1: 2013-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
2:
3: * include/missing.h:
4: Include stddef.h for rsize_t and errno_t on systems that support it
5: natively.
6: [bc547d47e9c6]
7:
8: * MANIFEST:
9: Fix braino.
10: [67b79747312f]
11:
12: * plugins/sudoers/po/da.mo, plugins/sudoers/po/de.mo,
13: plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo,
14: plugins/sudoers/po/it.mo, plugins/sudoers/po/pl.mo,
15: plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/uk.mo,
16: plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo:
17: Rebuild message catalog files.
18: [0a9befb0674e]
19:
20: * src/po/da.mo, src/po/eo.mo, src/po/fi.mo, src/po/it.mo,
21: src/po/pl.mo, src/po/pt_BR.mo, src/po/ru.mo, src/po/uk.mo,
22: src/po/vi.mo, src/po/zh_CN.mo:
23: Rebuild message catalog files.
24: [25191089ddf2]
25:
26: * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/cs.mo, src/po/cs.po:
27: Czech translation for sudo from translationproject.org.
28: [8bc0ed069ddb]
29:
30: 2013-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
31:
32: * plugins/sudoers/po/da.po, plugins/sudoers/po/de.po,
33: plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.po,
34: plugins/sudoers/po/it.po, plugins/sudoers/po/pl.po,
35: plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.po,
36: plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, src/po/da.po,
37: src/po/eo.po, src/po/fi.po, src/po/it.po, src/po/pl.po,
38: src/po/pt_BR.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
39: src/po/zh_CN.po:
40: Sync with translationproject.org
41: [c16f9bb4579e]
42:
43: * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
44: Change "next" back to 2. In the context of "next Friday" we really
45: do want the friday of the upcoming (not current) week.
46: Unfortunately, this means that things like "next week" and "next
47: year" will match one more than we really want. Fixing this will
48: require some fairly major changes to the grammar.
49: [7f863c930121]
50:
51: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
52: Mention that relative times don't always do what you might expect.
53: [710a9b0dd36f]
54:
55: 2013-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
56:
57: * doc/CONTRIBUTORS:
58: Add diacritical for Zdenek Behan.
59: [78d333f88e6c]
60:
61: 2013-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
62:
63: * src/regress/ttyname/check_ttyname.c:
64: Do not fail if ttyname() cannot determine the tty but sudo can.
65: Should fix problems with running "make check" under pbuilder.
66: [e6fc06a6c5cf]
67:
68: * plugins/sudoers/Makefile.in:
69: Remove extraneous $$CWD; from Bdale Garbee
70: [4d040ddd7446]
71:
72: 2013-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
73:
74: * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
75: Make "this" and "next" qualifiers work a bit better. There is still
76: room for improvement as "this week" will use the current time
77: instead of the beginning of the week. That's a separate issue
78: though.
79: [e844c02f754a]
80:
81: 2013-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
82:
83: * common/regress/sudo_conf/conf_test.c,
84: common/regress/sudo_parseln/parseln_test.c:
85: Mark main() public to silence a warning on HP-UX.
86: [ac0b869b9842]
87:
88: 2013-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
89:
90: * plugins/sudoers/po/sudoers.pot, plugins/sudoers/timestamp.c:
91: Be specific that we are talking about the Unix epoch; bug #615
92: [25887775371b]
93:
94: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/po/sudoers.pot,
95: src/po/sudo.pot, src/selinux.c:
96: Do not use "setup" as a verb; bug #614
97: [17c4750aac5f]
98:
99: * plugins/sudoers/iolog.c:
100: Fix logic goof when checking open() status.
101: [76ece1445d71]
102:
103: * plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo,
104: src/po/nl.po, src/po/ru.mo, src/po/ru.po:
105: Sync with translationproject.org
106: [21351498000f]
107:
108: * NEWS, plugins/sudoers/sudoreplay.c:
109: Work around a bug in sudo 1.8.7 timing files where the indexes are
110: off by two.
111: [4aa0cd58af58]
112:
113: * MANIFEST, plugins/sudoers/iolog.c, plugins/sudoers/iolog.h,
114: plugins/sudoers/sudoreplay.c:
115: Repair writing of the I/O log file indices broken in sudo 1.8.7.
116: [6a5f867884f5]
117:
118: 2013-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
119:
120: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
121: Try to improve the PAGERS noexec example a bit.
122: [226f11118daa]
123:
124: 2013-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
125:
126: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
127: doc/sudoers.ldap.mdoc.in:
128: Document comment character in ldap.conf Clarify what is and is not
129: supported in TLS_KEYPW Mention that gsk8capicmd can be used to
130: create a stash file
131: [fb8f06ab4458]
132:
133: 2013-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
134:
135: * NEWS:
136: New bugs fixed for 1.8.8.
137: [c158df7cd9d2]
138:
139: * plugins/sudoers/visudo.c:
140: Fix setting of quiet flag when -q / --quiet is specified. Do not
141: print "sudoers: parsed OK" in quiet mode.
142: [df55acd57ce6]
143:
144: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
145: plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/fi.mo,
146: src/po/fi.po, src/po/it.mo, src/po/it.po:
147: Updated translations from translationproject.org
148: [e9e8abd23a28]
149:
150: * plugins/sudoers/check.c:
151: Don't allow root to change its SELinux role without a password. Bug
152: #611
153: [f8b599acb29d]
154:
155: 2013-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
156:
157: * NEWS:
158: Mention new Mac OS X symbol interposition.
159: [98293b7c4e0f]
160:
161: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
162: src/po/eo.po, src/po/fr.mo, src/po/fr.po:
163: Updated translations from translationproject.org
164: [865be7454354]
165:
166: * config.h.in, configure, configure.in, src/sudo_noexec.c:
167: Add configure checks for the exec functions we will dummy out. This
168: is only really needed on Mac OS X when symbol interposition is being
169: performed but won't hurt elsewhere.
170: [49c20cf6bab0]
171:
172: 2013-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
173:
174: * config.h.in, configure, configure.in, src/Makefile.in,
175: src/sudo_noexec.c:
176: Fix installation of sudo_noexec on Mac OS X. Use library symbol
177: interposition on Mac OS X 10.4 and higher so we don't need to set
178: DYLD_FORCE_FLAT_NAMESPACE=1.
179: [a82999dff8e6]
180:
181: 2013-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
182:
183: * plugins/sudoers/ldap.c:
184: Fix error display from ldap_ssl_client_init(). There are two error
185: codes. The return value can be decoded via ldap_err2string() but
186: the ssl reason code cannot (you have to look it up in a table
187: online).
188: [0267125ce9f0]
189:
190: 2013-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
191:
192: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
193: doc/sudoers.ldap.mdoc.in:
194: Fix typo in tls_key example for Tivoli
195: [36599f424ac4]
196:
197: * src/parse_args.c:
198: Don't escape '$' when running "sudo -i command". Bug #564
199: [17542d52f714]
200:
201: * plugins/sudoers/iolog_path.c:
202: Fix typo in comment.
203: [d0510ed5eaba]
204:
205: * plugins/sudoers/auth/pam.c:
206: Fix comment.
207: [4e89e0bfd6af]
208:
209: * plugins/sudoers/timestr.c, plugins/sudoers/visudo.c:
210: Quiet some gcc -Wformat=2 false positives
211: [28a2014b9822]
212:
213: 2013-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
214:
215: * plugins/sudoers/auth/pam.c:
216: Remove now-obsolete arg to env_merge()
217: [ba015cf5d935]
218:
219: * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
220: plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
221: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
222: plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
223: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
224: src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po,
225: src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
226: src/po/zh_CN.mo, src/po/zh_CN.po:
227: Updated translations from translationproject.org
228: [72b6aeaba505]
229:
230: * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/fr.mo, src/po/fr.po:
231: French translation for sudo from translationproject.org.
232: [a72321771860]
233:
234: * plugins/sudoers/logging.h:
235: Add __printflike to audit_failure.
236: [1686b3699d41]
237:
238: * include/missing.h:
239: Use __nonnull__ attribute in __printflike.
240: [d123613a1fb6]
241:
242: 2013-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
243:
244: * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
245: When merging the PAM environment, allow environment variables set in
246: PAM to override ones set by sudo as long as they do not match the
247: env_keep or env_check lists.
248: [f3c64967fed7]
249:
250: * plugins/sudoers/auth/pam.c:
251: Call pam_getenvlist() after we've opened the session to get the
252: session-specific environment variables.
253: [b413fb9e1c77]
254:
255: 2013-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
256:
257: * NEWS:
258: option not flag
259: [08c31af7b818]
260:
261: * compat/getopt_long.c, config.h.in, configure, configure.in:
262: Don't redefine opterr, optind, optopt, optarg in getopt_long.c. Add
263: a check for optreset which is a BSD extension and provide a
264: definition in getopt_long.c if it is not present.
265: [3393e8d83400]
266:
267: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
268: regen
269: [f38f65830118]
270:
271: * plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c:
272: Use lower case for the long option arguments to match the manual.
273: This is inconsistent with GNU but it is better to match the sudo
274: documentation.
275: [8fac2d64f5d2]
276:
277: * NEWS:
278: Sudo 1.8.8
279: [105c73752474]
280:
281: * src/parse_args.c:
282: Use lower card for the long option arguments to match the manual.
283: This is inconsistent with GNU but it is better to match the sudo
284: documentation.
285: [af243dd39850]
286:
287: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
288: doc/sudo_plugin.mdoc.in:
289: Describe how remote command execution can be implemented.
290: [3eba7f93b7f6]
291:
292: * doc/sudoers.ldap.cat:
293: Bump version.
294: [0ee7f02f3627]
295:
296: 2013-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
297:
298: * src/sudo.c:
299: Make it a fatal error if the plugin returns invalid or out of range
300: command info.
301: [8a7e56c7584a]
302:
303: * plugins/sudoers/policy.c:
304: Use strtol() instead of atoi() and perform error checking of
305: parameters passed from the sudo front-end.
306: [05e05be3c6c4]
307:
308: * plugins/sudoers/auth/pam.c:
309: It is not possible for auth to be NULL here.
310: [771500e776e9]
311:
312: * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
313: Initialize user_runhost and user_srunhost to user_host and
314: user_shost in visudo and testsudoers.
315: [c47cca74e1fc]
316:
317: * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
318: common/error.c, common/fatal.c, common/gidlist.c, common/lbuf.c,
319: common/list.c, common/sudo_conf.c, common/sudo_debug.c,
320: compat/Makefile.in, compat/getopt_long.c, include/error.h,
321: include/fatal.h, plugins/sudoers/Makefile.in,
322: plugins/sudoers/bsm_audit.c, plugins/sudoers/hexchar.c,
323: plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
324: plugins/sudoers/regress/check_symbols/check_symbols.c,
325: plugins/sudoers/regress/logging/check_wrap.c,
326: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
327: src/Makefile.in, src/locale_stub.c, src/net_ifs.c,
328: src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h:
329: Rename error.h -> fatal.h now that there is no error() function.
330: [3a3827f10f04]
331:
332: * common/sudo_debug.c, include/sudo_debug.h:
333: Add support to the debug subsystem for zero-length strings. This
334: can happen for things like warning(NULL) or fatal(NULL) where we
335: just want to log the errno string.
336: [3ed739c5cc91]
337:
338: * include/error.h:
339: Add __printflike for vfatal, vfatalx, vwarning and vwarningx.
340: [57e65ed595d2]
341:
342: * plugins/sudoers/audit.c:
343: Need to include gettext.h for BSM audit.
344: [a87fda2d0123]
345:
346: * common/alloc.c, plugins/sudoers/env.c, src/exec_common.c,
347: src/parse_args.c, src/sudo.c:
348: Change some fatalx(NULL) that should be fatal(NULL).
349: [8b1efda9f578]
350:
351: * include/error.h, include/missing.h:
352: Use __printf0like for warning() and fatal() since the fmt string may
353: be NULL.
354: [858a890f00ad]
355:
356: * compat/pw_dup.c:
357: Quiet a gcc "used uninitialized in this function" false positive.
358: [98f47f89ce60]
359:
360: * mkpkg:
361: Enable bsm audit on Mac OS X and Solaris >= 11.
362: [8607488f986c]
363:
364: * plugins/sudoers/bsm_audit.c:
365: Fix compilation on Solaris 11.
366: [01aa46298ed7]
367:
368: * plugins/sudoers/bsm_audit.c:
369: Add missing missing.h
370: [080de69a55a1]
371:
372: * plugins/sudoers/sudoers.c:
373: Move the -C (user_closefrom) check until after set_cmnd() so that
374: closefrom_override can be used in a command-specific Defaults line.
375: Fixes bug #610 from Mengtao Sun.
376: [413565c6ff6b]
377:
378: 2013-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
379:
380: * src/exec.c:
381: If not using a pty and the child process gets SIGTTOU or SIGTTIN and
382: sudo is the foreground process, make the child the foreground
383: process and continue it.
384: [5ff433443bc4]
385:
386: * src/sudo.c:
387: If sudo is not setuid and was not invoked with a full path, look in
388: the user's PATH for the sudo binary to give a better error message.
389: [a740129a38f0]
390:
391: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
392: plugins/sudoers/logging.c, plugins/sudoers/match.c,
393: plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c,
394: plugins/sudoers/sudoers.h:
395: Add limited support for "sudo -l -h other_host". Since group
396: lookups are done on the local host, rules that use group membership
397: may be incorrect if the group database is not synchronized between
398: hosts.
399: [2c8b222a5f7f]
400:
401: * src/parse_args.c:
402: Fix parsing of "-h host" when used in conjunction with the -l flag.
403: [62f3d726d52b]
404:
405: * configure, configure.in, doc/fixman.sh, doc/fixmdoc.sh,
406: doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
407: doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
408: doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c,
409: plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.c,
410: src/sudo_usage.h.in:
411: Simplify usage messages a bit and make --help output more closely
412: resemble GNU usage wrt long options. Sync usage and man page
413: SYNOPSYS sections and improve long options in the manual pages. Now
414: that we have long options we don't need to give the mnemonic for the
415: single-character options in the description.
416: [17b7e386955a]
417:
418: 2013-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
419:
420: * plugins/sudoers/logging.c:
421: Fix setting of mailer argv[0] to basename of mailerpath. No need to
422: strdup() mailerpath as it is not modified.
423: [8843cdd958ee]
424:
425: * plugins/sudoers/logging.c:
426: Make sure the mailer exists and is a regular file before trying to
427: exec it.
428: [b73d6214014f]
429:
430: * plugins/sudoers/timestamp.c:
431: If tty_tickets are enabled but there is no tty, use a ticket file
432: based on the parent pid.
433: [75408bd61ced]
434:
435: * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
436: doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/parse_args.c:
437: Allow default plugin dir to be configured in sudo.conf.
438: [478883594cc5]
439:
440: * doc/CONTRIBUTORS:
441: UTF8 for Ruusamae, Elan; from Tae Wong
442: [02e0c95b4fa6]
443:
444: 2013-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
445:
446: * MANIFEST, common/regress/sudo_conf/test5.in,
447: common/regress/sudo_conf/test5.out.ok,
448: common/regress/sudo_conf/test6.in,
449: common/regress/sudo_conf/test6.out.ok, common/sudo_conf.c,
450: doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
451: plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, src/sudo.c:
452: Don't allow max_groups to be set to zero, it just complicates things
453: needlessly. Fixes an assertion in visudo when there is a group-
454: based Defaults entry.
455: [d62a8ea32db9]
456:
457: 2013-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
458:
459: * MANIFEST, common/Makefile.in, common/gidlist.c,
460: plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, src/sudo.c,
461: src/sudo.h:
462: Refactor code to parse list of gids into its own function that is
463: shared by the sudo front-end and the sudoers module. Make uid/gid
464: parse error be fatal, not just a warning.
465: [da3b2b06605c]
466:
467: * common/atoid.c:
468: Add function comment block.
469: [09a324de716f]
470:
471: * common/atoid.c:
472: Default text domain is now sudo, not sudoers.
473: [1acb1da6f304]
474:
475: * common/Makefile.in:
476: Update dependency for atoid.lo
477: [5e367cd44288]
478:
479: * common/atoid.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
480: plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, src/sudo.c,
481: src/sudo.h:
482: Add endpointer and separator args to atoid()
483: [2077e4ed8578]
484:
485: 2013-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
486:
487: * compat/getgrouplist.c:
488: Use private version of atoid() to avoid a dependency on libcommon.a
489: (since that already depends on libreplace.a).
490: [7c12d63b0560]
491:
492: * doc/CONTRIBUTORS:
493: More UTF8 in names; from Tae Wong
494: [512b263f51c8]
495:
496: * compat/getgrouplist.c, plugins/sudoers/iolog.c,
497: plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h:
498: Use atoid() in more places.
499: [06f4ae57c707]
500:
501: * MANIFEST, common/Makefile.in, common/atoid.c,
502: plugins/sudoers/Makefile.in, plugins/sudoers/atoid.c:
503: Move atoid() to common so it can be used in src and compat too.
504: [095d730701e4]
505:
506: * compat/closefrom.c:
507: Avoid a crash on Mac OS X 10.8 (at least) when we close
508: libdispatch's fds out from under it before executing the command.
509: Switch to just setting the close on exec flag instead.
510: [349ebf4987df]
511:
512: * doc/CONTRIBUTORS:
513: Convert to last, first for easier sorting and use UTF8 (including a
514: BOM).
515: [8c30d221bd75]
516:
517: * plugins/sudoers/atoid.c:
518: Add atoid() function to convert a string to an id_t (uid, gid or
519: pid). We have to be careful to choose() either strtol() or
520: strtoul() depending on whether the string appears to be signed or
521: unsigned. Always using strtoul() is unsafe on 64-bit platforms since
522: the uid might be represented as a negative number and (unsigned
523: long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
524: Fixes a problem with uids larger than 0x7fffffff on 32-bit
525: platforms.
526: [5d818e399157]
527:
528: * MANIFEST, config.h.in, configure, configure.in,
529: plugins/sudoers/Makefile.in, plugins/sudoers/policy.c,
530: plugins/sudoers/sudoers.h:
531: Add atoid() function to convert a string to an id_t (uid, gid or
532: pid). We have to be careful to choose() either strtol() or
533: strtoul() depending on whether the string appears to be signed or
534: unsigned. Always using strtoul() is unsafe on 64-bit platforms since
535: the uid might be represented as a negative number and (unsigned
536: long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
537: Fixes a problem with uids larger than 0x7fffffff on 32-bit
538: platforms.
539: [cd92246a710f]
540:
541: * plugins/sudoers/sudoers.c:
542: Avoid "perm stack underflow" error when logging the unknown uid
543: error.
544: [871514c713b7]
545:
546: * plugins/sudoers/set_perms.c:
547: In rewind_perms() there is nothing to do if perm_stack_depth == 0.
548: [98de335f47f0]
549:
550: 2013-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
551:
552: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
553: plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c,
554: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in:
555: Add pam_setcred sudoers option to allow the user to control whether
556: pam_setcred() is called on the user's behalf.
557: [4260a8e43073]
558:
559: * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
560: doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
561: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
562: plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
563: Add pam_service and pam_login_service sudoers settings to control
564: the service name passed to pam_start.
565: [5ea0e3588f3a]
566:
567: * mkpkg:
568: Newer Xcode places the SDKs under Xcode.app
569: [4b54379d5c45]
570:
571: 2013-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
572:
573: * MANIFEST, common/Makefile.in, common/zero_bytes.c,
574: compat/Makefile.in, compat/memset_s.c, config.h.in, configure,
575: configure.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
576: doc/sudo_plugin.mdoc.in, include/missing.h, include/sudo_plugin.h,
577: mkdep.pl, plugins/sudoers/Makefile.in,
578: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
579: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
580: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
581: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
582: plugins/sudoers/logging.c, plugins/sudoers/sha2.c,
583: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
584: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
585: src/Makefile.in, src/conversation.c, src/sudo.h, src/sudo_edit.c,
586: src/tgetpass.c:
587: Implement memset_s() and use it instead of zero_bytes(). A new
588: constant, SUDO_CONV_REPL_MAX, is defined by the plugin API as the
589: max conversation reply length. This constant can be used as a max
590: value for memset_s() when clearing passwords filled in by the
591: conversation function.
592: [264ec146028e]
593:
594: 2013-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
595:
596: * plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
597: plugins/system_group/Makefile.in:
598: Do not try to install plugins when shared modules are disabled
599: (sudoers already had the check).
600: [3d582c042042]
601:
602: * plugins/sudoers/Makefile.in:
603: Update dependencies to take into account compat/getopt.h and
604: compat/dlfcn.h.
605: [301fb31cd121]
606:
607: * src/Makefile.in:
608: Update dependencies now that sudo_usage.h is always included from
609: the build dir.
610: [c1ff70ec9515]
611:
612: 2013-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
613:
614: * plugins/sudoers/ldap.c:
615: Add some warnings and debugging to sasl ccname handling.
616: [467f415861f0]
617:
618: * plugins/sudoers/ldap.c:
619: Fix write loop invariant in sudo_krb5_copy_cc_file()
620: [6948cf6e9b9f]
621:
622: 2013-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
623:
624: * plugins/sudoers/ldap.c:
625: Strip off leading FILE: or WRFILE: prefix before trying to copy the
626: user's credential cache.
627: [56c16feab62f]
628:
629: 2013-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
630:
631: * src/sudo.c:
632: Instead of setting RLIMIT_NPROC to unlimited when sudo initializes,
633: just save RLIMIT_NPROC in exec_setup() before the final setuid() and
634: restore it immediately after. We don't need to modify RLIMIT_NPROC
635: for simple euid changes, just for changing the real (and saved) uids
636: before we exec. This also means we no longer need to worry about
637: _SC_CHILD_MAX returning -1. Bug #565
638: [1372f1909039]
639:
640: 2013-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
641:
642: * plugins/sudoers/ldap.c, src/preload.c:
643: Now that the ldap code runs with the real and effective uid set to
644: 0, it is not possible for the gssapi libs to find the user's krb5
645: credential cache file. To work around this, we make a temporary
646: copy of the user's credential cache specified by KRB5CCNAME (opened
647: with the user's effective uid) and point gssapi to it. To set the
648: credential cache file name, we dynamically look up
649: gss_krb5_ccache_name() and use it if available, otherwise fall back
650: to setting KRB5CCNAME.
651: [8b86c134541a]
652:
653: 2013-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
654:
655: * doc/sudo.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
656: doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in,
657: doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c,
658: plugins/sudoers/visudo.c:
659: Long option support for visudo and sudoreplay.
660: [91427968be71]
661:
662: 2013-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
663:
664: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/Makefile.in,
665: src/parse_args.c, src/sudo.c, src/sudo_usage.h.in:
666: Add support for long options and fix inclusion of sudo_usage.h with
667: modern gcc broken in 8597:1fcb7ba13018.
668: [d13134819944]
669:
670: * src/Makefile.in:
671: Add rule to rebuild sudo_usage.h when the .in file changes.
672: [59a32899e251]
673:
674: * compat/Makefile.in, mkdep.pl, src/Makefile.in:
675: Add make rules for building getopt_long.c
676: [5f57593b3a8b]
677:
678: * src/parse_args.c:
679: Make "-h hostname" work. Optional args in GNU getopt() only work
680: when there is no space between the option flag and the argument.
681: [b8258659cabb]
682:
683: 2013-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
684:
685: * MANIFEST, compat/getopt.h, compat/getopt_long.c, config.h.in,
686: configure, configure.in, doc/LICENSE, src/parse_args.c:
687: Use getopt_long() so we can make the -h flag take an optional
688: argument. Includes a version for those without it.
689: [d1dd66c8a86b]
690:
691: 2013-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
692:
693: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
694: Document that the -h option can be used specify a host name for
695: future plugins.
696: [8470c74cf326]
697:
698: * include/sudo_plugin.h, src/parse_args.c, src/sudo_usage.h.in:
699: Overload -h option to specify an optional hostname for remote
700: access. This is future-proofing; no policy plugins currently support
701: this.
702: [0e01d8c3c623]
703:
704: * configure, configure.in:
705: Bump version to 1.8.8
706: [a1155bfaa28f]
707:
708: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
709: doc/sudo_plugin.mdoc.in:
710: Document the remote_host setting (-h host)
711: [c737db906f5d]
712:
713: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
714: fix "the the"
715: [0025464a3942]
716:
717: * src/parse_args.c, src/sudo.c, src/sudo.h:
718: Do not error out if arg to -U option cannot be resolved, that is for
719: the plugin to decide. There is no need for runas_user and
720: runas_group to be global, make them local to parse_args() instead.
721: [fb02a62a72ba]
722:
723: * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/pt_BR.mo,
724: plugins/sudoers/po/pt_BR.po, src/po/es.mo, src/po/es.po,
725: src/po/pt_BR.mo, src/po/pt_BR.po:
726: Sync with translationproject.org
727: [e8f4772d918a]
728:
729: 2013-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
730:
731: * doc/TROUBLESHOOTING:
732: Remove old bits about sudo setuid problems that should have been
733: cleaned up in changeset 7917:fa4894896d8a. Also update the mode of
734: sudo to 04755 to match current packaging.
735: [1e3904cdc2de]
736:
737: * plugins/sudoers/auth/pam.c:
738: Go back to ignoring the return value of pam_setcred() since with
739: stacked PAM auth modules a failure from one module may override
740: PAM_SUCCESS from another. If the first module in the stack fails,
741: the others may be run (and succeed) but an error will be returned.
742: This can cause a spurious warning on systems with non-local users
743: (e.g. pam_ldap or pam_sss) where pam_unix is consulted first.
744: [b6022e26135a]
745:
746: * src/net_ifs.c:
747: Remove unused variable.
748: [93dde7d82fde]
749:
750: * NEWS:
751: Fix typo
752: [5ef79671c2c7]
753:
754: 2013-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
755:
756: * plugins/sudoers/sssd.c:
757: Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest().
758: From Dan Harnett.
759: [4a0af6f12765]
760:
761: 2013-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
762:
763: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
764: Fix formatting typo; from Eric S. Raymond
765: [058b533ba460]
766:
767: 2013-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
768:
769: * mkpkg:
770: Use -gxcoff on aix so dbx can be used to debug sudo.
771: [4950e019ed2d]
772:
773: 2013-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
774:
775: * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
776: Fix typo; bug 605
777: [41f7b46a6e51]
778:
779: 2013-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
780:
781: * src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo,
782: src/po/tr.mo:
783: Regen .mo files that were out of date.
784: [9e25a254f9db]
785:
786: 2013-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
787:
788: * NEWS, configure, configure.in:
789: On Solaris 11 and higher, tag binaries for ASLR if supported by the
790: linker.
791: [a2a6cafa3e60]
792:
793: * mkpkg:
794: No longer need to disable PIE on Solaris.
795: [cf90019ae67e]
796:
797: 2013-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
798:
799: * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING:
800: Restrict default creation of PIE binaries (-fPIE and -pie) to Linux.
801: OpenBSD also supports PIE but enables it by default so we don't need
802: to do anything. This fixes problems on systems with a version of
803: GNU ld that accepts -pie but where the run-time linker doesn't
804: actually support PIE. Also verify that a trivial PIE binary works
805: unless PIE is explicitly enabled.
806: [3c5f125efeb1]
807:
808: 2013-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
809:
810: * aclocal.m4, configure, configure.in:
811: Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld
812: where we can end up crashing due to malloc() failures. Sems OK when
813: Using Sun as and ld.
814: [b8ba412102ab]
815:
816: * NEWS:
817: Update with final changes.
818: [78ff6d2ed47a]
819:
820: 2013-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
821:
822: * configure, configure.in:
823: Add -fPIE to PIE_LDFLAGS as per gcc manual.
824: [fe900cbb0780]
825:
826: 2013-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
827:
828: * common/Makefile.in, compat/Makefile.in:
829: Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs
830: [f84bc7482b78]
831:
832: * MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c,
833: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
834: plugins/sudoers/regress/visudo/test4.out.ok,
835: plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c:
836: Replace sequence number-based cycle detection in visudo with a
837: "used" flag in struct alias. The caller is required to call
838: alias_put() when it is done with the alias. Inspired by a patch
839: from Daniel Kopecek.
840: [0bdbac1b3b39]
841:
842: 2013-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
843:
844: * plugins/sudoers/iolog.c:
845: Eliminate a few relocations related to sudoers_io.
846: [18e9e2cc3367]
847:
848: * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po:
849: Sync with translationproject.org
850: [f38cc128a2ad]
851:
852: 2013-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
853:
854: * src/ttyname.c:
855: Clarify a comment.
856: [7a045ee06e95]
857:
858: 2013-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
859:
860: * src/ttyname.c:
861: Handle d_type == DT_UNKNOWN when resolving the device to a name and
862: sprinkle some more debugging.
863: [8774133747d9]
864:
865: 2013-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
866:
867: * doc/TROUBLESHOOTING:
868: Add message about disabling PIE if sudo gets SIGSEGV.
869: [c786af2a6751]
870:
871: * plugins/sudoers/check.h, plugins/sudoers/timestamp.c:
872: No longer store the ctime of a devpts tty. The handling of ctime on
873: devpts in Linux has been changed to conform to POSIX. As a result
874: we can no longer assume that the ctime will stay unchanged
875: throughout the life of the session. We store the session ID in the
876: time stamp file so there is a much smaller chance of the time stamp
877: file being reused by a new login. While here, store the uid/gid in
878: the timestamp file too for good measure.
879: [7028b21f7a9b]
880:
881: * configure, configure.in:
882: PIE is broken on FreeBSD/arm
883: [f232c60d6229]
884:
885: * mkpkg:
886: Add explicit sendmail path for Linux since we may not have sendmail
887: installed in the build chroot.
888: [1ba2f84f4ff0]
889:
890: 2013-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
891:
892: * common/sudo_debug.c, plugins/sudoers/iolog.c,
893: plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c:
894: Quiet a few -Wunused-result compiler warnings.
