: [e5c3e2e9a359]
30889:
30890: * configure.in:
30891: added support for --without-THING sanitized shadow pw situtation by
30892: adding support for
30893: --without-C2
30894: [65dc6bf64cce]
30895:
30896: * tgetpass.c:
30897: fixed a typo wrt placement of an end paren
30898: [a8780f818231]
30899:
30900: * check.c:
30901: was closing an fd that may not have been opened
30902: [760271c7bdc9]
30903:
30904: 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
30905:
30906: * OPTIONS, options.h, sudo.c:
30907: added NO_PASSWD
30908: [28ff1dc93d7a]
30909:
30910: 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
30911:
30912: * configure.in:
30913: now always use shadow pw on some arches
30914: [069161ccffda]
30915:
30916: 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
30917:
30918: * configure.in:
30919: added pyramid support
30920: [a0eb57a3a531]
30921:
30922: * configure.in:
30923: no longer check for C2 if alternate passwd method is used no longer
30924: check for some libs twice
30925: [2d0c3c902b40]
30926:
30927: * parse.yacc:
30928: moved fqdn stuff into parse.lex (FQHOST)
30929: [d9c9abd481d8]
30930:
30931: * parse.lex:
30932: added FQHOST rules
30933: [4a1695acff6d]
30934:
30935: * tgetpass.c:
30936: now define TCSASOFT in necesary
30937: [3fac2e21c9ab]
30938:
30939: * tgetpass.c:
30940: now uses read/write instead of stdio string goop to avoid problems
30941: with select(2)
30942: [67fd174e518c]
30943:
30944: * OPTIONS, find_path.c, options.h:
30945: -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
30946: [d05ba5100d28]
30947:
30948: 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
30949:
30950: * INSTALL:
30951: added note about no shadow auto-detect if using alternate auth
30952: schemes
30953: [b425592232a3]
30954:
30955: * configure.in:
30956: don't check for C2 if AFS or DCE (unless they said --with-C2)
30957: [61342962171a]
30958:
30959: * testsudoers.c:
30960: now groks shost
30961: [85dda17303f6]
30962:
30963: * OPTIONS, find_path.c, options.h:
30964: added NO_DOT_PATH
30965: [c261ca1fb196]
30966:
30967: 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
30968:
30969: * find_path.c:
30970: checkdot now works correctly
30971: [3bc4835bb3e9]
30972:
30973: 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
30974:
30975: * configure.in:
30976: can't have DCE and C2 passwords both...
30977: [fb9a8ab7ca66]
30978:
30979: 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
30980:
30981: * parse.yacc, sudo.c, sudo.h, visudo.c:
30982: now uses shost even if not FQDN
30983: [87f7498b3a1f]
30984:
30985: * configure.in:
30986: now looks for skey in /usr/lib and doesn't require libskey to be in
30987: /usr/local/lib just because skey.h is (for my netbsd box :-)
30988: [ceb1763e37d2]
30989:
30990: * aclocal.m4, config.h.in, pathnames.h.in:
30991: _SUDO_PATH_ -> _CONFIG_PATH_
30992: [84d97ad13d75]
30993:
30994: * aclocal.m4, sudo.pod:
30995: /var/run/.odus -> /var/run/sudo
30996: [922da220b8f5]
30997:
30998: * pathnames.h.in:
30999: now uses _SUDO_PATH_TIMEDIR
31000: [5ecab0155fdf]
31001:
31002: * OPTIONS:
31003: udpated FQDN
31004: [361b6f7440c0]
31005:
31006: * aclocal.m4, configure.in:
31007: added SUDO_TIMEDIR
31008: [368c95c8c950]
31009:
31010: * config.h.in:
31011: added _SUDO_PATH_TIMEDIR
31012: [3879864d808c]
31013:
31014: * sudo.pod:
31015: updated wrt /var/run/sudo
31016: [9e14f2a429d3]
31017:
31018: * sudo.c, sudo.h:
31019: added support for shost if FQDN
31020: [51a3f51a09a1]
31021:
31022: * parse.yacc, visudo.c:
31023: now uses shost if FQDN
31024: [d19da2e92b42]
31025:
31026: * check.c:
31027: Now use skeylookup() instead off skeychallenge()
31028: [4c7438bb2ae0]
31029:
31030: 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
31031:
31032: * logging.c:
31033: mail_argv should not contain ALERTMAIL as it includes "-t"
31034: [67ffaaa8f843]
31035:
31036: 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
31037:
31038: * INSTALL, Makefile.in, README, configure.in, version.h:
31039: ++version
31040: [e08fd4a809fc]
31041:
31042: * compat.h:
31043: added more _PASSWD_LEN stuff -- now uses PASS_MAX too
31044: [2f20c3153689]
31045:
31046: * tgetpass.c:
31047: now includes limits.h moved _PASSWD_LEN -> compat.h
31048: [b1ca3cafdacc]
31049:
31050: 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
31051:
31052: * INSTALL, README:
31053: ++version
31054: [3eacf32803f5]
31055:
31056: * Makefile.in:
31057: ++versoin
31058: [3b91c317630a]
31059:
31060: * Makefile.in:
31061: fixed a typo
31062: [3661ac4a7803]
31063:
31064: * configure.in:
31065: ++version
31066: [60e842973745]
31067:
31068: 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
31069:
31070: * RUNSON:
31071: updated
31072: [def2c3c24195]
31073:
31074: * CHANGES:
31075: done for 1.4.1 (I hope)
31076: [2ab543769a40]
31077:
31078: * sudoers.pod:
31079: added info on wildcards
31080: [ce3bd41bc063]
31081:
31082: * sample.sudoers:
31083: added wildcard example
31084: [762feb0577bd]
31085:
31086: * Makefile.in:
31087: now uses *.pod to build *.man and *.cat & *.html
31088: [3ec14962028b]
31089:
31090: * configure.in:
31091: addedSUDO_PROG_BSHELL !ll
31092: [3c80b320bf16]
31093:
31094: * visudo.pod:
31095: fixed up some formatting
31096: [12166c434526]
31097:
31098: * sudoers.pod:
31099: redid section describing sample sudoers stuff
31100: [b8065cceec71]
31101:
31102: * sudo.pod:
31103: fixed some formatting
31104: [aa9a681add0f]
31105:
31106: * getspwuid.c:
31107: now treats "" as bourne shell
31108: [30194a72ad56]
31109:
31110: * Makefile.in:
31111: TESTOBJS nwo includes wildmat.o
31112: [86cc6500f84d]
31113:
31114: * testsudoers.c:
31115: now works with NewArg[cv]
31116: [2f72674ce942]
31117:
31118: * sudo.c:
31119: removed an XXX (fixed it in getspwuid.c)
31120: [e791ee0d1a68]
31121:
31122: * aclocal.m4:
31123: added check for bourne shell
31124: [a2fd51676b8a]
31125:
31126: * pathnames.h.in:
31127: added _PATH_BSHELL
31128: [e7c10011d47b]
31129:
31130: * config.h.in:
31131: added _SUDO_PATH_BSHELL
31132: [6a1182898de9]
31133:
31134: 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
31135:
31136: * visudo.c:
31137: unixware vi returns 256 instead of 0
31138: [234ffc7c6786]
31139:
31140: * INSTALL:
31141: added Linux note
31142: [5f85efcd2b58]
31143:
31144: * logging.c:
31145: fixed up some XXX's. file log format now looks a little more like
31146: real syslog(3) format.
31147: [6df55707bfc3]
31148:
31149: * README, TROUBLESHOOTING:
31150: updated wrt lex/flex
31151: [eb787d69156b]
31152:
31153: * Makefile.in:
31154: commented out rule to build lex.yy.c from parse.lex since we ship
31155: with a pre-flex'd parser
31156: [7507e2ce4a95]
31157:
31158: * parse.c, parse.yacc, visudo.c:
31159: path_matches -> command_matches
31160: [0bd469424f86]
31161:
31162: * logging.c:
31163: eliminated some strcat()'s
31164: [9878a79bc374]
31165:
31166: * configure.in:
31167: no longer checks for lex/flex (now assumes flex)
31168: [a086ccc73798]
31169:
31170: * configure.in:
31171: now checks for $kerb_dir_candidate/krb.h instead of just
31172: kerb_dir_candidate
31173: [9133bc3c5208]
31174:
31175: 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
31176:
31177: * parse.yacc:
31178: now use a 'hook' expression instead of an iffy one :-)
31179: [9560df01b8c0]
31180:
31181: 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
31182:
31183: * visudo.c:
31184: now works with new sudo arg stuff
31185: [310a0d43ddad]
31186:
31187: * parse.yacc:
31188: fixed dereferencing deadbeef
31189: [474ef8a8006b]
31190:
31191: * sudo.c:
31192: changed an occurrence of Argv to NewArgv
31193: [205b012b7691]
31194:
31195: * parse.lex:
31196: took out support for quoted commands since there is no need...
31197: [5c5036d353b1]
31198:
31199: * parse.c:
31200: fixed a typo in a for() loop
31201: [7e8d5283c43b]
31202:
31203: * logging.c:
31204: protected against dereferencing rogue pointers
31205: [56debd517717]
31206:
31207: * sudo.c:
31208: now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
31209: also allows us to eliminate some kludges in parse_args() and
31210: eliminate superfluous code.
31211: [5122f66ad150]
31212:
31213: * logging.c:
31214: no longer uses cmnd_args, now uses NewArgv instead.
31215: [abddd23cf068]
31216:
31217: * sudo.h:
31218: added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
31219: (no longer used)
31220: [78410984fb05]
31221:
31222: * Makefile.in:
31223: added wildmat.c to SRCS & SUDOBJS
31224: [3800efb41794]
31225:
31226: * parse.yacc:
31227: COMMAND is now a struct containing the path and args
31228: [5c32822c5b94]
31229:
31230: * parse.lex:
31231: replaced append() with fill_cmnd() and fill_args. command args from
31232: a sudoers entry are now stored in an arrary for easy matching.
31233: [a981d7f4eb0d]
31234:
31235: * parse.c:
31236: command line args from sudoers file are now in an array like ones
31237: passed in from the command line
31238: [1d9e37e84519]
31239:
31240: 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
31241:
31242: * parse.c:
31243: wildwat stuff now works
31244: [49d16488531f]
31245:
31246: 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
31247:
31248: * version.h:
31249: ++version
31250: [53e55463ef89]
31251:
31252: * Makefile.in:
31253: ++version added wildmat.*
31254: [0508297a4711]
31255:
31256: 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
31257:
31258: * parse.lex:
31259: added support for quoted commands (w/ or w/o args)
31260: [b9a637155673]
31261:
31262: 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
31263:
31264: * sudo.pod, visudo.pod:
31265: cleaned up formatting
31266: [4591d4195437]
31267:
31268: * sudo.pod, visudo.pod:
31269: Initial revision
31270: [7564a8242750]
31271:
31272: 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
31273:
31274: * sudoers.pod:
31275: looks reasonable, could be mroe readable
31276: [a5be2d19d9e0]
31277:
31278: * sudoers.pod:
31279: Initial revision
31280: [957888be31a6]
31281:
31282: 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
31283:
31284: * RUNSON:
31285: updated
31286: [633743aa924b]
31287:
31288: * OPTIONS:
31289: updated NO_ROOT_SUDO entry
31290: [f1c15b1dec9e]
31291:
31292: 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
31293:
31294: * RUNSON:
31295: *** empty log message ***
31296: [5b63de579ff7] [SUDO_1_4_0]
31297:
31298: * sudo.c:
31299: fixed SECURE_PATH
31300: [6002889f606d]
31301:
31302: * RUNSON:
31303: udpa`ted for 1.4
31304: [6014a8592815]
31305:
31306: * configure.in:
31307: AIX aixcrypt.exp now uses $(srcdir)
31308: [b0d57674fef4]
31309:
31310: * TROUBLESHOOTING:
31311: added entry for anal ansi compilers
31312: [4193cec1c6b1]
31313:
31314: 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
31315:
31316: * INSTALL:
31317: added info on libcrypt_i for SCO
31318: [575497d56698]
31319:
31320: * TODO:
31321: *** empty log message ***
31322: [d0aaf67b9913]
31323:
31324: * sample.sudoers:
31325: added comments
31326: [a7773f7eda8d]
31327:
31328: * TODO:
31329: 1.4 release
31330: [1dade29e9fd9]
31331:
31332: * CHANGES:
31333: ++version
31334: [67241be40780]
31335:
31336: * INSTALL, OPTIONS, README, config.h.in, configure.in:
31337: ++version
31338: [2e0a37897f68]
31339:
31340: * BUGS:
31341: ++version and fixed ISC
31342: [78963f01a0e3]
31343:
31344: * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
31345: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
31346: insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
31347: sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
31348: visudo.c:
31349: ++version
31350: [b6227f29b3d9]
31351:
31352: * interfaces.c:
31353: added STUB_LOAD_INTERFACES ++version
31354: [d8150a3fd577]
31355:
31356: * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
31357: version.h:
31358: ++version
31359: [da9e90e69bdc]
31360:
31361: * PORTING:
31362: added info about fd_set in tgetpass added info on interfaces.c
31363: [a39902febd17]
31364:
31365: 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
31366:
31367: * dce_pwent.c:
31368: added sudo header
31369: [fc0f2c48682e]
31370:
31371: * tgetpass.c:
31372: fixed a typo
31373: [43d40b72ee8f]
31374:
31375: * Makefile.in:
31376: tgetpass.o is now only linked in with sudo (not visudo)
31377: [7407c5ff11f8]
31378:
31379: 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
31380:
31381: * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
31382: configure.in:
31383: ++version
31384: [9b82ad805d6b]
31385:
31386: * emul/utime.h:
31387: added copyright notice
31388: [4380f16cd075]
31389:
31390: * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
31391: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
31392: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
31393: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
31394: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
31395: ++version
31396: [32717fdb5d05]
31397:
31398: * tgetpass.c:
31399: minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
31400: [326864428da2]
31401:
31402: * configure.in:
31403: ISC now gets -lcrypt now check for sys/bsdtypes.h
31404: [e064799c054b]
31405:
31406: * config.h.in:
31407: added check for sys/bsdtypes.h
31408: [9adb9533c363]
31409:
31410: 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
31411:
31412: * parse.yacc:
31413: removed debugging stuff (setting freed ptr to NULL)
31414: [02fe8eec63a0]
31415:
31416: * TROUBLESHOOTING:
31417: added 2 entries
31418: [02884e2733e2]
31419:
31420: * Makefile.in:
31421: added FAQ
31422: [074d8dfcf28d]
31423:
31424: * TROUBLESHOOTING:
31425: added section on syslog
31426: [e6bc02a22b86]
31427:
31428: * configure.in:
31429: added AC_ISC_POSIX for better ISC support
31430: [8436b3e12af2]
31431:
31432: * config.h.in:
31433: fixed typo
31434: [f1b3922babf4]
31435:
31436: * config.h.in:
31437: added define for _POSIX_SOURCE
31438: [ded6d92b34f9]
31439:
31440: 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
31441:
31442: * configure.in:
31443: fixed check for lsearch()
31444: [75baa5bc28a3]
31445:
31446: 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
31447:
31448: * interfaces.c:
31449: fixed for AIX now deal if num_interfaces == 0 (should not happen)
31450: [ae450e859227]
31451:
31452: 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
31453:
31454: * configure.in:
31455: now only define HAVE_LSEARCH if there is a corresponding search.h
31456: [8ce645c5d17f]
31457:
31458: * interfaces.c:
31459: works on ISC again
31460: [ccac920d424c]
31461:
31462: 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
31463:
31464: * configure.in:
31465: now define HAVE_LSEARCH if we find lsearch() in libcompat
31466: [7343e4313a87]
31467:
31468: * lsearch.c:
31469: char * -> const char *
31470: [1c0b11c2300a]
31471:
31472: * configure.in:
31473: now looks in -lcompat for lsearch()
31474: [a1cc1d6fcd09]
31475:
31476: * Makefile.in:
31477: remove sudo.core visudo.core for clan target
31478: [b523456a85df]
31479:
31480: * aclocal.m4:
31481: added UID_MAX support in check for MAX_UID_T_LEN
31482: [7ab262b1173f]
31483:
31484: * Makefile.in:
31485: fixed another occurence of sudo_getpwuid.*
31486: [fb5809c07da2]
31487:
31488: * Makefile.in, getspwuid.c:
31489: sudo_getpwuid.c -> getspwuid.c
31490: [875f2ef808b4]
31491:
31492: * configure.in:
31493: moved the "echo"
31494: [ad7b8f966076]
31495:
31496: * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
31497: compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
31498: getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
31499: ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
31500: parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
31501: sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
31502: version.h, visudo.c:
31503: ++version
31504: [ee57c6410ffa]
31505:
31506: * testsudoers.c:
31507: added group support
31508: [54d8097df8bd]
31509:
31510: * sample.sudoers:
31511: added group entry
31512: [50994d31fd49]
31513:
31514: * sudoers.man:
31515: documented group support
31516: [0a16707f8fed]
31517:
31518: * parse.c, parse.lex, parse.yacc, visudo.c:
31519: added group support
31520: [427218c879c8]
31521:
31522: 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
31523:
31524: * check.c:
31525: tkfile was too short and overflowed the kerberos realm
31526: [53823a1ff5af]
31527:
31528: 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
31529:
31530: * sudo.c:
31531: now copy command args directly from Argv
31532: [77408278b6fd]
31533:
31534: * sudo.c:
31535: replaced code to copy cmnd_args so that is does not use realloc
31536: since most realloc()'s really stink
31537: [b29a0ff73fb6]
31538:
31539: 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
31540:
31541: * configure.in:
31542: syslog() fixed in hpux 10.01
31543: [2648e6f0cdb0]
31544:
31545: 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
31546:
31547: * configure.in:
31548: AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
31549: [8f108b8d8711]
31550:
31551: * configure.in:
31552: better error if cannot find skey incs or libs
31553: [5887662ee9d3]
31554:
31555: * aclocal.m4:
31556: now use a temp file for determining max len of uid_t in string form.
31557: the old hacky way broke on netbsd
31558: [b68f470fa9f8]
31559:
31560: * sudo.c:
31561: added set of parens and a space
31562: [8a3d4826d022]
31563:
31564: 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
31565:
31566: * dce_pwent.c:
31567: fixes from Jeff Earickson <jaearick@colby.edu> ,
31568: [bde0f0b756ec]
31569:
31570: * check.c:
31571: modified a comment
31572: [e2a97f1afbbe]
31573:
31574: * Makefile.in:
31575: fixed up testsudoers target
31576: [d39c4e7bb609]
31577:
31578: * configure.in:
31579: DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
31580: SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
31581: [da7a1c433828]
31582:
31583: * Makefile.in:
31584: LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
31585: VISUDO_LDFLAGS
31586: [4b69503e8487]
31587:
31588: 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
31589:
31590: * configure.in:
31591: fix for C2 on hpux 10 now uses -linet if it exists
31592: [8d300112263d]
31593:
31594: * check.c:
31595: LONG_SKEY_PROMPT is less of a klusge /
31596: [dcc144abaac3]
31597:
31598: * configure.in:
31599: fixed typos w/ dce stuff
31600: [f7dfd6d4e149]
31601:
31602: * Makefile.in:
31603: added dce_pwent.c
31604: [79047acdc516]
31605:
31606: 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
31607:
31608: * INSTALL:
31609: amended section on combining authentication mechanisms
31610: [dc5138c7c716]
31611:
31612: * PORTING:
31613: minor updates for 1.3.6
31614: [fe80c13bd994]
31615:
31616: * TROUBLESHOOTING:
31617: added 2 more entries
31618: [c7201439a0f5]
31619:
31620: * BUGS:
31621: updated for 1.3.6
31622: [979b414d2a2d]
31623:
31624: * README:
31625: overhauled
31626: [3af8b60eb594]
31627:
31628: * INSTALL:
31629: rewrote for sudo 1.3.6
31630: [b16027b9c726]
31631:
31632: * TROUBLESHOOTING:
31633: added 3 entries
31634: [934c9ee3f153]
31635:
31636: 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
31637:
31638: * find_path.c, getspwuid.c, sudo.c:
31639: added explict casts for strdup since many includes don't prototype
31640: it. gag me.
31641: [3e19a11f2fcc]
31642:
31643: * sudo.h:
31644: removed prototype for sudo_getpwuid() since convex C compiler choked
31645: on it.
31646: [c3ea74ca67b0]
31647:
31648: * sudo.c:
31649: added prototype for sudo_getpwuid()
31650: [4a8e3cdc2b98]
31651:
31652: * lsearch.c:
31653: now compiles on strict ANSI compilers
31654: [3ce5d72d0b08]
31655:
31656: * check.c:
31657: added LONG_SKEY_PROMPT support
31658: [48a18b8a2332]
31659:
31660: * Makefile.in:
31661: added extra $'s for make to eat up, yum.
31662: [2995b214e12b]
31663:
31664: * OPTIONS, options.h:
31665: added LONG_SKEY_PROMPT
31666: [f23ae799b5a4]
31667:
31668: 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
31669:
31670: * check.c:
31671: s/key support now works with normal s/key as well as logdaemon
31672: [d67573f523bf]
31673:
31674: * OPTIONS, options.h:
31675: added SKEY_ONLY
31676: [bbf07654e0de]
31677:
31678: * compat.h:
31679: set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
31680: [205895b96a36]
31681:
31682: * INSTALL:
31683: added DCE note added more AIX notes
31684: [6345403b3522]
31685:
31686: * sudo.c:
31687: now include pthread.h for DCE support
31688: [6fe02865f679]
31689:
31690: * check.c:
31691: dce_pwent() is ok after all .,
31692: [d26a8746a55d]
31693:
31694: * logging.c:
31695: now uses SYSLOG() macro that equates to either syslog() or
31696: syslog_wrapper
31697: [42ac4cff8045]
31698:
31699: * dce_pwent.c:
31700: minor formatting changes. renamed check() to somthing less generic
31701: [71859f217be1]
31702:
31703: * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
31704: visudo.c:
31705: now uses user_pw_ent and simple macros to get at the contents
31706: [f4cbf3e7145a]
31707:
31708: 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
31709:
31710: * check.c:
31711: simpler dec unix C2 support
31712: [86bc8f75250e]
31713:
31714: * getspwuid.c:
31715: now sets crypt_type for DEC unix C2
31716: [99aeadd18266]
31717:
31718: 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
31719:
31720: * configure.in:
31721: added csops paths for skey
31722: [b8ca672e2117]
31723:
31724: * getspwuid.c:
31725: now includes string.h for strdup() prototype
31726: [3605259c3620]
31727:
31728: * getspwuid.c:
31729: fixed a few typos
31730: [46c97e4ea417]
31731:
31732: * check.c:
31733: now includes skey.h
31734: [11e611ce1b61]
31735:
31736: * getspwuid.c:
31737: fixed up comments
31738: [223dac56f0c8]
31739:
31740: * check.c:
31741: moved a lot of the shadow passwd crap to sudo_getpwuid()
31742: [97d8887fb7d3]
31743:
31744: * sudo.c:
31745: now uses sudo_pw_ent
31746: [d014dadbef48]
31747:
31748: * testsudoers.c:
31749: now uses sudo_pw_ent
31750: [d92936ed7e34]
31751:
31752: * visudo.c:
31753: now sets sudo_pw_ent
31754: [ff75cdfcf8b3]
31755:
31756: * getspwuid.c:
31757: Initial revision
31758: [6deb6df9d7bc]
31759:
31760: * tgetpass.c:
31761: moved dce stuff into compat.h
31762: [1124284396e7]
31763:
31764: * logging.c, sudo.h:
31765: now uses sudo_pw_ent
31766: [404ff20a5067]
31767:
31768: * Makefile.in:
31769: added sudo_getpwuid.c
31770: [6666d0644512]
31771:
31772: * compat.h:
31773: added dce support
31774: [3c3b36a7ce0e]
31775:
31776: * parse.yacc:
31777: now uses sudo_pw_ent
31778: [9f5e8d11bd68]
31779:
31780: 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
31781:
31782: * check.c:
31783: fixed exempt_group stuff for OS's that don't put base gid in group
31784: vector
31785: [003f153bd396]
31786:
31787: * check.c:
31788: S/Key support now works with sunos4 shadow passwords
31789: [1eb64a5efff1]
31790:
31791: * Makefile.in:
31792: fixed clean rule
31793: [5695a2c62816]
31794:
31795: * config.h.in, configure.in:
31796: added DCE support
31797: [f53c766c1947]
31798:
31799: * tgetpass.c:
31800: DCE & KERB support
31801: [904cf436506a]
31802:
31803: * check.c:
31804: first stab at dce support
31805: [aea5ca07b1e3]
31806:
31807: * dce_pwent.c:
31808: now smells like sudo
31809: [8b3d609b49cd]
31810:
31811: * dce_pwent.c:
31812: Initial revision
31813: [b573555f2399]
31814:
31815: * check.c:
31816: skey'd sudo now works w/ normal password as well
31817: [8d038f9f6e94]
31818:
31819: 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
31820:
31821: * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
31822: getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
31823: ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
31824: parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
31825: sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
31826: version.h, visudo.c:
31827: updated version number
31828: [ba7e346d7904]
31829:
31830: * README:
31831: updated to reflect version change
31832: [1d15cf1d8cc8]
31833:
31834: * configure.in:
31835: --with options now line up ++version
31836: [08ebf625fbca]
31837:
31838: * sudo.h:
31839: removed unecesary S/Key stuff
31840: [68188cba90af]
31841:
31842: * configure.in:
31843: fixed S/Key support
31844: [f6d9cbc36618]
31845:
31846: * Makefile.in:
31847: -I stuff now goes in CPPFLAGS
31848: [7b8e53c5b046]
31849:
31850: * check.c:
31851: fixed SKey support
31852: [52c1a5cf4435]
31853:
31854: * README:
31855: updated version
31856: [bed6498a10bb]
31857:
31858: * OPTIONS:
31859: fixed description of EXEMPTGROUP
31860: [cfeead55edc2]
31861:
31862: * sudo.c:
31863: more people use _RLD_ than just alphas...
31864: [6a3c7090a6f6]
31865:
31866: * Makefile.in:
31867: replaced $man_prefix with $mandir
31868: [dc4b36a550e2]
31869:
31870: * configure.in:
31871: fixed a typo
31872: [a38a4acddcaf]
31873:
31874: * Makefile.in:
31875: now use more GNU'ish dir names
31876: [c5498391a520]
31877:
31878: * configure.in:
31879: now set *dir correctly (can override from command line)
31880: [523ff98fd438]
31881:
31882: * sudo.c:
31883: now deal with situations where we getwd() fails
31884: [88a9e61dccbb]
31885:
31886: 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
31887:
31888: * Makefile.in:
31889: added etc_dir, bin_dir, sbin_dir
31890: [75fd08d92842]
31891:
31892: * configure.in:
31893: added sbin_dir
31894: [3cb318c0d8d1]
31895:
31896: * Makefile.in:
31897: now ship a flex-generated lex.yy.c
31898: [4d083ed70dce]
31899:
31900: * Makefile.in:
31901: now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
31902: [4d51dc9c3780]
31903:
31904: * pathnames.h.in:
31905: _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
31906: [773fd163d52f]
31907:
31908: * options.h:
31909: no more error for redefining SUDOERS_OWNER
31910: [4ba336644c6a]
31911:
31912: * OPTIONS:
31913: expanded SUDOERS_OWNER section
31914: [12fae405759e]
31915:
31916: 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
31917:
31918: * visudo.c:
31919: now warn if chown(2) failed
31920: [d0d1db6e3a1f]
31921:
31922: * logging.c:
31923: better default warning for NO_SUDOERS_FILE
31924: [5260b458ac64]
31925:
31926: * sudo.c:
31927: added missing set_perms() no more cryptic message if the sudoers
31928: file is zero length, now just give a parse error
31929: [b81ea724838a]
31930:
31931: * logging.c:
31932: better diagnostics if NO_SUDOERS_FILE
31933: [877e878663c5]
31934:
31935: * sudo.c:
31936: check_sudoers() now catches sudoers files that are not readable (but
31937: are stat'able).
31938: [fea05663b3de]
31939:
31940: 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
31941:
31942: * configure.in:
31943: now add -D__STDC__ for convex cc (not gcc)
31944: [c80fc53ff51b]
31945:
31946: * configure.in:
31947: MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
31948: [fe238226a057]
31949:
31950: * Makefile.in:
31951: now uses exec_prefix & prefix from configure
31952: [f62fca5f56bd]
31953:
31954: * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
31955: parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
31956: utime.c, visudo.c:
31957: options.h is now <> instead of "" so shadow build trees can have a
31958: custom copy of options.h
31959: [e6782676099c]
31960:
31961: * check.c:
31962: user_is_exempt() is no longer a hack, it now uses getgrnam()
31963: [287f8d5356f7]
31964:
31965: * options.h:
31966: EXEMPTGROUP is now "sudo"
31967: [61487304dbe1]
31968:
31969: * configure.in:
31970: MAN_POSTINSTALL now contains a leading space
31971: [eaad4ac34012]
31972:
31973: * Makefile.in:
31974: removed leading tab if @MAN_POSTINSTALL@ not defined now removes
31975: testsudoers in clean:
31976: [e01711baceb8]
31977:
31978: * tgetpass.c:
31979: includes pwd.h to get _PASSWD_LEN definition
31980: [8ec174f263f1]
31981:
31982: 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
31983:
31984: * sudo.c:
31985: unset the KRB_CONF envariable if using kerberos so we don't get
31986: spoofed into using a bogus server
31987: [2561a0274fca]
31988:
31989: 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
31990:
31991: * parse.yacc:
31992: now explicately initialize match[] tp be FALSE
31993: [0e45e5c47766]
31994:
31995: 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
31996:
31997: * sudo.c:
31998: removed unused variable now passes -Wall
31999: [3452508bc16d]
32000:
32001: * parse.yacc:
32002: yyerror and dumpaliases are now void's now passes -Wall
32003: [2769dfb51993]
32004:
32005: * parse.lex:
32006: added prototype for yyerror
32007: [1f3f0c1b4ab4]
32008:
32009: * check.c, logging.c, parse.c:
32010: now passes -Wall
32011: [eab57e5e81d2]
32012:
32013: * interfaces.c:
32014: rmeoved unused cruft now passes -Wall
32015: [7a47e1866f4b]
32016:
32017: * Makefile.in:
32018: fixed headers that moved to emul dir
32019: [e680c1e5049b]
32020:
32021: * logging.c:
32022: fixed deref of nil pointer if no args
32023: [973b9bea432f]
32024:
32025: 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
32026:
32027: * OPTIONS:
32028: added a caveat to FQDN section
32029: [dcf6e2a5fff4]
32030:
32031: 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
32032:
32033: * Makefile.in:
32034: more $srcdir support for install targets
32035: [f6eac78436dd]
32036:
32037: * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
32038: strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
32039: don't include malloc.h if we include stdlib.h
32040: [fca2ff307cd8]
32041:
32042: * parse.yacc:
32043: local search.h now lives in emul
32044: [51c458904424]
32045:
32046: * check.c, utime.c:
32047: local utime.h now lives in emul dir
32048: [f92fc9e8c8de]
32049:
32050: * lsearch.c:
32051: local search.h now lives in emul
32052: [579efc407439]
32053:
32054: * Makefile.in:
32055: added support for building in other than the sourcedir
32056: [2ab53a43f7d4]
32057:
32058: 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
32059:
32060: * OPTIONS:
32061: annotated CSOPS_INSULTS option
32062: [9e57d45a0afa]
32063:
32064: * TROUBLESHOOTING:
32065: updated shadow passwords blurb
32066: [39b785bc7253]
32067:
32068: * sudo.c:
32069: if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
32070: passes along foo as the arguments
32071: [a91077aa8fc5]
32072:
32073: 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
32074:
32075: * parse.lex:
32076: collapsed pathname and dir sections into one -- its now less
32077: expensive
32078: [89caa03bec25]
32079:
32080: * parse.lex:
32081: fixed spacing quoting [,:\\=] now works correctly append() and
32082: fill() now take args to make the above work
32083: [09d023d9ef3a]
32084:
32085: * sudo.c:
32086: fixed a typo that caused commands with no tty on fd 0 but a tty on
32087: fd 1 to erroneously have "none" as their tty
32088: [07d2c0e7977c]
32089:
32090: 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
32091:
32092: * check.c:
32093: timestampfile is now a global static removed decl of timestampfile
32094: in remove_timestamp since we can just use the global one
32095: [f0cbdc6aab1c]
32096:
32097: * check.c:
32098: created touch() to update timestamps added USE_TTY_TICKETS support
32099: (bit of a kludge)
32100: [cee1dd0318f8]
32101:
32102: * compat.h:
32103: added _S_IFDIR and S_ISDIR
32104: [b4a51cc9628e]
32105:
32106: * OPTIONS, options.h:
32107: added USE_TTY_TICKETS
32108: [b4e22f81f25e]
32109:
32110: * parse.yacc:
32111: removed const from casts for lsearch() & lfind() to placate irix 4.x
32112: C compiler
32113: [5003081f76ea]
32114:
32115: 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
32116:
32117: * sudo.c:
32118: now only strip '/dev/' off of a tty if it starts with '/dev/'
32119: [7f62bcd24039]
32120:
32121: * pathnames.h.in:
32122: added _PATH_DEV
32123: [6375f44d1910]
32124:
32125: * configure.in:
32126: AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
32127: have termios.h
32128: [9c60391235fd]
32129:
32130: * tgetpass.c:
32131: fixed incorrect #ifdef termio uses "unsigned short" not int for
32132: c_?flag
32133: [d032e6a29845]
32134:
32135: * parse.lex, parse.yacc:
32136: fixed a spelling error
32137: [cad6a944c7b1]
32138:
32139: * Makefile.in:
32140: fixed typo
32141: [204a65403e7c]
32142:
32143: 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
32144:
32145: * Makefile.in:
32146: fixed a comment
32147: [268f760e57ad]
32148:
32149: * parse.yacc:
32150: added dotcat() to cat 2 strings w/ a dot effeciently now that we
32151: dynamically allocate strings they need to be free()'d
32152: [ec2e2152f415]
32153:
32154: * parse.lex:
32155: dynamically allocates space for strings
32156: [d10ac3533d66]
32157:
32158: * sudo.h:
32159: no more MAXCOMMANDLENGTH
32160: [e2e1219bff8a]
32161:
32162: * sudo.h:
32163: added decl of tty
32164: [c8ae81303ee5]
32165:
32166: * logging.c, sudo.c:
32167: moved tty stuff into sudo.c
32168: [e028abefeb07]
32169:
32170: 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
32171:
32172: * parse.c:
32173: fixed a logic bug. Was denying a command if user gave command line
32174: args but there were none in the sudoers file which is wrong.
32175: [7489a99b8e8a]
32176:
32177: * sudo.h:
32178: MAXCOMMMANDLEN dropped down to 1K
32179: [38ef54ba290b]
32180:
32181: * parse.lex:
32182: return foo; -> return(foo);
32183: [0e8be1b57001]
32184:
32185: * parse.yacc:
32186: fixed netgr_matches() prototype
32187: [e69f15910464]
32188:
32189: * parse.lex:
32190: added support for escaping "termination" characters
32191: [8bd4ef50f35c]
32192:
32193: * parse.c:
32194: buf is now of size MAXPATHLEN+1 since it never holds command args
32195: [2ce4b763058c]
32196:
32197: * sudo.c:
32198: fixed comments
32199: [0c74a3d2ebb0]
32200:
32201: * goodpath.c:
32202: fixed negation problem (doh!)
32203: [782814e3a2d1]
32204:
32205: * parse.yacc:
32206: fixed 2nd parameter to lfind()
32207: [63d7b1623c08]
32208:
32209: * parse.lex:
32210: now do bounds checking in fill() and append()
32211: [54381b563251]
32212:
32213: * sudo.c:
32214: include netdb.h as we should added a missing void cast added
32215: SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
32216: realloc actually moved the string instead of shrinking it
32217: [897ccdec9c06]
32218:
32219: * sample.sudoers:
32220: updated with examples of new features
32221: [9b3ed00e8aa6]
32222:
32223: * goodpath.c:
32224: now set errno to EACCES if not a regular file or not executable
32225: [2d069548a5ea]
32226:
32227: * find_path.c:
32228: if given a fully-qualified or relative path we now check it with
32229: sudo_goodpath() and error out with the appropriate error message if
32230: the file does not exist or is not executable
32231: [590f89dd8dec]
32232:
32233: * emul/search.h, lsearch.c:
32234: now use correct args for lfind
32235: [fccdcdbf020e]
32236:
32237: * logging.c:
32238: added a comment
32239: [fab9f49708ea]
32240:
32241: * insults.h:
32242: added in CSOps insults
32243: [ad8eb1862adc]
32244:
32245: * ins_csops.h:
32246: Initial revision
32247: [de5a475ec018]
32248:
32249: * tgetpass.c:
32250: added RCS id
32251: [c3ffd550a482]
32252:
32253: * sudo.h:
32254: increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
32255: [aba25c90d08a]
32256:
32257: * OPTIONS:
32258: added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
32259: [e27bd62e9ccf]
32260:
32261: * sudo.c:
32262: fixed -k load_interfaces() now gets called if FQDN is set
32263: -p now works with -s
32264: [07ca2a34bae8]
32265:
32266: * parse.c:
32267: don't try to stat() "pseudo commands" like "validate"
32268: [75527045984b]
32269:
32270: * options.h:
32271: added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
32272: [07b157a0eafd]
32273:
32274: * configure.in:
32275: added SecurID support added other insults to --with-csops
32276: [6c992ceb244c]
32277:
32278: * config.h.in:
32279: added HAVE_SECURID
32280: [e734ff617fe8]
32281:
32282: * Makefile.in:
32283: added clobber target added ins_csops.h now gets CFLAGS from
32284: configure
32285: [d1e29c7cec25]
32286:
32287: * aclocal.m4:
32288: relaxed SUDO_FULL_VOID
32289: [fb4084f27406]
32290:
32291: * visudo.c:
32292: function comment blocks are now in same style as rest of code
32293: [04a2931354c5]
32294:
32295: * testsudoers.c:
32296: added support for command line args in /etc/sudoers
32297: [bfe4e1bcc655]
32298:
32299: * sudoers.man:
32300: updated to have command args in the sudoers file
32301: [1cd34355e9ea]
32302:
32303: * sudo.man:
32304: added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
32305: [930b48023b68]
32306:
32307: 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
32308:
32309: * parse.yacc:
32310: PATH renamed to COMMAND
32311: [4e109a6de3cd]
32312:
32313: * parse.lex:
32314: it is now a parse error for directories to have args attached to
32315: them
32316: [2ab10a146b54]
32317:
32318: * logging.c:
32319: now say command args if telling user to buzz off
32320: [933de26ded8b]
32321:
32322: * sudo.c:
32323: -s no longer indicates end of args sped up loading on cmnd_args in
32324: load_cmnd()
32325: [eac99a4da862]
32326:
32327: * parse.c:
32328: removed an unreachable statement
32329: [634302623c49]
32330:
32331: * parse.lex:
32332: made more efficient by pulling out the terminators when in GOTCMND
32333: state and making them their own rule
32334: [80798f1e1166]
32335:
32336: 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
32337:
32338: * sudo.h:
32339: removed MAXLOGLEN since it is no longer used
32340: [102824196b71]
32341:
32342: * parse.lex:
32343: now allows command args
32344: [d29dfa1e5254]
32345:
32346: * parse.c:
32347: now groks command arguments
32348: [6c414cb7f105]
32349:
32350: * logging.c:
32351: now sets tty correctly when piped input
32352: [de46a30c0406]
32353:
32354: * sudo.c:
32355: fixed loading of cmnd_args (was including command name too)
32356: [15319a425ea6]
32357:
32358: * logging.c:
32359: fixed a core dump due to incorrect if construct
32360: [582363c7d7fa]
32361:
32362: 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
32363:
32364: * configure.in:
32365: only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
32366: [da591fe9b931]
32367:
32368: * aclocal.m4:
32369: fixed check for ISC
32370: [52e59f2082a7]
32371:
32372: * sudo.c:
32373: now sets cmnd_args used by log_error() and that will be used by the
32374: parse to check against command args
32375: [c6804389723b]
32376:
32377: * sudo.h:
32378: added cmnd_args
32379: [4d00446b4a8d]
32380:
32381: * logging.c:
32382: now dynamically allocate logline since we can guess at its size
32383: [4bed8c8446aa]
32384:
32385: 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
32386:
32387: * logging.c:
32388: cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
32389: "register" since the compiler knows more than I do now do a
32390: "basename" of the tty
32391: [3b1bbf0b3da1]
32392:
32393: 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
32394:
32395: * configure.in:
32396: ++version
32397: [5ce552f9a5f1]
32398:
32399: * sudo.h:
32400: added shell extern changed MODE_* to be bit masks to allow for
32401: several options together
32402: [06f9dc4f400c]
32403:
32404: * sudo.c:
32405: added -s (shell) option made MODE_* masks so we can do bitwise & and
32406: | to see if multiple flags are set.