895: [ef12afb61423]
896:
897: 2013-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
898:
899: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
900: Mention what SHA-2 formats are supported.
901: [bf298d0fdf8a]
902:
903: * doc/CONTRIBUTORS:
904: List code and translations separately.
905: [826547bc1295]
906:
907: 2013-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
908:
909: * MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
910: plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
911: plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po:
912: Sync with translationproject.org
913: [9499a6f438b8]
914:
915: * plugins/sudoers/po/sudoers.pot:
916: regen
917: [cce449e284a6]
918:
919: * Makefile.in:
920: Fix c-format for fatal/fatalx
921: [4ad81d3faaeb]
922:
923: 2013-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
924:
925: * Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
926: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
927: plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h:
928: Change some error/errorx -> fatal/fatalx in comments and xgettext
929: flags.
930: [9d9b64fa2ec9]
931:
932: * NEWS:
933: There is now a Turkish translation of sudoers.
934: [701c5af6aa76]
935:
936: * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
937: plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
938: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
939: plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
940: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
941: plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
942: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
943: plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
944: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
945: Updated translations from translationproject.org including new
946: Turkish translation.
947: [9cedbb50d90f]
948:
949: 2013-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
950:
951: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
952: Document that sudoers will re-use existing I/O log paths unless they
953: are mktemp-style with trailing X's.
954: [4f43bd13d9e7]
955:
956: * NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat,
957: doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
958: doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c,
959: plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
960: Allow ldap_conf and ldap_secret to be specified as plugin arguments
961: in sudo.conf
962: [37c6c425b565]
963:
964: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
965: doc/sudoers.ldap.mdoc.in:
966: sudoers_debug is now deprecated in favor of the sudo debugging
967: framework.
968: [1195be1ec254]
969:
970: * plugins/sudoers/ldap.c:
971: Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use
972: SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the
973: debug file with the ldap subsystem. The sudoers_debug setting in
974: ldap.conf is still honored for now but will be removed in a future
975: release.
976: [cfa42b4b913e]
977:
978: 2013-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
979:
980: * plugins/sudoers/sudoers2ldif:
981: Add support for converting sudoers files with SHA-2 command digests.
982: [dc0d03485946]
983:
984: * doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg,
985: plugins/sudoers/sudoers2ldif:
986: Add copyright notice to scripts
987: [5e8bd4e6083f]
988:
989: * MANIFEST, plugins/sudoers/regress/sudoers/test14.in,
990: plugins/sudoers/regress/sudoers/test14.out.ok,
991: plugins/sudoers/regress/sudoers/test14.toke.ok:
992: Add regress for SHA-2 digests.
993: [0b258c2a2a95]
994:
995: * compat/getgrouplist.c:
996: Solaris maps negative gids to GID_NOBODY.
997: [57050e5c750f]
998:
999: * plugins/sudoers/visudo.c:
1000: Clear up an llvm checker warning which appears to be a false
1001: positive and fix an old XXX while I'm at it.
1002: [9ee13133e596]
1003:
1004: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
1005: doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
1006: Correct last change date
1007: [3bc1fa5b0f76]
1008:
1009: * plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c:
1010: No need to translate this error message.
1011: [4d9941970a26]
1012:
1013: * doc/UPGRADE:
1014: Mention .sl vs. .so extension handling on HP-UX Mention group
1015: membership changes Fix typos
1016: [40ac0efbdb2b]
1017:
1018: * aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c,
1019: common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c,
1020: common/setgroups.c, common/term.c, common/ttysize.c,
1021: compat/Makefile.in, compat/dlopen.c, compat/endian.h,
1022: compat/getline.c, compat/getprogname.c, compat/isblank.c,
1023: compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c,
1024: compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
1025: compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
1026: compat/strsignal.c, compat/utimes.c, doc/Makefile.in,
1027: include/Makefile.in, include/alloc.h, include/fileops.h,
1028: include/gettext.h, include/lbuf.h, include/missing.h,
1029: include/sudo_plugin.h, pathnames.h.in,
1030: plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
1031: plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in,
1032: plugins/sudoers/alias.c, plugins/sudoers/audit.c,
1033: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
1034: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
1035: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
1036: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
1037: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
1038: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
1039: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c,
1040: plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
1041: plugins/sudoers/defaults.h, plugins/sudoers/env.c,
1042: plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
1043: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
1044: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
1045: plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
1046: plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c,
1047: plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c,
1048: plugins/sudoers/logging.h, plugins/sudoers/match.c,
1049: plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
1050: plugins/sudoers/parse.h, plugins/sudoers/prompt.c,
1051: plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c,
1052: plugins/sudoers/redblack.h,
1053: plugins/sudoers/regress/check_symbols/check_symbols.c,
1054: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
1055: plugins/sudoers/regress/logging/check_wrap.c,
1056: plugins/sudoers/regress/parser/check_addr.c,
1057: plugins/sudoers/regress/parser/check_fill.c,
1058: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
1059: plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h,
1060: plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
1061: plugins/sudoers/toke.h, plugins/sudoers/toke.l,
1062: plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c,
1063: plugins/sudoers/visudo.c, plugins/system_group/Makefile.in,
1064: plugins/system_group/system_group.c, src/Makefile.in,
1065: src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c,
1066: src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c,
1067: src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h,
1068: src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c,
1069: src/utmp.c:
1070: Update copyright years.
1071: [5c6d72661bad]
1072:
1073: * plugins/sudoers/mon_systrace.h:
1074: Systrace support was removed long ago.
1075: [10a038a2da77]
1076:
1077: 2013-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
1078:
1079: * MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok,
1080: plugins/sudoers/regress/sudoers/test9.toke.out.ok:
1081: Remove some files that were mistakenly added.
1082: [833502da26de]
1083:
1084: * common/sudo_debug.c, config.h.in, configure, configure.in,
1085: plugins/sudoers/boottime.c, plugins/sudoers/iolog.c,
1086: plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
1087: plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c:
1088: Use time(&now) instead of now = time(NULL) when storing the current
1089: time in a time_t (better compiler error checking). Better parsing
1090: and printing of 64-bit time_t on 32-bit platforms.
1091: [c227dc72c04e]
1092:
1093: 2013-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
1094:
1095: * src/ttyname.c:
1096: Don't check the tty of the parent process. Now that we get the
1097: controlling tty device number from the kernel there is no need. If
1098: the process has really disassociated from the tty then reporting
1099: "unknown" is appropriate.
1100: [62fb66e565db]
1101:
1102: 2013-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
1103:
1104: * common/error.c:
1105: Use EXIT_FAILURE instead of 1 as the fatal() exit value.
1106: [ed94c2c5e88a]
1107:
1108: * src/sesh.c:
1109: Change remaining errorx -> fatalx
1110: [3f6d70e19303]
1111:
1112: 2013-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
1113:
1114: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
1115: plugins/sudoers/sudoers.h:
1116: Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an
1117: error if the entry already exists in the cache.
1118: [94d45970400a]
1119:
1120: * plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot:
1121: Change "foo: failed" to just "foo" since we print the string form of
1122: errno. Gets rids of some useless translations.
1123: [476f37349dbc]
1124:
1125: 2013-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
1126:
1127: * plugins/sudoers/match.c:
1128: Fix pasto in debug_decl
1129: [08650186a239]
1130:
1131: * plugins/sudoers/Makefile.in:
1132: regen
1133: [acf4c34fba2c]
1134:
1135: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
1136: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
1137: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c,
1138: plugins/sudoers/logging.h, plugins/sudoers/parse.c,
1139: plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
1140: Rename log_error() -> log_warning() for consistency with
1141: warning()/fatal()
1142: [474ed5a0e335]
1143:
1144: * plugins/sudoers/auth/API:
1145: The NO_EXIT flag was removed a while ago.
1146: [e0a4be270226]
1147:
1148: * common/aix.c, common/alloc.c, common/error.c, include/error.h,
1149: plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
1150: plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c,
1151: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
1152: plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
1153: plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
1154: plugins/sudoers/pwutil.c,
1155: plugins/sudoers/regress/check_symbols/check_symbols.c,
1156: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
1157: plugins/sudoers/regress/logging/check_wrap.c,
1158: plugins/sudoers/regress/parser/check_addr.c,
1159: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
1160: plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
1161: plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c,
1162: src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c,
1163: src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c,
1164: src/utmp.c:
1165: Rename error/errorx -> fatal/fatalx and remove the exit value as it
1166: was always 1.
1167: [ea66f58c4da5]
1168:
1169: * NEWS:
1170: digests are supported in sudoers ldap too
1171: [77d6c25f7653]
1172:
1173: * plugins/sudoers/regress/check_symbols/check_symbols.c:
1174: Print test failures to stdout like the final count so the outputis
1175: not displayed out of order.
1176: [f541b78ecb93]
1177:
1178: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
1179: plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo,
1180: plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo,
1181: src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po,
1182: src/po/it.po, src/po/tr.po:
1183: Sync with translationproject.org
1184: [cbd70678b99f]
1185:
1186: * Makefile.in:
1187: Check for any uncommitted changes in dist target and add force-dist
1188: target that omit check-dist.
1189: [78dc3f41e37e]
1190:
1191: 2013-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
1192:
1193: * src/regress/ttyname/check_ttyname.c:
1194: Fix logic bug when checking tty via ttyname().
1195: [279aee076194]
1196:
1197: * compat/endian.h:
1198: Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and
1199: __BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX)
1200: [fe35e0b04502]
1201:
1202: * plugins/sudoers/po/sudoers.pot:
1203: regen
1204: [0ddebccd3045]
1205:
1206: * NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat,
1207: doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
1208: doc/sudoers.man.in, doc/sudoers.mdoc.in:
1209: Document digest support.
1210: [d794c7b9a7bc]
1211:
1212: * MANIFEST, plugins/sudoers/Makefile.in,
1213: plugins/sudoers/regress/parser/check_base64.c:
1214: Simple bas64 decode unit test.
1215: [344b0df0fe50]
1216:
1217: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c,
1218: plugins/sudoers/match.c, plugins/sudoers/parse.h:
1219: Move base64_decode into its own source file.
1220: [30497e7f88bc]
1221:
1222: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
1223: Only check year against 2038 if time_t is 32-bit.
1224: [9c1f2e3fc3ba]
1225:
1226: 2013-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
1227:
1228: * plugins/sudoers/ldap.c, plugins/sudoers/parse.h,
1229: plugins/sudoers/sssd.c:
1230: Add digest support for sudoers in ldap and sss.
1231: [314937b5e59e]
1232:
1233: * INSTALL, configure, configure.in:
1234: Error out in configure if the compiler doesn't support "long long".
1235: [d3645c1d50d1]
1236:
1237: * plugins/sudoers/match.c, plugins/sudoers/toke.c,
1238: plugins/sudoers/toke.l:
1239: Include stdint.h or inttypes.h before sha2.h
1240: [20ad1c20313d]
1241:
1242: * common/lbuf.c:
1243: Simplify lbuf append functions by moving the realloc code into
1244: lbuf_expand(). We now expand as needed each time bytes need to be
1245: written to the lbuf. Also handle a NULL pointer being passed in for
1246: paranoia's sake.
1247: [6283ee562ef4]
1248:
1249: * plugins/sudoers/iolog.c:
1250: Zero out struct iolog_details early to avoid a potential (though
1251: unlikely) dereference of stack garbage if we hit a fatal error
1252: before iolog_deserialize_info() is called.
1253: [2eeca8be05fb]
1254:
1255: 2013-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
1256:
1257: * sudo.pp:
1258: Update copyright year.
1259: [b843c6a43238]
1260:
1261: * plugins/sudoers/sudoers_version.h:
1262: Bump SUDOERS_GRAMMAR_VERSION for new digest support.
1263: [188556fb8156]
1264:
1265: * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
1266: plugins/sudoers/gram.y, plugins/sudoers/match.c,
1267: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
1268: Sanity check digest in parser so visudo can catch errors. Add base64
1269: support
1270: [b8586d5cc7ed]
1271:
1272: * MANIFEST, compat/endian.h, config.h.in, configure, configure.in,
1273: plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c:
1274: For big endian architectures just use memcpy() instead of BE macros
1275: in a loop.
1276: [c71a0f4a8a8e]
1277:
1278: 2013-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
1279:
1280: * MANIFEST, config.h.in, configure, configure.in,
1281: plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
1282: plugins/sudoers/gram.h, plugins/sudoers/gram.y,
1283: plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c,
1284: plugins/sudoers/match.c, plugins/sudoers/parse.h,
1285: plugins/sudoers/regress/parser/check_digest.c,
1286: plugins/sudoers/regress/parser/check_digest.out.ok,
1287: plugins/sudoers/sha2.h, plugins/sudoers/sssd.c,
1288: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
1289: plugins/sudoers/toke_util.c:
1290: Initial implementation of checksum support in sudoers. Currently
1291: supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format
1292: validation in parser and base64 support. checksum support for
1293: ldap sudoers
1294: [b8f196346eca]
1295:
1296: 2013-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
1297:
1298: * doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h:
1299: SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public
1300: domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai
1301: respectively.
1302: [7511d07c0a83]
1303:
1304: 2013-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
1305:
1306: * NEWS:
1307: Add sudo 1.8.6p8
1308: [0666fd0321ae]
1309:
1310: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot:
1311: Add missing "not" in error message when mixing standalone and non-
1312: standalone authentication methods.
1313: [7eba4439db73]
1314:
1315: * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c:
1316: Check for crypt() returning NULL. Traditionally, crypt() never
1317: returned NULL but newer versions of eglibc have a crypt() that does.
1318: Bug #598
1319: [887b9df243df]
1320:
1321: * plugins/sudoers/auth/pam.c:
1322: Better PAM error messages
1323: [fd7eda53cdd7]
1324:
1325: * plugins/sudoers/auth/kerb5.c:
1326: Better error messages
1327: [98142874a2f4]
1328:
1329: * plugins/sudoers/bsm_audit.c:
1330: Use same error message for getauid() failure.
1331: [07f0d88cb1df]
1332:
1333: * plugins/sudoers/sssd.c:
1334: Start warning with a lower case letter for consistency and to match
1335: existing translated strings.
1336: [b719ac52c9e3]
1337:
1338: 2013-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
1339:
1340: * mkpkg:
1341: Disable PIE on Solaris where it is not really supported.
1342: [c36c84cdcc7a]
1343:
1344: * src/ttyname.c:
1345: AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit
1346: before we try to match it against st_rdev.
1347: [5dab449fb962]
1348:
1349: * src/ttyname.c:
1350: Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes
1351: a problem finding the tty name when it is not in /dev/pts.
1352: [6c205d087fa0]
1353:
1354: * compat/snprintf.c:
1355: Support %lld and %llu
1356: [feabfa06c954]
1357:
1358: * .hgignore, MANIFEST, src/Makefile.in,
1359: src/regress/ttyname/check_ttyname.c:
1360: Add ttyname test.
1361: [e987038f8c07]
1362:
1363: 2013-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
1364:
1365: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
1366: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
1367: plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
1368: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
1369: plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
1370: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
1371: src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po,
1372: src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
1373: src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po,
1374: src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
1375: Sync with translationproject.org
1376: [4d7b73b22079]
1377:
1378: * plugins/sudoers/timestamp.c:
1379: Log timestampfile to debug file.
1380: [e997281146c0]
1381:
1382: * plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot:
1383: Don't add the "Password: " string we look up in the PAM text domain
1384: to the sudoers.pot file.
1385: [771b52244abf]
1386:
1387: 2013-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
1388:
1389: * plugins/sudoers/po/sudoers.pot:
1390: Synce with regcomp() error message change.
1391: [fc6d3dfb8eb8]
1392:
1393: * plugins/sudoers/sudoreplay.c:
1394: Be consistent with error message when regcomp() fails.
1395: [de6c69ba04e4]
1396:
1397: 2013-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
1398:
1399: * plugins/sudoers/regress/testsudoers/test5.out.ok,
1400: plugins/sudoers/regress/testsudoers/test5.sh:
1401: Use group -1 instead of 1 as the invalid group since the running
1402: user might have group 1 as their default group.
1403: [71404a9fa75d]
1404:
1405: * plugins/sudoers/Makefile.in:
1406: PWD may be a shell builtin, use CWD instead.
1407: [c443105c5091]
1408:
1409: 2013-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
1410:
1411: * plugins/sudoers/check.c:
1412: Split up check_user().
1413: [ce7cc0767589]
1414:
1415: 2013-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
1416:
1417: * config.h.in, configure.in:
1418: Cosmetic fixes in the comments.
1419: [640abee43c14]
1420:
1421: 2013-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
1422:
1423: * configure, configure.in:
1424: Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status
1425: message for visibility checks when the test fails.
1426: [99665477ee55]
1427:
1428: * config.h.in:
1429: regen
1430: [00c22606719a]
1431:
1432: * configure, configure.in:
1433: We no longer use mbr_check_membership() and setrlimit64() is AIX-
1434: specific.
1435: [43caf685a1f1]
1436:
1437: * Makefile.in:
1438: The first (all) target must be by itself or some makes will choose
1439: the run the entire target list.
1440: [16cf3def49f5]
1441:
1442: * configure, configure.in:
1443: Do exec_prefix expansion when enable_shared even if noexec is not
1444: enabled.
1445: [7ed28cb32d8d]
1446:
1447: * compat/getgrouplist.c:
1448: Use free() not efree() since we don't include alloc.h here
1449: [1a008737be24]
1450:
1451: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1452: regen
1453: [b939f941346f]
1454:
1455: * plugins/sudoers/regress/testsudoers/test2.sh,
1456: plugins/sudoers/regress/testsudoers/test3.sh,
1457: plugins/sudoers/regress/testsudoers/test5.sh:
1458: Pass in expected gid to testsudoers in addition to the uid that
1459: matches the test sudoers files.
1460: [6a1710e8cac1]
1461:
1462: 2013-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
1463:
1464: * include/missing.h:
1465: Tru64 5.x does declare innetgr() and getdomainname().
1466: [c75598e69c7e]
1467:
1468: * plugins/sudoers/match.c:
1469: Fix compilation when getdomainame() is not present.
1470: [e831b017a962]
1471:
1472: * config.h.in, configure.in, include/missing.h:
1473: Move SET/CLR/ISSET from config.h.in to missing.h
1474: [3a3dd29fd7f0]
1475:
1476: * configure, configure.in:
1477: Fix getgrouplist() check.
1478: [12a2adf60e98]
1479:
1480: * MANIFEST:
1481: No more timestamp.h
1482: [5677e26afc0f]
1483:
1484: * plugins/sudoers/check.c:
1485: Neded sys/time.h for struct timeval in struct sudo_tty_info.
1486: [aceaadd8c400]
1487:
1488: * plugins/sudoers/Makefile.in:
1489: regen depends
1490: [21675a8b67e5]
1491:
1492: * NEWS:
1493: Mention libibmldap on HP-UX
1494: [75b4e4b22950]
1495:
1496: * NEWS, plugins/sudoers/match.c:
1497: Instead of checking the domain name explicitly for "(none)", just
1498: check for illegal characters.
1499: [ce35dda811db]
1500:
1501: * plugins/sudoers/visudo.c:
1502: Only warn once when we are unable to open the sudoers file.
1503: [9e27e3aa5b10]
1504:
1505: * plugins/sudoers/sudoers.c:
1506: Fall back to opening /dev/tty to determine whether there is a tty if
1507: the system doesn't have kernel support for determing the tty.
1508: [2775bcf9a9b5]
1509:
1510: * compat/getprogname.c:
1511: Update guard to take __progname into account
1512: [60eae3f20232]
1513:
1514: * compat/snprintf.c:
1515: Some older systems have inttypes.h but not stdint.h
1516: [ed1ef160015f]
1517:
1518: * compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c,
1519: compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c,
1520: compat/getline.c, compat/getprogname.c, compat/glob.c,
1521: compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
1522: compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
1523: compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
1524: compat/strsignal.c, compat/utimes.c:
1525: Add guards in compat source files. Not really needed since we only
1526: include them in the Makefile if they are needed but should not hurt
1527: either.
1528: [8cbd3b4595b9]
1529:
1530: 2013-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
1531:
1532: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
1533: Don't include gram.h in gram.y, its contents are already included.
1534: Move sudoerserror to the end of gram.y so COMMENT is declared when
1535: we need to use it.
1536: [7d72ebdd7222]
1537:
1538: 2013-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
1539:
1540: * config.h.in, configure.in:
1541: Remove some pre-ANSI cruft.
1542: [6a95704b2116]
1543:
1544: * plugins/sudoers/match.c:
1545: Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h
1546: when it is set.
1547: [da40c550ffed]
1548:
1549: * NEWS, plugins/sudoers/iolog_path.c:
1550: We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but
1551: just leave it as-is.
1552: [9a22de140d28]
1553:
1554: 2013-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
1555:
1556: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
1557: Add missing semicolon in rule.
1558: [817d3f1b2a21]
1559:
1560: * plugins/sudoers/sudoers.c:
1561: Now that we can determine the terminal even when file descriptors
1562: are redirected we can check user_ttypath rather than opening
1563: /dev/tty when enforcing requiretty.
1564: [56a28bc09041]
1565:
1566: * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
1567: plugins/sudoers/sudoers.h:
1568: Stash umask in struct sudo_user so we don't need to look it up
1569: later.
1570: [9f85749199dc]
1571:
1572: * plugins/sudoers/sudoers.c:
1573: Minor cosmetic change
1574: [c373e106ed49]
1575:
1576: * plugins/sudoers/regress/parser/check_addr.c:
1577: No longer need to declare interfaces
1578: [d7ff7e579557]
1579:
1580: * plugins/sudoers/logging.c:
1581: Fix compilation in SUDOERS_NO_SEQ case
1582: [9a6db9247534]
1583:
1584: * plugins/sudoers/regress/parser/check_addr.c:
1585: No longer need to define sudo_printf
1586: [578ad13c3546]
1587:
1588: * plugins/sudoers/check.c, plugins/sudoers/check.h,
1589: plugins/sudoers/timestamp.c:
1590: Pass auth_pw to the timestamp functions.
1591: [f603649177d6]
1592:
1593: * plugins/sudoers/iolog_path.c:
1594: Fix SUDOERS_NO_SEQ
1595: [17881f9bcd68]
1596:
1597: * plugins/sudoers/locale.c:
1598: Don't need all of sudoers.h in here
1599: [c518150c6483]
1600:
1601: * plugins/sudoers/sudoers.c:
1602: Don't need to include sudoers_version.h here.
1603: [8abb31102119]
1604:
1605: 2013-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
1606:
1607: * plugins/sudoers/check.c:
1608: DEFAULT_LECTURE is no longer used.
1609: [f565c00a68c1]
1610:
1611: * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
1612: Move sudo_conv into policy.c
1613: [f699aee7136b]
1614:
1615: * plugins/sudoers/pwutil.c:
1616: cosmetic fixes
1617: [930e60389ca8]
1618:
1619: * plugins/sudoers/match.c:
1620: RHEL (and perhaps other Linux distros) use the string "(none)"
1621: instead of an empty string when there is no actual NIS-style domain
1622: name. Bug #596
1623: [11aec11489ac]
1624:
1625: * plugins/sudoers/match.c:
1626: Fix return values when NAME_MATCH is defined.
1627: [ce030be9ccef]
1628:
1629: 2013-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
1630:
1631: * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h:
1632: Update copyright year.
1633: [7e4b8d49addd]
1634:
1635: * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
1636: plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h:
1637: Add sudo_set_grlist(), currently unused by the back end.
1638: [b37ac1d0e8fc]
1639:
1640: * plugins/sudoers/pwutil.c:
1641: Remove unused macros, fix a debug_decl
1642: [6136fb4a0d3b]
1643:
1644: * include/missing.h:
1645: Tru64 Unix doesn't prototype innetgr() or getdomainname().
1646: [585ac1874dfe]
1647:
1648: * include/missing.h:
1649: Whitespace fixes
1650: [0bb28cd91d97]
1651:
1652: * common/error.c:
1653: Don't need to include setjmp.h here, error.h already includes it.
1654: [fd05ab00e186]
1655:
1656: 2013-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
1657:
1658: * compat/Makefile.in, plugins/sudoers/Makefile.in:
1659: regen depends
1660: [57991f5e16b4]
1661:
1662: * plugins/sudoers/check.h:
1663: Rename guard define.
1664: [ccf4dba241d6]
1665:
1666: * plugins/sudoers/check.c, plugins/sudoers/check.h,
1667: plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
1668: Move contents of timestamp.h into check.h.
1669: [c139757a9283]
1670:
1671: * plugins/sudoers/sudoers.h:
1672: expand_prompt() is now in prompt.c sudo_printf extern is now in
1673: error.h
1674: [219bd74ca62b]
1675:
1676: * plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h,
1677: plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h,
1678: plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h,
1679: plugins/sudoers/insults.h, plugins/sudoers/interfaces.h,
1680: plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
1681: plugins/sudoers/parse.h, plugins/sudoers/pwutil.h,
1682: plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
1683: plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h,
1684: plugins/sudoers/toke.h:
1685: Change multiple inclusion guards to be _SUDOERS_FOO_H
1686: [faace6d55e78]
1687:
1688: 2013-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
1689:
1690: * MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
1691: src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po:
1692: New Dutch translation for sudo and sudoers New Turkish translation
1693: for sudo From translationproject.org
1694: [bc918b7b23a4]
1695:
1696: 2013-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
1697:
1698: * config.h.in, configure, configure.in:
1699: Fix a typo in a comment and make sure we don't mistakenly include
1700: _PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in
1701: [694d12ac70ec]
1702:
1703: 2013-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
1704:
1705: * plugins/sudoers/Makefile.in:
1706: Don't build check_symbols if we are linking sudoers in statically.
1707: [f6602723bab7]
1708:
1709: * configure, configure.in:
1710: Use $host_os not $host when we only care about the os name and
1711: version.
1712: [05e4f4fcba06]
1713:
1714: * aclocal.m4, configure, configure.in:
1715: Suppress duplicate -L and -I flags.
1716: [228f2f581aed]
1717:
1718: * common/Makefile.in, compat/regress/fnmatch/fnm_test.c:
1719: Fix regress tests on non-OpenBSD platforms.
1720: [9d91bc859c50]
1721:
1722: * configure, configure.in:
1723: If we find sasl/sasl.h there's no need to check for sasl.h too
1724: [889efaa86012]
1725:
1726: * aclocal.m4, configure, configure.in:
1727: Add -R flags at the very end after configure link tests are done
1728: since we can only count on libtool to accept -R, the compiler front
1729: end may not. Also unify the libldap and libibmldap tests using
1730: AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by
1731: libibmldap (but is not an explicit dependency).
1732: [ab1451894351]
1733:
1734: 2013-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
1735:
1736: * configure, configure.in:
1737: Back out changes that broke detection of skey, opie and ldap
1738: libraries.
1739: [ffa82b8f8641]
1740:
1741: * plugins/sudoers/regress/testsudoers/test1.sh,
1742: plugins/sudoers/regress/testsudoers/test2.sh,
1743: plugins/sudoers/regress/testsudoers/test3.sh,
1744: plugins/sudoers/regress/testsudoers/test4.sh,
1745: plugins/sudoers/regress/testsudoers/test5.sh,
1746: plugins/sudoers/regress/visudo/test1.sh,
1747: plugins/sudoers/regress/visudo/test2.sh,
1748: plugins/sudoers/regress/visudo/test3.sh:
1749: Add explicit "exit 0" to prevent the check target from ending
1750: prematurely.
1751: [cca411b492bd]
1752:
1753: * plugins/sudoers/Makefile.in:
1754: Fix exit values in check target so we don't have to ignore errors.
1755: [cbc429c409e9]
1756:
1757: * plugins/sudoers/Makefile.in:
1758: Fail a test if there is unexpected stderr output.
1759: [4fc24d536bec]
1760:
1761: * MANIFEST:
1762: Fix path to sudo.conf manuals; remove non-existant test2.err.ok
1763: [6b8bcd60dd85]
1764:
1765: * src/load_plugins.c:
1766: Fix compilation in dynamic mode.
1767: [679856fa0774]
1768:
1769: * configure, configure.in:
1770: On HP-UX, libibmldap has a hidden dependency on libCsup
1771: [22994709d77c]
1772:
1773: * compat/dlopen.c:
1774: Pass BIND_VERBOSE to shl_load()
1775: [0060b9cfa9ab]
1776:
1777: * configure, configure.in:
1778: Only create static helper libs when --disable-shared is specified.
1779: [1fcdb1a437e0]
1780:
1781: * src/load_plugins.c:
1782: Ubreak static build.
1783: [4ac9f96be285]
1784:
1785: * INSTALL, aclocal.m4, configure, configure.in:
1786: Replace --with-rpath and --with-blibpath with --disable-rpath. Now
1787: that we use libtool for linking we can just use the -R flag and have
1788: libtool translate it to the proper linker flag.
1789: [09798fad6888]
1790:
1791: 2013-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
1792:
1793: * src/exec_pty.c:
1794: Bump I/O buffer size 32K
1795: [4ef793225309]
1796:
1797: 2013-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
1798:
1799: * configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
1800: doc/sudo.conf.mdoc.in:
1801: Document sesh Path setting.
1802: [34b0b903b4f8]
1803:
1804: * src/exec.c, src/exec_common.c:
1805: Move exec_cmnd to exec.c to fix a compilation issue with sesh.c
1806: [06aa1956f38d]
1807:
1808: * common/sudo_conf.c, configure, configure.in, include/sudo_conf.h,
1809: src/selinux.c:
1810: Make sesh path configurable in sudo.conf
1811: [91d331f273b7]
1812:
1813: * configure, configure.in:
1814: Use -fno-pie and -nopie if supported when --disable-pie is
1815: specified.
1816: [777138c04dcc]
1817:
1818: 2013-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
1819:
1820: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
1821: Document direct execution of the command if the policy plugin has no
1822: close function.
1823: [6a14145c6e80]
1824:
1825: 2013-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
1826:
1827: * plugins/sudoers/auth/pam.c:
1828: Only delete creds if we actually established them. Print an error if
1829: pam_setcred() fails and we actually authenticated.
1830: [1e015314903b]
1831:
1832: * common/Makefile.in, plugins/group_file/Makefile.in:
1833: regen
1834: [dd8cee2a5e1b]
1835:
1836: * common/alloc.c, include/alloc.h:
1837: Convert efree() to a macro that just casts to void * and does
1838: free(). If the system free() can't handle free(NULL) this may crash
1839: but C89 was a long time ago.
1840: [efd0ff9270fb]
1841:
1842: * configure, configure.in:
1843: Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS.
1844: Fixes a problem with errno sometimes not being set on error on HP-
1845: UX.
1846: [54b419d58320]
1847:
1848: * common/sudo_debug.c:
1849: Fix debug logging from the plugin when there is no error number.
1850: This was broken in the big debugging reorg for 1.8.7.
1851: [2ea7e145e928]
1852:
1853: 2013-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
1854:
1855: * configure, configure.in, plugins/group_file/Makefile.in,
1856: plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
1857: plugins/system_group/Makefile.in, src/load_plugins.c:
1858: Always install plugins with a .so extension regardless of what
1859: extension the system uses for shared libraries. That way the
1860: group_plugin sudoers setting can be shared between heterogenous
1861: systems.
1862: [a7e6ecff6fdf]
1863:
1864: * plugins/sudoers/match.c:
1865: Mac OS X has netgroup functions in netdb.h.
1866: [243881a974aa]
1867:
1868: * plugins/sudoers/parse.h:
1869: Tags in struct cmndtag can be set to IMPLIED as well.
1870: [cb6926988cc8]
1871:
1872: * plugins/sudoers/parse.c:
1873: Quiet a compiler warning.
1874: [14e608c2001d]
1875:
1876: * plugins/sudoers/testsudoers.c:
1877: Quiet an llvm checker warning.
1878: [2eeb9f3d08f3]
1879:
1880: * plugins/sudoers/parse.c:
1881: Quiet gcc -Wuninitialized false positive
1882: [643ad987503d]
1883:
1884: 2013-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
1885:
1886: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
1887: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
1888: doc/sudoers.mdoc.in:
1889: Document group_file and system_group plugins.
1890: [b56511e79230]
1891:
1892: * NEWS:
1893: Sudo 1.8.7
1894: [e95183b8fa27]
1895:
1896: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
1897: Try to clarify that sudoedit in sudoers should not include a leading
1898: pathname.
1899: [7b2beac92a9c]
1900:
1901: * plugins/sudoers/pwutil_impl.c:
1902: Make sure groupname_len is at least 32 just to be on the safe side.
1903: It is better to allocate a little extra and not need it than to have
1904: to reallocate and start over.
1905: [6d3e1ba47de9]
1906:
1907: * include/alloc.h, include/missing.h:
1908: Add __malloc_like macro to apply __malloc__ attribute to emalloc,
1909: ecalloc and estrdup. It cannot be applied to realloc since that may
1910: return the same pointer.
1911: [8d70cb81d1f1]
1912:
1913: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
1914: Fix potential double free in an error path.
1915: [657573feb6a4]
1916:
1917: * src/exec_pty.c:
1918: When running the command in a pty, defer the call to exec_setup()
1919: until just before we exec the command. This is consistent with the
1920: non-pty path. As a side effect, the monitor process runs as root
1921: and not the runas user.
1922: [e2a7f8c7ee4c]
1923:
1924: 2013-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
1925:
1926: * compat/closefrom.c:
1927: Update copyright year.
1928: [9b652af4dfc0]
1929:
1930: 2013-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
1931:
1932: * compat/closefrom.c:
1933: Use pst_highestfd from pstat_getproc() on HP-UX.
1934: [09f3fea46a3d]
1935:
1936: 2013-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
1937:
1938: * Makefile.in, common/Makefile.in, doc/Makefile.in,
1939: plugins/sudoers/Makefile.in:
1940: Clean up generated test files and other minor housekeeping.
1941: [f5f4fdd908e1]
1942:
1943: * plugins/sudoers/iolog.c:
1944: Add back gettimeofday() call inadvertantly removed in e1abb9810a83
1945: [675cce8401ae]
1946:
1947: * config.h.in, configure, configure.in, src/ttyname.c:
1948: Use pstat() on HP-UX to determine the tty device.
1949: [2884af22a9df]
1950:
1951: * plugins/sudoers/auth/pam.c:
1952: Fix PAM compilation: def_pam_session, not just pam_session.
1953: [5417d7acc6ea]
1954:
1955: * doc/fixmdoc.sh:
1956: Don't remove the -S option description when trimming out selinux.
1957: Bug #592
1958: [8a94f2cfa0a0]
1959:
1960: 2013-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
1961:
1962: * NEWS:
1963: Update for Sudo 1.8.6p7
1964: [0858a73e9c40]
1965:
1966: 2013-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
1967:
1968: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
1969: Document when sudo may exec the command directly instead of forking.
1970: [da41951edc28]
1971:
1972: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
1973: doc/sudo_plugin.mdoc.in:
1974: Document that close and version be NULL for plugin API >= 1.3 and
1975: that sudo may execute the command directly if there is no close, or
1976: pty or timeout needed.
1977: [e5f929ddeaf8]
1978:
1979: * plugins/sudoers/auth/sudo_auth.c:
1980: Fix debug_decl for sudo_auth_begin_session and
1981: sudo_auth_end_session.
1982: [58243392c0df]
1983:
1984: * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
1985: doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
1986: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
1987: plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
1988: Add pam_session sudoers option.
1989: [d994465db9f1]
1990:
1991: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c,
1992: plugins/sudoers/sudoers.h:
1993: Dummy out close function if there is no end_session for the auth
1994: method and the front-end can handle a NULL close function. Avoids
1995: the extra sudo process when we don't actually need it.
1996: [74886d5b0fb6]
1997:
1998: 2013-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
1999:
2000: * Makefile.in, aclocal.m4:
2001: Add m4/ to paths m4_include parameters so we don't need to use
2002: autoconf's -I flag.
2003: [4fd86e7a84f3]
2004:
2005: * src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h,
2006: src/sudo_plugin_int.h:
2007: If the policy plugin does not provide a close function, there is no
2008: command timeout and no pty is required, skip the event loop and just
2009: exec the command directly.
2010: [ad532f107170]
2011:
2012: * src/sudo.c:
2013: Do not crash if the plugin close and version functions are not
2014: defined. If there is no policy close function, simply print a
2015: warning that the command was not found.
2016: [c789a9dd54e8]
2017:
2018: 2013-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
2019:
2020: * plugins/sudoers/parse.c:
2021: Fix typos in selinux/solaris privs specific code.
2022: [9af3999361b4]
2023:
2024: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
2025: doc/sudo_plugin.mdoc.in, src/parse_args.c:
2026: Pass the default plugin directory to the plugin via the settings
2027: list. Could be used by a stacking plugin.
2028: [688e771fc145]
2029:
2030: * plugins/sudoers/timestamp.c:
2031: Completely ignore time stamp file if it is set to the epoch,
2032: regardless of what gettimeofday() returns.
2033: [df58842af660]
2034:
2035: * doc/CONTRIBUTORS:
2036: Add Nikolai Kondrashov
2037: [df59791438f9]
2038:
2039: * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
2040: Use userpw_matches() for username matching so #uid works for
2041: sudoRunAsUser.
2042: [a124062334df]
2043:
2044: * plugins/sudoers/sssd.c:
2045: Avoid calling realloc3() with a zero size parameter when all
2046: retrieved sssd rules fail. Otherwise we'll get a run-time error due
2047: to malloc(0) checking.
2048: [84dfcb73ebd7]
2049:
2050: * plugins/sudoers/sssd.c:
2051: Do not send error mail if a user is not found in SSSD. Local users
2052: can run sudo too. From Nikolai Kondrashov
2053: [3d2ae99ee468]
2054:
2055: 2013-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
2056:
2057: * MANIFEST, common/regress/sudo_conf/test4.in,
2058: common/regress/sudo_conf/test4.out.ok:
2059: Test setting disable_coredump to illegal value.
2060: [3c71c6c49027]
2061:
2062: * common/sudo_conf.c:
2063: Fix atobool() usage.
2064: [d40c9f4d06b0]
2065:
2066: * common/regress/sudo_conf/conf_test.c:
2067: Remove unused variable.
2068: [328b524b365b]
2069:
2070: * plugins/sudoers/sudoers.c:
2071: Make "sudo -l non_existent_command" warn that non_existent_command
2072: doesn't exist, not the "list" pseudo-command.
2073: [9dc0388fc4f3]
2074:
2075: * plugins/sudoers/parse.c:
2076: Make sudoers file long list output better match the format used by
2077: ldap sudoers. Tags are now converted to options and there is a
2078: single command per line.
2079: [6e6dc3f20d84]
2080:
2081: * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
2082: doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2083: Use the correct the sudoers policy symbol names and undo an editor
2084: goof committed when adding max_groups to sudo.conf.
2085: [2a6f7ddf5cc3]
2086:
2087: * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
2088: For "sudo -l" start a new line if the runas list changes to make the
2089: output easier to read.
2090: [7dc3d724c924]
2091:
2092: 2013-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
2093:
2094: * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
2095: For "sudo -l" and "sudo -ll" only print the runas info for
2096: subsequent commands in a list if the runas info has changed. If we
2097: have new runas info, print out the tags again so as to be less
2098: confusing to the user. For "sudo -ll" set the line continuation
2099: indent to 8.
2100: [b5ec02fe7fc1]
2101:
2102: 2013-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
2103:
2104: * MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat,
2105: doc/sudoers.man.in, doc/sudoers.mdoc.in,
2106: plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
2107: plugins/group_file/group_file.c, plugins/group_file/group_file.exp,
2108: plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in,
2109: plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
2110: plugins/sample_group/sample_group.c,
2111: plugins/sample_group/sample_group.exp:
2112: Rename sample_group plugin to group_file. Install group_file and
2113: system_group plugins by default.
2114: [951b3e446fae]
2115:
2116: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
2117: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
2118: plugins/sudoers/def_data.in, plugins/sudoers/iolog.c,
2119: plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
2120: plugins/sudoers/sudoers.h:
2121: Add maxseq sudoers option to limit the max number of I/O log files.
2122: [e1abb9810a83]
2123:
2124: 2013-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
2125:
2126: * plugins/sudoers/iolog.c:
2127: Log lines and columns in the iolog file.
2128: [03adb6230e05]
2129:
2130: 2013-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
2131:
2132: * MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c,
2133: common/regress/sudo_conf/test1.in,
2134: common/regress/sudo_conf/test1.out.ok,
2135: common/regress/sudo_conf/test2.in,
2136: common/regress/sudo_conf/test2.out.ok,
2137: common/regress/sudo_conf/test3.in,
2138: common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c,
2139: include/sudo_conf.h, plugins/sudoers/sudoreplay.c,
2140: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c,
2141: src/sudo.c:
2142: Add simple regress tests for sudo.conf parsing.
2143: [3c36b61bf61c]
2144:
2145: * src/sudo.c:
2146: Always display the I/O plugin version as long as its open functions
2147: doesn't return an error. Previously it was only displayed if the
2148: plugin open returned 1.
2149: [4b0277db3f8c]
2150:
2151: * plugins/sudoers/pwutil_impl.c:
2152: Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead
2153: of poking around in struct utmpx.
2154: [2c0cc5c42958]
2155:
2156: * plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c:
2157: #include "sudo_usage.h" not <sudo_usage.h> so we get the one in the
2158: build directory and not the src dir when using a separate build
2159: directory.
2160: [1fcb7ba13018]
2161:
2162: 2013-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
2163:
2164: * common/fileops.c:
2165: If a line was longer that 0x80000000 the bit hack to round to the
2166: next power of two would roll over to zero.
2167: [f4f729cf6f0f]
2168:
2169: * plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c,
2170: plugins/sudoers/sudoers.h, src/sudo.c:
2171: Use max_groups in front-end and plugin.
2172: [bf1e74166831]
2173:
2174: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
2175: doc/sudo_plugin.mdoc.in, src/parse_args.c:
2176: Pass max_groups to plugin in settings list.
2177: [d7d76e8651f4]
2178:
2179: * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
2180: doc/sudo.conf.mdoc.in, include/sudo_conf.h:
2181: Add max_groups setting to sudo.conf (currently unused) and remove
2182: unused return value from setters.
2183: [f6494f71e1f0]
2184:
2185: 2013-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
2186:
2187: * INSTALL:
2188: Reorganize configure options
2189: [23475de8039f]
2190:
2191: 2013-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
2192:
2193: * NEWS:
2194: Add Sudo 1.8.6p7
2195: [5192fc511cbe]
2196:
2197: 2013-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
2198:
2199: * INSTALL.configure:
2200: Sync with autoconf 2.68
2201: [985e5c8efa4e]
2202:
2203: * INSTALL, README:
2204: Remove obsolete OS notes and move build requirements to INSTALL.
2205: [bf0dd53ca164]
2206:
2207: 2013-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
2208:
2209: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
2210: doc/sudo_plugin.mdoc.in:
2211: Sort elements of the settings, user_info and command_info lists.
2212: [663062ada5b7]
2213:
2214: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
2215: Remove trailing white space
2216: [027916a6c8e7]
2217:
2218: * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
2219: plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
2220: Store the session ID in the tty ticket file too. A tty may only be
2221: in one session at a time so if the session ID doesn't match we
2222: ignore the ticket.
2223: [4eb2cb8df48b]
2224:
2225: 2013-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
2226:
2227: * plugins/sudoers/sudoers.c, src/sudo.c:
2228: Move tzset() call from sudoers plugin to sudo front end.
2229: [3c058dad8772]
2230:
2231: * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
2232: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
2233: doc/sudoers.ldap.mdoc.in:
2234: Mention line continuation
2235: [399873f8c805]
2236:
2237: * MANIFEST, common/Makefile.in, common/fileops.c,
2238: common/regress/sudo_parseln/parseln_test.c,
2239: common/regress/sudo_parseln/test1.in,
2240: common/regress/sudo_parseln/test1.out.ok,
2241: common/regress/sudo_parseln/test2.in,
2242: common/regress/sudo_parseln/test2.out.ok,
2243: common/regress/sudo_parseln/test3.in,
2244: common/regress/sudo_parseln/test3.out.ok,
2245: common/regress/sudo_parseln/test4.in,
2246: common/regress/sudo_parseln/test4.out.ok,
2247: common/regress/sudo_parseln/test5.in,
2248: common/regress/sudo_parseln/test5.out.ok,
2249: common/regress/sudo_parseln/test6.in,
2250: common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c,
2251: include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c,
2252: plugins/sudoers/sudo_nss.c:
2253: Add line continuation support to sudo_parseln() and make it use
2254: getline() instead of fgets() internally.
2255: [d02bf3973fc5]
2256:
2257: 2013-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
2258:
2259: * plugins/sample/sample_plugin.c:
2260: Fix memory leak in error path; found by llvm checker
2261: [d090c26a5b00]
2262:
2263: * plugins/sudoers/sudoreplay.c:
2264: Remove useless store detected by llvm checker.
2265: [12a4db91651a]
2266:
2267: * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in,
2268: src/load_plugins.c, sudo.pp:
2269: Sudo now stores its libexec files in a "sudo" subdirectory instead
2270: of in libexec itself. For backwards compatibility, if the plugin is
2271: not found in the default plugin directory, sudo will check the
2272: parent directory default directory ends in "/sudo".
2273: [5de67de76489]
2274:
2275: * plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c,
2276: plugins/system_group/system_group.c:
2277: Add missing __dso_public to plugin structs so they are exported.
2278: [dde703577621]
2279:
2280: * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
2281: Mention that sudoers has its own plugins too.
2282: [0a6c6203b512]
2283:
2284: 2013-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
2285:
2286: * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
2287: Correct last change date.
2288: [45894291d792]
2289:
2290: * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
2291: doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
2292: doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
2293: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
2294: doc/sudoers.mdoc.in:
2295: Remove duplicated sudo.conf info in the sudo, sudoers and
2296: sudo_plugin manuals and cross-reference the new sudo.conf manual.
2297: [b808ba29cf3a]
2298:
2299: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
2300: Fix typos
2301: [0e70964150c6]
2302:
2303: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
2304: doc/sudoers.ldap.mdoc.in:
2305: Fix some typos.
2306: [94ae045cfbc6]
2307:
2308: * MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
2309: doc/sudo.conf.mdoc.in:
2310: Add standalone sudo.conf manual page.
2311: [d64d949b700c]
2312:
2313: * doc/sample.sudo.conf:
2314: add group_source example
2315: [118c1ba1c014]
2316:
2317: * configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in,
2318: doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
2319: doc/sudoers.man.in, doc/sudoers.mdoc.in:
2320: Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf.
2321: [f5bd6006dc1c]
2322:
2323: * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo,
2324: src/po/it.po:
2325: Sync with translationproject.org
2326: [a6f2b9aac371]
2327:
2328: 2013-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
2329:
2330: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
2331: plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo,
2332: src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo,
2333: src/po/vi.po:
2334: Sync with translationproject.org
2335: [ba546666969d]
2336:
2337: 2013-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
2338:
2339: * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo,
2340: plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po,
2341: src/po/es.po, src/po/gl.po:
2342: Sync with translationproject.org
2343: [cdc454e34c03]
2344:
2345: 2013-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
2346:
2347: * NEWS:
2348: Clarify ttyname changes.
2349: [cbf2f80fe582]
2350:
2351: * NEWS:
2352: Add 1.8.6p6
2353: [3aa591e98b3b]
2354:
2355: * src/ttyname.c:
2356: Remove ttyname() fall back code on systems where we can query the
2357: kernel for the tty device via /proc or sysctl(). If there is no
2358: controlling tty, it is better to just treat the tty as unknown
2359: rather than to blindly use what is hooked up to std{in,out,err}.
2360: [b2bd3005d2e4]
2361:
2362: 2013-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
2363:
2364: * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c:
2365: Add group_source setting in sudo.conf to allow the admin to specify
2366: how a user's groups are looked up. Legal values are static (just
2367: the kernel list from getgroups), dynamic (whatever the group
2368: database includes) and adaptive (only use group db if kernel group
2369: list is full).
2370: [87a5b02e22ad]
2371:
2372: * plugins/sudoers/policy.c:
2373: Pass back exec_background to front end if it is enabled in sudoers.
2374: [8230e1cd0bbd]
2375:
2376: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2377: Mention that exec_background is for 1.8.7 and higher only.
2378: [fdf0d5a3e182]
2379:
2380: 2013-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
2381:
2382: * MANIFEST:
2383: Add missing test files.
2384: [1165389aa5e6]
2385:
2386: * plugins/sudoers/regress/visudo/test3.err.ok,
2387: plugins/sudoers/regress/visudo/test3.out.ok,
2388: plugins/sudoers/regress/visudo/test3.sh:
2389: Add regress test for bug 361
2390: [54c7fb61b82d]
2391:
2392: * plugins/sudoers/iolog.c:
2393: Add __dso_public to extern declaration of declaration to match
2394: actual definition.
2395: [4695ded501e6]
2396:
2397: * NEWS:
2398: Add 1.8.6p5
2399: [b07b28c5c4d7]
2400:
2401: 2013-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
2402:
2403: * MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok,
2404: plugins/sudoers/regress/visudo/test2.out.ok,
2405: plugins/sudoers/regress/visudo/test2.sh:
2406: Add test for visudo cycle check core dump; test case from Daniel
2407: Kopecek
2408: [41074541147a]
2409:
2410: * plugins/sudoers/visudo.c:
2411: Fix potential stack overflow due to infinite recursion in alias
2412: cycle detection. From Daniel Kopecek.
2413: [d7e018a87434]
2414:
2415: * common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c:
2416: Ignore duplicate entries in sudo.conf and report the line number
2417: when there is an error. Warn, don't abort if there is more than one
2418: policy plugin.
2419: [dfcb5a698f0a]
2420:
2421: * plugins/sudoers/tsgetgrpw.c:
2422: Use strtoul() not atoi().
2423: [58a52cf9b6b8]
2424:
2425: 2013-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
2426:
2427: * compat/Makefile.in:
2428: regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo
2429: [9b44e9d26d16]
2430:
2431: * compat/nss_dbdefs.h:
2432: Fix typo that breaks the build on HP-UX.
2433: [b9ab6ba23485]
2434:
2435: * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in,
2436: configure, configure.in:
2437: Use nss_search() to implement getgrouplist() where available.
2438: Tested on Solaris and HP-UX. We need to include a compatibility
2439: header for HP-UX which uses the Solaris nsswitch implementation but
2440: doesn't ship nss_dbdefs.h.
2441: [d29dbc4dc06d]
2442:
2443: 2013-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
2444:
2445: * src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h:
2446: Remove extra flag to sudo_sigaction(). We want to trap the signal
2447: regardless of whether or not it is ignored by the underlying command
2448: since there's no way to know what signal handlers the command will
2449: install. Now we just use sudo_sigaction() to set a flag in
2450: saved_signals[] to indicate whether a signal needs to be restored
2451: before exec.
2452: [c042d52c7192]
2453:
2454: 2013-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
2455:
2456: * compat/getgrouplist.c, config.h.in, configure, configure.in:
2457: Use _getgroupsbymember() on Solaris to get the groups list. Fixes
2458: performance problems with the getgroupslist() compat on Solaris
2459: systems with network-based group databases.
2460: [287d3ae2ce8d]
2461:
2462: 2013-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
2463:
2464: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
2465: doc/sudo_plugin.mdoc.in:
2466: Document signal handler behavior in plugin API 1.3
2467: [20dc9d1c105f]
2468:
2469: * MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c,
2470: src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h:
2471: Move signal code into its own source file and add sudo_sigaction()
2472: wrapper that has an extra flag to check the saved_signals list to
2473: only install the handler if the signal is not already ignored. Bump
2474: plugin API version for the new front-end signal behavior.
2475: [5d2f27a1b404]
2476:
2477: * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h,
2478: src/sudo_exec.h:
2479: Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute
2480: the command. If we get SIGINT or SIGQUIT, call the plugin close()
2481: functions as if the command was interrupted. If we get SIGTSTP,
2482: uninstall the handler and deliver SIGTSTP to ourselves.
2483: [332baf3a81b7]
2484:
2485: * src/exec.c, src/exec_pty.c:
2486: Rename handle_signals() to dispatch_signals(). Block other signals
2487: in handler() so we don't have to worry about the write() being
2488: interrupted.
2489: [666e95c9a0f1]
2490:
2491: 2013-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
2492:
2493: * src/tgetpass.c:
2494: Rename signal handler to avoid name clash with one in exec.c
2495: [8913101a29b6]
2496:
2497: 2013-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
2498:
2499: * src/sudo.c:
2500: Add missing call to save_signals().
2501: [47d075d7326b]
2502:
2503: 2013-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
2504:
2505: * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2506: Fill in the comment block at the top of the .pot files and preserve
2507: it when regenerating them.
2508: [6449497b76db]
2509:
2510: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
2511: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
2512: doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
2513: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
2514: plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
2515: Add exec_background option in plugin command info and a sudoers
2516: option to match. When set, commands are started in the background
2517: and automatically foregrounded as needed. There are issues with
2518: some ill-mannered programs (like Linux su) so this is not the
2519: default.
2520: [c0b32b0938f2]
2521:
2522: * common/Makefile.in:
2523: regen
2524: [2b2b220e7aea]
2525:
2526: * src/Makefile.in:
2527: Add SESH_OBJS variable for sesh object files.
2528: [d3e04ae8fd1f]
2529:
2530: * configure.in, doc/LICENSE, plugins/sudoers/redblack.c:
2531: Update copyright year.
2532: [61a0f0cedb13]
2533:
2534: * src/exec_pty.c:
2535: Always resume the command in the foreground if sudo itself is the
2536: foreground process. This helps work around poorly behaved programs
2537: that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At
2538: worst, sudo will go into the background but upon resume the command
2539: will be runnable. Otherwise, we can get into a situation where the
2540: command will immediately suspend itself.
2541: [c368ac3eb2e4]
2542:
2543: * configure, configure.in:
2544: Use -fstack-protector-all in preference to -fstack-protector where
2545: supported.
2546: [f930c95ceb51]
2547:
2548: 2013-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
2549:
2550: * configure, configure.in:
2551: Only test for -fstack-protector and -fvisibility=hidden on GNU
2552: compatible compilers.
2553: [796f4696d863]
2554:
2555: 2013-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
2556:
2557: * NEWS:
2558: Add Sudo 1.8.6p4
2559: [8a928de8e717]
2560:
2561: * common/Makefile.in, compat/Makefile.in, configure, configure.in,
2562: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
2563: plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
2564: src/Makefile.in:
2565: Break out stack smashing protector options into SSP_CFLAGS and
2566: SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
2567: [01be114fc9fb]
2568:
2569: 2013-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
2570:
2571: * doc/CONTRIBUTORS, plugins/sudoers/redblack.c:
2572: In rbrepair(), make sure we never try to change the color of the
2573: sentinel node, which is the first entry, not the root. From Michael
2574: King
2575: [3fc4dc4004ec]
2576:
2577: 2012-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
2578:
2579: * src/exec_pty.c:
2580: No need to restore default signal handler for SIGSTOP as it is not
2581: catchable. Attempting to do so is harmless but sigaction() will
2582: fail and set errno to EINVAL which makes it looks like there is an
2583: error.
2584: [be7c0b759e9a]
2585:
2586: * src/exec.c:
2587: Print SIGCONT_FG and SIGCONT_BG properly in debug output.
2588: [93e59e301c8f]
2589:
2590: 2012-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
2591:
2592: * configure, configure.in:
2593: Disable PIE on FreeBSD/ia64, otherwise sudo will segfault.
2594: [9ed48f696595]
2595:
2596: 2012-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
2597:
2598: * include/missing.h:
2599: Add howmany() macro since some systems have this in sys/param.h
2600: which we no longer include.
2601: [2c5efaa16c45]
2602:
2603: 2012-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
2604:
2605: * plugins/sudoers/regress/sudoers/test11.toke.out.ok:
2606: Remove errant file.
2607: [a91699beffc6]
2608:
2609: 2012-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
2610:
2611: * plugins/sudoers/regress/check_symbols/check_symbols.c,
2612: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
2613: plugins/sudoers/regress/logging/check_wrap.c,
2614: plugins/sudoers/regress/parser/check_addr.c,
2615: plugins/sudoers/regress/parser/check_fill.c:
2616: Remove obsolete sudoers_cleanup() stubs.
2617: [89153025a2ae]
2618:
2619: * common/alloc.c, common/atobool.c, common/fileops.c,
2620: common/fmt_string.c, common/lbuf.c, common/secure_path.c,
2621: common/sudo_conf.c, common/sudo_debug.c, common/term.c,
2622: compat/closefrom.c, compat/getcwd.c, compat/glob.c,
2623: compat/snprintf.c, include/missing.h,
2624: plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
2625: plugins/sample_group/plugin_test.c,
2626: plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
2627: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
2628: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
2629: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
2630: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
2631: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
2632: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
2633: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
2634: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
2635: plugins/sudoers/env.c, plugins/sudoers/find_path.c,
2636: plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
2637: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2638: plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c,
2639: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
2640: plugins/sudoers/logging.c, plugins/sudoers/match.c,
2641: plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
2642: plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
2643: plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
2644: plugins/sudoers/redblack.c,
2645: plugins/sudoers/regress/parser/check_addr.c,
2646: plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
2647: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
2648: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
2649: plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
2650: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
2651: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
2652: plugins/system_group/system_group.c, src/conversation.c, src/exec.c,
2653: src/exec_common.c, src/exec_pty.c, src/get_pty.c,
2654: src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c,
2655: src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c:
2656: Don't include <sys/param.h>. We only needed it for MAXPATHLEN,
2657: MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and
2658: HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
2659: MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
2660: [f4807d46f504]
2661:
2662: * include/missing.h, plugins/sudoers/match.c,
2663: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
2664: Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN
2665: (sys/param.h or netdb.h).
2666: [2544f5e306dd]
2667:
2668: 2012-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
2669:
2670: * plugins/sudoers/logging.c:
2671: Move debug_decl() in log_failure() to be after the variable
2672: declarations for C89.
2673: [f48d2035ab44]
2674:
2675: 2012-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
2676:
2677: * common/error.c, include/error.h, plugins/sudoers/iolog.c,
2678: plugins/sudoers/logging.c, plugins/sudoers/policy.c,
2679: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2680: Cannot wrap sigsetjmp() or we end up returning to the wrong place.
2681: Use a macro instead.
2682: [749ee6acdad8]
2683:
2684: 2012-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
2685:
2686: * plugins/sudoers/policy.c:
2687: Fix return in sudoers_policy_open that should be debug_return.
2688: [a78b795b6846]
2689:
2690: 2012-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
2691:
2692: * src/ttyname.c:
2693: Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case
2694: too.
2695: [acfa891c229e]
2696:
2697: * src/solaris.c:
2698: Quiet a gcc warning and add comment about needing to keep the handle
2699: open.
2700: [f954f228960f]
2701:
2702: 2012-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
2703:
2704: * INSTALL:
2705: mention --disable-shared
2706: [6954d39e2d0f]
2707:
2708: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
2709: doc/sudo_plugin.mdoc.in:
2710: Add missing command_info argument in I/O plugin open() prototype.
2711: Bug #579
2712: [72beb07aba0e]
2713:
2714: 2012-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
2715:
2716: * plugins/sudoers/gram.c:
2717: Regen for proper line numbers.