32407: [01f8143010ad]
32408:
32409: * check.c:
32410: added securid support
32411: [909e078005fe]
32412:
32413: 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
32414:
32415: * logging.c:
32416: removed a bunch of unnecesary strncpy()'s and replaced with strcat()
32417: [644506b57d61]
32418:
32419: 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
32420:
32421: * Makefile.in, version.h:
32422: ++version
32423: [3cd6f1fbc3d9]
32424:
32425: 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
32426:
32427: * parse.yacc:
32428: fixed free() of an uninitialized pointer (yuck)
32429: [8c404ee502ee]
32430:
32431: * testsudoers.c:
32432: added netgr_matches
32433: [e7c9fa2f774c]
32434:
32435: * parse.c:
32436: cleaned up netgr_matches
32437: [8108f00b810e]
32438:
32439: 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
32440:
32441: * RUNSON:
32442: updated for 1.3.4
32443: [4741704310a1]
32444:
32445: 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
32446:
32447: * Makefile.in:
32448: now installs sudoers.man -- really should clean this up though.
32449: [455631d45a1d]
32450:
32451: * Makefile.in:
32452: added sudoers.cat and sudoers.man
32453: [0bdedd6c7363]
32454:
32455: * sudo.man:
32456: pulled out stuff on the sudoers file format into a separate man page
32457: [de215d999cb9]
32458:
32459: * sudoers.man:
32460: Initial revision
32461: [f25eafbb7095]
32462:
32463: * HISTORY:
32464: fixed up my email address
32465: [254fbf80be74]
32466:
32467: * configure.in:
32468: added checks for innetgr and getdomainname
32469: [24a99cb7e97e]
32470:
32471: * visudo.c:
32472: added dummy netgr_matches function
32473: [1841ff2c01da]
32474:
32475: * parse.c:
32476: added netgr_matches
32477: [ec90db6a97b8]
32478:
32479: * parse.lex, parse.yacc:
32480: added NETGROUP support
32481: [c9dd93e3bc4b]
32482:
32483: * config.h.in:
32484: added HAVE_INNETGR & HAVE_GETDOMAINNAME
32485: [14abd494d875]
32486:
32487: 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
32488:
32489: * sudo.c:
32490: rewrote clean_env() that has rm_env() builtin
32491: [55cb43818a95]
32492:
32493: 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
32494:
32495: * check.c:
32496: now cast uid to long in sprintf
32497: [b549eea40aeb]
32498:
32499: * OPTIONS:
32500: added _INSULTS suffix to HAL & GOONS end
32501: [ed620d0aad30]
32502:
32503: * options.h:
32504: added _INSULTS suffix to HAL & GOONS
32505: [9f72e9b83afd]
32506:
32507: * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
32508: converted to new scheme of insult "unions" end
32509: [2f6d2b412132]
32510:
32511: * sudo.c:
32512: now uses MAX_UID_T_LEN
32513: [c1df79e0f389]
32514:
32515: * configure.in:
32516: added SUDO_UID_T_LEN !l
32517: [195f0b9f5f84]
32518:
32519: * config.h.in:
32520: added MAX_UID_T_LEN
32521: [73f42ae4f14d]
32522:
32523: * check.c:
32524: now use MAX_UID_T_LEN
32525: [df9c063234cb]
32526:
32527: * aclocal.m4:
32528: added check for max len of uid_t fixed sco vs. isc check
32529: [d558f36d2223]
32530:
32531: 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
32532:
32533: * configure.in:
32534: corrected version
32535: [828dd1571e86]
32536:
32537: * configure.in:
32538: added sco support
32539: [af1e2f616638]
32540:
32541: * aclocal.m4:
32542: hack to check for sco
32543: [549ab99a9a43]
32544:
32545: * interfaces.c:
32546: removed #include <net/route.h> since it was hosing some OS's
32547: [ac78a7c04005]
32548:
32549: 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
32550:
32551: * find_path.c:
32552: fixed prreadlink() prototype
32553: [b380fe1f2b11]
32554:
32555: * check.c:
32556: added parens in #if's
32557: [e96ade691b82]
32558:
32559: * configure.in:
32560: added SPW_ prefix
32561: [a302683a1483]
32562:
32563: * sudo.h:
32564: moved SPW_* to config.h.in
32565: [6b3be70e34cf]
32566:
32567: * sudo.c:
32568: added a set of parens
32569: [8188d735d695]
32570:
32571: * config.h.in:
32572: added SPW_*
32573: [5ead6371cf60]
32574:
32575: * sudo.h:
32576: added SPW_* reordered error codes
32577: [dead25b4ed0a]
32578:
32579: * check.c:
32580: moved SPW_* to sudo.h
32581: [ca51fb04caf4]
32582:
32583: 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
32584:
32585: * sudo.c:
32586: SPW_AUTH -> SPW_SECUREWARE
32587: [6b512b2bc5dc]
32588:
32589: * logging.c:
32590: GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
32591: [defdd0944e2f]
32592:
32593: * configure.in:
32594: AUTH -> SECUREWARE
32595: [d1f8a17001dd]
32596:
32597: * check.c:
32598: SPW_AUTH -> SPW_SECUREWARE
32599: [af0e8d8b89b2]
32600:
32601: * check.c:
32602: now uses SHADOW_TYPE to make shadow pw support more readable and
32603: modular. It's a start...
32604: [8c2a59667014]
32605:
32606: * configure.in:
32607: added autodetection of shadow passwords
32608: [85f81fa54b1b]
32609:
32610: * sudo.c:
32611: now uses SHADOW_TYPE define
32612: [355e5dc09b07]
32613:
32614: * config.h.in:
32615: added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
32616: [c0c06e83e483]
32617:
32618: * aclocal.m4:
32619: added SUDO_CHECK_SHADOW
32620: [464301301639]
32621:
32622: 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
32623:
32624: * configure.in:
32625: define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
32626: memmove() since we dno longer use it...
32627: [8aefa87d7d31]
32628:
32629: * CHANGES:
32630: updated
32631: [ce97b3fd7182]
32632:
32633: * logging.c:
32634: added BROKEN_SYSLOG support
32635: [a45c3bca36f6]
32636:
32637: * config.h.in:
32638: added BROKEN_SYSLOG
32639: [6f6abf0a6268]
32640:
32641: * check.c:
32642: now only bitch it timestamp > time_now + 2 * timeout to allow for a
32643: machine udpating its time from a server
32644: [546bc8d35325]
32645:
32646: * sudo.man:
32647: added 2 security notes updated Nieusma's email addr
32648: [616756c56977]
32649:
32650: * lsearch.c:
32651: changed a memmove() to memcpy() since we don't have to worry about
32652: overlapping segments.
32653: [30baa478526b]
32654:
32655: 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
32656:
32657: * interfaces.c:
32658: cleanup up the loop when interfaces are groped in so that it is
32659: readable
32660: [1fa39446bd69]
32661:
32662: * Makefile.in, version.h:
32663: ++version
32664: [b46bd2b1770f]
32665:
32666: 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
32667:
32668: * CHANGES:
32669: annotated 124-126
32670: [b82a2b3ec7ce]
32671:
32672: 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
32673:
32674: * check.c:
32675: fixed permissions check on /tmp/.odus
32676: [cc2431a65468]
32677:
32678: 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
32679:
32680: * check.c:
32681: fixed some comments
32682: [8896d09b4fda]
32683:
32684: * check.c:
32685: now checks owner & mode of timedir also checks for bogus dates on
32686: timestamp file
32687: [a0fad5df5b0a]
32688:
32689: * OPTIONS:
32690: updated TIMEOUT info
32691: [033cc22d9e04]
32692:
32693: * logging.c, sudo.h:
32694: added BAD_STAMPDIR and BAD_STAMPFILE
32695: [31d9ce691101]
32696:
32697: * compat.h:
32698: added definition of S_IRWXU
32699: [ff2dab091a9b]
32700:
32701: * CHANGES:
32702: updated
32703: [a40df90284f1]
32704:
32705: 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
32706:
32707: * interfaces.c:
32708: added #ifdef to make it compile on strange arches
32709: [4a127f12afce]
32710:
32711: 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
32712:
32713: * aclocal.m4:
32714: fixed check for fulkl void impl.
32715: [b6f2a4a361d8]
32716:
32717: * check.c:
32718: added mssing "static"
32719: [520552f2772b]
32720:
32721: * insults.h:
32722: replaced #elif with #else #if constructs for ancient C compilers
32723: [39ab2d365b57]
32724:
32725: * INSTALL:
32726: updated irix c2 & kerb5 info
32727: [ae79b99b4905]
32728:
32729: * configure.in:
32730: added shadow pw support for irix
32731: [632469d9c528]
32732:
32733: 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
32734:
32735: * BUGS, TODO:
32736: updated
32737: [2a96bb18ac30]
32738:
32739: * CHANGES:
32740: last changes for sudo 1.3.3
32741: [c1c0cd1034b8]
32742:
32743: * configure.in:
32744: now calls SUDO_SOCK_SA_LEN
32745: [14ea78159d45]
32746:
32747: * config.h.in:
32748: added HAVE_SA_LEN
32749: [cc2a346aa905]
32750:
32751: * aclocal.m4:
32752: added SUDO_SOCK_SA_LEN
32753: [456a2025644a]
32754:
32755: * interfaces.c:
32756: now works with ip implementations that use sa_len in sockaddr
32757: [90be6e028077]
32758:
32759: * INSTALL:
32760: added note about buggy AIX compiler
32761: [c0f6d427e4e4]
32762:
32763: * interfaces.c:
32764: now include sys/time.h for AIX
32765: [2510858ab38b]
32766:
32767: 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
32768:
32769: * Makefile.in:
32770: getcwd -> getwd
32771: [66085ebca98e]
32772:
32773: * interfaces.c:
32774: now works for ISC and others. yay.
32775: [f336d4ffc927]
32776:
32777: 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
32778:
32779: * Makefile.in, version.h:
32780: version++
32781: [836cffc2078d]
32782:
32783: 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
32784:
32785: * aclocal.m4:
32786: fixed test for full void impl
32787: [fb004107e7b9]
32788:
32789: * sudo.c:
32790: now check to see that st_dev is non-zero before assuming that we are
32791: being spoofed
32792: [1b0e1c30c506]
32793:
32794: 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
32795:
32796: * aclocal.m4, configure.in:
32797: SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
32798: [4953379bfb01]
32799:
32800: 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
32801:
32802: * aclocal.m4:
32803: fixed include file order for SUDO_FUNC_UTIME_POSIX
32804: [ff64ab7df44f]
32805:
32806: * logging.c:
32807: added cast for ttyname()
32808: [444f05f56758]
32809:
32810: * configure.in:
32811: fixed typo
32812: [de068e748431]
32813:
32814: * check.c:
32815: now deal correctly with all known variation of utime() -- yippe
32816: [b778a4195a89]
32817:
32818: * configure.in:
32819: added SUDO_FUNC_UTIME_POSIX
32820: [cf635f2269d6]
32821:
32822: * aclocal.m4:
32823: added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
32824: [d79593be4b73]
32825:
32826: * config.h.in:
32827: added HAVE_UTIME_POSIX
32828: [c67b4ac0dca5]
32829:
32830: * check.c:
32831: fixed a typo
32832: [b14df5680f59]
32833:
32834: * check.c:
32835: no longer assume !HAVE_UTIME_NULL means old BSD utime()
32836: [0aeaf4b2f38b]
32837:
32838: * check.c:
32839: fixed fascist C compiler warning
32840: [c61ddf2f1f93]
32841:
32842: * interfaces.c:
32843: now set strioctl.ic_timout in STRSET() now initialize num_interfaces
32844: to 0 (just to be anal)
32845: [c54cc2ba0052]
32846:
32847: 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
32848:
32849: * sudo.h:
32850: increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
32851: [74cf585a54fb]
32852:
32853: * logging.c:
32854: added tty logging
32855: [e27d8dcfbd78]
32856:
32857: * interfaces.c:
32858: reworked the ISC code
32859: [bcf57ce8ae69]
32860:
32861: * Makefile.in, version.h:
32862: updated version
32863: [032941c9b94d]
32864:
32865: * check.c:
32866: now expect old-style utime(3) if utime() can't take NULL as an arg
32867: [018dd4a73030]
32868:
32869: * configure.in:
32870: added check for utime.h
32871: [0b76e8feb618]
32872:
32873: * config.h.in:
32874: added HAVE_UTIME_H
32875: [62ee42feda46]
32876:
32877: * Makefile.in:
32878: added CPPFLAGS STATIC_FLAGS -> LDFLAGS
32879: [fa3201d294e1]
32880:
32881: * configure.in:
32882: now search for kerb libs and includes
32883: [cc332401e571]
32884:
32885: * check.c:
32886: added support for utime(2)'s that can't take a NULL parameter
32887: [98797fedf69f]
32888:
32889: * utime.c:
32890: moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
32891: [6ce6d825fb44]
32892:
32893: * configure.in:
32894: added utime(s) stuff
32895: [a2afb744403e]
32896:
32897: * check.c:
32898: now use utime()
32899: [48902240a51e]
32900:
32901: * config.h.in:
32902: added HAVE_UTIME and HAVE_UTIME_NULL
32903: [9a56ab65d4f4]
32904:
32905: 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
32906:
32907: * utime.c:
32908: now use HAVE_UTIME_NULL
32909: [e3944de09a92]
32910:
32911: * emul/utime.h, utime.c:
32912: Initial revision
32913: [a2cbf2ef3427]
32914:
32915: * check.c:
32916: need to setuid(0) to make kerb4 stuff work.