2718: [6cf6e132e764]
2719:
2720: * configure, configure.in:
2721: Add locale_stub.o to SUDO_OBJS, not locale_stub.lo.
2722: [d604dc8ca38a]
2723:
2724: * common/sudo_printf.c:
2725: Include missing.h for __printflike.
2726: [a33640600faf]
2727:
2728: * plugins/sudoers/iolog.c:
2729: Saner loop invariant in io_mkdirs (cosmetic only).
2730: [dc30274afe38]
2731:
2732: * MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c,
2733: configure, configure.in, include/error.h, mkdep.pl,
2734: plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
2735: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
2736: plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
2737: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
2738: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
2739: src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c,
2740: src/sesh.c:
2741: Move warn/error into common and make static builds work.
2742: [4d3f374f4e4c]
2743:
2744: * MANIFEST, common/Makefile.in, common/sudo_debug.c,
2745: common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in,
2746: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2747: plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
2748: plugins/sudoers/policy.c,
2749: plugins/sudoers/regress/check_symbols/check_symbols.c,
2750: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
2751: plugins/sudoers/regress/logging/check_wrap.c,
2752: plugins/sudoers/regress/parser/check_addr.c,
2753: plugins/sudoers/regress/parser/check_fill.c,
2754: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
2755: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
2756: src/Makefile.in, src/conversation.c, src/sesh.c:
2757: Move _sudo_printf from src/conversation.c to common/sudo_printf.c.
2758: Add sudo_printf function pointer that is initialized to
2759: _sudo_printf() instead of requiring a sudo_conv function pointer
2760: everywhere. The plugin will reset sudo_printf to point to the
2761: version passed in via the plugin open function. Now plugin_error.c
2762: can just call sudo_printf in all cases. The sudoers binaries no
2763: longer need their own version of sudo_printf.
2764: [9b09d3f63790]
2765:
2766: * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
2767: plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
2768: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2769: Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't
2770: need error_jmp to be extern. Also add plugin_clearjmp() that clears
2771: a flag so error()/errorx() knows when to call exit() vs. longjmp().
2772: [5a4617148e70]
2773:
2774: * plugins/sudoers/set_perms.c:
2775: Let warning() call gettext() for us.
2776: [ab8d502ba4ac]
2777:
2778: * include/error.h, plugins/sudoers/plugin_error.c, src/error.c:
2779: Do locale swapping in the warning()/error() macros themselves
2780: instead of in the underlying functions.
2781: [4cd205540e17]
2782:
2783: * common/alloc.c, common/list.c, include/error.h,
2784: plugins/sudoers/env.c, plugins/sudoers/plugin_error.c,
2785: plugins/sudoers/regress/check_symbols/check_symbols.c,
2786: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
2787: src/hooks.c:
2788: Rename warning2()/error2() -> warning_nodebug()/error_nodebug().
2789: [48346393634d]
2790:
2791: * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
2792: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
2793: plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c,
2794: plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
2795: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
2796: plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
2797: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
2798: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
2799: plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c,
2800: src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
2801: src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
2802: src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
2803: Call gettext() on parameters for warning()/warningx() instead of
2804: having warning() do it for us.
2805: [c71088bc9d3e]
2806:
2807: * Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c,
2808: plugins/sudoers/gram.y, plugins/sudoers/toke.c,
2809: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
2810: Call gettext() in sudoerserror() in the user's locale and pass the
2811: untranslated string to it.
2812: [cdbfc231b848]
2813:
2814: * plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
2815: plugins/sudoers/logging.h, plugins/sudoers/sudoers.c,
2816: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
2817: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
2818: Allow sudoers programs (visudo, sudoreplay, visudo) to use
2819: plugin_error.c instead of the error.c from the front-end. This
2820: means sudoers_setlocale() needs to be independent of the sudo_user
2821: struct and the defaults table. The sudoers locale is now updated
2822: via a callback.
2823: [e356f5f8cd6a]
2824:
2825: * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
2826: plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
2827: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2828: Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c
2829: Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers
2830: warning/error functions work when sudo_conv is NULL
2831: [7365ee24a779]
2832:
2833: * src/error.c:
2834: No need to change locale in front-end warning()/error().
2835: [23dc1df7f93b]
2836:
2837: * plugins/sudoers/tsgetgrpw.c:
2838: Ignore bad lines in passwd/group file instead if stopping processing
2839: when we hit one.
2840: [79b790559075]
2841:
2842: * plugins/sudoers/regress/testsudoers/test2.sh,
2843: plugins/sudoers/regress/testsudoers/test3.sh,
2844: plugins/sudoers/regress/testsudoers/test5.sh:
2845: Bash doesn't let you set UID to use MYUID instead.
2846: [5be56335f059]
2847:
2848: * plugins/sudoers/visudo.c:
2849: Avoid NULL deref for unknown Defaults in strict mode.
2850: [545c21c1e7d6]
2851:
2852: * common/sudo_conf.c, common/sudo_debug.c:
2853: See DEFAULT_TEXT_DOMAIN
2854: [3d723e1d27db]
2855:
2856: 2012-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
2857:
2858: * .hgignore:
2859: Add signame.c and mksigname.
2860: [d59bbf423f00]
2861:
2862: * plugins/sudoers/Makefile.in:
2863: Fold preinstall into install-plugin and pass the path to the plugin
2864: binary to the preinstall command.
2865: [2c2205af8bb7]
2866:
2867: * pp:
2868: sync with upstream
2869: [a4b7336b3256]
2870:
2871: * src/sudo.h:
2872: repair spacing
2873: [f5c1255ce514]
2874:
2875: 2012-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
2876:
2877: * common/sudo_debug.c:
2878: Set group on sudo_debug when creating it to gid 0 so systems without
2879: BSD group semantics don't get the invoking user's group.
2880: [7dda01196554]
2881:
2882: * plugins/sudoers/iolog.c:
2883: Rename mkdir_parents() io_mkdirs() and add a flag to specify whether
2884: path is a temporary, in which case the final component is created
2885: via mkdtemp() instead of mkdir().
2886: [79c0c4e7ed58]
2887:
2888: * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h:
2889: For PERM_ROOT set egid to 0 so log files are not created with the
2890: gid of the user.
2891: [5b964ea43474]
2892:
2893: * plugins/sudoers/logging.c:
2894: Add calls to set_perms(PERM_ROOT) becore logging to a file. We
2895: should already be root but since we cache the current permission
2896: status it is basically free. That way, if more of sudoers runs as
2897: non-root in the future logging will still work correctly.
2898: [c591d4973f41]
2899:
2900: * common/sudo_conf.c, config.h.in, configure, configure.in,
2901: include/gettext.h, plugins/sudoers/locale.c,
2902: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
2903: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
2904: src/error.c, src/exec.c, src/sesh.c, src/sudo.c:
2905: #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it.
2906: [41f6bb4926f4]
2907:
2908: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
2909: doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
2910: doc/sudo_plugin.mdoc.in:
2911: Mention that sudo.conf is parsed in the C locale.
2912: [f711c416e30c]
2913:
2914: * common/sudo_conf.c:
2915: Parse sudo.conf in the "C" locale.
2916: [776658f651ea]
2917:
2918: * plugins/sudoers/locale.c, plugins/sudoers/logging.h,
2919: plugins/sudoers/sudoers.h:
2920: Fix compilation on systems w/o setlocale()
2921: [6940d1c1c1ce]
2922:
2923: * doc/TROUBLESHOOTING:
2924: Sudo now includes a workaround for the Solaris 11 locale issue.
2925: [ab93787a552c]
2926:
2927: 2012-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
2928:
2929: * include/gettext.h, plugins/sudoers/iolog_path.c,
2930: plugins/sudoers/locale.c,
2931: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
2932: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
2933: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
2934: src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h:
2935: Always include locale.h from gettext.h so we no longer need to
2936: include locale.h from the .c files.
2937: [93d39182ccfa]
2938:
2939: * MANIFEST, config.h.in, configure, configure.in, mkdep.pl,
2940: plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c,
2941: src/solaris.c, src/sudo.c, src/sudo.h:
2942: Add os-specific initialization functions for solaris (workaround
2943: setuid locale problem in Solaris 11) and openbsd (set malloc_options
2944: if SUDO_DEVEL). Also move set_project() to solaris.c.
2945: [1d6581afbaf4]
2946:
2947: 2012-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
2948:
2949: * plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
2950: plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
2951: plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
2952: Avoid strerror() when possible and just rely on warning/error to
2953: handle errno in the proper locale.
2954: [bf612caae97c]
2955:
2956: * plugins/sudoers/logging.c:
2957: Set sudoers locale in log_allowed()
2958: [2dd0ac704cae]
2959:
2960: * plugins/sudoers/check.c:
2961: Make the sudo lecture translatable.
2962: [3cdfc183d72d]
2963:
2964: * Makefile.in:
2965: Add the values of badpass_message, passprompt and mailsub to
2966: sudoers.pot so they can be translated.
2967: [51cbe8adcb94]
2968:
2969: * plugins/sudoers/logging.c:
2970: Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked
2971: up by xgettext.
2972: [c5b74115caf0]
2973:
2974: 2012-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
2975:
2976: * plugins/sudoers/check.c, plugins/sudoers/prompt.c,
2977: plugins/sudoers/sudoers.h:
2978: Make expand_prompt() args const and free the prompt when we are done
2979: with it.
2980: [995ef8519fe6]
2981:
2982: * plugins/sudoers/policy.c:
2983: Fix cut and pasto
2984: [e002921c1d15]
2985:
2986: * plugins/sudoers/defaults.c, plugins/sudoers/logging.c:
2987: Expand def_mailsub in the sudoers locale, not the user's.
2988: [a4775f2fb385]
2989:
2990: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
2991: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
2992: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
2993: plugins/sudoers/env.c, plugins/sudoers/iolog.c,
2994: plugins/sudoers/locale.c, plugins/sudoers/logging.c,
2995: plugins/sudoers/logging.h, plugins/sudoers/parse.c,
2996: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
2997: plugins/sudoers/timestamp.c:
2998: Call gettext inside log_error et al instead of having the caller do
2999: it. This way we can display any messages to the user in their own
3000: locale but log in the sudoers local.
3001: [286e0444f785]
3002:
3003: * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
3004: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
3005: plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
3006: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
3007: plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
3008: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
3009: plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
3010: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
3011: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
3012: plugins/sudoers/visudo.c, src/error.c, src/exec.c,
3013: src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
3014: src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
3015: src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
3016: Display warning/error messages in the user's locale.
3017: [00a04165c0cf]
3018:
3019: * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c,
3020: plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
3021: audit_failure() now calls gettext itself using the sudoers locale.
3022: [d77f1d78799a]
3023:
3024: * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
3025: plugins/sudoers/sudoers.c:
3026: Convert setlocale() to sudoers_setlocale() in the sudoers module.
3027: This only converts existing uses, there are more places where we
3028: need to sprinkle sudoers_setlocale() calls.
3029: [8ee0cbf0d0a9]
3030:
3031: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
3032: plugins/sudoers/locale.c, plugins/sudoers/logging.h,
3033: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
3034: Add simple locale switching to make it easy to switch from the
3035: user's locale to the sudoers locale without making excessive
3036: setlocale() calls when we don't need to.
3037: [5c61582fdeee]
3038:
3039: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
3040: plugins/sudoers/plugin_error.c, src/error.c:
3041: Add variants of warn/error and sudo_debug_printf that take a va_list
3042: instead of a variable number of args.
3043: [00392bdc063c]
3044:
3045: * INSTALL, doc/TROUBLESHOOTING:
3046: Document Solaris 11 locale issues and workarounds.
3047: [05f7d34af3ae]
3048:
3049: * Makefile.in, configure, configure.in:
3050: Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8
3051: locales. Make links from localdir/lang -> localdir/lang.UTF-8
3052: [5ca9326480e2]
3053:
3054: 2012-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
3055:
3056: * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
3057: plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
3058: Do not inform the user that the command was not permitted by the
3059: policy if they do not successfully authenticate. This is a
3060: regression introduced in sudo 1.8.6.
3061: [c1279df08bfb]
3062:
3063: * plugins/sudoers/Makefile.in:
3064: Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup
3065: the rpath in HP-UX SOM shared libraries for the LDAP libs.
3066: [b07185657b42]
3067:
3068: * src/parse_args.c:
3069: The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A.
3070: [22c73cbe3ff9]
3071:
3072: 2012-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
3073:
3074: * INSTALL, configure, configure.in:
3075: Allow the user to specify and alternate libtool
3076: [c9d6fc9521fd]
3077:
3078: 2012-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
3079:
3080: * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c:
3081: Allow sudo to be build with sss support without also including ldap
3082: support. From Stephane Graber.
3083: [b992a80ebea1]
3084:
3085: 2012-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
3086:
3087: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c,
3088: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
3089: plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
3090: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
3091: plugins/sudoers/visudo.c:
3092: Refactor policy plugin interface code from sudoers.c into policy.c
3093: [393e62910b8a]
3094:
3095: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
3096: Refactor command_info setting into its own function.
3097: [a952b948324c]
3098:
3099: * plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
3100: plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c,
3101: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
3102: Make interfaces pointer private to interfaces.c and add
3103: get_interfaces() accessor.
3104: [b69b9334ed3c]
3105:
3106: 2012-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
3107:
3108: * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
3109: plugins/sudoers/sudoers.h:
3110: Make user_cwd const since it is either a string literal or passed in
3111: from the front-end.
3112: [90751b81e8bc]
3113:
3114: * configure, configure.in:
3115: sudo 1.8.7
3116: [bf727adb8af0]
3117:
3118: * plugins/sudoers/sudoers.c:
3119: Avoid nested strtok() calls.
3120: [9d9f22ab52a9]
3121:
3122: 2012-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
3123:
3124: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
3125: plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h:
3126: Move expand_prompt() into its own source file for easier unit
3127: testing.
3128: [b419b48a436f]
3129:
3130: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
3131: plugins/sudoers/check.h, plugins/sudoers/sudoers.h,
3132: plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
3133: Make check.c independent of the underlying timestamp implementation.
3134: [895071bd6065]
3135:
3136: * plugins/sudoers/iolog_path.c:
3137: Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled.
3138: [8ac38f02dd6d]
3139:
3140: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
3141: Use a list for the possible values of Tag_Spec with a minimal indent
3142: to improve readability. In the pod version, these were =head3. Also
3143: use .St -p1003.1 instead of just POSIX when talking about glob() and
3144: fnmatch().
3145: [361a6f7a5c44]
3146:
3147: 2012-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
3148:
3149: * src/ttyname.c:
3150: sudo_ttyname_dev() is unused if there is no /proc or sysctl().
3151: [6598dbf81e16]
3152:
3153: * compat/mksiglist.c, compat/mksigname.c,
3154: compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c,
3155: plugins/sample_group/plugin_test.c,
3156: plugins/sudoers/regress/check_symbols/check_symbols.c,
3157: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
3158: plugins/sudoers/regress/logging/check_wrap.c,
3159: plugins/sudoers/regress/parser/check_addr.c,
3160: plugins/sudoers/regress/parser/check_fill.c,
3161: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
3162: plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c:
3163: Explicitly mark main() as public in executables to avoid an HP-UX ld
3164: warning.
3165: [72a40ce218be]
3166:
3167: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
3168: Remove grep from SEE ALSO section.
3169: [c7cafee1621f]
3170:
3171: * common/alloc.c:
3172: If vasprintf() fails, just use the errno it sets instead of assuming
3173: ENOMEM.
3174: [1be5bfdc0cab]
3175:
3176: 2012-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
3177:
3178: * doc/TROUBLESHOOTING:
3179: Mention HP-UX pam.conf settings.
3180: [8b8e745b49fd]
3181:
3182: 2012-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
3183:
3184: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
3185: plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c,
3186: plugins/sudoers/timestamp.h:
3187: Split off timestamp functions into their own source file.
3188: [d5833332511d]
3189:
3190: 2012-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
3191:
3192: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
3193: Mention how !foo is not the same as ALL,!foo
3194: [51f8e470757d]
3195:
3196: 2012-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
3197:
3198: * src/exec_pty.c:
3199: Start commands in the background when I/O logging is enabled. We
3200: can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2)
3201: which returns EINTR on signal instead of restarting automatically.
3202: [83b1d59146f7]
3203:
3204: * src/exec_pty.c:
3205: Handle SIGCONT_FG and SIGCONT_BG when converting signal number to
3206: string in deliver_signal().
3207: [2cefea7a976e]
3208:
3209: 2012-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
3210:
3211: * src/exec_pty.c:
3212: Fix running commands that need the terminal in the background when
3213: I/O logging is enabled. E.g. "sudo vi &". When the command is
3214: foregrounded, it will now resume properly.
3215: [0bc13a253429]
3216:
3217: * plugins/sudoers/match.c:
3218: Add rudimentary support for name-based matching as a compile-time
3219: option. This unsafe when used in conjunction with the '!' operator.
3220: [f93bc8e6db15]
3221:
3222: 2012-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
3223:
3224: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c,
3225: plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c:
3226: Split out implementation-specific back end code out of pwutil.c into
3227: pwutil_impl.c. This will allow the main pwutil code to be used for
3228: lookup methods other than getpw* and getgr*.
3229: [999c2dde60e4]
3230:
3231: 2012-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
3232:
3233: * NEWS, configure, configure.in:
3234: sudo 1.8.6p3
3235: [97fef3d9ed65]
3236:
3237: 2012-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
3238:
3239: * doc/fixman.sh:
3240: Don't use embedded newline when matching, use \n. This got expanded
3241: at some point. Bug #573
3242: [6652f834b8f5]
3243:
3244: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
3245: Rename yyerror() to sudoerserror() to match yacc prefix changes. Not
3246: really needed due to the #defines that yacc makes but it is less
3247: confusing this way as the lexer calls sudoerserror().
3248: [a0577be6527d]
3249:
3250: * common/alloc.c, plugins/sample_group/plugin_test.c,
3251: plugins/sudoers/env.c, plugins/sudoers/toke.c,
3252: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
3253: src/exec_common.c, src/parse_args.c, src/sudo.c:
3254: No need to translate "unable to allocate memory" when we can just
3255: use the system translation via strerror().
3256: [377499e5827c]
3257:
3258: * plugins/sudoers/sudoreplay.c:
3259: Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not
3260: all file systems support d_type. Bug #572
3261: [8b861c62945f]
3262:
3263: * plugins/sudoers/sudoreplay.c:
3264: Avoid calling fclose(NULL) in the error path when we cannot open an
3265: I/O log file.
3266: [9401d5c4bb05]
3267:
3268: 2012-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
3269:
3270: * NEWS, configure, configure.in:
3271: Sudo 1.8.6p2
3272: [6e32496280f2]
3273:
3274: * src/exec.c:
3275: When setting the signal handler for SIGTSTP to the default value in
3276: non-I/O log mode, store the old handler value for when we restore it
3277: after resume.
3278: [242628694e42]
3279:
3280: * plugins/sudoers/env.c:
3281: Replace the guts of sudo_setenv_nodebug() with our old setenv.c
3282: which supports non-standard BSD and glibc semantics. sudo_setenv()
3283: now simply calls sudo_setenv2().
3284: [57ffb6c9efaa]
3285:
3286: 2012-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
3287:
3288: * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
3289: doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in:
3290: Document non-Unix group support in LDAP sudoers.
3291: [33c89f3aeee6]
3292:
3293: * plugins/sudoers/ldap.c:
3294: Enable non-Unix group support for LDAP sudoers. We now check for
3295: non-Unix groups and netgroups with the same query in the second
3296: pass. Bug #571
3297: [eb98fdff54d9]
3298:
3299: 2012-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
3300:
3301: * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
3302: plugins/sudoers/gram.h, plugins/sudoers/parse.c,
3303: plugins/sudoers/regress/parser/check_fill.c,
3304: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
3305: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
3306: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
3307: plugins/sudoers/visudo.c:
3308: Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers.
3309: [cb6c0d93215e]
3310:
3311: 2012-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
3312:
3313: * NEWS:
3314: Mention support for SUCCESS=return in /etc/nsswitch.conf
3315: [ef1f35aa0863]
3316:
3317: * NEWS, configure, configure.in:
3318: sudo 1.8.6p1
3319: [73a5e1f004b3]
3320:
3321: 2012-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
3322:
3323: * plugins/sudoers/env.c:
3324: Avoid setting LOGNAME, USER and USERNAME variables twice when
3325: set_logname is enabled.
3326: [0de4f5fbd1d4]
3327:
3328: * plugins/sudoers/env.c:
3329: Fix duplicate detection in sudo_putenv(), do not prune out the
3330: variable we just set when overwriting an existing instance. Fixes
3331: bug #570
3332: [854ee714c831]
3333:
3334: * plugins/sudoers/env.c:
3335: Add some debuggging
3336: [a25cd3305823]
3337:
3338: 2012-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
3339:
3340: * plugins/sudoers/sudo_nss.c:
3341: Disable word wrap in list mode when stdout is a pipe to make "sudo
3342: -l | grep ..." more useful. Adapted from a diff by Daniel Kopecek.
3343: [65ade04511fd]
3344:
3345: * common/lbuf.c:
3346: Print a trailing newline in lbuf_print() when there is not enough
3347: space to do word wrapping and the lbuf does not end with a newline.
3348: [c0200e19cd09]
3349:
3350: * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
3351: Add support for [SUCCESS=return] in nsswitch.conf; from Daniel
3352: Kopecek
3353: [5c480316e3ce]
3354:
3355: * MANIFEST:
3356: Add sssd.c
3357: [9cadd014ef97]
3358:
3359: 2012-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
3360:
3361: * plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo,
3362: plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo,
3363: plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo,
3364: src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo:
3365: regen .po files
3366: [62423d4d143d]
3367:
3368: * MANIFEST, plugins/sudoers/po/vi.mo:
3369: Add Vietnamese sudoers translation from translationproject.org
3370: [33666a605525]
3371:
3372: * NEWS:
3373: mention PIE
3374: [05032e5304c6]
3375:
3376: * MANIFEST, plugins/sudoers/po/vi.po:
3377: Add Vietnamese sudoers translation from translationproject.org
3378: [015c2204bae2]
3379:
3380: 2012-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
3381:
3382: * Makefile.in, compat/Makefile.in, mkdep.pl:
3383: Add missing signame dependency
3384: [e493bfb01929]
3385:
3386: * src/exec.c, src/ttyname.c:
3387: Silence compiler warnings.
3388: [1c5374b66d9b]
3389:
3390: * MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c,
3391: config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
3392: src/exec.c, src/exec_pty.c:
3393: Replace strsigname() with sig2str(), emulating it as needed.
3394: [1e348cca1fa6]
3395:
3396: * config.h.in, configure, configure.in, src/utmp.c:
3397: Use fseeko() for legacy utmp handling if available.
3398: [b4bbd8d2c0e9]
3399:
3400: 2012-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
3401:
3402: * compat/strsigname.c, config.h.in, configure, configure.in:
3403: Detect sys_sigabbrev[] and use it in place of sys_signame[] if
3404: present. For some reason glibc does not declare sys_sigabbrev so we
3405: must add an extern definition of our own.
3406: [b38f3fbd7078]
3407:
3408: * compat/strsignal.c, compat/strsigname.c:
3409: Handle NULL entries in sys_siglist and sys_signame.
3410: [a388959d9654]
3411:
3412: * compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c,
3413: compat/mksigname.h, compat/strsignal.c, compat/strsigname.c:
3414: Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name}
3415: [711e41aba59a]
3416:
3417: 2012-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
3418:
3419: * NEWS:
3420: sync
3421: [5a2522488754]
3422:
3423: * src/exec.c:
3424: Pass on SIGTSTP to the command if it was sent by a user process (not
3425: the kernel or the terminal) when we are not I/O logging and set the
3426: default SIGTSTP handler when we re-send the signal to ourself,
3427: restoring our handler after we resume.
3428: [4259c47e31c0]
3429:
3430: * src/exec.c:
3431: Shells typically change their process group when they start up so
3432: that they can implement job control. Most well-behaved shells
3433: change the pgrp back to its original value before suspending so we
3434: must not try to restore in that case, lest we race with the child
3435: upon resume, potentially stopping sudo with SIGTTOU while the
3436: command continues to run. Some shells, such as pdksh, just suspend
3437: the shell by sending SIGSTOP to themselves without restoring the
3438: pgrp. In this case we need to change the pgrp back for them. Should
3439: fix bug #568
3440: [6ac6751ffd17]
3441:
3442: 2012-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
3443:
3444: * MANIFEST, compat/Makefile.in, compat/mksigname.c,
3445: compat/mksigname.h, compat/strsignal.c, compat/strsigname.c,
3446: config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
3447: src/exec.c, src/exec_pty.c:
3448: Use strsigname() to print signal names in the debug output. If the
3449: system has no strsigname(), use our own.
3450: [0735f18906b9]
3451:
3452: 2012-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
3453:
3454: * plugins/sudoers/regress/testsudoers/test5.inc,
3455: plugins/sudoers/regress/testsudoers/test5.sh:
3456: Remove generated file and change path for temporary include file.
3457: [4e9fa830c6b5]
3458:
3459: * plugins/sudoers/Makefile.in:
3460: When running regress tests, list pass/fail rate for each dir
3461: (testsudoers and visudo) instead of the total. Also prevent the
3462: result files from clobbering each other by keeping them in the
3463: relevant directories.
3464: [6aac53baff7d]
3465:
3466: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
3467: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3468: Don't print an error message in yyerror() if open_sudoers() fails,
3469: we've already printed an error message. Also restore the check for
3470: sudoers_warnings in yyerror().
3471: [aa6036df5fb2]
3472:
3473: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
3474: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
3475: plugins/sudoers/toke.l:
3476: Avoid printing the >>> parse error <<< message for testsudoers when
3477: the -t flag is specified.
3478: [76f3433c8992]
3479:
3480: 2012-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
3481:
3482: * plugins/sudoers/parse.c:
3483: Fix NULL deref when an entry has no Runas_Entry
3484: [4b14983ff6e7]
3485:
3486: * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
3487: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
3488: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
3489: src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po,
3490: src/po/zh_CN.mo, src/po/zh_CN.po:
3491: sync with translationproject.org
3492: [440e9c9b37de]
3493:
3494: * NEWS:
3495: sync
3496: [3142ba2dce60]
3497:
3498: * plugins/sudoers/check.c:
3499: Correct the check_user() comment header.
3500: [73da30308fff]
3501:
3502: * plugins/sudoers/auth/sudo_auth.c:
3503: Change a log_fatal() into log_error() when no auth methods are
3504: configured. The caller already checks the return value.
3505: [05f5c39793a7]
3506:
3507: * plugins/sudoers/logging.c:
3508: Add missing debug_return
3509: [3a76bb7c2fe7]
3510:
3511: 2012-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
3512:
3513: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
3514: doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
3515: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
3516: doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
3517: doc/sudoers.man.in, doc/sudoers.mdoc.in:
3518: Make the capitalization consistent for .Ss and .Sx
3519: [5c5735ee4b2f]
3520:
3521: * doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat,
3522: doc/sudo.man.in, doc/sudo.mdoc.in:
3523: Add COMMAND EXECUTION section that describes how sudo runs the
3524: command, the extra sudo processes and signal handling.
3525: [dff2d88e984e]
3526:
3527: 2012-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
3528:
3529: * Makefile.in:
3530: Happy Easter
3531: [4b9d697c6b83]
3532:
3533: 2012-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
3534:
3535: * compat/Makefile.in:
3536: Don't echo the awk command when building siglist.in
3537: [21daa72921e6]
3538:
3539: * doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
3540: doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
3541: Cosmetic changes.
3542: [19259528e9ad]
3543:
3544: * doc/Makefile.in:
3545: The HISTORY, LICENSE and CONTRIBUTORS files are not longer
3546: generated.
3547: [ea6ac9e981e6]
3548:
3549: * MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po,
3550: plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo,
3551: plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po,
3552: plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po,
3553: src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po,
3554: src/po/uk.po, src/po/vi.po:
3555: Sync with translationproject.org and add Italian sudoers
3556: translation.
3557: [9276740aea59]
3558:
3559: 2012-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
3560:
3561: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
3562: Expand description of fqdn to talk about systems where the hosts
3563: file is searched before DNS.
3564: [4ee812ca6116]
3565:
3566: 2012-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
3567:
3568: * doc/Makefile.in:
3569: For cat pages there is nothing to make unless DEVEL is set.
3570: [fab4a5b68708]
3571:
3572: * configure, configure.in, doc/Makefile.in:
3573: Always use mandoc to format cat pages and remove now-extraneous
3574: nroff configure tests.
3575: [5747f4ed5762]
3576:
3577: * pp:
3578: sync polypkg from git
3579: [89ddf6ea3e3f]
3580:
3581: * plugins/sudoers/sudoers.c:
3582: Use AI_FQDN instead of AI_CANONNAME if available since "canonical"
3583: is not always the same as "fully qualified".
3584: [7c1d9c098386]
3585:
3586: 2012-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
3587:
3588: * doc/sudoers.mdoc.in:
3589: Fix some typos. Describe error messages not related to policy
3590: permissions.
3591: [f5ebf9030d85]
3592:
3593: * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
3594: plugins/sudoers/visudo.c:
3595: Add new check_defaults() function to check (but not update) the
3596: Defaults entries. Visudo can now use this instead of
3597: update_defaults to check all the defaults regardless instead of just
3598: the global Defaults entries.
3599: [3fa879ce1b65]
3600:
3601: 2012-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
3602:
3603: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
3604: Document sudoers log format.
3605: [08998a7061ab]
3606:
3607: * NEWS:
3608: Update for sudo 1.8.5p3
3609: [6e102a5d4e8d]
3610:
3611: * src/load_plugins.c:
3612: Add missing check for I/O plugin API version when checking for the
3613: presence of I/O plugin hooks.
3614: [ef05c7eeaf81]
3615:
3616: * src/hooks.c:
3617: Can't call debug code in the process_hooks_xxx functions() since
3618: ctime() may look up the timezone via the TZ environment variable.
3619: [2179fb26bd8e]
3620:
3621: 2012-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
3622:
3623: * src/exec_common.c, src/sesh.c, src/utmp.c:
3624: Include signal.h before sudo_exec.h since it uses sigset_t * in the
3625: fork_pty prototype.
3626: [94fc0d859600]
3627:
3628: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
3629: doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
3630: doc/visudo.man.in, doc/visudo.mdoc.in:
3631: Remove OPTIONS section; options now go inside DESCRIPTION
3632: [a619fc58a746]
3633:
3634: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
3635: regen
3636: [44719d80bc06]
3637:
3638: * MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
3639: plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
3640: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
3641: plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
3642: plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
3643: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
3644: plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
3645: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
3646: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
3647: src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po,
3648: src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po:
3649: Sync with translationproject.org and add new Slovenian translation.
3650: [34b4b966bbac]
3651:
3652: * common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
3653: plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c,
3654: plugins/sudoers/testsudoers.c:
3655: Reduce the number of "internal error, foo overflow" messages that
3656: need to be translated.
3657: [93ffa2b3d53f]
3658:
3659: * NEWS:
3660: Mention HP-UX reboot fix.
3661: [1e39b5aa32ac]
3662:
3663: * INSTALL, NEWS, common/sudo_debug.c, configure, configure.in,
3664: doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in,
3665: plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c,
3666: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
3667: Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers
3668: data source. From Daniel Kopecek and Pavel Brezina.
3669: [3f85e95d6928]
3670:
3671: 2012-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
3672:
3673: * common/sudo_conf.c, src/load_plugins.c:
3674: If sudo.conf contains an I/O plugin but no policy plugin, use
3675: sudoers for the policy plugin. If a policy plugin is specified
3676: without an I/O plugin, only the policy plugin will be loaded.
3677: [ea192df2439d]
3678:
3679: * doc/Makefile.in, doc/sudoers.man.in:
3680: Do not modify the .Os section when building the .man.in file from
3681: .mdoc.in.
3682: [a9f9628e147f]
3683:
3684: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
3685: Add a note about wildcards matching multiple words and include an
3686: example. Also mention that for sudoedit, a wildcard in command line
3687: args does not match a slash.
3688: [fcb9fbac14e0]
3689:
3690: 2012-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
3691:
3692: * src/exec_pty.c, src/sudo_exec.h:
3693: Fix a comment, update a variable name in a prototype; all cosmetic.
3694: [e89f10cbd6e1]
3695:
3696: * plugins/sudoers/iolog.c:
3697: Cast 2nd argument of lseek() to off_t if it is a constant for
3698: systems with 64-bit off_t but without a proper lseek() prototype.
3699: [d8779da135d0]
3700:
3701: * compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
3702: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
3703: plugins/sudoers/visudo.c:
3704: Fix some warnings from clang checker-267
3705: [1e44ef7860b5]
3706:
3707: * plugins/sample/sample_plugin.c:
3708: Fix memory leak found by clang checker-267
3709: [f8a43617fdfb]
3710:
3711: 2012-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
3712:
3713: * src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h:
3714: If we receive a signal from the command we executed, do not forward
3715: it back to the command. This fixes a problem with BSD-derived
3716: versions of the reboot command which send SIGTERM to all other
3717: processes, including the sudo process. Sudo would then deliver
3718: SIGTERM to reboot which would die before calling the reboot() system
3719: call, effectively leaving the system in single user mode.
3720: [4ffab9ab9e98]
3721:
3722: 2012-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
3723:
3724: * doc/fixman.sh, doc/fixmdoc.sh:
3725: Remove section about Solaris 10 on other systems. Add missing
3726: sudoers.man.in bit to fixman.sh.
3727: [176559199ba7]
3728:
3729: 2012-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
3730:
3731: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
3732: Expand section on Solaris privileges.
3733: [3a1bfa2f1743]
3734:
3735: * NEWS:
3736: Expand a bit on the Solaris priv set changes.
3737: [bffb78b4a520]
3738:
3739: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
3740: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
3741: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
3742: The second argument to init_parser() is now bool.
3743: [fb727a4fb651]
3744:
3745: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
3746: Fix printing of parse error message to stderr.
3747: [dea6b420b84f]
3748:
3749: * plugins/sudoers/check.c, plugins/sudoers/defaults.c,
3750: plugins/sudoers/match.c, plugins/sudoers/parse.c,
3751: plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
3752: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
3753: If a command matches using an empty Runas_List (i.e. Runas_List is
3754: present but empty) and the -u option was not specified, set runas_pw
3755: to user_pw instead of using runas_default. This is intended to be
3756: used in conjunction with the Solaris Privilege Set support for rules
3757: that grant privileges without changing the user.
3758: [e84a081f3c11]
3759:
3760: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
3761: plugins/sudoers/gram.c, plugins/sudoers/gram.h,
3762: plugins/sudoers/gram.y, plugins/sudoers/match.c,
3763: plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h:
3764: Add support for parsing an empty Runas_List, which only allows the
3765: command to be run as the invoking user. This can be used in
3766: conjunction with the Solaris Privilege Set support to grant
3767: privileges without changing the user.
3768: [dc34373792fc]
3769:
3770: 2012-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
3771:
3772: * doc/fixman.sh:
3773: Fix HP-UX, just use ".TH name section" like the vendor manuals.
3774: [559738237c92]
3775:
3776: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3777: Fix compilation on Solaris
3778: [2d310302207c]
3779:
3780: * .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh,
3781: doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh,
3782: doc/sudoers.mdoc.sh:
3783: Generate a sed script file when munging *.mdoc or *.man instead of
3784: passing sed expressions on the command line. Older seds do not
3785: support \n in a replacement so generate and run a sed script
3786: instead.
3787: [0bcce3f1ca18]
3788:
3789: * doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in,
3790: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in,
3791: doc/visudo.man.in:
3792: Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION"
3793: [fe0f10b63776]
3794:
3795: 2012-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
3796:
3797: * src/exec.c:
3798: When checking whether a signal is user-generated, compare si_code
3799: against SI_USER instead of <= 0 since on HP-UX, terminal-related
3800: signals get a code of 0.
3801: [4e9021243343]
3802:
3803: * src/sudo.c:
3804: SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX
3805: interchangably. This causes problems when setting RLIMIT_NPROC to
3806: RLIM_INFINITY due to a bug in bash where bash tries to honor the
3807: value of _SC_CHILD_MAX but treats a value of -1 as an error, and
3808: uses a default value of 32 instead.
3809:
3810: Previously, we just checked RLIMIT_NPROC and, if it was unlimited,
3811: restored the previous value of RLIMIT_NPROC. However, that makes it
3812: impossible to set nproc to unlimited. We now only restore the nproc
3813: resource limit if sysconf(_SC_CHILD_MAX) is negative. In most
3814: cases, pam_limits will set RLIMIT_NPROC for us.
3815: [cb71cc8d0b08]
3816:
3817: 2012-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
3818:
3819: * plugins/sudoers/ldap.c:
3820: Active Directory apparently requires that tenths of a second be
3821: present in a date so append .0 to the "now" value in the time
3822: filter. Also remove space for the global AND from TIMEFILTER_LENGTH
3823: since it was not being used consistently. Buffers of
3824: TIMEFILTER_LENGTH now need to account for the terminating NUL byte.
3825: [d28619ff6e45]
3826:
3827: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3828: Fix SELinux build
3829: [cc0d1f4e851b]
3830:
3831: 2012-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
3832:
3833: * MANIFEST:
3834: Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
3835: were not being kept in sync.
3836: [fc3ad1847cb1]
3837:
3838: * doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod,
3839: doc/license.pod:
3840: Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
3841: were not being kept in sync.
3842: [950363dffe3a]
3843:
3844: 2012-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
3845:
3846: * plugins/sudoers/logging.c:
3847: Fix printing of the permission denied message to standard error when
3848: a user is not allowed to run a command. This got broken by the
3849: recent logging changes.
3850: [b7af63da3ca1]
3851:
3852: * plugins/sudoers/sudoers_version.h:
3853: Bump grammar version for Solaris privs.
3854: [2a2baf024477]
3855:
3856: * doc/schema.ActiveDirectory:
3857: Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder
3858: were added. From David Hicks.
3859: [3fc432a8edb4]
3860:
3861: 2012-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
3862:
3863: * plugins/sudoers/Makefile.in:
3864: Remove lex.yy.c when building toke.c
3865: [72bb9e62b289]
3866:
3867: * doc/Makefile.in:
3868: Fix building docs in a build dir.
3869: [7a6f435af022]
3870:
3871: * doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod,
3872: doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod,
3873: doc/sudoreplay.pod, doc/visudo.pod:
3874: Remove pod versions of the manual; we now use mdoc.
3875: [5c967d2dd5db]
3876:
3877: * MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh,
3878: doc/sudoers.man.sh, doc/sudoers.mdoc.sh:
3879: Add post-processing scripts to strip out login class, BSD auth,
3880: SELinux and privilege set bits when they are not supported.
3881: [d0d51f72f597]
3882:
3883: * NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in,
3884: doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in,
3885: doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod,
3886: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
3887: plugins/sudoers/def_data.in, plugins/sudoers/gram.c,
3888: plugins/sudoers/gram.h, plugins/sudoers/gram.y,
3889: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
3890: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
3891: plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
3892: plugins/sudoers/toke.l, src/sudo.c, src/sudo.h:
3893: Merge in Solaris privilege support by Darren Moffat and John
3894: Zolnowsky
3895: [3aa0a64f2f5c]
3896:
3897: 2012-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
3898:
3899: * doc/contributors.pod:
3900: Sync with CONTRIBUTORS file
3901: [9a0852306ad9]
3902:
3903: * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
3904: doc/sudoers.man.in, doc/sudoreplay.man.in:
3905: Regen .man.in files with my private mandoc.
3906: [dc3c9fc449eb]
3907:
3908: * doc/Makefile.in:
3909: add MANDOC variable
3910: [35527e66afc5]
3911:
3912: 2012-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
3913:
3914: * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
3915: doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in:
3916: Regen .man.in files with hacked mandoc to avoid issues with historic
3917: nroff.
3918: [d45cfa7d665f]
3919:
3920: 2012-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
3921:
3922: * doc/sudo.mdoc.in, doc/sudoers.mdoc.in:
3923: Fix groff warnings.
3924: [111d522ca807]
3925:
3926: * doc/Makefile.in:
3927: Fix dependencies for .man.in files.
3928: [aefeffe1af2b]
3929:
3930: * .hgignore:
3931: Add doc/*.mdoc to ignore file
3932: [1e4de6ef2ad8]
3933:
3934: * INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in,
3935: doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
3936: doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
3937: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
3938: doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
3939: doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
3940: doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
3941: doc/visudo.man.in, doc/visudo.mdoc.in:
3942: Build .man.in and .cat files from .mdoc.in files. Add new --with-man
3943: and --with-mdoc configure options.
3944: [c963fd7e8f80]
3945:
3946: 2012-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
3947:
3948: * doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in,
3949: doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
3950: Sudo manuals formatted in mdoc, to replace the pod versions.
3951: [e6dca4030451]
3952:
3953: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
3954: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
3955: doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod,
3956: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
3957: doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod:
3958: More minor costmetic fixes.
3959: [a7287a68385a]
3960:
3961: 2012-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
3962:
3963: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
3964: Minor cosmetic fixes.
3965: [9c48bdaf3946]
3966:
3967: 2012-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
3968:
3969: * plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot:
3970: Use "a password is required" instead of "password required" when the
3971: -n flag is used and we need to read a password.
3972: [a3c30fc41648]
3973:
3974: 2012-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
3975:
3976: * NEWS:
3977: Mention logging changes.
3978: [8238fd6e02e8]
3979:
3980: * plugins/sudoers/po/sudoers.pot:
3981: regen
3982: [e2cf634ba63b]
3983:
3984: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3985: Document that other mail_* flags have precedence over mail_badpass.
3986: [9f4cc9188f40]
3987:
3988: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
3989: plugins/sudoers/logging.c, plugins/sudoers/logging.h,
3990: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
3991: Move log_denial() calls and logic to log_failure(). Move
3992: authentication failure logging to log_auth_failure(). Both of these
3993: call audit_failure() for us.
3994:
3995: This subtly changes logging for commands that are denied by sudoers
3996: but where the user failed to enter the correct password.
3997: Previously, these would be logged as "N incorrect password attempts"
3998: but now are logged as "command not allowed". Fixes bug #563
3999: [cad35f0b3ad7]
4000:
4001: 2012-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
4002:
4003: * common/aix.c:
4004: Do not set a resource limit to zero when we are unable to fetch a
4005: value from /etc/security/limits.
4006: [62bfb0a7895e]
4007:
4008: 2012-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
4009:
4010: * sudo.pp:
4011: Add "Provides: sudo" to debian sudo-ldap package
4012: [beb8afa0beb2]
4013:
4014: 2012-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
4015:
4016: * configure, configure.in, zlib/Makefile.in:
4017: Define NO_VIZ for zlib when gcc doesn't support symbol visibility
4018: attributes.
4019: [9fdcbf526386]
4020:
4021: * configure, configure.in:
4022: Use the autoconf cache when checking for symbol export control
4023: support.
4024: [03c2cce8711f]
4025:
4026: * INSTALL, common/Makefile.in, compat/Makefile.in, configure,
4027: configure.in, mkpkg, plugins/sample/Makefile.in,
4028: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4029: plugins/system_group/Makefile.in, src/Makefile.in:
4030: Add configure check for building PIE executables instead of doing it
4031: in mkpkg.
4032: [02b5b78ef258]
4033:
4034: * sudo.pp:
4035: MacOS pp backend doesn't like modes longer than 4 characters.
4036: [01b49022bf01]
4037:
4038: 2012-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
4039:
4040: * configure, configure.in:
4041: Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding
4042: -fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool
4043: will strip -fstack-protector from the linker flags and we always
4044: link with libtool.
4045: [0a0a0250ac2b]
4046:
4047: 2012-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
4048:
4049: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
4050: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
4051: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
4052: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
4053: Regen for sudo 1.8.6
4054: [1657ee28b496]
4055:
4056: * NEWS, doc/sudoers.ldap.pod:
4057: Document improved Tivoli Directory Server support.
4058: [fb411edf4687]
4059:
4060: * config.h.in, configure, configure.in, plugins/sudoers/ldap.c:
4061: Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf
4062: option to specify Tivoli key db password. Allow TLS ciphers to be
4063: configured for Tivoli.
4064: [737e17c91e60]
4065:
4066: 2012-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
4067:
4068: * plugins/sudoers/ldap.c:
4069: Tivoli Directory Server 6.3 libs always return a (bogus) error when
4070: setting LDAP_OPT_CONNECT_TIMEOUT.
4071: [504406637c38]
4072:
4073: * NEWS:
4074: Update
4075: [687a755604e8]
4076:
4077: * plugins/sudoers/ldap.c:
4078: Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the
4079: same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a
4080: set an ldap option fatal.
4081: [17cf93ae3304]
4082:
4083: 2012-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
4084:
4085: * plugins/sudoers/sudoers.c:
4086: Zero pointers in sudo_user struct after freeing, just in case.
4087: [8eff1f80b943]
4088:
4089: * plugins/sudoers/sudoers.c:
4090: Free user_gids in close function if it has not already been freed.
4091: [cbce28877f37]
4092:
4093: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
4094: plugins/sudoers/sudoers.h:
4095: Defer group ID to name resolution until we actually need it.
4096: [463e75b81e89]
4097:
4098: * src/sudo.c:
4099: It is safe to read in sudo.conf before calling user_info().
4100: [3290b6434e3c]
4101:
4102: * plugins/sudoers/env.c, plugins/sudoers/ldap.c:
4103: Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to
4104: prevent potential truncation. Bug #562.
4105: [29d9fc4e0c4e]
4106:
4107: 2012-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
4108:
4109: * sudo.pp:
4110: If installing with installp, error out if there is already an
4111: instance of the rpm package installed.
4112: [ec24c6faba22]
4113:
4114: * mkpkg:
4115: Add --disable-nls for AIX
4116: [192ac2f7d65e]
4117:
4118: 2012-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
4119:
4120: * sudo.pp:
4121: Debian sudo-ldap packages should now depend on libldap-2.4-2, not
4122: libldap2.
4123: [cbcec71e6b58]
4124:
4125: 2012-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
4126:
4127: * sudo.pp:
4128: Add Homepage and Bugs to debian control file.
4129: [0f19d7d14e66]
4130:
4131: 2012-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
4132:
4133: * mkpkg:
4134: fix typo when setting aix_freeware
4135: [2fd6feb50195]
4136:
4137: * common/Makefile.in, compat/Makefile.in, configure, configure.in,
4138: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
4139: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4140: plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in:
4141: Don't run regress tests or sudoers sanity check (using the newly-
4142: built visudo) when cross compiling. Bug #560
4143: [0c4e3f68b2f5]
4144:
4145: * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
4146: plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map,
4147: plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in,
4148: plugins/sample_group/sample_group.exp,
4149: plugins/sample_group/sample_group.map,
4150: plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
4151: plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map,
4152: plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in,
4153: plugins/system_group/system_group.exp,
4154: plugins/system_group/system_group.map,
4155: plugins/system_group/system_group.sym:
4156: Rename foo.sym -> foo.exp Remove foo.map from the repo and generate
4157: it on demand Use a loader option file for HP-UX ld to explicitly
4158: export symbols
4159: [2402ff5302ab]
4160:
4161: * src/Makefile.in:
4162: Remove extraneous backslash
4163: [8ca054de138c]
4164:
4165: * plugins/sudoers/regress/check_symbols/check_symbols.c:
4166: Don't check for errorx as an exported symbols as it is now a macro.
4167: Check for user_in_group() instead.
4168: [7b02c8ecd3ea]
4169:
4170: 2012-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
4171:
4172: * configure, configure.in:
4173: Adjust ld map file support to use an anonymous scope to match the
4174: updated .map files.
4175: [49be44282d9e]
4176:
4177: 2012-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
4178:
4179: * config.h.in, configure, configure.in, include/gettext.h:
4180: Older versions of Solaris lack ngettext()
4181: [028af10dfa5f]
4182:
4183: * configure, configure.in:
4184: Move the check for -static-libgcc until after AC_LANG_WERROR has
4185: been called and use AX_CHECK_COMPILE_FLAG().
4186: [a7b09120e7ff]
4187:
4188: * include/gettext.h:
4189: Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H
4190: [3aa2780d4a4e]
4191:
4192: * include/error.h, include/sudo_debug.h:
4193: Fix gcc 2.x variant macro support.
4194: [8e71c2370997]
4195:
4196: * plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c:
4197: Fix compilation on gcc 2.95 and other compilers that only allow
4198: variable declarations at the beginning of a block.
4199: [9d80c802bb46]
4200:
4201: * configure, configure.in, plugins/sudoers/Makefile.in:
4202: Link check_symbols with SUDO_LIBS to make sure we link with the
4203: requisite libraries to successfully dlopen sudoers.so. This is
4204: needed on HP-UX where a program dlopen()ing a shared object that
4205: uses pthreads must also be linked with pthreads (and HP-UX LDAP uses
4206: pthreads).
4207: [b8961cd82337]
4208:
4209: * plugins/sudoers/regress/check_symbols/check_symbols.c:
4210: Add check for exported local symbols. This will cause a "make
4211: check" failure on systems where we don't support symbol hiding.
4212: [8aa549389bb1]
4213:
4214: * configure, configure.in:
4215: Additional ${foo} -> $(foo) Makefile tweaks.
4216: [046bbde18f52]
4217:
4218: * plugins/sample/sample_plugin.map,
4219: plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map,
4220: plugins/system_group/system_group.map:
4221: No need to provide a name for the scope in the map file since we
4222: don't use the it for versioning.
4223: [5ed4b997560d]
4224:
4225: 2012-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
4226:
4227: * MANIFEST, plugins/sudoers/Makefile.in,
4228: plugins/sudoers/regress/check_symbols/check_symbols.c:
4229: Add regress test for symbol visibility.
4230: [9adddd4e0518]
4231:
4232: 2012-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
4233:
4234: * NEWS, configure, configure.in:
4235: sudo 1.8.6
4236: [57008a7afb77]
4237:
4238: * configure, configure.in, include/missing.h:
4239: Add support for controlling symbol visibility using the HP and
4240: Solaris C compilers.
4241: [46d5b468979e]
4242:
4243: * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
4244: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
4245: plugins/sudoers/sudoers.h:
4246: Use the expanded io log dir when updating the sequence number.
4247: Includes a workaround for older versions of sudo where the sequence
4248: number was stored in the unexpanded io log dir.
4249: [210797dab9a8]
4250:
4251: 2012-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
4252:
4253: * src/parse_args.c:
4254: Simplify "sudo -s" argv rewriting.
4255: [7be143dae7c5]
4256:
4257: * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
4258: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4259: plugins/system_group/Makefile.in, src/Makefile.in,
4260: src/sudo_noexec.map:
4261: Don't use a map file for sudo_noexec.so since Solaris ld doesn't
4262: allow '*' in the global section. The libtool export flag is now
4263: added to LT_LDFLAGS instead of commenting/uncommenting lines.
4264: [38fc37a66b04]
4265:
4266: 2012-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
4267:
4268: * config.h.in, configure, configure.in, include/missing.h:
4269: The visibility attribute was actually added in gcc 3.3.x, not 4.0.
4270: Just assume that if -fvisibility=hidden works that the attribute is
4271: usable.
4272: [d3904d6faf14]
4273:
4274: * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
4275: plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
4276: plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
4277: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
4278: plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map,
4279: plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c,
4280: plugins/system_group/system_group.c:
4281: Export group cache from sudoers.so for system_group.so to use.
4282: [16695d207fc5]
4283:
4284: * MANIFEST, configure, configure.in, include/missing.h,
4285: plugins/sample/Makefile.in, plugins/sample/sample_plugin.map,
4286: plugins/sample_group/Makefile.in,
4287: plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in,
4288: plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
4289: plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in,
4290: plugins/system_group/system_group.map, src/sudo_noexec.c,
4291: src/sudo_noexec.map:
4292: Use gcc's visibility attribute to specify when symbols are visible
4293: or hidden, if available. If not available, use an ELF version
4294: script if it is supported. If all else fails, fall back to using
4295: libtool's -export-symbols.
4296: [64e889921727]
4297:
4298: 2012-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
4299:
4300: * sudo.pp:
4301: Add mode for installed locale files but leave the directories with
4302: default mode and owner.
4303: [142237dbb31f]
4304:
4305: 2012-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
4306:
4307: * mkpkg, sudo.pp:
4308: Install AIX packages under /opt/freeware with links in /usr/bin and
4309: /usr/sbin. This matches the layout of the sudo package from AIX
4310: freeware.
4311: [0b79d47bbe01]
4312:
4313: * Makefile.in, configure, configure.in, plugins/sample/Makefile.in,
4314: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4315: plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp:
4316: Install shared objects with mode 0644 except on HP-UX which needs
4317: the executable bit set.
4318: [ae416af0ba6c]
4319:
4320: * Makefile.in, doc/Makefile.in, include/Makefile.in,
4321: plugins/sudoers/Makefile.in, src/Makefile.in:
4322: Make installed file modes consistent with the file modes in the sudo
4323: package.
4324: [307386373289]
4325:
4326: 2012-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
4327:
4328: * doc/sudoers.pod:
4329: Add "%:" prefix when talking about QAS non-Unix group support.
4330: [7cb25f6861f8]
4331:
4332: * pp, sudo.pp:
4333: Fix packaging of symbolic links on HP-UX when the link source
4334: already exists in the filesystem.
4335: [c9bb48031596]
4336:
4337: * mkpkg:
4338: Only specify prefix if we are overriding the default value. Fixes
4339: the man dir (/usr/local/man vs. /usr/local/share/man).
4340: [65351b6c1697]
4341:
4342: * sudo.pp:
4343: Fix setting of sudoedit_man variable.
4344: [9beed9ae5bba]
4345:
4346: * doc/Makefile.in:
4347: Echo the command when linking the sudoedit manual.
4348: [6c83b5657b55]
4349:
4350: 2012-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
4351:
4352: * mkpkg, sudo.pp:
4353: Build .deb packages with selinux support.
4354: [3fd9cb1b4526]
4355:
4356: 2012-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
4357:
4358: * sudo.pp:
4359: Don't list paths for unstripped binaries in the lintial overrides.
4360: [4c8e16f1773b]
4361:
4362: * pp:
4363: Add support for Installed-Size header in control file, required by
4364: newer debian versions.
4365: [e97d76234bee]
4366:
4367: * pp:
4368: Fix extended description in .deb files.
4369: [d35e27ace146]
4370:
4371: * sudo.pp:
4372: Add Depends, Replaces and Conflicts headers for .deb packages.
4373: [76eb6c4b3278]
4374:
4375: 2012-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
4376:
4377: * plugins/sudoers/sudo_nss.c:
4378: If there are no privs to print, write the message to the lbuf
4379: instead of printing it directly.
4380: [ecd56226abb7]
4381:
4382: 2012-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
4383:
4384: * sudo.pp:
4385: Set -e in %pos and %preun for debian to quiet a lintian warning.
4386: [8bb908514df9]
4387:
4388: * doc/Makefile.in, src/Makefile.in, sudo.pp:
4389: Install sudoedit and the sudoedit manual as symbolic links, not hard
4390: links and package them as such.
4391: [f317ff3cf3e7]
4392:
4393: * sudo.pp:
4394: Make sudo binary permissions 755 instead of 111 Add lintian
4395: overrides file for .deb files.
4396: [991cd7d7f0e1]
4397:
4398: * configure, configure.in, doc/Makefile.in, mkpkg:
4399: Replace out of date MAN_POSTINSTALL with MANCOMPRESS and
4400: MANCOMPRESSEXT which can be used to compress the installed manual
4401: pages. Compress the man pages for .deb files to appease lintian.
4402: [4e34083b41d2]
4403:
4404: * sudo.pp:
4405: Debian fixes:
4406: * fix modes to be more in line with what Debian expects
4407: * add section
4408: * install LICENSE as copyright and ChangeLog as changelog
4409: * create stub changelog.debian
4410: [7f6c5647f588]
4411:
4412: * pp:
4413: Fix find command to properly skip files in the DEBIAN dir when
4414: building md5sums.
4415: [8918bde941fa]
4416:
4417: * pp, sudo.pp:
4418: Use a debian-compliant package maintainer field.
4419: [fc51a94170eb]
4420:
4421: 2012-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
4422:
4423: * plugins/sudoers/sudoreplay.c:
4424: No need to loop over atomic_writev(), it guarantees to write all
4425: data or return an error.
4426:
4427: Fix handling of stdout/stderr that contains "\r\n" and handle a
4428: "\r\n" pair that spans a buffer.
4429: [8aaf02d90c45]
4430:
4431: 2012-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
4432:
4433: * NEWS:
4434: Update for sudo 1.8.5p2
4435: [d369d4d40a19]
4436:
4437: * plugins/sudoers/sudoreplay.c:
4438: Instead of doing extra write()s when replaying stdout, build up a
4439: vector for writev() instead. This results in far fewer system
4440: calls.
4441: [303d866c025c]
4442:
4443: 2012-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
4444:
4445: * src/env_hooks.c, src/sudo.h, src/tgetpass.c:
4446: Provide unhooked version of getenv() and use it when looking up
4447: DISPLAY and SUDO_ASKPASS in the environment.
4448: [04dbdccf4a14]
4449:
4450: 2012-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
4451:
4452: * plugins/sudoers/sudoreplay.c:
4453: When replaying a log of stdout or stderr, do newline to carriage
4454: return + linefeed conversion. We cannot have termios do this for us
4455: since we've disabled output postprocessing (POST) when setting raw
4456: mode.
4457: [61352a7d996f]
4458:
4459: 2012-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
4460:
4461: * configure, configure.in:
4462: When checking for -fstack-protector, treat warnings as fatal errors.
4463: [4124cd12d511]
4464:
4465: 2012-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
4466:
4467: * configure, configure.in:
4468: Fix test for -z relro
4469: [548bdb6f5c4a]
4470:
4471: * MANIFEST:
4472: Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4
4473: [ed063264a2a1]
4474:
4475: * INSTALL, aclocal.m4, configure, configure.in,
4476: m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4:
4477: Build with -fstack-protector and link with -zrelo where supported.
4478: Added --disable-hardening option to disable hardening options.
4479: [0b6c1a1ceb03]
4480:
4481: 2012-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
4482:
4483: * plugins/sudoers/Makefile.in,
4484: plugins/sudoers/regress/testsudoers/test1.sh,
4485: plugins/sudoers/regress/testsudoers/test2.sh,
4486: plugins/sudoers/regress/testsudoers/test3.sh,
4487: plugins/sudoers/regress/testsudoers/test4.out.ok,
4488: plugins/sudoers/regress/testsudoers/test4.sh,
4489: plugins/sudoers/regress/testsudoers/test5.inc,
4490: plugins/sudoers/regress/testsudoers/test5.out.ok,
4491: plugins/sudoers/regress/testsudoers/test5.sh,
4492: plugins/sudoers/testsudoers.c:
4493: Add tests for sudoers mode, owner and group checks.
4494: [a7607443aba0]
4495:
4496: * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
4497: If sudoers_mode is group-readable but the actual sudoers file is
4498: not, open the file as uid 0, not uid 1. This fixes a problem when
4499: sudoers has a more restrictive mode than what sudo expects to find.
4500: In older versions, sudo would silently chmod the file to add the
4501: group-readable bit.