32917: [c6cfda4039d7]
32918:
32919: * tgetpass.c:
32920: no more special case for kerberos
32921: [4a5c33145be9]
32922:
32923: * config.h.in:
32924: took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
32925: emulation)
32926: [a607ee43e650]
32927:
32928: * compat.h:
32929: no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
32930: kerberos
32931: [02fb274cc136]
32932:
32933: * check.c:
32934: now use private ticket file for kerberos support to avoid trouncing
32935: on system one
32936: [28d8b6b812c7]
32937:
32938: 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
32939:
32940: * sudo.h:
32941: added SPOOF_ATTEMPT & cmnd_st
32942: [d3b42a1f4d0d]
32943:
32944: * sudo.c:
32945: added anti-spoofing support
32946: [ab1e2aa44a57]
32947:
32948: * parse.c:
32949: now use global cmnd_st
32950: [47018265a1a6]
32951:
32952: * logging.c:
32953: added SPOOF_ATTEMPT suypport
32954: [7bbe9dd2a021]
32955:
32956: * testsudoers.c, visudo.c:
32957: added void casts where appropriate
32958: [f191441ba333]
32959:
32960: * parse.yacc:
32961: fixed up spacing and added void casts where appropriate
32962: [15d886fc809c]
32963:
32964: * sudo.c:
32965: fixed problem with "-p prompt" but no args
32966: [6fc048261a3e]
32967:
32968: 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
32969:
32970: * sudo.man:
32971: added BUGS and annotated -l description
32972: [e5c506de2603]
32973:
32974: * sudo.h:
32975: validate() now takes a flag
32976: [26627becc60a]
32977:
32978: * sudo.c:
32979: validate() now takes a flag added -l
32980: [a4f7bb97fe54]
32981:
32982: * parse.yacc:
32983: added support for -l
32984: [e7a9b10b0ad3]
32985:
32986: * parse.c:
32987: validate() now takes a flag that says whether or not to check the
32988: command
32989: [9e1e67f4e281]
32990:
32991: 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
32992:
32993: * logging.c:
32994: now deals with Argv == 1
32995: [0acb637ab635]
32996:
32997: * sudo.man:
32998: added -p option
32999: [e60382fc0561]
33000:
33001: * sudo.c:
33002: added prompt support reworked parse_args()
33003: [2f605267ed4a]
33004:
33005: * sudo.h:
33006: added prompt
33007: [5ab021bdb419]
33008:
33009: * options.h:
33010: added PASSPROMPT
33011: [614727ff44a2]
33012:
33013: * check.c:
33014: now use BUFSIZ as length of kerb password added kpass so pass is
33015: always a char * now use prompt global when asking for a password
33016: [76be09af784f]
33017:
33018: * tgetpass.c:
33019: now use BUFSIZ as _PASSWD_LEN if using kerberos
33020: [1e907eed312b]
33021:
33022: * OPTIONS:
33023: added PASSPROMPT
33024: [ddb2f405ce40]
33025:
33026: 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
33027:
33028: * configure.in:
33029: only look for -lufc or -lcrypt if crypt() not in libc
33030: [9717d315661f]
33031:
33032: * check.c:
33033: don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
33034: (unknown user) silently fail
33035: [2b48693d4ee9]
33036:
33037: * INSTALL:
33038: added kerb4 note
33039: [986e393f740c]
33040:
33041: * tgetpass.c:
33042: HAVE_KERBEROS -> HAVE_KERB4
33043: [e438bfb5e6aa]
33044:
33045: * check.c:
33046: removed debugging printf
33047: [1cf9f5cbffa5]
33048:
33049: * configure.in:
33050: KERBEROS -> KERB4 added checks for setreuid & setresuid
33051: [01e9945beb1e]
33052:
33053: * config.h.in:
33054: HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
33055: [0e0bb5b8ac3e]
33056:
33057: * compat.h:
33058: added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
33059: with setresuid if applic
33060: [9dae24c47696]
33061:
33062: * check.c:
33063: HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
33064: no setreuid() or a broken one
33065: [1fca642bdb8e]
33066:
33067: 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
33068:
33069: * configure.in:
33070: added kerberos support
33071: [da5639b9b8e7]
33072:
33073: * config.h.in:
33074: added HAVE_KERBEROS
33075: [fcc5be550e65]
33076:
33077: * tgetpass.c:
33078: added KERBEROS support (long passwords)
33079: [303ba6924dd2]
33080:
33081: * check.c:
33082: added kerberos support
33083: [e40afe98fc1d]
33084:
33085: 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
33086:
33087: * sudo.h:
33088: added MODE_BACKGROUND
33089: [9b483c932016]
33090:
33091: * sudo.man:
33092: escaped dashes added -b option
33093: [62e84f1a7714]
33094:
33095: * sudo.c:
33096: added -b option
33097: [7e78aaefeb95]
33098:
33099: * check.c:
33100: added crypt() for osf/1 3.x enhanced secuiry
33101: [e9aa5abdb7d5]
33102:
33103: * configure.in:
33104: now check for -lcrypt
33105: [5cb9c67e9fa2]
33106:
33107: * interfaces.c:
33108: added ENXIO like EADDRNOTAVAIL
33109: [74223bb1ba75]
33110:
33111: 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
33112:
33113: * configure.in:
33114: now emulate getwd(), not getcwd()
33115: [3e5439d9a5f4]
33116:
33117: * sudo.c:
33118: getcwd() -> getwd()
33119: [6392a96a658e]
33120:
33121: * getwd.c:
33122: getcwd -> getwd
33123: [1b0ab9bae11e]
33124:
33125: 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
33126:
33127: * ins_2001.h, ins_classic.h, ins_goons.h:
33128: Initial revision
33129: [86db60d8cf00]
33130:
33131: * insults.h:
33132: broke out insults into separate include files
33133: [0a01993bd38a]
33134:
33135: * OPTIONS, options.h:
33136: added GOONS
33137: [e283203c6515]
33138:
33139: * Makefile.in:
33140: added ins_2001.h ins_classic.h ins_goons.h
33141: [2a39cd6a4cd2]
33142:
33143: * Makefile.in, version.h:
33144: ++version
33145: [05ebf4f5e41a]
33146:
33147: * visudo.c:
33148: moved signal handler setup to setup_signals()
33149: [3dd976c04540]
33150:
33151: * sudo.h:
33152: added load_interfaces()
33153: [af2d473b09e2]
33154:
33155: * sudo.c:
33156: moved load_interfaces to interfaces.c
33157: [5c8c138e5d4c]
33158:
33159: * parse.yacc:
33160: added clearaliases
33161: [aeb4ff301daa]
33162:
33163: * OPTIONS, options.h:
33164: added FAST_MATCH
33165: [f49ea3d1b525]
33166:
33167: * parse.lex:
33168: now uses clearaliases variable
33169: [a2dda415bf61]
33170:
33171: * interfaces.c:
33172: Initial revision
33173: [a1990e3f5c69]
33174:
33175: * Makefile.in:
33176: added interfaces.[co]
33177: [1e8e5984de97]
33178:
33179: * testsudoers.c:
33180: now uses ip addrs and netmasks via load_interfaces()
33181: [54b8f7a6835e]
33182:
33183: * sudo.c:
33184: now remove IFS instead of setting to "sane" value
33185: [ce7eec9f115e]
33186:
33187: 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
33188:
33189: * parse.c:
33190: added FAST_MATCH
33191: [816d4f5fe81a]
33192:
33193: 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
33194:
33195: * Makefile.in:
33196: sudo_goodpath.c-> goodpath.c
33197: [a5072c4e1de2]
33198:
33199: * sudo.c:
33200: added Andy's new ISC changes
33201: [caa6bbee358e]
33202:
33203: 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
33204:
33205: * OPTIONS:
33206: added a sentence to SECURE_PATH info
33207: [cad6e1569d15]
33208:
33209: * BUGS:
33210: added one
33211: [4b35cf699a83]
33212:
33213: * CHANGES:
33214: updated
33215: [5fded9dc62f0]
33216:
33217: * RUNSON:
33218: updated
33219: [33cb993cfd39]
33220:
33221: 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
33222:
33223: * RUNSON:
33224: updated for beta3
33225: [a05dc6a91995]
33226:
33227: * Makefile.in, version.h:
33228: ++version
33229: [54aaf3fadc75]
33230:
33231: * aclocal.m4:
33232: sendmail is now looked for in �/usr/ucblib
33233: [231ac1a4662f]
33234:
33235: * sudo.c:
33236: fixed indentation
33237: [fb137400c8c2]
33238:
33239: * aclocal.m4:
33240: fixed a typo
33241: [e03f1acc468b]
33242:
33243: * sudo.c:
33244: updated ISC mods
33245: [070290d4754b]
33246:
33247: * configure.in:
33248: added unixware case
33249: [e90250bae0d9]
33250:
33251: * check.c:
33252: user_is_exempt is no longer hidden
33253: [1a341765b8af]
33254:
33255: * RUNSON:
33256: updated
33257: [a9c4898b26dd]
33258:
33259: * aclocal.m4:
33260: isc and riscos changes
33261: [98b5d86585d1]
33262:
33263: * OPTIONS:
33264: added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
33265: [e1ecc464ce4b]
33266:
33267: * Makefile.in:
33268: fixed a typo and added testsudoers stuff
33269: [435d60e163dc]
33270:
33271: * testsudoers.c:
33272: Initial revision
33273: [6ce14a448662]
33274:
33275: 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
33276:
33277: * parse.yacc:
33278: applied fixed patch from Chris
33279: [cd6144203d13]
33280:
33281: 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
33282:
33283: * Makefile.in:
33284: fixed a typo
33285: [34f8a54ba041]
33286:
33287: * parse.yacc:
33288: added a set of braces for bison
33289: [f0e43b938914]
33290:
33291: * parse.yacc:
33292: merged in Chris' changes to dekludge the parser.
33293: [82d6e373ab1c]
33294:
33295: * logging.c:
33296: send_mail() was calling find_path() which is wrong since find_path()
33297: stores cmnd in a static var. Anyhow, it doesn't make much sense
33298: since MAILER should always be fully qualified
33299: [6eae6a0b8098]
33300:
33301: 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
33302:
33303: * sample.sudoers:
33304: added User_Alias stuff
33305: [aaba8c8e918d]
33306:
33307: * aclocal.m4:
33308: SUDO_NEXT now looks for /usr/lib/NextStep/software_version
33309: [52bd81f34b32]
33310:
33311: * RUNSON:
33312: added DEC UNIX 3.0 w/ gcc
33313: [7daf570775b5]
33314:
33315: * visudo.c:
33316: Exit was being used in places where exit should be used
33317: [6026a89c07ed]
33318:
33319: * sudoers:
33320: added "User alias specification"
33321: [a487b6e234f8]
33322:
33323: * parse.yacc:
33324: fixed probs caused by making nslots and naliases a size_t
33325: [0be919384f3f]
33326:
33327: * RUNSON:
33328: added KSR, upped rev to 1.3.1b2
33329: [ce04ee6faadf]
33330:
33331: * logging.c, parse.yacc:
33332: 1024 -> BUFSIZ
33333: [cd6dda45fa11]
33334:
33335: * parse.yacc:
33336: void * -> VOID * naliases and nslots are now size_t to appease
33337: lsearch on 64-bit machines
33338: [bf2f807c0dc1]
33339:
33340: 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
33341:
33342: * TODO:
33343: did a bunch of things and added a bunch :-)
33344: [42afd957b829]
33345:
33346: * PORTING:
33347: updated
33348: [972f95c85776]
33349:
33350: * visudo.man:
33351: closer to BSD manpage style
33352: [07ae88f50325]
33353:
33354: * sudo.man:
33355: closer to standard BSD man format
33356: [372c28dcc135]
33357:
33358: * compat.h, config.h.in, emul/search.h, insults.h, options.h,
33359: pathnames.h.in, sudo.h, version.h:
33360: added RCS id
33361: [c0ec90b81002]
33362:
33363: * sudo.h:
33364: removed crufty #defines that are no longer used
33365: [35e2b4b477f0]
33366:
33367: * BUGS:
33368: fixed a bug
33369: [5bb3e1bee85e]
33370:
33371: * sudo.man:
33372: updated based on sudo changes
33373: [e65de1cae438]
33374:
33375: * parse.yacc:
33376: now allow ALL keyword in User_Aliases now allow ALL keyword as well
33377: as a NAME or ALIAS
33378: [1fb31404dd0f]
33379:
33380: * CHANGES:
33381: updated
33382: [b24018ac610b]
33383:
33384: * sudo.c:
33385: now sets SUDO_COMMAND and SUDO_GID envariables.
33386: [e9d791557fb7]
33387:
33388: * aclocal.m4:
33389: fixed bug with full void impl check
33390: [35715301023c]
33391:
33392: * parse.yacc:
33393: fixed User_Alias supoprt
33394: [4c30dfbaaa07]
33395:
33396: * parse.yacc:
33397: added stubs for User_Alias support
33398: [f4afbd247edf]
33399:
33400: * sudo.c:
33401: now sets removes # bogus interfaces from num_interfaces
33402: [6f077fac9ab1]
33403:
33404: * parse.lex:
33405: added User_Alias support
33406: [bc7997e5df85]
33407:
33408: 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
33409:
33410: * Makefile.in:
33411: removed extraneous TODO
33412: [bc87a3b14d6d]
33413:
33414: 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
33415:
33416: * visudo.c:
33417: ntwk_matches -> addr_matches
33418: [475044e288b8]
33419:
33420: * parse.yacc:
33421: ntwk_matches -> addr_matches
33422: [dd1f4093fd2d]
33423:
33424: * parse.c:
33425: ntwk_matches -> addr_matches now use inet_addr() not inet_network()
33426: (which expects octet boundaries) fixes for OSF (sizeof(int) !=
33427: sizeof(long))
33428: [acd2f556940f]
33429:
33430: * sudo.c:
33431: took out debugging info
33432: [044023063eca]
33433:
33434: * aclocal.m4:
33435: OS was being set to unknown before non-uname based host checks.
33436: This caused no checks to happen since $OS was not zero-length.
33437: [335a7267479d]
33438:
33439: * sudo.c:
33440: fixed loading of interfaces struct still has debugging info in
33441: though
33442: [2d1a18998c1e]
33443:
33444: * parse.c:
33445: fixed typo
33446: [175674a3a9fa]
33447:
33448: 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
33449:
33450: * Makefile.in:
33451: ++version
33452: [55d191b5daa3]
33453:
33454: * version.h:
33455: ++
33456: [d7d1f115696a]
33457:
33458: * visudo.c:
33459: removed extraneous extern decl of "top
33460: [50355621047d]
33461:
33462: * visudo.c:
33463: now zeros "top"
33464: [4e683210345b]
33465:
33466: * parse.yacc:
33467: removed parser_cleanup (no need for it now)
33468: [afa59f222b6c]
33469:
33470: * parse.lex:
33471: now calls reset_aliases() directly
33472: [3a23cbd60fc0]
33473:
33474: 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
33475:
33476: * OPTIONS:
33477: added a sentence to SECURE_PATH description
33478: [c5bf75b85af0]
33479:
33480: * parse.c:
33481: fixed my stupid bug where I used NAMLEN on something I wanted to
33482: just get the name from. argh.
33483: [111f460f6540]
33484:
33485: 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
33486:
33487: * lsearch.c:
33488: fixed argument order of memmove() that i hosed when converting from
33489: bcopy(). arghh.
33490: [2f5336045c8b]
33491:
33492: * Makefile.in:
33493: finally fixed DISTFILES line
33494: [a1b419e73a63]
33495:
33496: * Makefile.in:
33497: tabs -> spaces
33498: [280fb03e5764]
33499:
33500: * Makefile.in:
33501: added missing files to DISTFILES
33502: [991fc1cd2263]
33503:
33504: * Makefile.in:
33505: SUPPORTED -> RUNSON
33506: [7580e65b05fb]
33507:
33508: 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
33509:
33510: * TODO:
33511: updated
33512: [fe764a29c1cc]
33513:
33514: * RUNSON:
33515: updated for pl5b1 release
33516: [aefc35bd2291]
33517:
33518: * BUGS, TODO:
33519: updated
33520: [8f0ea249b687]
33521:
33522: * check.c:
33523: fixed bug where if you hit return at first sudo prompt it would
33524: still log as a failure
33525: [24539c854692]
33526:
33527: * CHANGES:
33528: updated
33529: [251cc7b3ede4]
33530:
33531: * aclocal.m4:
33532: better test for bogus void * implementation
33533: [efe23180cb88]
33534:
33535: * logging.c:
33536: added PASSWORDS_NOT_CORRECT
33537: [bd12c73f83f7]
33538:
33539: * check.c:
33540: added PASSWORDS_NOT_CORRECT stuff]
33541: [90de391a979f]
33542:
33543: * sudo.h:
33544: added PASSWORDS_NOT_CORRECT
33545: [727fbeb76fc5]
33546:
33547: * tgetpass.c:
33548: moved pathnames.h
33549: [4f910e5a8df7]
33550:
33551: * sudo.c:
33552: removed some unused vars and fixed up uid2str
33553: [70e92c7f9076]
33554:
33555: * putenv.c:
33556: moved compat.h
33557: [b271091586f6]
33558:
33559: * getcwd.c, getwd.c:
33560: added pathnames.h
33561: [6f25218f133f]
33562:
33563: 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
33564:
33565: * parse.yacc:
33566: fixed a typo I introduced in the last checkin :-(
33567: [62c3af75c4fe]
33568:
33569: * parse.lex:
33570: can't have #ifdef's where N is defined so just do this the broken
33571: way for AIX
33572: [c5648a5594e4]
33573:
33574: * parse.yacc:
33575: better hack from Chris (but still a hack)
33576: [6b6d8aed93f3]
33577:
33578: * parse.lex:
33579: stupid hack for broken aix lex
33580: [efc3f9e5280e]
33581:
33582: * tgetpass.c:
33583: now includes compat.h �
33584: [401822173f77]
33585:
33586: * visudo.c:
33587: now includes fcntl.h
33588: [63865c2f8ac6]
33589:
33590: * compat.h:
33591: added FD_SET and FD_ZERO for 4.2BSD
33592: [00c5597c0bb0]
33593:
33594: * parse.yacc:
33595: dirty hack to fix parser bug. i don't really like this but it works
33596: for now...
33597: [5b8bbdc81569]
33598:
33599: * sudo.c:
33600: uid2str is now static like the prototype says
33601: [f2a97b5cb870]
33602:
33603: 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
33604:
33605: * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
33606: updated
33607: [6f79c3e92716]
33608:
33609: * RUNSON:
33610: Initial revision
33611: [12a09ef9e884]
33612:
33613: * sudo.c:
33614: check_sudoers now returns an error code and sudo calls inform_user
33615: and log_error based on the return value.
33616: [340eca188d9a]
33617:
33618: * logging.c, sudo.h:
33619: added entries for new errors
33620: [6050d8542e1f]
33621:
33622: * parse.c:
33623: now set uid to that of SUDOERS_OWNER while parsing sudoers file
33624: [3683c42bc9b0]
33625:
33626: * Makefile.in:
33627: took out testsudoers �
33628: [65317d49db48]
33629:
33630: * sudo.c:
33631: now explicately checks that it is setuid root
33632: [2fe1be60ef6a]
33633:
33634: * sudo.c:
33635: If a user has no passwd entry sudo would segv (writing to a garbage
33636: pointer). Now allocate space before writing :-)
33637: [d08e7eb5e5ef]
33638:
33639: * configure.in:
33640: reordered AC_CHECK_FUNCS
33641: [4c82e56c6f4f]
33642:
33643: * config.h.in:
33644: fixed memset macro
33645: [77ede6b714ab]
33646:
33647: * tgetpass.c, visudo.c:
33648: bzero -> memset
33649: [1a005bb322c8]
33650:
33651: * logging.c:
33652: bzero -> memset when a parse error is logged the line number of the
33653: error is now logged too
33654: [a42d68047723]
33655:
33656: * INSTALL:
33657: added Sunos to blurb about c2 security
33658: [af750a1d131e]
33659:
33660: * configure.in:
33661: added a SUN4 define for C2 security
33662: [6ad5b23a3eb0]
33663:
33664: * config.h.in:
33665: bcopy -> memmove bzero -> memset
33666: [5494460c8464]
33667:
33668: * lsearch.c:
33669: bcopy -> memmove char * -> VOID *
33670: [a15f5c316e16]
33671:
33672: * check.c:
33673: added support for sunos with C2 security
33674: [03fea5bb21e6]
33675:
33676: * OPTIONS, options.h:
33677: reordered
33678: [1686265af3e1]
33679:
33680: * pathnames.h.in:
33681: _PATH_SUDO_LOGFILE now set based on configure
33682: [5867b58e4a04]
33683:
33684: * configure.in:
33685: added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
33686: [1984d9fd1b5c]
33687:
33688: * config.h.in:
33689: added _SUDO_PATH_LOGFILE
33690: [dd3eebe62580]
33691:
33692: * aclocal.m4:
33693: added SUDO_LOGFILE to find where to put sudo.log added
33694: SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
33695: SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
33696: [c589a515a99a]
33697:
33698: 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
33699:
33700: * TROUBLESHOOTING:
33701: Initial revision
33702: [f42f1baba3a8]
33703:
33704: * sudo.c:
33705: now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
33706: to work around a problem is trusted hpux shadow passwords. yuck.
33707: [ae1f13b54687]
33708:
33709: * parse.yacc:
33710: backed out a change in malloc/realloc
33711: [ab868db0ad69]
33712:
33713: * parse.yacc:
33714: now include stdlib.h
33715: [957eef0631eb]
33716:
33717: * visudo.c:
33718: now do an freopen() of the stmp file so that yyin will always point
33719: to the same thing. This is important for flex since we are doing a
33720: YY_NEWFILE
33721: [44558922fd3e]
33722:
33723: * parse.yacc:
33724: replaced yywrap() with parser_cleanup() since yywrap() needs to be
33725: in parse.lex to be able to use YY_NEW_FILE. sigh.
33726: [12dd09921074]
33727:
33728: * parse.lex:
33729: now have a rule that matches anything that doesn't match an
33730: explicite rule. well, you know what i mean (. matches anything not
33731: yet matched). However, this means that there is input still queued
33732: up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
33733: into parse.lex and it calls parser_cleanup() which is most of the
33734: old yywrap() sigh.
33735: [7f4042bc48d6]
33736:
33737: * SUPPORTED:
33738: no longer used
33739: [8f220be4da94]
33740:
33741: * getcwd.c, getwd.c:
33742: moved compat.h to be the last include file
33743: [9f3a65e2d485]
33744:
33745: * parse.yacc:
33746: fixed type of aliascmp() args
33747: [1c27eb989bdf]
33748:
33749: * find_path.c:
33750: NULL -> '\0'
33751: [5c8d8cf1692e]
33752:
33753: * parse.yacc:
33754: added casts to lfind and lsearch args for irix
33755: [61027ddeecf8]
33756:
33757: * Makefile.in:
33758: bsdinstall -> install-sh
33759: [61de6612c5a5]
33760:
33761: * INSTALL:
33762: added info about make realclean
33763: [29c6324d727f]
33764:
33765: * Makefile.in:
33766: updated VERSION added dependencies for visudo.cat
33767: [09077d7229d4]
33768:
33769: * version.h:
33770: -> pl5b1
33771: [5d21c7ad1a41]
33772:
33773: * sudo.c:
33774: took out -l
33775: [fc1478d81b38]
33776:
33777: * Makefile.in:
33778: now there is a real visudo.man and visudo.cat
33779: [58aeac43a6dd]
33780:
33781: * sudo.man:
33782: took out visudo stuff
33783: [4a6ac4393343]
33784:
33785: * visudo.man:
33786: Initial revision
33787: [cba348843db8]
33788:
33789: * parse.c, parse.lex, parse.yacc:
33790: updated copyright
33791: [ffa16b70944a]
33792:
33793: * README:
33794: updated for pl5
33795: [a26e423e9e5f]
33796:
33797: * sudo.man:
33798: updated Nieusma & Hieb email addresses
33799: [f0083e71989d]
33800:
33801: * INSTALL:
33802: updated to include options.h and OPTIONS
33803: [ee59e2b76c94]
33804:
33805: * CHANGES, TODO:
33806: updated
33807: [51e011ad5220]
33808:
33809: * BUGS:
33810: eliminated bug #1 (yay)
33811: [e7e88515494e]
33812:
33813: * configure.in:
33814: sunos no longer gets linked statically
33815: [2e5b3ff3108f]
33816:
33817: 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
33818:
33819: * parse.lex:
33820: prototype now uses __P()
33821: [68ecdcab4c70]
33822:
33823: * parse.lex:
33824: make fill() non-ansi
33825: [d6509972260b]
33826:
33827: * parse.c:
33828: made -v (validate) work
33829: [13c9d520638c]
33830:
33831: * logging.c:
33832: now gives host
33833: [f04859cdba5a]
33834:
33835: * find_path.c:
33836: don't check for execute/statable if fq or relative path given
33837: [4bbe851f3973]
33838:
33839: * parse.c:
33840: added a cast
33841: [345c308f72f3]
33842:
33843: * visudo.c:
33844: now include ctype.h for islower and tolower macros
33845: [582c0aa332d5]
33846:
33847: * goodpath.c:
33848: moved _S_IFMT & _S_ISREG to compat.h
33849: [828e4ca4e7b4]
33850:
33851: * sudo.c:
33852: moved a set of parens
33853: [5783474ecf37]
33854:
33855: * strdup.c:
33856: now include compat.h
33857: [75e2036b94af]
33858:
33859: * emul/search.h:
33860: void * -> VOID *
33861: [cedcfaf04161]
33862:
33863: * parse.yacc:
33864: now cast malloc & realloc return vals added search for HAVE_LSEARCH
33865: now use strcmp if no strcasecmp available
33866: [d6a42bc3d4ae]
33867:
33868: * lsearch.c:
33869: void * -> VOID *
33870: [886adc44f607]
33871:
33872: * config.h.in:
33873: removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
33874: HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
33875: [3b50d7fb4349]
33876:
33877: * compat.h:
33878: added _S_IFMT, _S_IFREG, and S_ISREG
33879: [73d506c7d53c]
33880:
33881: * aclocal.m4:
33882: took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
33883: to most SUDO_* macros
33884: [8442155f5936]
33885:
33886: * Makefile.in:
33887: no more -I.
33888: [63462f195bd4]
33889:
33890: * configure.in:
33891: various 1.x ro 2.x autoconf changes now check for strcasecmp now use
33892: AC_INSTALL_PROG instead of custom one added check for fully woorking
33893: void implementation
33894: [5ac6b6e6230f]
33895:
33896: * Makefile.in:
33897: added lsearch & search.h visudo links into $(LIBOBJS)
33898: [bc119cda4598]
33899:
33900: * aclocal.m4:
33901: partial 1.x to 2.x changes added SUDO_FULL_VOID
33902: [1194d01fa5c5]
33903:
33904: * visudo.c:
33905: whatnow_help was prototyped to be static be was not declared as
33906: such
33907: [0f85489dd426]
33908:
33909: * configure.in:
33910: autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
33911: for dirent/dir/ndir.h
33912: [7408f3854948]
33913:
33914: * parse.c:
33915: now use groovy gnu autoconf macro AC_HEADER_DIRENT
33916: [e465db9f5dfa]
33917:
33918: * getcwd.c, getwd.c:
33919: MAXPATHLEN -> MAXPATHLEN+1
33920: [714d87424e21]
33921:
33922: * emul/search.h, lsearch.c:
33923: Initial revision
33924: [55d79482c535]
33925:
33926: 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
33927:
33928: * parse.yacc:
33929: eliminated bison warnings
33930: [61ca0a96da22]
33931:
33932: * parse.lex:
33933: added missing case
33934: [6be0f849747c]
33935:
33936: * visudo.c:
33937: now iincludes signal.h
33938: [221e0fcc144f]
33939:
33940: * parse.yacc:
33941: only clear data structures on a parse error
33942: [7b1c0f1a4527]
33943:
33944: * visudo.c:
33945: whatnow() now gives help on invalid input
33946: [e5a4cd88c587]
33947:
33948: * visudo.c:
33949: added a whatnow() function (sort of like mh)
33950: [932d9b145f1c]
33951:
33952: * parse.yacc:
33953: kill_aliases -> reset_aliases yywrap() now cleans up by calling
33954: reset_aliases() and clearing top took reset stuff out of yyerror()
33955: since it doesn't beling there (and doesn't work anyway). errorlineno
33956: is now initially set to -1 so we can set it to the first error that
33957: occurrs (it was getting set to the last)
33958: [2f71f95a974c]
33959:
33960: * parse.lex:
33961: added a void cast
33962: [18ae6042dce4]
33963:
33964: * visudo.c:
33965: rewrote from scratch based on 4.3BSD vipw.c
33966: [2f6814f18576]
33967:
33968: 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
33969:
33970: * sudo.c, sudo.h:
33971: removed ocmnd
33972: [a31735f41ad4]
33973:
33974: * sudo.h:
33975: no more sudo_realpath() and find_path() changed params
33976: [8e85c3b39159]
33977:
33978: * sudo.c:
33979: find_path() changed since no more realpath()
33980: [b25366c7f2ee]
33981:
33982: * parse.yacc:
33983: on error, errorlineno is set to the line where the error occurred
33984: added kill_aliases() to free the aliases struct now clean up in
33985: yyerror() so we can reparse cleanly
33986: [2342f578c27a]
33987:
33988: * options.h, parse.c:
33989: no more USE_REALPATH
33990: [cfc59babeaff]
33991:
33992: * logging.c:
33993: changed to use new find_path()
33994: [91c7a38e7751]
33995:
33996: * find_path.c:
33997: removed all the realpath() stuff
33998: [cc21a43a8562]
33999:
34000: * Makefile.in:
34001: sudo_realpath.c -> sudo_goodpath.c
34002: [03a9b1ddec2f]
34003:
34004: * visudo.c:
34005: now works correctly with utk parser
34006: [08aa554a0ce8]
34007:
34008: * goodpath.c:
34009: Initial revision
34010: [1ea607e1ffb2]
34011:
34012: * sudo_realpath.c:
34013: eliminated a compiler warning
34014: [198bcccc55b6]
34015:
34016: * sudo.c:
34017: elinated compiler warning
34018: [e2384f9a878b]
34019:
34020: * sudo_realpath.c:
34021: added sudo_goodpath()
34022: [43878c4cc540]
34023:
34024: * sudo.h:
34025: added prototype for sudo_goodpath
34026: [23e8627a2265]
34027:
34028: * parse.c:
34029: added support for /sys/dir.h
34030: [eca897087741]
34031:
34032: * options.h:
34033: USE_REALPATH turned off
34034: [620ac8b63d85]
34035:
34036: * find_path.c:
34037: added calls to sudo_goodpath()
34038: [ad170904fbcd]
34039:
34040: * configure.in:
34041: added check for dirent.h
34042: [7964a8c26855]
34043:
34044: * config.h.in:
34045: added HAVE_DIRENT_H
34046: [1f785fec7e19]
34047:
34048: * configure.in:
34049: added in linux shadow pass stuff �
34050: [e585a5785f50]
34051:
34052: 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
34053:
34054: * visudo.c:
34055: added back host, user, cmnd, parse_error
34056: [0ec19f3d64f4]
34057:
34058: * visudo.c:
34059: added in utk changes plus some minor cosmetic changes
34060: [c5c1921c8a58]
34061:
34062: * sudo.c, sudo_realpath.c:
34063: added void casts for printf's
34064: [9c6ff11c0082]
34065:
34066: * options.h:
34067: added a define of USE_REALPATH
34068: [db3711c9efc5]
34069:
34070: * configure.in:
34071: there is no more visudoers/Makefile
34072: [36e1bc1f78d0]
34073:
34074: * Makefile.in:
34075: added in utk changes (visudo is now built from the toplevel)
34076: [76203d4b345d]
34077:
34078: * find_path.c:
34079: added (void) casts to printf's
34080: [dd5cb1e060ac]
34081:
34082: * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
34083: merged in utk changes
34084: [35563307fd8e]
34085:
34086: 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
34087:
34088: * find_path.c:
34089: now check to see that what we are trying to run is a file (or a link
34090: to a file, we do a stat(2) so there is no diff)
34091: [05889c4bcace]
34092:
34093: 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
34094:
34095: * CHANGES:
34096: updated
34097: [3e8047bb26fb]
34098:
34099: * Makefile.in:
34100: aclocal.m4 -> acsite.m4 make realclean updated for new autoconf �
34101: [0bdbaa7c4c7d]
34102:
34103: * sudo.man:
34104: added myself as maintainer
34105: [77a9d75aab84]
34106:
34107: 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
34108:
34109: * sudo.c:
34110: changed setegid -> setgid
34111: [7f4788d73b6f]
34112:
34113: 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
34114:
34115: * configure.in:
34116: fixed the test for irix 5.x to skip bad libs
34117: [bfef896de013]
34118:
34119: * aclocal.m4:
34120: now initialize OS and OSREV
34121: [cc302756e440]
34122:
34123: 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
34124:
34125: * configure.in:
34126: irix5 changes
34127: [ac985b23f5f2]
34128:
34129: * configure.in:
34130: AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
34131: compatibility
34132: [0cf8c92a06d7]
34133:
34134: 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
34135:
34136: * visudo.c:
34137: use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
34138: thing wrt yyrestart (grrrr)
34139: [18e8eabfbb82]
34140:
34141: 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
34142:
34143: * Makefile.in:
34144: added visudoers/compat.h to DISTFILES
34145: [db23b574b034]
34146:
34147: * configure.in:
34148: fixed an echo
34149: [7cbc0462b89d]
34150:
34151: * sudo.c:
34152: added ocmnd declaration adjusted for find_path()'s new parameters
34153: [d929cd156474]
34154:
34155: * sudo.h:
34156: added ocmnd extern adjusted find_path() prototype
34157: [e0004daf5d3c]
34158:
34159: * parse.c:
34160: cmndcmp() now takes 3 arguments and checks against the qualified as
34161: well as the unqualified pathname. more code that should use
34162: cmndcmp() but did not, now does
34163: [6f70a8c17bee]
34164:
34165: * options.h:
34166: added to a comment
34167: [7a78680426b2]
34168:
34169: * logging.c:
34170: changed to use new find_path() parameter passing
34171: [840981d30db4]
34172:
34173: * find_path.c:
34174: find_path() now takes 2 copyout parameters (one for the qualified
34175: pathname and one for the unqualified pathname). The third parameter
34176: may be NULL.
34177: [851503b005e9]
34178:
34179: * configure.in:
34180: no longer munge pathnames.h
34181: [427d8796c5a9]
34182:
34183: * pathnames.h.in:
34184: changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
34185: as a result, pathnames.h does not need to be run through configure
34186: and the user can override the configured values easily.
34187: [2e378f2ebe88]
34188:
34189: * config.h.in:
34190: added _SUDO_PATH_* entries
34191: [0857de7cebab]
34192:
34193: * aclocal.m4:
34194: _PATH* -> _SUDO_PATH_*
34195: [7601193f56cc]
34196:
34197: * Makefile.in:
34198: updated DISTFILES and HDRS .o's now depend on config.h
34199: [39d8601965cf]
34200:
34201: 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
34202:
34203: * compat.h:
34204: removed extraneous #endif
34205: [27d4c5f2ce7e]
34206:
34207: * aclocal.m4:
34208: added SUDO_PROG_MV
34209: [76dda3bdd816]
34210:
34211: * configure.in:
34212: added SUDO_PROG_MV added riscos and isc os types took out
34213: -DSHORT_MESSAGE from --with-csops since it is now the default
34214: [68c206ad976e]
34215:
34216: * sudo.c:
34217: move the include of id.h to compat.h now includes options.h
34218: [45a1eaafb3a8]
34219:
34220: * sudo.h:
34221: moved compatibility #defines to compat.h
34222: [0eee27057698]
34223:
34224: * pathnames.h.in:
34225: added _PATH_MV
34226: [e830797ab320]
34227:
34228: * config.h.in:
34229: move __P to compat.h
34230: [188e12e0ba93]
34231:
34232: * getcwd.c, getwd.c, putenv.c:
34233: now includes compat.h
34234: [c72cb6d73981]
34235:
34236: * compat.h:
34237: Initial revision
34238: [d4d2f359ae03]
34239:
34240: 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
34241:
34242: * sudo.h:
34243: pull user-configurable stuff out and put in options.h
34244: [ef929467b070]
34245:
34246: 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
34247:
34248: * parse.lex, parse.yacc, visudo.c:
34249: now includes options.h
34250: [e36d7c82add1]
34251:
34252: * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
34253: sudo_setenv.c:
34254: now includes options.h
34255: [f186ba03de07]
34256:
34257: * Makefile.in:
34258: added visudoers/options.h
34259: [e5350c476494]
34260:
34261: * OPTIONS, options.h:
34262: Initial revision
34263: [9b6b5001e318]
34264:
34265: * Makefile.in:
34266: added OPTIONS and options.h
34267: [25448341e16a]
34268:
34269: * logging.c:
34270: changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
34271: [5dd6385dd1d3]
34272:
34273: * check.c, sudo.h:
34274: changed PASSWORD_TIMEOUT to minutes
34275: [0ec6aab98738]
34276:
34277: 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
34278:
34279: * visudo.c:
34280: now only do Editor +line_num if line_num != 0
34281: [b69f04b5e3c7]
34282:
34283: 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
34284:
34285: * visudo.c:
34286: now use mv if rename(2) fails
34287: [83210dca1bab]
34288:
34289: * BUGS:
34290: added a visudo bug
34291: [d61a806f9aa7]
34292:
34293: * check.c:
34294: expanded comment
34295: [641f2cba94cb]
34296:
34297: 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
34298:
34299: * check.c:
34300: fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
34301: [7a11135039a8]
34302:
34303: 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
34304:
34305: * sudo.c:
34306: added mips & isc support
34307: [e258dc053119]
34308:
34309: * parse.c:
34310: added support for non-root owned sudoers file
34311: [fea07e65a0fc]
34312:
34313: * check.c:
34314: added exempt group support
34315: [928fb4bd9ad5]
34316:
34317: * sudo.h:
34318: added set_perms() support added SUDOERS_OWNER so can have non-root
34319: own sudoers file added exempt group support added isc support
34320: [61c578d31fc1]
34321:
34322: * visudo.c:
34323: now copy sudoers to temp file via read/write (not stdio) now chown
34324: new sudoers file to SUDOERS_OWNER
34325: [a5176c59df70]
34326:
34327: 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
34328:
34329: * configure.in:
34330: added skey support
34331: [35a8d2fabdb7]
34332:
34333: * sudo_realpath.c:
34334: be_* -> setperms()
34335: [a1631d686e1c]
34336:
34337: * sudo.h:
34338: fixed typo added set_perms support added skey support added
34339: seteuid()/setegid() emulation for AIX
34340: [c0c8d6771406]
34341:
34342: * sudo.c:
34343: be_* -> setperms() now check to make sure sudoers file is owned by
34344: root nread/write by only root
34345: [13ab1e261f1a]
34346:
34347: * logging.c, parse.c:
34348: be_* -> setperms()
34349: [21499d845c8f]
34350:
34351: * check.c:
34352: be_* -> set_perms() added skey support
34353: [df51b56871c1]
34354:
34355: 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
34356:
34357: * Makefile.in:
34358: ++version
34359: [3c1abbe4e43c]
34360:
34361: * version.h:
34362: ++
34363: [1d2f9b540a95]
34364:
34365: 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
34366:
34367: * sudo.c:
34368: now sets IFS
34369: [eabbb41b9f08]
34370:
34371: * insults.h:
34372: fixed typo
34373: [c7997f19216e]
34374:
34375: 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
34376:
34377: * config.h.in:
34378: added HAVE_SKEY
34379: [da948ec4186b]
34380:
34381: 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
34382:
34383: * CHANGES:
34384: updated
34385: [f4b55ab007ea]
34386:
34387: * Makefile.in:
34388: ++version
34389: [0489068b8c95]
34390:
34391: * version.h:
34392: ++
34393: [d189faedf423]
34394:
34395: * sudo.c:
34396: now bail if ARgv[1] > MAXPATHLEN
34397: [0cea8ecc9dc2]
34398:
34399: * configure.in:
34400: added function check for tcgetattr(3)
34401: [e03289b22c2f]
34402:
34403: * config.h.in:
34404: only define HAVE_TERMIOS_H if you have tcgetattr(3)
34405: [757eab83d1a2]
34406:
34407: * config.h.in:
34408: added check for tcgetattr
34409: [c5ae92715930]
34410:
34411: 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
34412:
34413: * CHANGES:
34414: updated
34415: [cbc419883108]
34416:
34417: 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
34418:
34419: * parse.lex:
34420: now only include unistd.h for linux
34421: [e9adeab95ef0]
34422:
34423: 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
34424:
34425: * Makefile.in:
34426: added visudo.8 generation
34427: [d6a3f0f887f8]
34428:
34429: * configure.in:
34430: added -Wl,-bI:./aixcrypt.exp to aix flags
34431: [72594a21edcf]
34432:
34433: 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
34434:
34435: * BUGS:
34436: added one
34437: [9993a349e096]
34438:
34439: * CHANGES:
34440: updated
34441: [297b31ec4cdd]
34442:
34443: * README:
34444: added mailing list info
34445: [10372f94a2b2]
34446:
34447: * parse.yacc:
34448: now use sudolineno instead of yylineno fixed bison warnings
34449: [25a83e62057b]
34450:
34451: * configure.in:
34452: now use -no_library_replacement for osf don't make a static binary
34453: for hpux >= 9.0
34454: [1fa7b892f1a3]
34455:
34456: * tgetpass.c:
34457: added string.h/strings.h inclusion
34458: [71faa98fc0a1]
34459:
34460: * config.h.in:
34461: added ssize_t def
34462: [406284bd1ac0]
34463:
34464: * parse.lex:
34465: added inclusion of string.h/strings.h
34466: [6985b1df5d09]
34467:
34468: * aclocal.m4:
34469: fixed uname | sed (needed to quote the '[')
34470: [4cd2d3415c1a]
34471:
34472: * parse.lex:
34473: replaced yylineno with sudolineno fixed bison syntax errors
34474: [0bd31a5fab26]
34475:
34476: * visudo.c:
34477: changed yylineno to sudolineno since yylineno cannot be counted
34478: upon.