4502: [c056b6003e6f]
4503:
4504: * INSTALL, common/secure_path.c, config.h.in, configure, configure.in:
4505: No longer throw an error if sudoers is a symbolic link. Deprecated
4506: the --with-stow option as that is now (effectively) the default.
4507: [8ce783e54886]
4508:
4509: 2012-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
4510:
4511: * plugins/sudoers/Makefile.in,
4512: plugins/sudoers/regress/testsudoers/test2.inc,
4513: plugins/sudoers/regress/testsudoers/test2.out.ok,
4514: plugins/sudoers/regress/testsudoers/test2.sh,
4515: plugins/sudoers/regress/testsudoers/test3.d/root,
4516: plugins/sudoers/regress/testsudoers/test3.out.ok,
4517: plugins/sudoers/regress/testsudoers/test3.sh:
4518: Add basic tests for #include and #includedir
4519: [b303e4218951]
4520:
4521: * plugins/sudoers/testsudoers.c:
4522: Add -U sudoers_uid option to testsudoers.
4523: [3f8ed13501ba]
4524:
4525: 2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
4526:
4527: * NEWS, configure, configure.in:
4528: Update for 1.8.5p1
4529: [c33c49bf5b4b]
4530:
4531: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4532: Fix #includedir; from Mike Frysinger
4533: [d4833d4e39a0]
4534:
4535: * plugins/sudoers/check.c:
4536: Don't prompt for a password if the user is in the exempt group, is
4537: root, or is running the command as themselves even if the -k option
4538: was specified. This makes "sudo -k command" consistent with the
4539: behavior one would get if the user ran "sudo -k" immediately before
4540: running the command.
4541: [632b3961df00]
4542:
4543: 2012-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
4544:
4545: * INSTALL:
4546: Fix capitalization
4547: [7258aa977caf]
4548:
4549: * mkpkg:
4550: Build PIE executable on Mac OS X 10.5 and above.
4551: [2a5c7ef92182]
4552:
4553: 2012-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
4554:
4555: * NEWS:
4556: Update for sudo 1.8.4p5
4557: [21164f508b68]
4558:
4559: * plugins/sudoers/match_addr.c:
4560: Add missing break between AF_INET and AF_INET6 in
4561: addr_matches_if_netmask()
4562: [672a4793931a]
4563:
4564: * plugins/sudoers/mon_systrace.c:
4565: Move systrace monitor code to the attic
4566: [d6faf4754e9c]
4567:
4568: 2012-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
4569:
4570: * src/exec.c:
4571: The pointer to the siginfo_t struct in a signal handler may be NULL.
4572: [41a4ee934b53]
4573:
4574: 2012-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
4575:
4576: * plugins/sudoers/pwutil.c:
4577: Fix an alignment problem on NetBSD systems with a 64-bit time_t and
4578: strict alignment. Based on a patch from Martin Husemann.
4579: [1e5ba3c18f17]
4580:
4581: * include/missing.h:
4582: Add offsetof macro for those without it.
4583: [e44cb51d2587]
4584:
4585: * MANIFEST:
4586: add system_group plugin
4587: [6169793b510c]
4588:
4589: 2012-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
4590:
4591: * compat/dlopen.c:
4592: Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX.
4593: [85bd03bc5d94]
4594:
4595: 2012-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
4596:
4597: * NEWS:
4598: Mention system_group plugin
4599: [05393dd4bdb8]
4600:
4601: * Makefile.in, plugins/sudoers/Makefile.in,
4602: plugins/system_group/Makefile.in:
4603: update depends
4604: [6feb0b824fc4]
4605:
4606: * plugins/system_group/system_group.c:
4607: Only call gr_delref() when use sudo's password caching functions.
4608: [1103442e21fa]
4609:
4610: * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in:
4611: Add missing dependency on libreplace.la
4612: [05bfd9d4657f]
4613:
4614: * compat/dlopen.c:
4615: Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and
4616: PROG_HANDLE.
4617: [2382d0693acc]
4618:
4619: * Makefile.in, configure, configure.in,
4620: plugins/system_group/Makefile.in,
4621: plugins/system_group/system_group.c,
4622: plugins/system_group/system_group.sym:
4623: Add group plugin that does lookups by name using the system group
4624: database.
4625: [2ddbb604112f]
4626:
4627: * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo,
4628: src/po/pl.po:
4629: sync with translationproject.org
4630: [4ef05df4226d]
4631:
4632: 2012-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
4633:
4634: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
4635: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
4636: plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
4637: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
4638: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
4639: src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po,
4640: src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
4641: src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po,
4642: src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
4643: src/po/zh_CN.mo, src/po/zh_CN.po:
4644: sync with translationproject.org
4645: [115c3f828fc5]
4646:
4647: 2012-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
4648:
4649: * sudo.pp:
4650: Add mode for docdir and use '-' (default) for localedir mode. Fixes
4651: a problem on Linux when building in a directory with the setgid bit
4652: set.
4653: [582279c8bcb1]
4654:
4655: 2012-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
4656:
4657: * pp:
4658: Match CentOS 6.0
4659: [1e99ef210f98]
4660:
4661: 2012-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
4662:
4663: * NEWS:
4664: Update with recent changes
4665: [c5fc220ba696]
4666:
4667: * pp:
4668: Fix version check on AIX
4669: [d272e39112f4]
4670:
4671: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
4672: regen
4673: [72b23509465a]
4674:
4675: * plugins/sudoers/ldap.c:
4676: Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP
4677: SDK.
4678: [87b685e70b9a]
4679:
4680: * plugins/sudoers/ldap.c:
4681: Fix printing of invalid uri
4682: [645aa53acdde]
4683:
4684: * plugins/sudoers/auth/pam.c:
4685: Pass PAM_SILENT when deleting creds to remove an annoying warning
4686: message on Solaris.
4687: [1dd0301ef293]
4688:
4689: 2012-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
4690:
4691: * src/utmp.c:
4692: Fix the setutxent and endutxent compatibility defines (this time
4693: correctly) when only setutent and endutent are available.
4694: [d136d2867db9]
4695:
4696: * plugins/sudoers/ldap.c:
4697: sudo_ldap_set_options_global() should not take an LDAP handle as an
4698: argument since the options affect the global settings.
4699: [1dc39b9d20f2]
4700:
4701: * mkpkg:
4702: Debian sudo has not been built with --with-exempt=sudo since 1.6.8.
4703: [c7716291a856]
4704:
4705: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4706: plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c,
4707: src/sudo.h:
4708: Call the policy's init_session() function before we fork the child.
4709: That way, the session is created and destroyed in the same process,
4710: which is needed by some modules, such as pam_mount.
4711: [ece552ba002e]
4712:
4713: * doc/TROUBLESHOOTING:
4714: Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is
4715: not specified.
4716: [bd293e100b28]
4717:
4718: * plugins/sudoers/auth/pam.c:
4719: Delete creds after closing the PAM session.
4720: [5158d726d6a5]
4721:
4722: * plugins/sudoers/ldap.c:
4723: Provide a more useful error message if using a Mozilla-style LDAP
4724: SDK and you forgot to specify TLS_CERT in ldap.conf.
4725: [7cb78feb899c]
4726:
4727: * src/exec_pty.c:
4728: Add missing initialization of a sigaction structure when I/O
4729: logging. Fixes a potential problem when suspending the command.
4730: [f4480f2ba816]
4731:
4732: * plugins/sudoers/ldap.c:
4733: Split global and per-connection LDAP options into separate arrays.
4734: Set global LDAP options before calling ldap_initialize() or
4735: ldap_init(). After we have an LDAP handle, set the per-connection
4736: options. Fixes a problem with OpenLDAP using the nss crypto backend;
4737: bug #342
4738: [265c9d2dc12b]
4739:
4740: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
4741: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
4742: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
4743: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
4744: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
4745: src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po,
4746: src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
4747: sync with translationproject.org
4748: [6d7fe44be21e]
4749:
4750: 2012-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
4751:
4752: * src/sudo.c, src/sudo.h:
4753: Move struct passwd pointer into struct command details.
4754: [d6fb1eff2065]
4755:
4756: 2012-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
4757:
4758: * pp:
4759: Sync with upstream for Mac OS X (and other) fixes.
4760: [c2f4998d01b0]
4761:
4762: * mkpkg:
4763: Only built Mac intel universal binary on an intel machine.
4764: [0009e0b7e5a8]
4765:
4766: * src/Makefile.in:
4767: Do not pass libtool the -static-libtool-libs option when building
4768: sudo and sesh. Otherwise, libtool may prefer a static version of an
4769: installed library over a dynamic one when linking.
4770: [6fbac9adc885]
4771:
4772: 2012-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
4773:
4774: * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo,
4775: plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po:
4776: Add German translation for sudo Add Croatian translation for sudoers
4777: [fa4da1a6530c]
4778:
4779: * plugins/sudoers/iolog.c:
4780: typo fix in comment
4781: [abd721d1288e]
4782:
4783: 2012-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
4784:
4785: * NEWS:
4786: Update with recent changes
4787: [6fa11e8448b9]
4788:
4789: * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
4790: Sort xgettext output by file name.
4791: [f650841810f0]
4792:
4793: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
4794: Clarify what "sudoreplay -l" displays and mention that it is sorted.
4795: [84031c117bd6]
4796:
4797: * config.h.in, configure, configure.in, src/ttyname.c:
4798: Use AC_HEADER_MAJOR to determine where major/minor are defined.
4799: [3c949650a223]
4800:
4801: * config.h.in, configure, configure.in, src/ttyname.c:
4802: Include sys/mkdev.h if present instead of sys/sysmacros.h for
4803: minor(). This is needed on Solaris (at least) where the makedev
4804: macros in sysmacros.h are obsolete and library functions should be
4805: used instead.
4806: [343928acf81e]
4807:
4808: * mkpkg:
4809: When building on Mac OS X, only set SDK_FLAGS if specified osversion
4810: doesn't match host.
4811: [d84c6efac872]
4812:
4813: 2012-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
4814:
4815: * src/ttyname.c:
4816: Add back buf and tty variables for _ttyname() case that were
4817: inadvertantly removed.
4818: [a4a820b22a44]
4819:
4820: 2012-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
4821:
4822: * plugins/sudoers/po/sudoers.pot:
4823: regen
4824: [5446b12c1250]
4825:
4826: * configure, configure.in:
4827: Remove b8 from version number.
4828: [5adc4dcec061]
4829:
4830: * src/ttyname.c:
4831: remove some XXX
4832: [187579a5f593]
4833:
4834: * src/ttyname.c:
4835: When looking for a device match, do a breadth-first search instead
4836: of depth-first. We already special case /dev/pts/ so chances are
4837: good that if it is not a pseudo-tty it is in the base of /dev/. Also
4838: avoid a stat(2) when possible if struct dirent has d_type.
4839: [0183f8a1b278]
4840:
4841: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4842: src/sudo.c, src/sudo.h:
4843: Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list.
4844: [f0574d878491]
4845:
4846: * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo,
4847: src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo,
4848: src/po/vi.mo:
4849: sync with translationproject.org
4850: [4527ea78fbd5]
4851:
4852: * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po,
4853: src/po/hr.mo, src/po/hr.po:
4854: New Croatian and Galician translations from translationproject.org
4855: [ad4bd924b4de]
4856:
4857: * src/ttyname.c:
4858: Add depth-first traversal of /dev/ for the /proc case when not
4859: /dev/pts/N
4860: [499bd3456774]
4861:
4862: * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c:
4863: If struct dirent has d_type, use it to avoid an extra stat().
4864: [741dabbe4bcd]
4865:
4866: * plugins/sudoers/sudoreplay.c:
4867: Sort output of "sudoreplay -l"
4868: [c0615795bd4b]
4869:
4870: 2012-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
4871:
4872: * plugins/sudoers/sudoreplay.c:
4873: Fix duplicate free introduced in last rev
4874: [efdaabe69d75]
4875:
4876: 2012-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
4877:
4878: * plugins/sudoers/auth/pam.c:
4879: Instead of treating ^C from tgetpass() specially, always return
4880: AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL
4881: like PAM_AUTH_ERR which Mac OS X returns this when there is no tty.
4882: [a3b17298d4d0]
4883:
4884: * config.h.in, configure, configure.in, src/ttyname.c:
4885: Rototill code to determine the tty. For Linux, we now look up the
4886: tty device in /proc/pid/stat instead of trying to open
4887: /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given
4888: device number to a string. On BSD, we can use devname(). On
4889: Solaris, _ttyname_dev() does what we want. TODO: write /dev/
4890: traversal code for the generic sudo_ttyname_dev().
4891: [6b22be4d09f0]
4892:
4893: 2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
4894:
4895: * src/ttyname.c:
4896: Define PRNODEV for those w/o it.
4897: [f17290e64559]
4898:
4899: * config.h.in, configure, configure.in, src/ttyname.c:
4900: Check for SVR4-style struct psinfo.pr_ttydev and use that to
4901: determine the tty if std{in,out,err} are not ttys.
4902: [76ad33a91f4b]
4903:
4904: * src/ttyname.c:
4905: Better support for SVR4-style /proc entries where we can't use
4906: ttyname() on the /proc/pid/fd/[0-2] entries. We can, however,
4907: attempt to map the device number back to the correct pseudo-tty
4908: slave device.
4909: [4f9f48cc79eb]
4910:
4911: * src/ttyname.c:
4912: When trying to determine the tty name, check parent's stderr in
4913: addition to its stdin and stdout.
4914: [604644056c7d]
4915:
4916: * src/exec_pty.c:
4917: Treat a tty read failure like EOF as it usually means the pty has
4918: gone away. Handle write() on the tty returning EIO.
4919: [16957f4a706f]
4920:
4921: * src/exec.c, src/exec_pty.c:
4922: Linux select() may return ENOMEM if there is a kernel resource
4923: shortage. Older Solaris select() may return EIO instead of EBADF
4924: when the tty goes away. If we get an unhandled select() failure,
4925: kill the child and exit cleanly.
4926: [d93940a311ab]
4927:
4928: * src/ttyname.c:
4929: Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might
4930: block in open.
4931: [a9f809d09d52]
4932:
4933: 2012-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
4934:
4935: * plugins/sudoers/set_perms.c:
4936: Fix restoration of AIX permissions.
4937: [30c717115988]
4938:
4939: * src/parse_args.c:
4940: Allow the -k flag to be used along with the -i and -s flags.
4941: [0653b17c97f1]
4942:
4943: * plugins/sudoers/sudoreplay.c:
4944: Plug memory leak in parse_logfile() in the error path.
4945: [9cce86fa833b]
4946:
4947: * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
4948: src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po,
4949: src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po,
4950: src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
4951: src/po/zh_CN.mo, src/po/zh_CN.po:
4952: sync with translationproject.org
4953: [14af43d0b170]
4954:
4955: 2012-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
4956:
4957: * compat/regress/glob/globtest.c, config.h.in, configure,
4958: configure.in, plugins/sudoers/match.c:
4959: Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the
4960: glob() and fnmatch() results to be consistent.
4961: [4226750d73c2]
4962:
4963: 2012-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
4964:
4965: * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in,
4966: src/ttysize.c:
4967: Move ttysize.c to common so sudoreplay can use it.
4968: [b4a0aa514cd4]
4969:
4970: * plugins/sudoers/sudoreplay.c:
4971: If I/O log file includes rows + cols, warn if the user's tty is not
4972: big enough.
4973: [b980ef89efff]
4974:
4975: * plugins/sudoers/sudoreplay.c:
4976: Fix printing of TSID in "sudoreplay -l"
4977: [4221e3e108b4]
4978:
4979: * common/sudo_debug.c, include/sudo_debug.h,
4980: plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c,
4981: src/exec_pty.c:
4982: Log the process id in the debug file output. Since we don't want to
4983: keep calling getpid(), stash the value at init time and when we
4984: fork().
4985: [2782d30c024d]
4986:
4987: * src/exec_pty.c:
4988: Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It
4989: is better to receive EIO from read()/write() than to be suspended
4990: when we don't expect it. Fixes a problem when our terminal is
4991: revoked which can happen when, e.g. our sshd is killed
4992: unceremoniously. Also, only change the value of "alive" from true to
4993: false, never from false to true. It is possible for us to receive
4994: notification of the child having stopped after it is already dead.
4995: This does not mean it has risen from the grave.
4996: [26c9fe8ce0f9]
4997:
4998: * src/exec_pty.c:
4999: Distinguish between signals we received from the parent vs. those
5000: delivered explicitly to the monitor process in debugging info.
5001: [40716cb180e5]
5002:
5003: 2012-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
5004:
5005: * plugins/sudoers/check.c:
5006: In Solaris 11, /dev/pts under the "dev" filesystem, not "devices".
5007: Update tty_is_devpts() to match so we can determine when the tty has
5008: been reused.
5009: [2689665df027]
5010:
5011: * common/sudo_debug.c, include/error.h, include/sudo_debug.h:
5012: Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf()
5013: and use a new flag, SUDO_DEBUG_FILENO to specify when to use it.
5014: This allows consumers of sudo_debug_printf() to log that data
5015: without having to specify it manually.
5016: [7c94c4879208]
5017:
5018: * src/exec_pty.c:
5019: Make this compile after last change.
5020: [ee09034f3266]
5021:
5022: * src/exec_pty.c:
5023: Don't try to restore the terminal if we are not the foreground
5024: process. Otherwise, we may be stopped by SIGTTOU when we try to
5025: update the terminal settings when cleaning up.
5026: [c48b24335456]
5027:
5028: * src/exec.c:
5029: If select() return EBADF in the main event loop, one of the ttys
5030: must have gone away so perform any I/O we can and close the bad fds.
5031: [3bc8678c03ce]
5032:
5033: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
5034: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
5035: plugins/sudoers/toke.l:
5036: Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the
5037: function, file and line number in the debug log for warning() and
5038: error().
5039: [894cd131f11d]
5040:
5041: 2012-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
5042:
5043: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
5044: src/conversation.c:
5045: Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno.
5046: Use this flag when wrapping error() and warning() so the debug
5047: output includes the error string.
5048: [1e2c67adaf1f]
5049:
5050: 2012-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
5051:
5052: * NEWS:
5053: Update for sudo 1.8.5
5054: [7d2b62b823fe]
5055:
5056: * plugins/sudoers/po/sudoers.pot:
5057: regen
5058: [718ad9de92cd]
5059:
5060: * doc/CONTRIBUTORS:
5061: sync
5062: [f48013aea641]
5063:
5064: * plugins/sudoers/pwutil.c:
5065: Use ecalloc()
5066: [fabd23c1f271]
5067:
5068: * src/exec_pty.c:
5069: Don't need zero_bytes() after ecalloc()
5070: [1a9d95cd10ef]
5071:
5072: * config.h.in, configure, configure.in, src/sudo_noexec.c:
5073: Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to
5074: sudo_noexec.c.
5075: [cbaa1d4b0f8a]
5076:
5077: * src/utmp.c:
5078: Fix compat setutxent and endutxent macros for systems with
5079: setutent() but not setutxent(). From Gustavo Zacarias
5080: [d7ce622fc5f2]
5081:
5082: 2012-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
5083:
5084: * configure.in:
5085: Add ignore_result definition to AH_BOTTOM
5086: [8d4096838a98]
5087:
5088: * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c,
5089: plugins/sudoers/iolog.c, plugins/sudoers/toke.c,
5090: plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c,
5091: src/exec.c, src/exec_pty.c, src/tgetpass.c:
5092: Fix compiler warnings on some platforms and provide a better method
5093: of defeating gcc's warn_unused_result attribute.
5094: [9a8f804fcc75]
5095:
5096: * configure, configure.in:
5097: Fix building the builtin zlib from a build dir. When a zlib dir was
5098: specified, prepend its include path instead of appending so we get
5099: the right zlib headers.
5100: [5f61d591b186]
5101:
5102: * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h,
5103: zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c,
5104: zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h,
5105: zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in,
5106: zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
5107: Update zlib to version 1.2.6
5108: [173c4bc4d4fc]
5109:
5110: 2012-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
5111:
5112: * include/missing.h:
5113: g/c __unused which is no longer used
5114: [7ef3f23edcd6]
5115:
5116: * src/env_hooks.c:
5117: Fix compilation if RTLD_NEXT is not defined.
5118: [d5605f468b71]
5119:
5120: * src/po/sr.mo, src/po/sr.po:
5121: sync with translationproject.org
5122: [27d559f7985d]
5123:
5124: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
5125: doc/sudoers.man.in:
5126: regen
5127: [f9f63ce478b6]
5128:
5129: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
5130: regen
5131: [59035d82d15a]
5132:
5133: * Makefile.in:
5134: Ignore Project-Id-Version when comparing pot files.
5135: [22feb9ede46b]
5136:
5137: * plugins/sudoers/bsm_audit.c:
5138: Use error() instead of log_fatal()
5139: [54130bda4b50]
5140:
5141: * plugins/sudoers/env.c:
5142: Fix signedness of didvar in env_update_didvar()
5143: [77048a80b3e4]
5144:
5145: * plugins/sudoers/iolog.c:
5146: Quiet a compiler warning on some platforms.
5147: [8fdcaece0400]
5148:
5149: * compat/fnmatch.c:
5150: cast ctype(3) function/macro arguments from char to unsigned char to
5151: avoid potential negative subscripting.
5152: [bdcf7eef21ef]
5153:
5154: * common/setgroups.c:
5155: Quiet a warning on systems where the gids array in setgroups() is
5156: not prototyped as being const, even though it really is.
5157: [fdd758c6302d]
5158:
5159: * src/env_hooks.c:
5160: Quiet a compiler warning on systems where the argument to putenv(3)
5161: is const.
5162: [51bae2193b53]
5163:
5164: * plugins/sudoers/sudoreplay.c:
5165: Undo an incorrect int -> bool conversion.
5166: [b9a4ce320f14]
5167:
5168: * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
5169: src/po/sv.mo, src/po/sv.po:
5170: Add Swedish sudo and sudoers translations from
5171: translationproject.org
5172: [f7ce1de9073f]
5173:
5174: * plugins/sudoers/env.c:
5175: No need to preserve ODMDIR on AIX now that we always read
5176: /etc/environment.
5177: [4aa04b2f0125]
5178:
5179: 2012-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
5180:
5181: * doc/sudoers.pod, plugins/sudoers/env.c:
5182: When initializing the environment for env_reset, start out with the
5183: contents of /etc/environment on AIX and login.conf on BSD.
5184: [5717bdc321e2]
5185:
5186: * doc/TROUBLESHOOTING, src/sudo.c:
5187: If we are not running with an effective uid of 0, try to give the
5188: user enough information to debug the problem.
5189: [fa4894896d8a]
5190:
5191: * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
5192: Quiet a clang-analyzer false positive.
5193: [c4c0c1b9c8b0]
5194:
5195: * src/tgetpass.c:
5196: If there is nothing to read from the askpass program, set errno to
5197: EINTR. This makes the cancel button behave like the user entered ^C
5198: at the password prompt when PAM is used.
5199: [594302cb9caf]
5200:
5201: * src/sudo.h, src/tgetpass.c:
5202: Fetch the value of "askpass" from the sudo conf struct.
5203: [4593ee8f1bd3]
5204:
5205: * common/sudo_conf.c:
5206: Fix matching of "Path askpass" and "Path noexec"
5207: [4df28d62afb9]
5208:
5209: 2012-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
5210:
5211: * plugins/sudoers/visudo.c:
5212: Quiet a clang-analyzer dead store warning.
5213: [dd90bf385a3f]
5214:
5215: * plugins/sudoers/sudoers.c:
5216: If the "timestampowner" user cannot be resolved, use ROOT_UID
5217: instead of exiting with a fatal error.
5218: [8d62aae99715]
5219:
5220: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
5221: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
5222: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c,
5223: plugins/sudoers/check.c, plugins/sudoers/env.c,
5224: plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
5225: plugins/sudoers/logging.h, plugins/sudoers/parse.c,
5226: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
5227: Remove the NO_EXIT flag to log_error() and add a log_fatal()
5228: function that exits and is marked no_return. Fixes false positives
5229: from static analyzers and is easier for humans to read too.
5230: [a0fe785c2a3d]
5231:
5232: 2012-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
5233:
5234: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
5235: src/po/eo.po:
5236: sync with translationproject.org
5237: [df5e8777de13]
5238:
5239: 2012-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
5240:
5241: * src/po/da.mo, src/po/da.po:
5242: sync with translationproject.org
5243: [629d99548b78]
5244:
5245: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
5246: sync with translationproject.org
5247: [9d122a2860d6]
5248:
5249: 2012-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
5250:
5251: * src/po/it.mo, src/po/it.po:
5252: sync with translationproject.org
5253: [6397593b15cf]
5254:
5255: * common/sudo_conf.c, plugins/sudoers/alias.c,
5256: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
5257: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5258: plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c,
5259: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
5260: plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c,
5261: src/load_plugins.c:
5262: Use ecalloc() when allocating structs.
5263: [8b5888868db2]
5264:
5265: * common/alloc.c, include/alloc.h:
5266: Add ecalloc() and commented out recalloc(). Use inline strnlen()
5267: instead of strlen() in estrndup().
5268: [7fb9aa46c1e0]
5269:
5270: 2012-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
5271:
5272: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
5273: plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
5274: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
5275: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
5276: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
5277: src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
5278: src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
5279: src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
5280: src/po/zh_CN.mo, src/po/zh_CN.po:
5281: sync with translationproject.org
5282: [45a032c37334]
5283:
5284: 2012-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
5285:
5286: * plugins/sudoers/set_perms.c:
5287: Remove unused label
5288: [2660bb0c1313]
5289:
5290: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5291: Document what changed in each plugin API revision
5292: [59b30a6fc4d1]
5293:
5294: * plugins/sudoers/set_perms.c:
5295: Remove bogus optimization that could lead to a double free of the
5296: group list.
5297: [b0bfbd2a83a8]
5298:
5299: 2012-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
5300:
5301: * doc/TROUBLESHOOTING:
5302: Expand AIX /etc/security/privcmds entry.
5303: [9f3f072e034e]
5304:
5305: * NEWS:
5306: Update for sudo 1.8.5
5307: [086049011f25]
5308:
5309: * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat,
5310: doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
5311: doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat,
5312: doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h,
5313: include/sudo_plugin.h, src/load_plugins.c, src/sudo.c,
5314: src/sudo_plugin_int.h:
5315: Rename plugin "args" to "options"
5316: [f25624951bd2]
5317:
5318: * doc/CONTRIBUTORS:
5319: Add Lithuanian and Vietnamese translators
5320: [2b4c075b69e3]
5321:
5322: * Makefile.in:
5323: Ignore comments when comparing new and old pot files.
5324: [f872999347b3]
5325:
5326: * src/Makefile.in:
5327: regen
5328: [c8193b1b11c7]
5329:
5330: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in:
5331: regen
5332: [15e3c17e8a3a]
5333:
5334: * doc/sudo_plugin.pod, include/sudo_plugin.h,
5335: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
5336: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c,
5337: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c,
5338: src/sudo.c, src/sudo.h:
5339: Pass a pointer to user_env in to the init_session policy plugin
5340: function so session setup can modify the user environment as needed.
5341: For PAM authentication, merge the PAM environment with the user
5342: environment at init_session time. We no longer need to swap in the
5343: user_env for environ during session init, nor do we need to disable
5344: the env hooks at init_session time.
5345: [3f5277b359d8]
5346:
5347: * plugins/sample/sample_plugin.c:
5348: Add explicit NULL entries for init_session, register_hooks and
5349: deregister_hooks with appropriate comments.
5350: [727a57978b40]
5351:
5352: * compat/pw_dup.c:
5353: Quiet a gcc "used uninitialized in this function" false positive.
5354: [f14b68379ce9]
5355:
5356: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5357: We should always call warning() with a format string or a string
5358: literal. In this case, the argument (path) is not user-controlled.
5359: [e9ef51224024]
5360:
5361: 2012-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
5362:
5363: * src/selinux.c:
5364: Include sudo_exec.h for the sudo_execve() prototype.
5365: [769e58065edc]
5366:
5367: * config.h.in, configure, configure.in:
5368: Add check for pam_getenvlist()
5369: [36bde3f26c60]
5370:
5371: * common/sudo_conf.c:
5372: Set args to NULL in default plugin info struct when there is no
5373: Plugin line in sudo.conf.
5374: [93ec67708f01]
5375:
5376: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
5377: regen
5378: [a9287677795c]
5379:
5380: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
5381: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
5382: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
5383: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
5384: regen
5385: [a242769d7962]
5386:
5387: * configure, configure.in:
5388: Bump version to 1.8.5
5389: [e8618f0c2505]
5390:
5391: * doc/sudo_plugin.pod:
5392: Document hooks API
5393: [e6ad07d27958]
5394:
5395: 2012-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
5396:
5397: * sudo.pp:
5398: Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris.
5399: [fd72340042d3]
5400:
5401: * include/sudo_plugin.h:
5402: Use sudo_hook_fn_t in struct sudo_hook.
5403: [938f93112d6e]
5404:
5405: * doc/TROUBLESHOOTING:
5406: If cross compiling, --host must include the OS in the tuple. E.g.
5407: --host powerpc-unknown-linux
5408: [b8c010070c1e]
5409:
5410: 2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
5411:
5412: * plugins/sudoers/parse.c:
5413: Fix bogus int -> bool conversion; tags can have a value of -1.
5414: [e63d6434a303]
5415:
5416: * plugins/sudoers/env.c:
5417: Add env_should_keep() and env_should_delete() wrapper functions to
5418: simplify things a bit and hide the fact that matches_env_check() is
5419: not bool.
5420: [7a03d7a12b50]
5421:
5422: * sudo.pp:
5423: Fix application of debian-specific sudoers mods when building
5424: packages as non-root.
5425: [34bf4c52c425]
5426:
5427: * plugins/sudoers/env.c:
5428: matches_env_check() returns int, not boolean
5429: [0ad915b8d5cb]
5430:
5431: * src/sudo_edit.c:
5432: Fix compilation when seteuid() is not available.