34479: [38c30104d0ae]
34480:
34481: * TODO:
34482: updated
34483: [5d4746f1a752]
34484:
34485: * parse.c:
34486: added code to support command listings
34487: [030172e133fd]
34488:
34489: * sudo.c:
34490: added code for -l flag
34491: [801dbbc82778]
34492:
34493: * sudo.man:
34494: fixed typo added info for -l flag
34495: [8916ca945d65]
34496:
34497: * configure.in:
34498: AC_SSIZE_T -> SUDO_SSIZE_T
34499: [c61f7f47013f]
34500:
34501: * aclocal.m4:
34502: added SUDO_SSIZE_T
34503: [0ccdb77be84d]
34504:
34505: * sudo.h:
34506: added MODE_LIST
34507: [9b2bd844c76c]
34508:
34509: * configure.in:
34510: added AC_SSIZE_T
34511: [35cca208f9b5]
34512:
34513: * find_path.c, sudo_realpath.c:
34514: readlink() is now declared as returning ssize~_t
34515: [0640a08d1407]
34516:
34517: * configure.in:
34518: added -laud for OSF c2
34519: [b7539c905efc]
34520:
34521: 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
34522:
34523: * Makefile.in, visudo.c:
34524: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
34525: [067fd9bcb5e1]
34526:
34527: * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
34528: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
34529: [fc46e7c7110a]
34530:
34531: * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
34532: parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
34533: sudo_setenv.c, tgetpass.c, version.h:
34534: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
34535: [d1d4fbc53a98]
34536:
34537: 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
34538:
34539: * Makefile.in:
34540: ++version
34541: [b7066d97633f]
34542:
34543: * version.h:
34544: ++
34545: [65ec69d88110]
34546:
34547: * logging.c:
34548: added host to alertmail messages
34549: [d973c19ce777]
34550:
34551: * CHANGES, TODO:
34552: udpated
34553: [5a65eb16faeb]
34554:
34555: * logging.c:
34556: fixed logging problem where mail would not say which user it was
34557: [35723edcc5d2]
34558:
34559: * configure.in:
34560: added -laud for gcc if osf & c2
34561: [18f1e0ae5548]
34562:
34563: * check.c:
34564: moved set_auth_parameters to sudo.c
34565: [d23112fe01db]
34566:
34567: * sudo.c:
34568: added set_auth_parameters for osf
34569: [eb70f65214ac]
34570:
34571: * configure.in:
34572: cleaned up -static stuff
34573: [01e9575f0422]
34574:
34575: * Makefile.in:
34576: ++version
34577: [7ac3bff5c770]
34578:
34579: * version.h:
34580: ++
34581: [10a4ff478469]
34582:
34583: * sudo.c:
34584: changed setenv() to sudo_setenv()
34585: [40a78abb9946]
34586:
34587: * check.c:
34588: fixed osf problem
34589: [3d69b118efb8]
34590:
34591: * configure.in:
34592: added OSF C2 stuff
34593: [38cff3ad4093]
34594:
34595: * CHANGES:
34596: updated
34597: [cd341dd0581a]
34598:
34599: * check.c:
34600: added osf auth support & removed some extra spaces
34601: [a448cdd81514]
34602:
34603: * INSTALL, SUPPORTED:
34604: added osf C2 stuff
34605: [f70484796146]
34606:
34607: 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
34608:
34609: * TODO:
34610: added 2 suggestions
34611: [695fbdbd86e6]
34612:
34613: * Makefile.in:
34614: removed README.v1.3.1 and added VERSION stuff
34615: [f69403eb04c6]
34616:
34617: * version.h:
34618: pl1
34619: [21580c0f8cb1]
34620:
34621: 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
34622:
34623: * version.h:
34624: 1.3.1final
34625: [630114970298]
34626:
34627: * Makefile.in:
34628: added HISTORY
34629: [901bff251614]
34630:
34631: * sudo.man:
34632: mention HISTPRY file
34633: [86dbcfd4326e]
34634:
34635: * sudo.c:
34636: use sizeof instead of a constant in 1 place
34637: [d819604c68ca]
34638:
34639: * parse.yacc:
34640: added unistd.h
34641: [6f9500f9fe7e]
34642:
34643: * parse.lex:
34644: added unistd.h
34645: [468b81a276eb]
34646:
34647: * README:
34648: udpated
34649: [7e275618923a]
34650:
34651: * HISTORY:
34652: Initial revision
34653: [5db1b0a3939b]
34654:
34655: 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
34656:
34657: * version.h:
34658: ++
34659: [7dfbb4a810bb] [SUDO_1_3_1]
34660:
34661: * CHANGES:
34662: updated
34663: [7820ee610bf8]
34664:
34665: * sudo_setenv.c:
34666: added unistd.h include
34667: [30cf2b654525]
34668:
34669: 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
34670:
34671: * sudo.c:
34672: added sys/time.h for AIX
34673: [199fc8caf3a3]
34674:
34675: 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
34676:
34677: * configure.in:
34678: added check for -lsocket and sys/sockio.h
34679: [f9abfbb31031]
34680:
34681: * config.h.in:
34682: took out libshadow check and added in sys/sockio.h check
34683: [0c4b0393ac80]
34684:
34685: * sudo.c:
34686: now include sockio.h instead of ioctl.h if it exists "sudo -" now
34687: gets a better error message
34688: [53041bea5483]
34689:
34690: * sample.sudoers:
34691: now has a dir and subnet entry
34692: [56b820f65438]
34693:
34694: 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
34695:
34696: * sudo.c:
34697: removed if_ether.h
34698: [b4f64507493e]
34699:
34700: * TODO:
34701: added an item
34702: [ea2a1bb6922a]
34703:
34704: * sudo.man:
34705: added network and ip addresses to man page
34706: [01c85016511f]
34707:
34708: * sudo.c:
34709: no error if can't get interfaces or netmask since networking may not
34710: be in the kernel.
34711: [50b8890e2134]
34712:
34713: * parse.c:
34714: nwo check for interfaces == NULL
34715: [dc1b3eef0db2]
34716:
34717: * parse.c:
34718: fixed a bug that caused directory specs in a Cmnd_Alias to fail if
34719: the last entry in the spec failed (ie: it was only looking at the
34720: last entry). CLeaned things up by adding the cmndcmp() function--all
34721: neat & tidy
34722: [007e93578e5e]
34723:
34724: * CHANGES:
34725: added one
34726: [40e8a2cef497]
34727:
34728: 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
34729:
34730: * sudo.c:
34731: now do two passes to skip bogus interfaces (lo0, etc)
34732: [465e30aecaf7]
34733:
34734: * parse.lex, parse.yacc, visudo.c:
34735: added include of netinet/in.h
34736: [11e3816ed362]
34737:
34738: * logging.c, sudo_realpath.c, sudo_setenv.c:
34739: added ninclude of netinet/in.h
34740: [daccfa40fe1e]
34741:
34742: * check.c, find_path.c, getcwd.c, getwd.c:
34743: added include of netinet/in.h
34744: [0222f95e06ad]
34745:
34746: * version.h:
34747: ++
34748: [d6b0cfa35a38]
34749:
34750: * sudo.h:
34751: added interfaces global
34752: [ba52fa8ad75e]
34753:
34754: * parse.c:
34755: now uses new interfaces global
34756: [17473ad5ecba]
34757:
34758: * sudo.c:
34759: now ip addresses are gleaned fw/o dns
34760: [8828bb2007e0]
34761:
34762: 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
34763:
34764: * sudo.c:
34765: added load_ip_addrs() to load the ip_addrs global var
34766: [60c825f04238]
34767:
34768: * parse.c:
34769: added hostcmp() to compare hostnames, ip addrs, and network addrs
34770: [ab0e40e37537]
34771:
34772: * sudo.h:
34773: added ip_addrs def added load_ip_addrs prototype
34774: [c41c565d0777]
34775:
34776: 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
34777:
34778: * CHANGES:
34779: updated
34780: [2a128dbe9bcb]
34781:
34782: * Makefile.in:
34783: removed multiple entries in DISTFILES
34784: [2490f4f371e6]
34785:
34786: * visudo.c:
34787: ansified the !STDC_HEADERS decls
34788: [646ba06d17ae]
34789:
34790: * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
34791: don't do malloc decl if gnuc
34792: [f1bad1925f98]
34793:
34794: * sudo.c:
34795: can't use getopt(3) since it munges args to the command to be run as
34796: root don't do malloc decl if gnuc
34797: [38e78f6da14e]
34798:
34799: * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
34800: sudo_realpath.c, sudo_setenv.c:
34801: ansi-fied !STDC_HEADER function prottypes
34802: [51d8cad89976]
34803:
34804: * getcwd.c, getwd.c:
34805: added missing paren
34806: [6a1fae70e27e]
34807:
34808: * Makefile.in:
34809: added putenv.c to DISTFILES
34810: [a5e4523eabbb]
34811:
34812: * sudo_setenv.c:
34813: added params to func decls when STDC_HEADERS is not defined now can
34814: count on putenv() being there
34815: [fd587796189b]
34816:
34817: * sudo_realpath.c:
34818: took out errno decl since sudo.h does it for us fixed up a next cc
34819: warning added params to func decls when STDC_HEADERS is not defined
34820: [70fa5152ace6]
34821:
34822: * sudo.h:
34823: took out environ extern added local declaratio of putenv() if local
34824: version is needed
34825: [a84bae6c020d]
34826:
34827: * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
34828: added params to func decls when STDC_HEADERS is not defined
34829: [f406f0e47ac0]
34830:
34831: * config.h.in:
34832: added memcpy check check to see that ansi vs bsd macros are ntot
34833: already defiend before defining (ie: avoid redefinition)
34834: [879ae026e19f]
34835:
34836: * configure.in:
34837: removed fluff setenv check plus check w/ replace for putenv if also
34838: no setenv
34839: [e3c03814ad4b]
34840:
34841: * putenv.c:
34842: Initial revision
34843: [3cff63e2dc1b]
34844:
34845: 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
34846:
34847: * sudo_setenv.c:
34848: Initial revision
34849: [4d637631fa6b]
34850:
34851: * sudo.h:
34852: rm'd s realp[ath added sudo_realpath and sudo_setenv
34853: [07ba001ff57e]
34854:
34855: * sudo.c:
34856: now use sudo_setenvc
34857: [fd81e04d5ef0]
34858:
34859: * configure.in:
34860: added puteenv and setenv, removed realpath
34861: [27bfacfb513b]
34862:
34863: * config.h.in:
34864: added putenv & setenv
34865: [515f14eaf6e4]
34866:
34867: * Makefile.in:
34868: added sudo_setenv
34869: [217731a717c5]
34870:
34871: * version.h:
34872: ++
34873: [eadb346d7129]
34874:
34875: 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
34876:
34877: * configure.in:
34878: added MAN_POSTINSTALL and /usr/share/catman for irix
34879: [2a9496c1bdba]
34880:
34881: * Makefile.in:
34882: added MAN_POSTINSTALL
34883: [89b0d4695529]
34884:
34885: * CHANGES:
34886: added
34887: [48c021ba8a70]
34888:
34889: * sudo.man:
34890: added SUDO_* plus new options
34891: [c0759cff5683]
34892:
34893: * CHANGES:
34894: added one
34895: [7d44a3922d56]
34896:
34897: * configure.in:
34898: took out shadow lib
34899: [07cf3de18701]
34900:
34901: * TODO:
34902: adde done
34903: [a27a578e8afe]
34904:
34905: * visudo.c:
34906: now use yyrestart() if flex now reset yylineno to 0
34907: [77d67ce0b677]
34908:
34909: * Makefile.in:
34910: support for installing a cat page instead of a man page if no nroff
34911: [44671c0fc0fa]
34912:
34913: * configure.in:
34914: now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
34915: to determine whether or not to install a cat or man page
34916: [0562d069c135]
34917:
34918: * config.h.in:
34919: added HAVE_FLEX
34920: [c5490bae39d3]
34921:
34922: * sudo.c:
34923: not set ret to MODE_RUN initially
34924: [88b4983c195b]
34925:
34926: * find_path.c:
34927: made command (and therefor cmnd dynamically allocated)
34928: [95b82e32b6de]
34929:
34930: * TODO:
34931: did #8
34932: [fb6f41308cdf]
34933:
34934: * version.h:
34935: ++
34936: [14112ecab5ae]
34937:
34938: * sudo_realpath.c:
34939: changed bufs from MAXPATHLEN to MAXPATHLEN+1
34940: [0ad4f34e55c0]
34941:
34942: * sudo.h:
34943: added MODE_ removed validate_only and added remove_timestamp()
34944: [dd5f99c57728]
34945:
34946: * sudo.c:
34947: usage() now takes an int (exit value) added parse_args() to parse
34948: command line arguments moved call to find_path() from load_globals
34949: to new function load_cmnd() removed validate_only global -- now use
34950: the concept of "modes" added -h and -k options
34951: [c3887090b28a]
34952:
34953: * parse.c:
34954: no longer use global validate_only now checks for command called
34955: "validate" removed check for non-fully qualified commands since that
34956: is done by find_path
34957: [7d56fbd26369]
34958:
34959: * find_path.c:
34960: changed MAXPATHLEN r to MAXPATHLEN+1
34961: [a86e8664d971]
34962:
34963: * find_path.c:
34964: fixed off by one error with MAXPATHLEN and fixed a comment
34965: [58adcef8c981]
34966:
34967: * check.c:
34968: check_timestamp no longer runs reminder(), it is implied in the
34969: return val added remove_timestamp()
34970: [42ab5a77066f]
34971:
34972: * CHANGES:
34973: updated
34974: [8e69b31df024]
34975:
34976: 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
34977:
34978: * BUGS:
34979: fixed on
34980: [bc34f1ac4280]
34981:
34982: * sudo_realpath.c:
34983: took out old_errno
34984: [a168d00a0768]
34985:
34986: * CHANGES:
34987: updated
34988: [04ba80922df7]
34989:
34990: 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
34991:
34992: * logging.c:
34993: moved send_mail to after syslog
34994: [4d4188087834]
34995:
34996: * sudo.c:
34997: now set SUDO_ envariables
34998: [e5963f1bd3bb]
34999:
35000: 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
35001:
35002: * version.h:
35003: ++
35004: [2a4534845d8c]
35005:
35006: * sudo_realpath.c:
35007: now print error if chdir fails
35008: [0d75c8973d49]
35009:
35010: * find_path.c:
35011: removed an XXX
35012: [e2077bcb35aa]
35013:
35014: 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
35015:
35016: * CHANGES:
35017: updated
35018: [e30a2b39b41a]
35019:
35020: * configure.in:
35021: no more static binaries for aix
35022: [77a0beb6bd80]
35023:
35024: 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
35025:
35026: * INSTALL:
35027: fixed typo
35028: [ba5e0d391bc4]
35029:
35030: * sudo_realpath.c:
35031: took out stuff not needed for sudo now does be_root/be_user itself
35032: now uses cwd global
35033: [4f6d4641d793]
35034:
35035: * version.h:
35036: +=2
35037: [97da927b297c]
35038:
35039: * logging.c, sudo.c:
35040: be_root/be_user is now down in sudo_realpath()
35041: [f331662fa50f]
35042:
35043: * logging.c, sudo.h:
35044: now works with 4.2BSD syslog (blech)
35045: [98e39d89dd36]
35046:
35047: * find_path.c:
35048: now use sudo_realpath()
35049: [ab436a8ebd02]
35050:
35051: * config.h.in:
35052: took out realpth() stuff since we now use sudo_realpath()
35053: [8de5ef9f6044]
35054:
35055: * configure.in:
35056: ultrix enhanced sec
35057: [815fb7fffcc0]
35058:
35059: * SUPPORTED:
35060: added ultrix enhanced sec.
35061: [6466766c8062]
35062:
35063: * INSTALL:
35064: updated
35065: [d681a634297a]
35066:
35067: * check.c:
35068: ultrix enhanced security suport
35069: [f10c8decbcc2]
35070:
35071: * Makefile.in:
35072: added sudo_realpath.c
35073: [6b9bcd3be022]
35074:
35075: * CHANGES:
35076: updated
35077: [2fa8084c1b53]
35078:
35079: * tgetpass.c:
35080: increased passwd len to 24 for c2 security
35081: [ec64838be62d]
35082:
35083: * BUGS:
35084: updated BUGS
35085: [ca00d8fec2ce]
35086:
35087: 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
35088:
35089: * check.c:
35090: now use user global var
35091: [568769719013]
35092:
35093: * configure.in:
35094: took out -ls
35095: [490a44180d5f]
35096:
35097: 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
35098:
35099: * configure.in:
35100: added AFS libs
35101: [4fb40c8c01ba]
35102:
35103: * sudo.h:
35104: user is now a char * added epasswd
35105: [27a919fafdfb]
35106:
35107: * sudo.c:
35108: added tzset() to load_globals added epasswd (encrypted password)
35109: global made user dynamically allocated
35110: [b99ef9bdbfce]
35111:
35112: * configure.in:
35113: added tzset test
35114: [27592dd1214b]
35115:
35116: * config.h.in:
35117: added HAVE_TZSET
35118: [b13f4213f3d0]
35119:
35120: * check.c:
35121: cleaned up encrypted passwd grab somewhat
35122: [c8ba9a4db38a]
35123:
35124: * configure.in:
35125: fixed AFS typo
35126: [2bfcbce237b6]
35127:
35128: * INSTALL:
35129: added AFS not
35130: [80c67329393c]
35131:
35132: * CHANGES:
35133: udpated
35134: [2f09ecdd5d31]
35135:
35136: * logging.c:
35137: can now log to both syslog & a file
35138: [4d5c0932bc01]
35139:
35140: * sudo.h:
35141: added BOTH_LOGS
35142: [623c539be824]
35143:
35144: * CHANGES:
35145: updated
35146: [a1c7f5ef3616]
35147:
35148: * configure.in:
35149: --with-AFS
35150: [28718d8f5daf]
35151:
35152: * config.h.in:
35153: added HAVE_AFS
35154: [2e32bb4e63e4]
35155:
35156: * check.c:
35157: added afs changes
35158: [fe4d0ff320a2]
35159:
35160: * sudo.h:
35161: removed AFS stuff :-)
35162: [a40387e6fa27]
35163:
35164: * tgetpass.c:
35165: include sys/select for AIX
35166: [f32c5a8f2c84]
35167:
35168: * sudo.h:
35169: added AFS
35170: [da2ab3dd0348]
35171:
35172: * version.h:
35173: ++
35174: [452d4dfe25af]
35175:
35176: 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
35177:
35178: * CHANGES, SUPPORTED:
35179: updated
35180: [e7dfe6f23a37]
35181:
35182: * logging.c:
35183: can now have MAILER undefined
35184: [1d33b98b35e1]
35185:
35186: * INSTALL:
35187: new sub-note about MAILER
35188: [d35c636a0574]
35189:
35190: * sudo.man:
35191: added blurb about password timeout
35192: [70c2ee50de20]
35193:
35194: * configure.in:
35195: convex c2 changes
35196: [367138a6232e]
35197:
35198: * aclocal.m4:
35199: took out duplicate define of _CONVEX_SOURCE
35200: [647182138450]
35201:
35202: * Makefile.in:
35203: added OSDEFS
35204: [7fdcd50602d1]
35205:
35206: * config.h.in:
35207: added spaces
35208: [f2b8a05e48f3]
35209:
35210: * tgetpass.c:
35211: added a goto if fgets fails
35212: [68a6586d9c45]
35213:
35214: * sudo.h:
35215: use __hpux not hpux convex c2 stuff
35216: [5c377a8d5f34]
35217:
35218: * sudo.c:
35219: use __hpux not hpux
35220: [9363bc0f9f9e]
35221:
35222: * logging.c:
35223: convex c2 stuff
35224: [ea5630975ac4]
35225:
35226: * config.h.in:
35227: define ansi-ish cpp os defines if non-ansi are defined for hpux &
35228: convex
35229: [664f53a5e786]
35230:
35231: * INSTALL:
35232: updated to say we support sonvex C2
35233: [5f2f8b87013e]
35234:
35235: * check.c:
35236: added convex c2 support
35237: [9a665d4918fa]
35238:
35239: 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
35240:
35241: * tgetpass.c:
35242: no more ioctl never returns NULL uses fgets() and select() to
35243: timeout
35244: [b333e6d63e97]
35245:
35246: 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
35247:
35248: * configure.in:
35249: things were testing -n "$GCC" instead of -z "$GCC"
35250: [059a9b15ede2]
35251:
35252: * tgetpass.c:
35253: now works + uses fgets()
35254: [353d7ebcb7bb]
35255:
35256: 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
35257:
35258: * tgetpass.c:
35259: select doesn't seem to recognize a single '\n' as input waiting so
35260: we can;t use it, sigh.
35261: [f76e3218b835]
35262:
35263: 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
35264:
35265: * PORTING:
35266: updated tgetpass() blurb
35267: [95baac736b49]
35268:
35269: * configure.in:
35270: added --with-getpass
35271: [42ac0bdf58ed]
35272:
35273: * Makefile.in:
35274: added tgetpass stuff
35275: [e2b38c635663]
35276:
35277: * tgetpass.c:
35278: now uses stdio
35279: [36af8ff66e35]
35280:
35281: * version.h:
35282: ++
35283: [4e81c9db19bd]
35284:
35285: 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
35286:
35287: * PORTING:
35288: updated ,.
35289: [54f523770a05]
35290:
35291: * config.h.in:
35292: added USE_GETPASS && HAVE_C2_SECURITY
35293: [86b355cb2953]
35294:
35295: * configure.in:
35296: fixed a test aded --with-C2 and --with-tgetpass
35297: [abf6181588ef]
35298:
35299: * check.c:
35300: added hpux C2 shit
35301: [20d4177ffa88]
35302:
35303: * Makefile.in:
35304: took out tgetpass.*
35305: [cc82fd9984b4]
35306:
35307: * INSTALL:
35308: added C2 blurb
35309: [1d2bfc35e4b6]
35310:
35311: 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
35312:
35313: * configure.in:
35314: no termio(s) for ultrix since it is broken
35315: [d3e82e835350]
35316:
35317: * check.c:
35318: added a space (yeah, anal)
35319: [05e4b31ca68c]
35320:
35321: * realpath.c, sudo_realpath.c:
35322: fixed it (duh, rtfm)
35323: [f13097cb8cb6]
35324:
35325: 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
35326:
35327: * config.h.in:
35328: took out bsd signal stuff for irix
35329: [e179cdafc97a]
35330:
35331: * visudo.c:
35332: comments in #endif
35333: [e3a629190f5e]
35334:
35335: * configure.in:
35336: don't define BSD signals for irix
35337: [3ce57bffb7f0]
35338:
35339: * TODO:
35340: did some...
35341: [274241cd0f74]
35342:
35343: * CHANGES:
35344: updated
35345: [8f29fc755faf]
35346:
35347: * realpath.c, sudo_realpath.c:
35348: took out unneeded code by changing where a strings was terminated
35349: [b5564d62d30e]
35350:
35351: 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
35352:
35353: * realpath.c, sudo_realpath.c:
35354: fix bug where /dirname would return NULL
35355: [b85f470daf26]
35356:
35357: * sudo.h:
35358: move __P to config.h
35359: [7763c0ff3f28]
35360:
35361: * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
35362: added errno definition
35363: [4cc9d2d9782a]
35364:
35365: * config.h.in:
35366: added __P
35367: [ca06f5aa58f3]
35368:
35369: * config.h.in:
35370: added HAVE_FCHDIR
35371: [206d714641e0]
35372:
35373: * strdup.c:
35374: now include stdio
35375: [0d8458da0e1d]
35376:
35377: * realpath.c, sudo_realpath.c:
35378: now works if no fchdir
35379: [e035911b6722]
35380:
35381: * visudo.c:
35382: define SA_RESETHAND to null if not defined
35383: [afec03e84342]
35384:
35385: * configure.in:
35386: added check & replace
35387: [c1a65481441c]
35388:
35389: * configure.in:
35390: took out -static for nextstep -- it doesn't work
35391: [fa1a1a611743]
35392:
35393: 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
35394:
35395: * logging.c:
35396: moved #endif to where it belongs
35397: [07d3a8972097]
35398:
35399: * SUPPORTED:
35400: correction
35401: [0c1ecba3e5a3]
35402:
35403: * configure.in:
35404: now checks for strdup realpath getcwd bzero
35405: [f029a1917515]
35406:
35407: * config.h.in:
35408: emulate bzero
35409: [d792352e44a3]
35410:
35411: * visudo.c:
35412: added posic signals
35413: [2ed0005f90fc]
35414:
35415: * tgetpass.c:
35416: bzero cast
35417: [6d91b1a1526f]
35418:
35419: * logging.c:
35420: added posix signals
35421: [67ede9c22a05]
35422:
35423: * configure.in:
35424: removed BROKEN_GETPASS added new srcs toreplace missing functions
35425: [cf44274bb1c8]
35426:
35427: * config.h.in:
35428: added posix signal stuff
35429: [a3c1c98fe8ef]
35430:
35431: * Makefile.in:
35432: added new srcs
35433: [b6a079afee47]
35434:
35435: * visudo.c:
35436: updated useag
35437: [589ed091c44f]
35438:
35439: * tgetpass.c:
35440: now uses posix signals
35441: [30f74964074f]
35442:
35443: * PORTING:
35444: updated sto reflect major changes
35445: [bcfc309e017b]
35446:
35447: * CHANGES, TODO:
35448: updated
35449: [23aacbd54278]
35450:
35451: * tgetpass.c:
35452: uses sysconf() if available
35453: [a27431c90bab]
35454:
35455: * sudo.h:
35456: added PASSWORD_TIMEOUT + prototypes for new functions
35457: [d7473c2f77c4]
35458:
35459: * realpath.c, sudo_realpath.c:
35460: for those w/o this in libc
35461: [1e47aa7a9d46]
35462:
35463: * getcwd.c, getwd.c:
35464: Initial revision
35465: [c90dea57a84f]
35466:
35467: * find_path.c:
35468: rewrote to use realpath(3) - nis now all my code
35469: [d2c3bb8fb37d]
35470:
35471: * config.h.in:
35472: added HAVE_REALPATH
35473: [02c10352a8c7]
35474:
35475: * check.c:
35476: now use tgetpass
35477: [b5c021fc179f]
35478:
35479: * Makefile.in:
35480: added LIBOBJS use tgetpass.c
35481: [230a7b3eeaa3]
35482:
35483: 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
35484:
35485: * tgetpass.c:
35486: works now :-)
35487: [025e7a3875ba]
35488:
35489: * tgetpass.c:
35490: Initial revision
35491: [3316ab33b230]
35492:
35493: * pathnames.h.in:
35494: added /dev/tty
35495: [29242585e53f]
35496:
35497: 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
35498:
35499: * version.h:
35500: incremented
35501: [f2e54b48280f]
35502:
35503: * sudo.c:
35504: always use getcwd
35505: [c6068e8a4029]
35506:
35507: * config.h.in:
35508: added check for getwd
35509: [ab1e102ad673]
35510:
35511: * configure.in:
35512: replace strdup & realpath & getcwd if missing
35513: [b0eb14f2a1c3]
35514:
35515: * pathnames.h.in:
35516: added _PATH_PWD
35517: [309d2388f69a]
35518:
35519: * aclocal.m4:
35520: added SUDO_PROG_PWD
35521: [e16e85deb96c]
35522:
35523: * strdup.c:
35524: Initial revision
35525: [810efdc15007]
35526:
35527: * realpath.c, sudo_realpath.c:
35528: Initial revision
35529: [d85eee438e09]
35530:
35531: 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
35532:
35533: * configure.in:
35534: quoted quare brackets
35535: [d0e7ca111d98]
35536:
35537: 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
35538:
35539: * sudo.c:
35540: no need to strdup() a constant
35541: [a8c44712df9a]
35542:
35543: * CHANGES:
35544: updated
35545: [71364129cca0]
35546:
35547: * sudo.man:
35548: added validate
35549: [0bb198095a26]
35550:
35551: * sudo.c:
35552: added -v to usage
35553: [31ea71f11dbb]
35554:
35555: * parse.c, sudo.c, sudo.h:
35556: added validate_only stuff
35557: [9bcd853d3c90]
35558:
35559: 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
35560:
35561: * configure.in:
35562: now finds sed
35563: [6374bb0d3f28]
35564:
35565: * aclocal.m4:
35566: $OSREV is now an int
35567: [ace0666d66cf]
35568:
35569: 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
35570:
35571: * configure.in:
35572: added mtxinu to caser
35573: [73a776887b16]
35574:
35575: * sudo.h:
35576: added EXEC macro
35577: [2e8eb28b710a]
35578:
35579: * sudo.c:
35580: now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
35581: [56afb4f658d5]
35582:
35583: * logging.c:
35584: changed mail_argv[] def now use EXEC() macro
35585: [ddcabd28edb1]
35586:
35587: * check.c:
35588: took out crypt() definition
35589: [0e657724cf5f]
35590:
35591: * version.h:
35592: upped the version
35593: [62c5d66119fc]
35594:
35595: * configure.in:
35596: always look for -lnsl
35597: [d7b594f0313b]
35598:
35599: * aclocal.m4:
35600: added an echo
35601: [1caae3491dc5]
35602:
35603: * sudo.h:
35604: SHORT_MESSAGE is now the default
35605: [cfce35c3119a]
35606:
35607: * config.h.in:
35608: fixed typo
35609: [6499a564bf75]
35610:
35611: * configure.in:
35612: added missing AC_DEFINE(SVR4) for solaris
35613: [feef0b17b94f]
35614:
35615: * sudo.man:
35616: documented the -v flag
35617: [a6429f2bc2cf]
35618:
35619: * SUPPORTED:
35620: updated
35621: [088886e79540]
35622:
35623: * check.c:
35624: proto-ized crypt()
35625: [801e4ff5b121]
35626:
35627: * config.h.in:
35628: added LIBSHADOW undef
35629: [8df588e9ee2b]
35630:
35631: * configure.in:
35632: nwo set OS to be lowercase
35633: [561ebed833e4]
35634:
35635: 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
35636:
35637: * configure.in:
35638: now use SUDO_OSTYPE to set $OS
35639: [0e60aee23098]
35640:
35641: * aclocal.m4:
35642: now use uname to determine os
35643: [99705e58d400]
35644:
35645: * visudo.c:
35646: added prototypes & moved sig handler around
35647: [1f0bc8d23b51]
35648:
35649: * sudo.h:
35650: added prototyppes
35651: [be3935a2b163]
35652:
35653: * check.c, logging.c, sudo.c:
35654: added prototypes
35655: [2079b4605ab8]
35656:
35657: * parse.c:
35658: added comment
35659: [a34d147d8399]
35660:
35661: * config.h.in:
35662: nwo use _BSD_SIGNALS not _BSD_COMPAT
35663: [63663195f047]
35664:
35665: * aixcrypt.exp:
35666: Initial revision
35667: [890aed08357e]
35668:
35669: * Makefile.in:
35670: added aixcrypt.exp
35671: [1005a183105f]
35672:
35673: * parse.lex, parse.yacc:
35674: moved config.h to top of includes
35675: [9569c49aa5f3]
35676:
35677: 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
35678:
35679: * find_path.c:
35680: now don't bitch if get EACCESS (treat like EPERM)
35681: [dbeffb638de4]
35682:
35683: * visudo.c:
35684: added -v flag and usage()
35685: [4d44ed60ed75]
35686:
35687: * version.h:
35688: fixed a typo
35689: [cf3f9347ae41]
35690:
35691: * sudo.c:
35692: cast Argv to a const for exec added -v flag
35693: [d11b6efc0e45]
35694:
35695: * logging.c:
35696: mail_argv is now a const
35697: [93bb5d90bb6f]
35698:
35699: * configure.in:
35700: only set RETSIGTYPE if it is not set already
35701: [c97aac260b77]
35702:
35703: * aclocal.m4:
35704: now defines & STDC_HEADERS for Irix
35705: [9c2b24ad1fc5]
35706:
35707: * Makefile.in:
35708: added version.h
35709: [9f79e880229a]
35710:
35711: * insults.h, sudo.h:
35712: prevent multiple inclusion
35713: [d68c8a9243ce]
35714:
35715: * version.h:
35716: Initial revision
35717: [dbb39c5ef8d9]
35718:
35719: * parse.lex, parse.yacc:
35720: now includes config.h
35721: [f117e036a56b]
35722:
35723: * aclocal.m4:
35724: now talks about sunos 4.x
35725: [c9054aa92d4e]
35726:
35727: * visudo.c:
35728: calls to Exit now pass an arg
35729: [a92104670551]
35730:
35731: 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
35732:
35733: * visudo.c:
35734: signal handler now takes an int argument
35735: [26f480c41523]
35736:
35737: * CHANGES:
35738: updated
35739: [8c166a9d796b]
35740:
35741: * sudo.c:
35742: ok, the getcwd() is now *really* done as the user
35743: [ab86cf85134a]
35744:
35745: * configure.in:
35746: changed AIX STATIC_FLAGS
35747: [b9c0a3ba5663]
35748:
35749: * aclocal.m4:
35750: solaris now defines SVR4
35751: [c3e20cac96f5]
35752:
35753: * sudo.h:
35754: added cwd and fixed stupid core dump that makes no sense. sigh.
35755: [7a9755436dbb]
35756:
35757: * sudo.c:
35758: moved getcwd stuff into load_globals
35759: [ec2bc90df1f3]
35760:
35761: * parse.c:
35762: took out externs that are in suod.h
35763: [93c4b3f856d7]
35764:
35765: * logging.c:
35766: moved cwd into load_globals
35767: [050de754d228]
35768:
35769: * find_path.c:
35770: moved cwd stuff
35771: [22f3f3b4c34d]
35772:
35773: * Makefile.in:
35774: fixed make distclean & realclean
35775: [c9964d89bcef]
35776:
35777: * TODO:
35778: updated .,
35779: [e513581ef0e3]
35780:
35781: * CHANGES:
35782: added solaris changes
35783: [505d930daf27]
35784:
35785: * aclocal.m4:
35786: added solaris changes, need to rework
35787: [33f20fb16c49]
35788:
35789: * configure.in:
35790: cleaned up for solaris
35791: [2fb8cfa05d0f]
35792:
35793: * logging.c:
35794: reinstall reapchild signal handler for non-bsd signals
35795: [3d1dc545113d]
35796:
35797: * sudo.h:
35798: took out getdtablesize() emulation for HP-UX (no longer needed)
35799: [1fc83d170f34]
35800:
35801: * sudo.c:
35802: support for HAVE_SYSCONF
35803: [50ca2a7a224a]
35804:
35805: * visudo.c:
35806: added <fcntl.h> for solaris & reorg'd the includes + minor prettying
35807: up /
35808: [0a570e826dd4]
35809:
35810: * config.h.in:
35811: added HAVE_SYSCONF
35812: [2b9a9f3a4e94]
35813:
35814: 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
35815:
35816: * configure.in:
35817: now tells you what os you are running /.