5433: [8a722f998000]
5434:
5435: * src/ttyname.c:
5436: Simply move the free of ki_proc outside the realloc() loop.
5437: [217b786da760]
5438:
5439: * src/ttyname.c:
5440: Bring back the erealloc() for the ENOMEM loop and just zero the
5441: pointer after we free it.
5442: [29a016e45127]
5443:
5444: * src/ttyname.c:
5445: Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
5446: [266e08844065]
5447:
5448: 2012-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
5449:
5450: * plugins/sudoers/set_perms.c:
5451: Use normal error path if unable to set sudoers gid.
5452: [01c816918c99]
5453:
5454: * plugins/sudoers/set_perms.c:
5455: Make this work again on systems w/o seteuid().
5456: [2e67f7421e97]
5457:
5458: 2012-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
5459:
5460: * plugins/sudoers/set_perms.c:
5461: Fix compilation if no seteuid/setreuid/setresuid available.
5462: [d0b3c1f88eb4]
5463:
5464: * plugins/sudoers/set_perms.c:
5465: Better error messages, and added debugging throughout. Fixed
5466: seteuid() version of set_perms()/restore_perms(). Fixed logic bug in
5467: AIX version of restore_perms(). Added checks to avoid changing
5468: uid/gid when we don't have to. Never set gid/uid state to -1, use
5469: the old value instead.
5470: [29188d469b5c]
5471:
5472: * src/exec_pty.c, src/ttyname.c:
5473: Fix format string warning on Solaris with gcc 3.4.3.
5474: [d1eeb6e1dd0f]
5475:
5476: * src/sudo.c:
5477: Always declare environ now that we swap it around unilaterally.
5478: [aaa3e92e7d0d]
5479:
5480: * src/Makefile.in:
5481: Honor LDFLAGS when linking sesh; from Vita Cizek
5482: [498b41438f6e]
5483:
5484: * src/sesh.c:
5485: Include alloc.h for estrdup() prototype; from Vita Cizek
5486: [93203655a320]
5487:
5488: 2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
5489:
5490: * plugins/sudoers/sudoers.c:
5491: Don't read /etc/environment on Linux when using PAM, PAM should set
5492: the environment variables as needed via pam_env.
5493: [b1ef62cb2d40]
5494:
5495: * INSTALL:
5496: Fix editor goof.
5497: [0c3dd3bb8b57]
5498:
5499: * src/hooks.c, src/sudo.c, src/sudo.h:
5500: Disable environment hooks after we get user_env back to make sure a
5501: plugin can't to modify user_env after we "own" it. This is kind of
5502: a hack but we don't want the init_session plugin function to modify
5503: user_env.
5504: [8e6d119452a5]
5505:
5506: * src/hooks.c, src/sudo.c:
5507: Add support for deregistering hooks. If an I/O log plugin fails to
5508: initialize, deregister its hooks (if any).
5509: [ac00c93900c5]
5510:
5511: 2012-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
5512:
5513: * plugins/sudoers/sudoers.c, src/sudo.c:
5514: Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook
5515: setenv.
5516: [e75469dd9908]
5517:
5518: * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in,
5519: compat/setenv.c, compat/unsetenv.c, config.h.in, configure,
5520: configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl,
5521: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c,
5522: plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c,
5523: plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c,
5524: src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h,
5525: src/sudo_plugin_int.h:
5526: Initial cut at a hooks implementation. The plugin can register
5527: hooks for getenv, putenv, setenv and unsetenv. This makes it
5528: possible for the plugin to trap changes to the environment made by
5529: authentication methods such as PAM or BSD auth so that such changes
5530: are reflected in the environment passed back to sudo for execve().
5531: [61cffa06f863]
5532:
5533: 2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
5534:
5535: * MANIFEST, src/po/vi.mo, src/po/vi.po:
5536: Add Vietnamese sudo translation from translationproject.org
5537: [96df426790d5]
5538:
5539: 2012-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
5540:
5541: * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod,
5542: doc/sudoers.pod:
5543: List sudo_noexec.so not noexec.so in the sample sudo.conf
5544: [53844e190ec5]
5545:
5546: * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
5547: doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h,
5548: include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5549: plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
5550: plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c,
5551: src/sudo_plugin_int.h:
5552: Add support for plugin args at the end of a Plugin line in
5553: sudo.conf. Bump the minor number accordingly and update the
5554: documentation. A plugin must check the sudo front end's version
5555: before using the plugin_args parameter since it is only supported
5556: for API version 1.2 and higher.
5557: [587f1f819536]
5558:
5559: 2012-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
5560:
5561: * plugins/sudoers/Makefile.in:
5562: update depends
5563: [6d2da44e11e5]
5564:
5565: * MANIFEST:
5566: secure_path.c is in common, not compat
5567: [619c4a663dde]
5568:
5569: * configure, configure.in:
5570: Add check for variadic macro support in cpp.
5571: [756854caf675]
5572:
5573: 2012-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
5574:
5575: * common/secure_path.c, common/sudo_conf.c, include/secure_path.h,
5576: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5577: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5578: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5579: Add type param to sudo_secure_path() and add sudo_secure_file() and
5580: sudo_secure_dir() wrappers which get by #includedir in sudoers.
5581: [2ec2d3d8df04]
5582:
5583: 2012-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
5584:
5585: * doc/visudo.pod, plugins/sudoers/visudo.c:
5586: Check the owner and mode in -c (check) mode unless the -f option is
5587: specified. Previously, the owner and mode were checked on the main
5588: sudoers file when the -s (strict) option was given, but this was not
5589: documented.
5590: [b2d6ee1e547a]
5591:
5592: * config.h.in, configure, configure.in, src/ttyname.c:
5593: Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some
5594: versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
5595: [159f6a50456a]
5596:
5597: 2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
5598:
5599: * doc/CONTRIBUTORS:
5600: Add Eric Lakin for patch in bug #538
5601: [490c29c234c6]
5602:
5603: * src/exec_pty.c:
5604: Fix typo in safe_close() made while converting to debug framework
5605: that prevented it from actually closing anything.
5606: [a66422a62afd]
5607:
5608: * src/exec_pty.c:
5609: Add some more debugging.
5610: [b5667947dda9]
5611:
5612: * common/Makefile.in, compat/Makefile.in, doc/Makefile.in,
5613: include/Makefile.in:
5614: We need sysconfdir in compat/Makfile to get the proper sudo.conf
5615: path. Add standard prefix and foodir expansion in all Makefiles to
5616: avoid this problem in the future.
5617: [62b6ce4ecae9]
5618:
5619: 2012-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
5620:
5621: * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po:
5622: New Lithuanian sudoers translation from translationproject.org
5623: [10436b649035]
5624:
5625: * plugins/sudoers/po/ja.po:
5626: Update from translationproject.org
5627: [acb8db5f8ef1]
5628:
5629: 2012-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
5630:
5631: * plugins/sudoers/ldap.c:
5632: When adding gids to the LDAP filter, only add the primary gid once.
5633: This is consistent with the space computation/allocation. From Eric
5634: Lakin
5635: [35d9d99c92c6]
5636:
5637: * doc/TROUBLESHOOTING:
5638: Add entry for AIX enhanced RBAC config.
5639: [5e10b6f8def7]
5640:
5641: * mkpkg:
5642: Target Mac OS X 10.5 when building packages.
5643: [06fce9bbebee]
5644:
5645: 2012-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
5646:
5647: * MANIFEST, common/Makefile.in, common/secure_path.c,
5648: common/sudo_conf.c, include/secure_path.h,
5649: plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c:
5650: Relax the user/group/mode checks on sudoers files. As long as the
5651: file is owned by the right user, not world-writable and not writable
5652: by a group other than the one specified at configure time (gid 0 by
5653: default), the file is considered OK. Note that visudo will still
5654: set the mode to the value specified at configure time.
5655: [241174babfcc]
5656:
5657: 2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
5658:
5659: * plugins/sudoers/set_perms.c:
5660: Add AIX-specific version of permission setting code to make sure
5661: that the saved uid gets restored properly.
5662: [9a6f5d22c301]
5663:
5664: * config.h.in, configure, configure.in, src/exec_common.c:
5665: Check for LD_PRELOAD variants in configure instead of checkign cpp
5666: symbols. In disable_execute(), compute the length of the new envp
5667: and allocate it once instead of reallocating on demand. Also append
5668: old value of LD_PRELOAD (if any) to the new value.
5669: [680266346917]
5670:
5671: * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
5672: Fix the description of noexec.
5673: [6a6d142f3c80]
5674:
5675: * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
5676: The "op" parameter to set_default() must be int, not bool since it
5677: is set to '+' or '-' for list add and subtract.
5678: [8da5b137bea2]
5679:
5680: * sudo.pp:
5681: Make sure sudoers is writable before calling ed script.
5682: [95352ab6336b]
5683:
5684: 2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
5685:
5686: * doc/CONTRIBUTORS, doc/contributors.pod:
5687: Update contributors. Now includes translators and authors of compat
5688: code.
5689: [4fb5b616b50a]
5690:
5691: 2012-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
5692:
5693: * src/po/sudo.pot:
5694: regen
5695: [2c86e2c328fe]
5696:
5697: * pp, sudo.pp:
5698: Build flat packages, not package bundles, on Mac OS X.
5699: [57bda3cd5520]
5700:
5701: 2012-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
5702:
5703: * sudo.pp:
5704: Move macos section to be with the other OS-specific sections.
5705: [51423bb2973a]
5706:
5707: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
5708: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
5709: Sync with translationproject.org
5710: [8ce41cbb8da0]
5711:
5712: * configure, configure.in:
5713: Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
5714: [fa979aa6fe7d]
5715:
5716: * sudo.pp:
5717: Add Mac OS X support, printing the latest chunk of the NEWS file and
5718: the license text in the installer.
5719: [ffeab72387c0]
5720:
5721: * sudo.pp:
5722: Add explicit file modes that match those used by "make install"
5723: [7eb37242c920]
5724:
5725: * pp:
5726: Sync with upstream for Mac OS X fixes.
5727: [97cba179041e]
5728:
5729: * plugins/sudoers/Makefile.in, src/Makefile.in:
5730: Got back to using "install-sh -M" for files installed as non-
5731: readable by owner. This fixes "make install" as non-root for
5732: package building.
5733: [967804ee77d6]
5734:
5735: 2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
5736:
5737: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
5738: plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
5739: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
5740: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
5741: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
5742: Sync with translationproject.org
5743: [0e53db12039a]
5744:
5745: * Makefile.in, doc/Makefile.in, include/Makefile.in,
5746: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
5747: plugins/sudoers/Makefile.in, src/Makefile.in:
5748: Use -m not -M for install-sh for everything except setuid. Install
5749: locale .mo files mode 0444, not 0644. If timedir parent doesn't
5750: exist, use default dir mode, not 0700.
5751: [8b6f64c92090]
5752:
5753: 2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
5754:
5755: * pp:
5756: Re-sync with upstream; no longer need a local patch.
5757: [97a2c7be5e59]
5758:
5759: * mkpkg:
5760: Add support for building Mac OS X packages.
5761: [94d49ac223a4]
5762:
5763: * pp:
5764: Sync with upstream
5765: [1c97654fc841]
5766:
5767: * src/Makefile.in:
5768: No longer need to define _PATH_SUDO_CONF here.
5769: [2560905b7482]
5770:
5771: * src/exec_common.c:
5772: Fix noexec for Mac OS X.
5773: [b7a744bca2c0]
5774:
5775: 2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
5776:
5777: * common/Makefile.in:
5778: Move _PATH_SUDO_CONF override to common to match sudo_debug.c
5779: [f0788972a63a]
5780:
5781: * plugins/sudoers/set_perms.c:
5782: More complete fix for LDR_PRELOAD on AIX. The addition of
5783: set_perm(PERM_ROOT) before calling the nss open functions (needed to
5784: avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
5785: and then real uid to 0 for PERM_ROOT works around the issue.
5786: [5888eda051af]
5787:
5788: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
5789: regen
5790: [997fe403e219]
5791:
5792: * src/sudo.c:
5793: Set real uid to root before calling sudo_edit() or run_command() so
5794: that the monitor process is owned by root and not by the user.
5795: Otherwise, on AIX at least, the monitor process shows up in ps as
5796: belonging to the user (and can be killed by the user).
5797: [d4772d7d2fc5]
5798:
5799: * plugins/sudoers/set_perms.c:
5800: For PERM_ROOT when using setreuid(), only set the euid to 0 prior to
5801: the call to setuid(0) if the current euid is non-zero. This
5802: effectively restores the state of things prior to rev 7bfeb629fccb.
5803: Fixes a problem on AIX where LDR_PRELOAD was not being honored for
5804: the command being executed.
5805: [b9b40325b4dc]
5806:
5807: * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in,
5808: include/missing.h, src/sudo.c:
5809: Make a copy of the struct passwd in exec_setup() to make sure
5810: nothing in the policy init modifies it.
5811: [b721261c921f]
5812:
5813: 2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
5814:
5815: * doc/sudoers.pod:
5816: update copyright
5817: [f9d229d1f65e]
5818:
5819: * common/sudo_debug.c, include/sudo_debug.h:
5820: g/c now-unused debug subsystems
5821: [8f21726e698f]
5822:
5823: * doc/sudo.pod, doc/sudoers.pod:
5824: Enumerate the debug subsystems used by sudo and sudoers.
5825: [ac4f84293d14]
5826:
5827: 2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
5828:
5829: * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
5830: include/sudo_conf.h, src/sudo.c:
5831: Normally, sudo disables core dumps while it is running. This
5832: behavior can now be modified at run time with a line in sudo.conf
5833: like "Set disable_coredumps false"
5834: [ad14e0508b0d]
5835:
5836: * NEWS:
5837: Mention Spanish translation
5838: [600f3205bd6e]
5839:
5840: * common/sudo_debug.c:
5841: Make sure we don't try to fall back to using the conversation
5842: function for debugging in the main sudo process if we are unable to
5843: open the debug file.
5844: [ffa329aa908c]
5845:
5846: * MANIFEST, src/po/es.mo, src/po/es.po:
5847: Add sudo Spanish translation from translationproject.org
5848: [c1906654e740]
5849:
5850: 2012-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
5851:
5852: * plugins/sudoers/iolog.c:
5853: Better debug subsystem usage
5854: [1a31f115743c]
5855:
5856: * src/sudo.c:
5857: Remove duplicate function prototypes
5858: [ae04b00532eb]
5859:
5860: 2012-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
5861:
5862: * configure, configure.in:
5863: Error out if user specified --with-pam but we can't find the headers
5864: or library. Also throw an error if the headers are present but the
5865: library is not and vice versa.
5866: [d6bf3e3d0aae]
5867:
5868: 2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
5869:
5870: * plugins/sudoers/sudoers.c:
5871: Fix the sudoers permission check when the expected sudoers mode is
5872: owner-writable.
5873: [8b0b7e770a22]
5874:
5875: 2012-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
5876:
5877: * configure, configure.in:
5878: Verify that we can link executables built with -D_FORTIFY_SOURCE
5879: before using it.
5880: [7578215d1a95]
5881:
5882: * src/exec_common.c:
5883: Fix potential off-by-one when making a copy of the environment for
5884: LD_PRELOAD insertion. Fixes bug #534
5885: [cc699cd551b6]
5886:
5887: * configure, configure.in:
5888: Add rudimentary check for _FORTIFY_SOURCE support by checking for
5889: __sprintf_chk, one of the functions used by gcc to support it.
5890: [a992673d2ef8]
5891:
5892: * compat/stdbool.h, config.h.in, configure, configure.in:
5893: Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves.
5894: [8ba1370884b3]
5895:
5896: 2012-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
5897:
5898: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
5899: regen
5900: [1e0b38397705]
5901:
5902: 2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
5903:
5904: * src/exec.c, src/sudo.c:
5905: The change in 818e82ecbbfc that caused to exit when the monitor dies
5906: created a race condition between the monitor exiting and the status
5907: being read. All we really want to do is make sure that select()
5908: notifies us that there is a status change when the monitor dies
5909: unexpectedly so shutdown the socketpair connected to the monitor for
5910: writing when it dies. That way we can still read the status that is
5911: pending on the socket and select() on Linux will tell us that the fd
5912: is ready.
5913: [7fb5b30ea48d]
5914:
5915: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
5916: src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h,
5917: src/sudo_exec.h:
5918: Refactor disable_execute() and my_execve() into exec_common.c for
5919: use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of
5920: disabling exec in exec_setup(), disable it immediately before
5921: executing the command. Adapted from a diff by Arno Schuring.
5922: [ec4d8b53db6b]
5923:
5924: 2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
5925:
5926: * aclocal.m4, configure, configure.in:
5927: Add custom version of AC_CHECK_LIB that uses the extra libs in the
5928: cache value name. With this we no longer need to rely on a modified
5929: version of autoconf.
5930: [1c3b1d482d6c]
5931:
5932: 2012-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
5933:
5934: * configure, configure.in:
5935: Better handling of network functions that need -lsocket -lnsl
5936: [cc386342ec2b]
5937:
5938: * src/sudo.c:
5939: When setting up the execution environment, set groups before
5940: gid/egid like sudo 1.7 did.
5941: [928e1c5fa6c1]
5942:
5943: * configure, configure.in:
5944: Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
5945: [84b23cdf138f]
5946:
5947: * plugins/sudoers/sudoers.c:
5948: For "sudo -g" prepend the specified group ID to the beginning of the
5949: groups list. This matches BSD convention where the effective gid is
5950: the first entry in the group list. This is required on newer
5951: FreeBSD where the effective gid is not tracked separately and thus
5952: setgroups() changes the egid if this convention is not followed.
5953: Fixes bug #532
5954: [782d6909108b]
5955:
5956: 2012-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
5957:
5958: * configure, configure.in:
5959: Fix sh warning; use "test" instead of "["
5960: [c6ee3407f65e]
5961:
5962: * src/exec.c:
5963: When not logging I/O, use a signal handler that only forwards
5964: SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
5965: Fixes a race in the non-I/O logging path where the command may
5966: receive two keyboard-generated signals; one from the kernel and one
5967: from the sudo process.
5968: [9638684e786a]
5969:
5970: * src/exec.c:
5971: Back out change that put the command in its own pgrp when not
5972: logging I/O. It causes problems with pipelines.
5973: [4fc9c6e1e770]
5974:
5975: 2012-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
5976:
5977: * compat/Makefile.in, configure, configure.in:
5978: Only run compat regress tests on compat objects we actually build.
5979: Fixes "make check" in the compat dir for systems that don't
5980: implement character classes in fnmatch() or glob(). Bug #531
5981: [a7addc305e83]
5982:
5983: 2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
5984:
5985: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
5986: Update po files from translationproject.org
5987: [5ea066af1356]
5988:
5989: 2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
5990:
5991: * sudo.pp:
5992: Include parent directories in case they don't already exist. This
5993: fixes a directory permissions problem with the AIX package when the
5994: /usr/local directories don't already exist.
5995: [a14f783dc827]
5996:
5997: * pp:
5998: sync with git version
5999: [2f79d0543661]
6000:
6001: * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
6002: regen dependencies
6003: [24c92ca6c64d]
6004:
6005: * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c:
6006: Move tty name lookup code to its own file.
6007: [58faf072cbf4]
6008:
6009: 2012-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
6010:
6011: * NEWS:
6012: Update with latest sudo 1.8.4 changes.
6013: [a4ffe4f42528]
6014:
6015: * config.h.in, configure, configure.in:
6016: Remove obsolete template for HAVE_TIMESPEC
6017: [75709007c906]
6018:
6019: * src/sudo.c:
6020: Add a check for devname() returning a fully-qualified pathname. None
6021: of the devname() implementations do this today but you never know
6022: when this might change.
6023: [16813ace38f9]
6024:
6025: 2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
6026:
6027: * plugins/sudoers/visudo.c:
6028: For "visudo -c" also list include files that were checked when
6029: everything is OK.
6030: [ad6f85b35c9c]
6031:
6032: * src/sudo.c:
6033: The device name returned by devname() does not include the /dev/
6034: prefix so we need to add it ourselves.
6035: [b55285abb7ed]
6036:
6037: * src/sudo.c:
6038: Add debug warning if KERN_PROC sysctl fails or devname() can't
6039: resolve the tty device to a name.
6040: [b5a23916ba3a]
6041:
6042: * common/sudo_debug.c:
6043: The result of writev() is never checked so just cast to NULL.
6044: [4be4e9b58d5b]
6045:
6046: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
6047: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
6048: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
6049: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
6050: Update Esperanto, Finnish, Polish and Ukrainian translations from
6051: translationproject.org.
6052: [bb91bc6ad7e9]
6053:
6054: 2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
6055:
6056: * config.h.in, configure, configure.in, src/sudo.c:
6057: Add support for determining tty via sysctl on other BSD variants.
6058: [fd15f63f719a]
6059:
6060: * configure, configure.in:
6061: Only check for struct kinfo_proc.ki_tdev on systems that support
6062: sysctl.
6063: [109b3f07a39d]
6064:
6065: * src/sudo.c:
6066: For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on
6067: ttyname() of std{in,out,err}.
6068: [95969b70bd68]
6069:
6070: 2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
6071:
6072: * config.h.in, configure, configure.in, src/sudo.c:
6073: On newer FreeBSD we can get the parent's tty name via sysctl().
6074: [3207290501ee]
6075:
6076: * plugins/sudoers/testsudoers.c:
6077: Include locale.h
6078: [a602cd0b8c2d]
6079:
6080: * src/sudo.c:
6081: Silence a gcc warning.
6082: [8c6d0e3cd534]
6083:
6084: * plugins/sudoers/bsm_audit.c:
6085: Need to include gettext.h and sudo_debug.h; from John Hein
6086: [447912aa7300]
6087:
6088: * plugins/sudoers/iolog.c:
6089: Initialize the debug framework from the I/O plugin too.
6090: [ce1bf44d96d2]
6091:
6092: 2012-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
6093:
6094: * plugins/sudoers/testsudoers.c:
6095: Enable debugging via sudo.conf.
6096: [d85669c749d0]
6097:
6098: 2012-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
6099:
6100: * plugins/sudoers/visudo.c:
6101: Use SUDO_DEBUG_ALIAS for alias checking functions.
6102: [fb84af30dc76]
6103:
6104: * configure, configure.in:
6105: More complete test for getaddrinfo() that doesn't rely on the
6106: network libraries already being added to LIBS.
6107: [cbaf2369f4f0]
6108:
6109: 2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
6110:
6111: * common/aix.c:
6112: Add debug support.
6113: [def1bdf24485]
6114:
6115: * configure, configure.in:
6116: Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
6117: [a2ea1c2eac61]
6118:
6119: * compat/getaddrinfo.c:
6120: Include errno.h and missing.h
6121: [7d15e17cc2f2]
6122:
6123: * .hgignore:
6124: ignore doc/varsub
6125: [417f9fc3231b]
6126:
6127: * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in,
6128: plugins/sudoers/gram.y, plugins/sudoers/match.c,
6129: plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c,
6130: src/parse_args.c, src/sudo.c, src/sudo.h:
6131: Update copyright year.
6132: [5d0ffc7dd567]
6133:
6134: * NEWS:
6135: Update for sudo 1.8.4
6136: [841e3eff9844]
6137:
6138: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
6139: regen pot files
6140: [c509cb45b66a]
6141:
6142: * plugins/sudoers/sudoreplay.c:
6143: Enable debugging via sudo.conf.
6144: [5087aaee8484]
6145:
6146: * plugins/sudoers/visudo.c:
6147: Enable debugging via sudo.conf.
6148: [04b067c16ed3]
6149:
6150: * plugins/sudoers/visudo.c:
6151: Allow "visudo -c" to work when we only have read-only access to the
6152: sudoers include files.
6153: [d8c6713fe5c1]
6154:
6155: * doc/sudo.pod, doc/visudo.pod:
6156: Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add
6157: HISTORY section in sudo that points to HISTORY file.
6158: [d1f1bcb051c5]
6159:
6160: * doc/sudo.pod, doc/sudo_plugin.pod:
6161: Document Debug setting in sudo.conf and debug_flags in plugin.
6162: [acfc505aa4a9]
6163:
6164: 2012-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
6165:
6166: * plugins/sudoers/match.c:
6167: Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a
6168: bug where a pattern like "/usr/*" include /usr/bin/ in the results,
6169: which would be incorrectly be interpreted as if the sudoers file had
6170: specified a directory. From Vitezslav Cizek.
6171: [0cdb6252188c]
6172:
6173: * INSTALL, config.h.in, configure, configure.in,
6174: plugins/sudoers/auth/kerb5.c:
6175: Add --enable-kerb5-instance configure option to allow people using
6176: Kerberos V authentication to use a custom instance. Adapted from a
6177: diff by Michael E Burr.
6178: [e83af8bb7aa7]
6179:
6180: * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h:
6181: Remove -D debug_level option.
6182: [cbcd05094347]
6183:
6184: * doc/LICENSE:
6185: Update copyright year.
6186: [9f43dd7aa852]
6187:
6188: 2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
6189:
6190: * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
6191: plugins/sudoers/visudo.c:
6192: parse_error is now bool, not int
6193: [5ea7fb6fda38]
6194:
6195: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
6196: plugins/sudoers/parse.c:
6197: Print a more sensible error if yyparse() returns non-zero but
6198: yyerror() was not called.
6199: [d44ec88f1183]
6200:
6201: * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
6202: plugins/sudoers/gram.c:
6203: Replace y.tab.c with the correct filename in #line directives.
6204: [3c84fcb7e959]
6205:
6206: 2012-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
6207:
6208: * src/sudo.c:
6209: When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2}
6210: if the main process's fds 0-2 are not hooked up to a tty. Adapted
6211: from a diff by Zdenek Behan.
6212: [b9dfce12af85]
6213:
6214: * src/exec.c:
6215: When not logging I/O, put command in its own pgrp and make that the
6216: controlling pgrp if the command is in the foreground. Fixes a race
6217: in the non-I/O logging path where the command may receive two
6218: keyboard-generated signals; one from the kernel and one from the
6219: sudo process.
6220: [d0e263ce496c]
6221:
6222: 2011-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
6223:
6224: * src/sudo_edit.c:
6225: Quiet a bogus gcc warning.
6226: [2009669e0608]
6227:
6228: * src/parse_args.c, src/sudo.h:
6229: Fix warnings related to sudo.conf accessors.
6230: [08ddc29ba50b]
6231:
6232: * common/sudo_conf.c, include/sudo_conf.h:
6233: Separate sudo.conf parsing from plugin loading and move the parse
6234: functions into the common lib so that visudo, etc. can use them.
6235: [f1fc659a8079]
6236:
6237: * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c,
6238: src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h:
6239: Separate sudo.conf parsing from plugin loading and move the parse
6240: functions into the common lib so that visudo, etc. can use them.
6241: [e1f2cf6bd57a]
6242:
6243: * doc/sudoers.pod, plugins/sudoers/def_data.c,
6244: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
6245: plugins/sudoers/sudoers.c, src/sudo.c:
6246: Remove support for noexec_file in sudoers and the plugin API
6247: [3e2fd58879b5]
6248:
6249: * plugins/sudoers/sudoers.c:
6250: Don't dump interfaces if there are none.
6251: [9081bb4d3e9e]
6252:
6253: * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
6254: Add missing %s printf escape to the group_plugin, iolog_dir and
6255: iolog_file descriptions.
6256: [7db03f2b737e]
6257:
6258: 2011-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
6259:
6260: * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c:
6261: Fix typo in visiblepw description; from Joel Pickett
6262: [2fb4b26d5c2c]
6263:
6264: 2011-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
6265:
6266: * MANIFEST, configure, configure.in, mkdep.pl,
6267: plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
6268: plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
6269: plugins/sudoers/sudoers.h, src/sudo.c:
6270: When running a login shell with a login_class specified, use
6271: LOGIN_SETENV instead of rolling our own login.conf setenv support
6272: since FreeBSD's login.conf has more than just setenv capabilities.
6273: This requires us to swap the plugin-provided envp for the global
6274: environ before calling setusercontext() and then stash the resulting
6275: environ pointer back into the command details, which is kind of a
6276: hack.
6277: [ad4f1190143b]
6278:
6279: * plugins/sudoers/Makefile.in:
6280: If srcdir is "." just use the basename of the yacc/lex file when
6281: generating the C version. This matches the generated files
6282: currently in the repo.
6283: [0b11c3df87a8]
6284:
6285: * doc/Makefile.in, plugins/sudoers/Makefile.in:
6286: Clean up the DEVEL noise
6287: [9de2afe457fd]
6288:
6289: * src/exec.c:
6290: Handle different Unix domain socket (actually socketpair) semantics
6291: in BSD vs. Linux. In BSD if one end of the socketpair goes away
6292: select() returns the fd as readable and the read will fail with
6293: ECONNRESET. This doesn't appear to happen on Linux so if we notice
6294: that the monitor process has died when I/O logging is enabled,
6295: behave like the command has exited. This means we log the wait
6296: status of the monitor, not the command, but there is nothing else we
6297: can do at that point. This should only be an issue if SIGKILL is
6298: sent to the monitor process.
6299: [818e82ecbbfc]
6300:
6301: * src/exec_pty.c:
6302: Catch common signals in the monitor process so they get passed to
6303: the command. Fixes a problem when the entire login session is
6304: killed when ssh is disconnected or the terminal window is closed.
6305: Previously, the monitor would exit and plugin's close method would
6306: not be called.
6307: [0e4658263138]
6308:
6309: * INSTALL, configure, configure.in:
6310: Mention how to configure pam_hpsec on HP-UX to play nicely with
6311: sudo.
6312: [a7294cd8ce98]
6313:
6314: 2011-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
6315:
6316: * plugins/sudoers/ldap.c:
6317: Escape values in the search expression as per RFC 4515.
6318: [c2adbc5db92b]
6319:
6320: * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
6321: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6322: src/Makefile.in:
6323: No need for install target to depend explicitly on install-dirs, the
6324: install-foo targets all depend on it.
6325: [62a36ed98279]
6326:
6327: 2011-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
6328:
6329: * .hgignore:
6330: ignore src/sesh
6331: [463d492f6782]
6332:
6333: * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl,
6334: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
6335: plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
6336: plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
6337: plugins/sudoers/sudoers.h, src/Makefile.in:
6338: Add support for setenv entries in login.conf. We can't use
6339: LOGIN_SETENV since the plugin sets up the envp the command is
6340: executed with. Also regen the Makefile.in files while here. Fixes
6341: bug #527
6342: [088d507926e2]
6343:
6344: 2011-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
6345:
6346: * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h,
6347: config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
6348: src/net_ifs.c:
6349: Add getaddrinfo() for those without it, written by Russ Allbery
6350: [4cf9ac831222]
6351:
6352: * doc/Makefile.in:
6353: Restore PACKAGE_TARNAME, it is used in docdir
6354: [9d65e893edb1]
6355:
6356: * MANIFEST, compat/stdbool.h:
6357: SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to
6358: the MANIFEST
6359: [e67700dc5621]
6360:
6361: * common/atobool.c, common/term.c, src/exec.c:
6362: Remove duplicate return statements.
6363: [48a20d5215fd]
6364:
6365: * plugins/sudoers/auth/bsdauth.c:
6366: Remove inaccurate comment
6367: [e7f0265cf657]
6368:
6369: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c:
6370: Fetch the login class for the user we authenticate specifically when
6371: using BSD authentication. That user may have a different login
6372: class than what we will use to run the command. When setting the
6373: login class for the command, use the target user's struct passwd,
6374: not the invoking user's. Fixes bug 526
6375: [21bf0af892f7]
6376:
6377: * compat/Makefile.in, configure, configure.in, doc/Makefile.in,
6378: plugins/sudoers/Makefile.in:
6379: Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1"
6380: [8ee6e0891f27]
6381:
6382: * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
6383: plugins/sudoers/regress/logging/check_wrap.c,
6384: plugins/sudoers/regress/parser/check_addr.c,
6385: plugins/sudoers/regress/parser/check_fill.c:
6386: Fix "make check" fallout from the sudo_conv changes in sudo_debug.
6387: [b0aaa63c9081]
6388:
6389: * common/fileops.c, common/sudo_debug.c, configure, configure.in,
6390: include/fileops.h, plugins/sample/Makefile.in,
6391: plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in,
6392: plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
6393: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
6394: plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
6395: plugins/sudoers/env.c, plugins/sudoers/find_path.c,
6396: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
6397: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
6398: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
6399: plugins/sudoers/ldap.c, plugins/sudoers/match.c,
6400: plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
6401: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
6402: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
6403: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
6404: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
6405: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
6406: plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c,
6407: src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h,
6408: src/sudo_plugin_int.h, src/utmp.c:
6409: Use stdbool.h instead of rolling our own TRUE/FALSE macros.
6410: [dcb0bbc42fc9]
6411:
6412: 2011-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
6413:
6414: * compat/stdbool.h, config.h.in, configure, configure.in:
6415: Add stdbool.h for systems without it.
6416: [18bd9dda1dcd]
6417:
6418: * aclocal.m4, config.h.in, configure, configure.in:
6419: No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
6420: includes have unistd.h in them. Add check for socklen_t for
6421: upcoming getaddrinfo compat.
6422: [d705465bef69]
6423:
6424: * common/fileops.c, compat/nanosleep.c, config.h.in, configure,
6425: configure.in, plugins/sudoers/interfaces.c,
6426: plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c,
6427: plugins/sudoers/sudoreplay.c, src/net_ifs.c:
6428: Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of
6429: HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
6430: [fa187c9bd2be]
6431:
6432: * src/sudo_noexec.c:
6433: No longer need to include time.h here as missing.h does not use
6434: time_t.
6435: [fa3a089bf5b1]
6436:
6437: 2011-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
6438:
6439: * plugins/sudoers/visudo.c:
6440: Fix mode on sudoers as needed when the -f option is not specified.
6441: [7a1c40b0dc03]
6442:
6443: * MANIFEST, src/po/sr.mo, src/po/sr.po:
6444: Add Serbian translation for sudo from translationproject.org
6445: [9a0c25e25cba]
6446:
6447: * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c,
6448: src/parse_args.c:
6449: No longer pass debug_file to plugin, plugins must now use
6450: CONV_DEBUG_MSG
6451: [810cda1abb0b]
6452:
6453: * mkpkg:
6454: Build PIE executables for newer Debian and Ubuntu
6455: [1c5f25f8904a]
6456:
6457: * common/sudo_debug.c:
6458: Include time.h for ctime() prototype.
6459: [10090cf3bca1]
6460:
6461: 2011-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
6462:
6463: * common/sudo_debug.c, include/sudo_debug.h, src/exec.c,
6464: src/exec_pty.c:
6465: Do not close error pipe or debug fd via closefrom() as we need them
6466: to report an exec error should one occur.
6467: [732f6587fafa]
6468:
6469: * doc/sudoers.ldap.pod:
6470: Document that a sudoUser may now be a group ID.
6471: [2fef46b9d3d3]
6472:
6473: * plugins/sudoers/ldap.c:
6474: Add support for permitting access by group ID in addition to group
6475: name.
6476: [b9450fdf1f69]
6477:
6478: * plugins/sudoers/ldap.c:
6479: Older Netscape LDAP SDKs don't prototype ldapssl_set_strength()
6480: [d62a1e7cff4f]
6481:
6482: * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE:
6483: Replace UCB fnmatch.c with a non-recursive version written by
6484: William A. Rowe Jr.
6485: [354d3384adb8]
6486:
6487: * plugins/sudoers/auth/pam.c:
6488: Fix typo, return_debug vs. debug_return
6489: [1b522efcbb0d]
6490:
6491: 2011-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
6492:
6493: * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
6494: Update Japanese sudoers translation from translationproject.org
6495: [ec0f2beaad36]
6496:
6497: * doc/sudoers.pod:
6498: Make the env_reset descriptions consistent.
6499: [41c056f02688]
6500:
6501: 2011-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
6502:
6503: * configure, configure.in:
6504: Do multiple expansion when expanding paths to the noexec file, sesh
6505: and the plugin directory. Adapted from a diff by Mike Frysinger
6506: [d7e16c876c66]
6507:
6508: * common/Makefile.in:
6509: regen
6510: [9d729e09c186]
6511:
6512: 2011-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
6513:
6514: * .hgignore:
6515: Add ignore file; from Mike Frysinger
6516: [1fa8d52425f8]
6517:
6518: * mkdep.pl:
6519: no longer save old Makefile.in to .old
6520: [378dd2395545]
6521:
6522: * plugins/sudoers/Makefile.in, src/Makefile.in:
6523: regen
6524: [769faf517720]
6525:
6526: * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4,
6527: m4/ltoptions.m4, m4/ltversion.m4:
6528: Update to libtool 2.4.2
6529: [9dac78d84b4f]
6530:
6531: 2011-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
6532:
6533: * plugins/sudoers/sudoers_version.h:
6534: Bump grammar version for #include and #includedir relative path
6535: support.
6536: [82a4f7cd8f71]
6537:
6538: 2011-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
6539:
6540: * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l:
6541: Add support for relative paths in #include and #includedir
6542: [4d6e3bd0c24f]
6543:
6544: * plugins/sudoers/Makefile.in:
6545: Fix install-plugin when shared objects are unsupported or disabled.
6546: [cbdd770a7a1b]
6547:
6548: * plugins/sudoers/goodpath.c:
6549: Don't write to sbp if it is NULL
6550: [fc438f8e8570]
6551:
6552: 2011-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
6553:
6554: * Makefile.in:
6555: Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set,
6556: only install matching .mo files
6557: [c1dc30ab4ebc]
6558:
6559: 2011-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
6560:
6561: * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
6562: plugins/sudoers/sudoers.c, src/conversation.c:
6563: Fix non-dynamic (no dlopen) sudo build.
6564: [b0bd3fa925a3]
6565:
6566: * configure, configure.in:
6567: Don't error out if the user specified --disable-shared
6568: [cf035dd1e5cc]
6569:
6570: * common/sudo_debug.c, plugins/sudoers/sudoreplay.c,
6571: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
6572: src/conversation.c:
6573: Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to
6574: the debug file.
6575: [640c62f83251]
6576:
6577: * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
6578: plugins/sudoers/sudoers.h:
6579: Make sudo_goodpath() return value bolean
6580: [fea2d59a6e55]
6581:
6582: * INSTALL, MANIFEST, configure, configure.in, mkdep.pl,
6583: plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c:
6584: Remove obsolete securid auth method.
6585: [4e54f860214b]
6586:
6587: * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
6588: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
6589: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6590: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
6591: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
6592: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
6593: plugins/sudoers/auth/sudo_auth.h:
6594: Prefix authentication functions with a "sudo_" prefix to avoid
6595: namespace problems.
6596: [581d74063ea1]
6597:
6598: * INSTALL, MANIFEST, config.h.in, configure, configure.in,
6599: doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in,
6600: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c,
6601: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c:
6602: Remove the old Kerberos IV support
6603: [2e4b4a44209d]
6604:
6605: 2011-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
6606:
6607: * plugins/sudoers/check.c:
6608: Don't print garbage at the end of the custom lecture.
6609: [44bb788fafaa]
6610:
6611: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
6612: Add lexer tracing as debug@parser
6613: [d850f3f9d414]
6614:
6615: * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
6616: plugins/sudoers/defaults.h, plugins/sudoers/gram.c,
6617: plugins/sudoers/match.c, plugins/sudoers/parse.c,
6618: plugins/sudoers/regress/parser/check_fill.c,
6619: plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
6620: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
6621: plugins/sudoers/visudo.c:
6622: Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and
6623: <def_data.h> and not "def_data.h" when generating the parser in a
6624: build dir.
6625: [7da701def753]
6626:
6627: 2011-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
6628:
6629: * mkdep.pl, plugins/sudoers/Makefile.in:
6630: Better devdir support in mkdep.pl
6631: [7dcec57bd155]
6632:
6633: * plugins/sudoers/Makefile.in:
6634: Add devdir before srcdir in include path and fix up dependecies
6635: accordingly.
6636: [6e9958eca485]
6637:
6638: * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
6639: plugins/sudoers/defaults.h, plugins/sudoers/match.c,
6640: plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
6641: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
6642: plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
6643: #include "gram.h" not <gram.h> and "def_data.h" and not
6644: <def_data.h>.
6645: [003bdb078a15]
6646:
6647: * sudo.pp:
6648: Mark libexec files as optional. If we build without shared object
6649: support, libexec is not used.
6650: [4bffcf482219]
6651:
6652: * src/load_plugins.c:
6653: Change Debug sudo.conf setting to take a program name as the first
6654: argument. In the future, this will allow visudo and sudoreplay to
6655: use their own Debug entries.
6656: [cfb8f7e4867c]
6657:
6658: * src/sudo.c:
6659: fix sudo_debug_printf priority
6660: [dcb67e965609]
6661:
6662: * plugins/sudoers/sudoers.c:
6663: add missing debug_return_int
6664: [d88ec450c592]
6665:
6666: 2011-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
6667:
6668: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
6669: plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c:
6670: Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR
6671: [dcee8efc294f]
6672:
6673: * doc/UPGRADE:
6674: Add missing word in HOME security note.
6675: [fd844fdcc1ac]
6676:
6677: * plugins/sudoers/testsudoers.c:
6678: Prevent "testsudoers -d username" from trying to malloc(0).
6679: [839126e56e8c]
6680:
6681: 2011-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
6682:
6683: * plugins/sudoers/regress/sudoers/test10.in,
6684: plugins/sudoers/regress/sudoers/test10.out.ok,
6685: plugins/sudoers/regress/sudoers/test10.toke.ok,
6686: plugins/sudoers/regress/sudoers/test10.toke.out.ok,
6687: plugins/sudoers/regress/sudoers/test11.in,
6688: plugins/sudoers/regress/sudoers/test11.out.ok,
6689: plugins/sudoers/regress/sudoers/test11.toke.ok,
6690: plugins/sudoers/regress/sudoers/test11.toke.out.ok,
6691: plugins/sudoers/regress/sudoers/test12.in,
6692: plugins/sudoers/regress/sudoers/test12.out.ok,
6693: plugins/sudoers/regress/sudoers/test12.toke.ok,
6694: plugins/sudoers/regress/sudoers/test13.in,
6695: plugins/sudoers/regress/sudoers/test13.out.ok,
6696: plugins/sudoers/regress/sudoers/test13.toke.ok,
6697: plugins/sudoers/regress/sudoers/test9.in,
6698: plugins/sudoers/regress/sudoers/test9.out.ok,
6699: plugins/sudoers/regress/sudoers/test9.toke.ok,
6700: plugins/sudoers/regress/sudoers/test9.toke.out.ok:
6701: Tests for empty sudoers (should parse OK) and syntax errors within a
6702: line (should report correct line number) both with and without the
6703: trailing newline.
6704: [d57c879c4718]
6705:
6706: * plugins/sudoers/regress/sudoers/test4.out.ok,
6707: plugins/sudoers/regress/sudoers/test5.out.ok,
6708: plugins/sudoers/regress/sudoers/test7.out.ok,
6709: plugins/sudoers/regress/sudoers/test8.out.ok,
6710: plugins/sudoers/testsudoers.c:
6711: Print line number when there is a parser error.
6712: [5444ef6ac6dc]
6713:
6714: 2011-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
6715:
6716: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
6717: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
6718: Keep track of the last token returned. On error, if the last token
6719: was COMMENT, decrement sudolineno since the error most likely
6720: occurred on the preceding line. Previously we always uses
6721: sudolineno-1 which will give the wrong line number for errors within
6722: a line.
6723: [d661a03a64da]
6724:
6725: 2011-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
6726:
6727: * NEWS:
6728: update with sudo 1.8.3p1 info
6729: [0f79ff31f602]
6730:
6731: * plugins/sudoers/sudoers.c:
6732: Fix crash when "sudo -g group -i" is run. Fixes bug 521
6733: [a3087ae337c4]
6734:
6735: 2011-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
6736:
6737: * plugins/sudoers/visudo.c:
6738: Make alias_remove_recursive() return TRUE/FALSE as its callers
6739: expect and remove two unused arguments. Fixes bug 519.
6740: [2ee3b2882844]
6741:
6742: * plugins/sudoers/regress/visudo/test1.out.ok,
6743: plugins/sudoers/regress/visudo/test1.sh:
6744: Add regress test for bugzilla 519
6745: [48000ebedf97]
6746:
6747: * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
6748: plugins/sudoers/regress/logging/check_wrap.c,
6749: plugins/sudoers/regress/parser/check_addr.c,
6750: plugins/sudoers/regress/parser/check_fill.c:
6751: Disable warning/error wrapping in regress tests.
6752: [373c589ba561]
6753:
6754: 2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
6755:
6756: * Makefile.in:
6757: Do compile-po as part of sync-po so that the .mo files get rebuild
6758: automatically when we sync with translationproject.org
6759: [83f3cbfc2f33]
6760:
6761: * plugins/sudoers/Makefile.in:
6762: check_addr needs to link with the network libraries on Solaris
6763: [322bd70e316e]
6764:
6765: * plugins/sudoers/match.c:
6766: When matching a RunasAlias for a runas group, pass the alias in as
6767: the group_list, not the user_list. From Daniel Kopecek.
6768: [766545edf141]
6769:
6770: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
6771: We need to init the auth system regardless of whether we need a
6772: password since we will be closing the PAM session in the monitor
6773: process. Fixes a crash in the monitor on Solaris; bugzilla #518
6774: [e82809f86fb3]
6775:
6776: 2011-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
6777:
6778: * src/exec.c:
6779: Get rid of done: label. If the child exits we still need to close
6780: the pty, update utmp and restore the SELinux tty context.
6781: [cc127bf48405]
6782:
6783: 2011-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
6784:
6785: * common/Makefile.in, common/atobool.c, common/fileops.c,
6786: common/fmt_string.c, common/lbuf.c, common/list.c,
6787: common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in,
6788: plugins/sudoers/alias.c, plugins/sudoers/audit.c,
6789: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
6790: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
6791: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
6792: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6793: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
6794: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
6795: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
6796: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
6797: plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
6798: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
6799: plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
6800: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
6801: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
6802: plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
6803: plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
6804: plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
6805: plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
6806: plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
6807: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
6808: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
6809: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6810: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
6811: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
6812: src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c,
6813: src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
6814: src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
6815: src/tgetpass.c, src/ttysize.c, src/utmp.c:
6816: Add debug_decl/debug_return (almost) everywhere. Remove old
6817: sudo_debug() and convert users to sudo_debug_printf().
6818: [8f3bbf907b67]
6819:
6820: * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c,
6821: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
6822: plugins/sudoers/visudo.c, src/error.c:
6823: Wrap error/errorx and warning/warningx functions with debug
6824: statements. Disable wrapping for standalone sudoers programs as well
6825: as memory allocation functions (to avoid infinite recursion).
6826: [562ed7b5ae8d]
6827:
6828: * README, config.h.in, configure, configure.in:
6829: Add checks for __func__ and __FUNCTION__ and mention that we now
6830: require a cpp that supports variadic macros.
6831: [314cfe4c5d23]
6832:
6833: * MANIFEST, common/Makefile.in, common/sudo_debug.c,
6834: include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c,
6835: src/load_plugins.c, src/parse_args.c, src/sudo.c,
6836: src/sudo_plugin_int.h:
6837: New debug framework for sudo and plugins using /etc/sudo.conf that
6838: also supports function call tracing.
6839: [cded741e9f10]
6840:
6841: 2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
6842:
6843: * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
6844: Update Japanese sudoers translation from translationproject.org
6845: [c24725775e32]
6846:
6847: 2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
6848:
6849: * configure, configure.in:
6850: Override and ignore the --disable-static option. Sudo already runs
6851: libtool with -tag=disable-static where applicable and we need non-
6852: PIC objects to build the executables.
6853: [aff1227b853a]
6854:
6855: 2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
6856:
6857: * NEWS:
6858: Add sudoedit fix
6859: [74655c7ccad1]
6860:
6861: * plugins/sudoers/po/sudoers.pot:
6862: regen pot files
6863: [28d89a831ed3]
6864:
6865: * plugins/sudoers/env.c:
6866: Ignore set_logname (which is now the default) for sudoedit since we
6867: want the LOGNAME, USER and USERNAME environment variables to refer
6868: to the calling user since that is who the editor runs as. This
6869: allows the editor to find the user's startup files. Fixes bugzilla
6870: #515
6871: [6c5dddf5ff05]
6872:
6873: * plugins/sudoers/pwutil.c:
6874: Instead of trying to grow the buffer in make_grlist_item(), simply
6875: increase the total length, free the old buffer and allocate a new
6876: one. This is less error prone and saves us from having to adjust
6877: all the pointers in the buffer. This code path is only taken when
6878: there are groups longer than the length of the user field in struct
6879: utmp or utmpx, which should be quite rare.
6880: [5587dc8cffaf]
6881:
6882: * src/po/it.mo:
6883: Add Italian translation for sudo from translationproject.org
6884: [1b3dd886e7e3]
6885:
6886: * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
6887: src/po/ja.mo, src/po/ja.po:
6888: Japanese translation for sudo and sudoers from
6889: translationproject.org
6890: [c06dd866be6e]
6891:
6892: 2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
6893:
6894: * plugins/sudoers/Makefile.in:
6895: sudoreplay depends on timestr.lo too; from Mike Frysinger
6896: [b9e73214b2f1]
6897:
6898: 2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
6899:
6900: * plugins/sudoers/po/sudoers.pot:
6901: Regen sudoers pot file.
6902: [019588bafdb3]
6903:
6904: * NEWS:
6905: Update with latest sudo 1.8.3 news
6906: [6868042a88e9]
6907:
6908: * plugins/sudoers/sudoers.c:
6909: It appears that LDAP or NSS may modify the euid so we need to be
6910: root for the open(). We restore the old perms at the end of
6911: sudoers_policy_open().
6912: [2da67a5497ef]
6913:
6914: * plugins/sudoers/set_perms.c:
6915: Better warning message on setuid() failure for the setreuid()
6916: version of set_perms().
6917: [07abcfe7bd9a]
6918:
6919: 2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
6920:
6921: * plugins/sudoers/check.c:
6922: Delref auth_pw at the end of check_user() instead of getting a ref
6923: twice.
6924: [cb665f55e6a5]
6925:
6926: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c:
6927: Make sudo_auth_{init,cleanup} return TRUE on success and check for
6928: sudo_auth_init() return value in check_user().
6929: [92631c919356]
6930:
6931: * plugins/sudoers/auth/sudo_auth.c:
6932: Do not return without restoring permissions.
6933: [59ef40b6696a]
6934:
6935: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
6936: regen pot files
6937: [9f320a340b7c]
6938:
6939: * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
6940: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
6941: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6942: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
6943: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
6944: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
6945: plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
6946: plugins/sudoers/sudoers.h:
6947: Modify the authentication API such that the init and cleanup
6948: functions are always called, regardless of whether or not we are
6949: going to verify a password. This is needed for proper PAM session
6950: support.
6951: [19a53f3fb596]
6952:
6953: * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
6954: Add missing dependency for getspwuid.lo and regen other depends.
6955: [f7f70eae819a]
6956:
6957: * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
6958: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c:
6959: Fix a PAM_USER mismatch in session open/close. We update PAM_USER
6960: to the target user immediately before setting resource limits, which
6961: is after the monitor process has forked (so it has the old value).
6962: Also, if the user did not authenticate, there is no pamh in the
6963: monitor so we need to init pam here too. This means we end up
6964: calling pam_start() twice, which should be fixed, but at least the
6965: session is always properly closed now.
6966: [fbc063a2a872]
6967:
6968: * src/utmp.c:
6969: Add check for old being NULL in utmp_setid(); from Steven McDonald
6970: [e87126442f2e]
6971:
6972: 2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
6973:
6974: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
6975: plugins/sudoers/sudoers.h:
6976: If the invoking user cannot be resolved by uid fake the struct
6977: passwd and store it in the cache so we can delref it on exit.
6978: [a27e2f8b9f5e]
6979:
6980: 2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
6981:
6982: * plugins/sudoers/sudoers.c:
6983: Don't error out if the group plugin cannot be loaded, just warn.
6984: [0fbfcd381e33]
6985:
6986: 2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
6987:
6988: * plugins/sudoers/sudoers.c:
6989: Quiet a false positive found by several static analysis tools. These
6990: tools don't know that log_error() does not return (it longjmps to
6991: error_jmp which returns to the sudo front-end).
6992: [33d0469df21b]
6993:
6994: 2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
6995:
6996: * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo,
6997: plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
6998: plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po:
6999: Add Italian translation for sudo from translationproject.org Regen
7000: .mo files
7001: [c3c888a82be6]
7002:
7003: 2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
7004:
7005: * doc/TROUBLESHOOTING:
7006: Update to current reality and add bit about ssh auth
7007: [184a1e7c2eeb]
7008:
7009: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
7010: Make "verbose" static; fixes a namespace clash with
7011: pam_ssh_agent_auth (and it doesn't need to be extern these days).
7012: [cc38d2eb2f4c]
7013:
7014: * config.h.in, configure, configure.in, src/get_pty.c:
7015: FreeBSD has libutil.h not util.h
7016: [dab4c94b6d4f]
7017:
7018: * configure, configure.in:
7019: Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
7020: [41c362f0a92a]
7021:
7022: 2011-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
7023:
7024: * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po,
7025: plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po,
7026: plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po:
7027: Update po files from translationproject.org
7028: [1e99e147c7fa]
7029:
7030: 2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
7031:
7032: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
7033: Add support for DEREF in ldap.conf.
7034: [3c1937a98547]
7035:
7036: * Makefile.in:
7037: install target should depend on ChangeLog too, not just install-doc
7038: [1a7c83941175]
7039:
7040: * doc/sudoers.pod:
7041: Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
7042: [0eca47d60a2c]
7043:
7044: * NEWS:
7045: Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes.
7046: [0501415cc5ff]
7047:
7048: * doc/UPGRADE:
7049: Document group lookup change and possible side effects.
7050: [585743e1ebf7]
7051:
7052: * configure, configure.in:
7053: Fix some square brackets in case statements that needed to be
7054: doubled up. While here, use $OSMAJOR when it makes sense.
7055: [8973343f4696]
7056:
7057: * plugins/sudoers/pwutil.c:
7058: Fix a crash in make_grlist_item() on 64-bit machines with strict
7059: alignment.
7060: [c89508c73c46]
7061:
7062: * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
7063: Remove list_options() function that is no longer used now that "sudo
7064: -L" is gone.
7065: [fcc6a776c135]
7066:
7067: * configure, configure.in:
7068: Error message if user tries --with-CC
7069: [ec5b478f813a]
7070:
7071: * configure, configure.in:
7072: Check for -libmldap too when looking for ldap libs, which is the
7073: Tivoli Directory Server client library.
7074: [bb3007a97206]
7075:
7076: 2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
7077:
7078: * plugins/sudoers/parse.c:
7079: Honor NOPASSWD tag for denied commands too.
7080: [8dd92656db92]
7081:
7082: 2011-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
7083:
7084: * INSTALL, configure, configure.in:
7085: Remove --with-CC option; it doesn't work correctly now that we use
7086: libtool. Users can get the same effect by setting the CC
7087: environment variable when running configure.
7088: [ec22bd1a55e0]
7089:
7090: 2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
7091:
7092: * config.h.in, configure, configure.in, plugins/sudoers/visudo.c,
7093: src/sudo_edit.c:
7094: Assume all modern systems support fstat(2).
7095: [6a5a8985f6a0]
7096:
7097: 2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
7098:
7099: * compat/regress/glob/globtest.c, config.h.in, configure,
7100: configure.in, include/missing.h, plugins/sudoers/sudoers.h,
7101: src/sudo.h, src/sudo_noexec.c:
7102: Add configure test for missing errno declaration and only declare it
7103: ourselves if it is missing.
7104: [456e76c809a2]
7105:
7106: * plugins/sudoers/alias.c:
7107: Include errno.h before sudo.h to avoid conflicting with the system
7108: definition of errno.
7109: [d0b97e392512]
7110:
7111: 2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
7112:
7113: * plugins/sudoers/regress/parser/check_addr.c:
7114: Only print individual check status when there is a failure.
7115: [2ac704c91441]
7116:
7117: * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
7118: plugins/sudoers/regress/logging/check_wrap.c,
7119: plugins/sudoers/regress/parser/check_addr.c:
7120: Add calls to setprogname() for test programs.
7121: [a8d9b420e826]
7122:
7123: * configure, configure.in:
7124: Add -Wall and -Werror after all tests so they don't cause failures.
7125: [2661188ff3fa]
7126:
7127: * plugins/sudoers/Makefile.in:
7128: Actually run check_addr in the check target
7129: [0b2778bc86bf]
7130:
7131: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
7132: plugins/sudoers/match_addr.c,
7133: plugins/sudoers/regress/parser/check_addr.c,
7134: plugins/sudoers/regress/parser/check_addr.in:
7135: Split out address matching into its own file and add regression
7136: tests for it.
7137: [12b9a2bf8dba]
7138:
7139: 2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
7140:
7141: * plugins/sudoers/match.c:
7142: When matching an address with a netmask in sudoers, AND the mask and
7143: addr before checking against the local addresses.
7144: [9747bb6d7b1c]
7145:
7146: 2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
7147:
7148: * plugins/sudoers/match.c:
7149: Fix netmask matching.
7150: [a3c8f8cc1464]
7151:
7152: * plugins/sudoers/visudo.c:
7153: Don't assume all editors support the +linenumber command line
7154: argument, use a whitelist of known good editors.
7155: [21d43a91fd10]
7156:
7157: 2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
7158:
7159: * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c,
7160: src/exec_pty.c, src/sudo.c:
7161: Silence compiler warnings on Solaris with gcc 3.4.3
7162: [da620bae6fdb]
7163:
7164: * mkpkg:
7165: Fix building on RHEL 3
7166: [f3227fb2a252]
7167:
7168: * INSTALL, configure, configure.in:
7169: Add --enable-werror configure option.
7170: [fec2cdb95543]
7171:
7172: * common/setgroups.c:
7173: setgroups() proto lives in grp.h on RHEL4, perhaps others.
7174: [de91c0de5a98]
7175:
7176: * configure, configure.in:
7177: Use PAM by default on AIX 6 and higher.
7178: [e16493208e5f]
7179:
7180: 2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
7181:
7182: * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
7183: src/po/eo.mo, src/po/eo.po:
7184: Add new Esperanto translation from translationproject.org
7185: [0d9a59e04c64]
7186:
7187: 2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
7188:
7189: * plugins/sudoers/iolog_path.c:
7190: Quiet an innocuous valgrind warning.
7191: [0582b6027161]
7192:
7193: 2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
7194:
7195: * plugins/sudoers/iolog_path.c,
7196: plugins/sudoers/regress/iolog_path/data:
7197: Fix expansion of strftime() escapes in log_dir and add a regress
7198: test that exhibited the problem.
7199: [a5c7c1c4c589]
7200:
7201: * plugins/sudoers/Makefile.in:
7202: Fix "make check" return value.
7203: [33b58e175230]
7204:
7205: 2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
7206:
7207: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
7208: Regen pot files
7209: [063841aac19b]
7210:
7211: * Makefile.in:
7212: Fix logic inversion in pot file up to date check.
7213: [f6a8ca8654df]
7214:
7215: 2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
7216:
7217: * configure, configure.in:
7218: Add caching for gettext() checks.
7219: [01b7200f6105]
7220:
7221: * configure, configure.in:
7222: Better handling of libintl header and library mismatch.
7223: [9a49b1