35818: [06c6332a895b]
35819:
35820: * aclocal.m4:
35821: took out extra ','
35822: [e8c75ce59f4a]
35823:
35824: 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
35825:
35826: * config.h.in:
35827: added _BSD_COMPAT
35828: [73c5099806c2]
35829:
35830: * aclocal.m4:
35831: fixed for irix5
35832: [1047d1f6c0eb]
35833:
35834: * CHANGES:
35835: updated
35836: [1bc4969fee96]
35837:
35838: * sudo.c:
35839: uid seinitialized to -2
35840: [8d7812b1878b]
35841:
35842: 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
35843:
35844: * sudo.c:
35845: now removes LIBPATH for AIX
35846: [075392eb1dd9]
35847:
35848: 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
35849:
35850: * configure.in:
35851: now uses ufc if it finds it
35852: [ab6ce30a5958]
35853:
35854: 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
35855:
35856: * sudo.h:
35857: no longer define yyval & yylval since yacc does it
35858: [09d250aea50a]
35859:
35860: * parse.lex:
35861: now defines yylval as extenr
35862: [8ec2b88952bc]
35863:
35864: * configure.in:
35865: BROKEN_GETPASS is now an OPTION
35866: [3714f4bb8312]
35867:
35868: * config.h.in:
35869: took out BROKEN_GETPASS
35870: [9c4f6aa50137]
35871:
35872: * Makefile.in:
35873: took out big comment
35874: [4c13cff0e556]
35875:
35876: * README:
35877: updated
35878: [b8b9902b620d]
35879:
35880: * Makefile.in:
35881: took out README.beta
35882: [ed2cd861e82b]
35883:
35884: * SUPPORTED:
35885: Initial revision
35886: [2fffc51e6606]
35887:
35888: * INSTALL:
35889: now reference SUPPORTED .,
35890: [d112c30be1f2]
35891:
35892: * config.h.in:
35893: now check for convex OR __convex__
35894: [a0e5701a3069]
35895:
35896: * aclocal.m4:
35897: now check for convex or __convex__
35898: [5dae2bfbe3bc]
35899:
35900: * Makefile.in:
35901: added dist target
35902: [400a54de57db]
35903:
35904: * aclocal.m4:
35905: use __convex__
35906: [58a19470ed0b]
35907:
35908: * find_path.c:
35909: now use _S_* stat stuff to be ansi-like
35910: [28cce560e048]
35911:
35912: * INSTALL:
35913: updated for configure directions
35914: [a034ccc7c30a]
35915:
35916: * Makefile.in:
35917: distclean now removes config.h and pathnames.h
35918: [300f2349b4ab]
35919:
35920: * CHANGES:
35921: updated
35922: [646f7e9430c1]
35923:
35924: * TODO:
35925: fixed typoe
35926: [70fd6361b2bc]
35927:
35928: * visudo.c:
35929: updated version
35930: [cf13d87d789f]
35931:
35932: * Makefile.in:
35933: updated version
35934: [8c5dacc27a7a]
35935:
35936: * config.h.in, pathnames.h.in:
35937: added copyright header
35938: [747ce3d3d6b7]
35939:
35940: * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
35941: parse.yacc, sudo.c, sudo.h:
35942: udpated version
35943: [4751c39bad18]
35944:
35945: * visudo.c:
35946: udpated to use configure + pathnames.h
35947: [d45dff76a1cd]
35948:
35949: * aclocal.m4:
35950: updated
35951: [f05a367a55be]
35952:
35953: * Makefile.in, config.h.in, configure.in:
35954: updated
35955: [524778598879]
35956:
35957: * sudo.h:
35958: now works with configure
35959: [83fc40e533f4]
35960:
35961: * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
35962: updated to work with configure + pathnames.h
35963: [cb67fa6ab52d]
35964:
35965: * Makefile.in:
35966: added LEXLIB
35967: [f43cad4ab0a2]
35968:
35969: 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
35970:
35971: * COPYING:
35972: updated gnu general licence to versio 2
35973: [2b0b56112ddc]
35974:
35975: * config.h.in, pathnames.h.in:
35976: Initial revision
35977: [4b586f39ec2d]
35978:
35979: * sudo.h:
35980: changed to work with configure
35981: [13f3506ddf16]
35982:
35983: 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
35984:
35985: * Makefile.in, aclocal.m4, configure.in:
35986: Initial revision
35987: [a8636ae77371]
35988:
35989: * visudo.c:
35990: now uses defines used by configure
35991: [de438d118993]
35992:
35993: 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
35994:
35995: * find_path.c:
35996: sudo won't bitch about EPERM now, for real
35997: [ce26d9ef7e3f]
35998:
35999: 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
36000:
36001: * logging.c:
36002: renamed exec_argv to eliminate a libc name clash with ksros
36003: [bcb4350d8411]
36004:
36005: * CHANGES:
36006: corrected
36007: [dae68d422efd]
36008:
36009: * logging.c, sudo.c, sudo.h:
36010: execve -> execv
36011: [40cc2c4bdb15]
36012:
36013: * TODO:
36014: upated
36015: [9275a8b8fc45]
36016:
36017: * PORTING:
36018: added 2 mroe items
36019: [6cbb5c56993c]
36020:
36021: * CHANGES:
36022: updated
36023: [73f34f8e571a]
36024:
36025: * sudo.h:
36026: added UMASK and mode_t declaration
36027: [7c2015e1d171]
36028:
36029: * sudo.c:
36030: added UMASK
36031: [d37be7523680]
36032:
36033: * logging.c:
36034: now opens log file with mode 077
36035: [0825cc3ee841]
36036:
36037: * check.c:
36038: saved current umask ans restores it
36039: [659c1aaae8e8]
36040:
36041: * sudo.h:
36042: added MAXLOGFILELEN
36043: [34331c7dee90]
36044:
36045: * logging.c:
36046: split long log lines. FOr syslog, split into multiple entries, for
36047: a log file, indent the extra for readability
36048: [72c9e4cdba6e]
36049:
36050: 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
36051:
36052: * CHANGES:
36053: added changes
36054: [81196833673d]
36055:
36056: * sudo.h:
36057: MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
36058: [1aa69e903840]
36059:
36060: 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
36061:
36062: * TODO:
36063: added input from Brett M Hogden <hogden@rge.com>
36064: [80f01fc88ce9]
36065:
36066: 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
36067:
36068: * sudo.c:
36069: added rmenv() to remove stuff from environ. can now uses execvp()
36070: OR execve() becuase of this.
36071: [e7fc2535bd67]
36072:
36073: * logging.c:
36074: now uses execvp() OR execve()
36075: [56391aa1f99d]
36076:
36077: * sudo.h:
36078: added USE_EXECVE
36079: [f21f38050b95]
36080:
36081: * sudo.h:
36082: added environ
36083: [6b805e23c6f6]
36084:
36085: * find_path.c:
36086: now ignore EPERM
36087: [c8fd7117a1d7]
36088:
36089: * sudo.h:
36090: moved some func decls out of sudo.h and into sudo.c as statics /.
36091: [5f555c267d27]
36092:
36093: * CHANGES:
36094: updated
36095: [431f478af320]
36096:
36097: * sudo.h:
36098: took out Envp
36099: [6f722be7793d]
36100:
36101: 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
36102:
36103: * BUGS:
36104: Initial revision
36105: [4a8ecf0da95c]
36106:
36107: 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
36108:
36109: * CHANGES:
36110: added SECURE_PATH
36111: [1c72cb222609]
36112:
36113: * sudo.c, sudo.h:
36114: added SECURE_PATH
36115: [5bf5357a63c5]
36116:
36117: * sudo.h:
36118: added SECURE_PATH
36119: [3976a74405ac]
36120:
36121: * INSTALL:
36122: added sample.sudoers note
36123: [1b395d29aaeb]
36124:
36125: * sudoers:
36126: Initial revision
36127: [485888d07477]
36128:
36129: 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
36130:
36131: * find_path.c:
36132: fixed typo
36133: [bfc3cc4d41ca]
36134:
36135: * PORTING:
36136: took out SAVED_UID garbage
36137: [b7c2d3469661] [SUDO_1_3_0]
36138:
36139: * INSTALL:
36140: mentioned HAL
36141: [253d6695df90]
36142:
36143: * sudo.h:
36144: added HAL line
36145: [29ec1a4ac6de]
36146:
36147: * insults.h:
36148: added HAL insults
36149: [7d7c96d77c74]
36150:
36151: * TODO:
36152: updated
36153: [aa2ed9790586]
36154:
36155: * logging.c:
36156: more verbose error if mailer not found
36157: [fca47fd00cb6]
36158:
36159: * check.c:
36160: now do getpwent as root for soem shadow password systems (bsdi)
36161: [e0339e110d46]
36162:
36163: 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
36164:
36165: * sudo.h:
36166: took out SAVED_UID garbade
36167: [fcb0e81dcdb5]
36168:
36169: * sudo.c:
36170: took out SAVED_UID garbage since it don't work
36171: [507e9513e9c2]
36172:
36173: 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
36174:
36175: * README:
36176: updated
36177: [d2b6b253dae5]
36178:
36179: * insults.h:
36180: added a missing space :-)
36181: [8940ea991f87]
36182:
36183: * sudo.c, sudo.h:
36184: took out multimax cruft
36185: [c2606b365181]
36186:
36187: * INSTALL:
36188: minor update
36189: [05fb6ee73131]
36190:
36191: * PORTING:
36192: finished
36193: [c4ac47c84dc5]
36194:
36195: * sudo.c:
36196: fixed a typo + indentation
36197: [7eab40aae8fa]
36198:
36199: 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
36200:
36201: * sudo.h:
36202: took outumoved some defines to the config file ,. ,.
36203: [defff05beb52]
36204:
36205: * PORTING:
36206: Initial revision
36207: [c803e9127959]
36208:
36209: * TODO:
36210: did #6
36211: [c6fa1c946c31]
36212:
36213: * sudo.h:
36214: added HAS_SAVED_UID
36215: [6a88a39c0a07]
36216:
36217: * sudo.c:
36218: put back AIX cruft
36219: [a24d2507ddd4]
36220:
36221: 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
36222:
36223: * sudo.c:
36224: aix changes
36225: [1663915f754a]
36226:
36227: 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
36228:
36229: * CHANGES:
36230: updated
36231: [a8cc73747cae]
36232:
36233: * check.c, logging.c, parse.c, sudo.c, sudo.h:
36234: now is only root when abs necesary
36235: [3c9d12c5cdfe]
36236:
36237: * check.c:
36238: added missing %s\n
36239: [609320b72d89]
36240:
36241: 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
36242:
36243: * install-sh:
36244: Initial revision
36245: [b5bba140a175]
36246:
36247: * TODO:
36248: updated
36249: [c9d2eba602af]
36250:
36251: * CHANGES:
36252: updated
36253: [932f1fc3bb14]
36254:
36255: * sudo.c:
36256: now removed _RLD_* for alphas
36257: [54a36e648158]
36258:
36259: * INSTALL:
36260: updated for new config scheme
36261: [61c8ae800444]
36262:
36263: * find_path.c:
36264: more verbose eror messages
36265: [b4fd123db42d]
36266:
36267: 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
36268:
36269: * TODO:
36270: now have solaris
36271: [371002fbf266]
36272:
36273: * sudo.h:
36274: define __svr4__ for SOLARIS
36275: [0b5cf5ed936d]
36276:
36277: * check.c:
36278: added svr4 junk for shadow pws for solaris 2.x
36279: [91ed58f21618]
36280:
36281: * check.c, sudo.c:
36282: took out setuid(0) and setreuid(udi) garbage. Its not needed since
36283: we start out setuid with the correct perms.
36284: [07689e782b0b]
36285:
36286: * check.c, sudo.c, sudo.h:
36287: now use setreuid()
36288: [7d64d685d78e]
36289:
36290: 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
36291:
36292: * sudo.man:
36293: revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
36294: sectoin
36295: [b26967b1e19b]
36296:
36297: * visudo.c:
36298: now uses ENV_EDITOR if you want to use the EDITOR envar
36299: [a4f8fcb9bd1d]
36300:
36301: * sudo.h:
36302: now uses ENV_EDITOR if you want to use the EDITOR envar >> .
36303: [028cc55c4328]
36304:
36305: 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
36306:
36307: * INSTALL:
36308: rewrote most of this
36309: [a6750923f9c9]
36310:
36311: * README:
36312: minor update + spell fix
36313: [a411717a7249]
36314:
36315: * sudo.h:
36316: added all options that are in the Makefile
36317: [6db3b3b841b3]
36318:
36319: * getpass.c:
36320: now use USE_TERMIO #define for sgi & hpux
36321: [b91f89ae6be1]
36322:
36323: * TODO:
36324: todo: posix sigs
36325: [4548a56eb2ef]
36326:
36327: 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
36328:
36329: * check.c, find_path.c:
36330: always include strings.h
36331: [1fc20bda92c0]
36332:
36333: * visudo.c:
36334: added STATICEDITOR
36335: [0596f820716e]
36336:
36337: * sudo.h:
36338: sgi has vi in /usr/bin too
36339: [94203b62bfd9]
36340:
36341: * sudo.man:
36342: added VISUAL
36343: [87c2844c4cac]
36344:
36345: 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
36346:
36347: * sudo.h:
36348: sue /usr/bin/vi on some systems
36349: [e3ad9190f35e]
36350:
36351: * sudo.c:
36352: fixed warning (include strings.h)
36353: [0b896de4d8a0]
36354:
36355: * sudo.man:
36356: added John_Rouillard@dl5000.bc.edu's changes (new features)
36357: [f41b4205a8cf]
36358:
36359: * CHANGES:
36360: changes from John_Rouillard@dl5000.bc.edu
36361: [6bdef8e948d5]
36362:
36363: * visudo.c:
36364: added EDITOR envar
36365: [5c4bf716de21]
36366:
36367: * check.c, find_path.c, parse.c, sudo.c:
36368: added patches from John_Rouillard directory spec
36369: uses EDITOR
36370: [f62a435f8c41]
36371:
36372: 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
36373:
36374: * getpass.c:
36375: added flush for hpux
36376: [07cfdd6a7b55]
36377:
36378: 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
36379:
36380: * sudo.c:
36381: no longer assume malloc returns a char *
36382: [7480bd2756f3]
36383:
36384: * sudo.c:
36385: alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
36386: gets removed correctly
36387: [8587166c6ac8]
36388:
36389: * sudo.h:
36390: added STD_HEADERS macro
36391: [480f5a9a516c]
36392:
36393: * sudo.c:
36394: now uses STD_HEADERS macor for ansi
36395: [c5018806fd59]
36396:
36397: * find_path.c:
36398: now uses STD_HEADERS macro
36399: [ad821e0788ea]
36400:
36401: * check.c:
36402: niceties for C compiler bitches -- no real change
36403: [0fc0b1a5fb64]
36404:
36405: 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
36406:
36407: * visudo.c:
36408: now doesn't fclose a file never opened.
36409: [ee888ec9427d]
36410:
36411: 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
36412:
36413: * sudo.man:
36414: added visudo line
36415: [698d51c66407]
36416:
36417: * sudo.man:
36418: added error stuff added me in there...
36419: [d202fd34b906]
36420:
36421: * CHANGES:
36422: noted insults
36423: [998a22c2230c]
36424:
36425: * INSTALL:
36426: added blurb about reading stuff
36427: [e71db100798f]
36428:
36429: * sudo.h:
36430: added insults
36431: [c110431cec56]
36432:
36433: * insults.h:
36434: corrected somments and removed newlines
36435: [493706fd488c]
36436:
36437: * check.c:
36438: now uses insults
36439: [6d23cf06a0ef]
36440:
36441: * insults.h:
36442: Initial revision
36443: [83153c26b4a3]
36444:
36445: * INSTALL:
36446: added dec syslog note
36447: [555437273237]
36448:
36449: * sample.sudoers:
36450: added real stuff in there
36451: [53442a7fba78]
36452:
36453: * TODO:
36454: added a todo
36455: [c630472bd4dc]
36456:
36457: * TODO:
36458: added one
36459: [806464453284]
36460:
36461: 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
36462:
36463: * sample.sudoers:
36464: Initial revision
36465: [7db0a9f1ca8f]
36466:
36467: * sudo.man:
36468: updated with changes
36469: [d9bf254c6c08]
36470:
36471: * sudo.man:
36472: Initial revision
36473: [dd6f11174ac6]
36474:
36475: * indent.pro:
36476: Initial revision
36477: [dbfbb494fad9]
36478:
36479: * CHANGES, COPYING, INSTALL, README, TODO:
36480: Initial revision
36481: [6d98f489a079]
36482:
36483: * visudo.c:
36484: updated version number and took out jeff's old addr since it is no
36485: good
36486: [ee47c24818cb]
36487:
36488: * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
36489: sudo.c, sudo.h:
36490: updated version number and took out jeff's email (since it is
36491: invalid)
36492: [54616458a52e]
36493:
36494: 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
36495:
36496: * check.c:
36497: added fflush()
36498: [145c881f4fb4]
36499:
36500: 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
36501:
36502: * find_path.c:
36503: now return NULL instead pf��of exiting for nopn��n-fatal errors
36504: [8bc74f8cb1ae]
36505:
36506: 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
36507:
36508: * check.c:
36509: new banner
36510: [5387ab2af516]
36511:
36512: * parse.lex:
36513: now sudo.h gets included first
36514: [2acb01c18e18]
36515:
36516: 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
36517:
36518: * parse.lex:
36519: now can use flex
36520: [164d3839adf0]
36521:
36522: * sudo.h:
36523: linux patch
36524: [f1b6b1b1a2ca]
36525:
36526: * sudo.c:
36527: hpux 9 fix, removes SHLIB_PATH linux patch
36528: [67611dc1737f]
36529:
36530: * check.c:
36531: linux diff
36532: [c24536682397]
36533:
36534: 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
36535:
36536: * find_path.c:
36537: stat now ignores EINVAL
36538: [c7761a5dc642]
36539:
36540: 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
36541:
36542: * find_path.c, sudo.c:
36543: now declare strdup as extern
36544: [6b7d6f8784b5]
36545:
36546: 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
36547:
36548: * visudo.c:
36549: reformatted with indent + by hand
36550: [9d43084e4990]
36551:
36552: * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
36553: used indent to "fix" coding style
36554: [489ffacbdc70]
36555:
36556: * find_path.c:
36557: now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
36558: move the code that does this into the loop body. makes it messier
36559: tho. hmmm.
36560: [c4d22b48da9a]
36561:
36562: 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
36563:
36564: * find_path.c:
36565: redid the fix for non-executable files in an easier to read way plus
36566: some minor aethetic changes
36567: [84fe337f1426]
36568:
36569: * find_path.c:
36570: fixed bug with non-executable tings of same name in path introduced
36571: by checkig errno after stat(2).
36572: [c2a812cfcbc1]
36573:
36574: 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
36575:
36576: * sudo.c:
36577: fixed off by one error
36578: [fabb7cee0041]
36579:
36580: * find_path.c:
36581: now handles decending below '/' correctly
36582: [5d2ddfc0b220]
36583:
36584: * sudo.c:
36585: now actually builds Envp instead of munging envp
36586: [bdc4b08f6898]
36587:
36588: 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
36589:
36590: * parse.yacc:
36591: now includes sys/param.h
36592: [efbb494ab4de]
36593:
36594: * visudo.c:
36595: now includes sys/param.h
36596: [ad6c91d59958]
36597:
36598: * sudo.h:
36599: fixed ifndef -> ifdef
36600: [7aebe822d863]
36601:
36602: * qualify.c:
36603: make more like find_path.c
36604: [853b2dab2e03]
36605:
36606: * find_path.c:
36607: rewritten by millert
36608: [c6a043cc11b3]
36609:
36610: * sudo.h:
36611: fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
36612: about new defines in the comment
36613: [39ffefce3aec]
36614:
36615: * logging.c:
36616: now uses USE_CWD
36617: [fa0f3b118bb3]
36618:
36619: * sudo.h:
36620: added delc for clean_envp() and Envp
36621: [a12034e300c2]
36622:
36623: * sudo.c:
36624: now rips LD_* env vars out of envp and passed sanitized Envp to exec
36625: [d201a218e056]
36626:
36627: * logging.c:
36628: now uses execve()
36629: [f3e01032cd33]
36630:
36631: * find_path.c:
36632: ENOTDIR is ok now too (in case part of the path is bogus)
36633: [b5cbbb201bb5]
36634:
36635: * qualify.c:
36636: now works correctly (ttaltotal rewrite)
36637: [0c25d64a5c68]
36638:
36639: * parse.lex:
36640: now includes sys/param.h didn't match trailing / -- fix from
36641: rouilj@cs.umb.edu
36642: [b6363ba110af]
36643:
36644: 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
36645:
36646: * sudo.c:
36647: moved around the #ifndef _AIX
36648: [7d4330950c20]
36649:
36650: * check.c, logging.c, parse.c:
36651: Initial revision
36652: [c101e9572d7f]
36653:
36654: 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
36655:
36656: * qualify.c:
36657: Initial revision
36658: [5a5f21d0e0bf]
36659:
36660: 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
36661:
36662: * find_path.c:
36663: now works if you do sudo bin/test
36664: [07835120ce43]
36665:
36666: * find_path.c:
36667: works
36668: [c3da8b5efa20]
36669:
36670: 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
36671:
36672: * sudo.h:
36673: Initial revision
36674: [28a1caa38b72]
36675:
36676: * visudo.c:
36677: Initial revision
36678: [0e5cd7c3cdbe]
36679:
36680: * parse.lex, parse.yacc:
36681: Initial revision
36682: [5f2d0cccb06b]
36683:
36684: 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
36685:
36686: * sudo.c:
36687: took out errno.h
36688: [7466431a2655]
36689:
36690: * sudo.c:
36691: now spews error if exec fails and exits with -1
36692: [e5c41ea725c1]
36693:
36694: * sudo.c:
36695: Initial revision
36696: [8aeabe39a0c2]
36697:
36698: * find_path.c:
36699: now only execs files with (an) executable bit set.
36700: [0a451f9c0e58]
36701:
36702: * find_path.c:
36703: Initial revision
36704: [02a534891a35]
36705:
36706: 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
36707:
36708: * getpass.c:
36709: added nice comment
36710: [ea8b2aaa9389]
36711:
36712: * getpass.c:
36713: now works on sgi's
36714: [bf2b7c6d0960]
36715:
36716: * getpass.c:
36717: Initial revision
36718: [9f4de251c1b5]
36719:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ChangeLog CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo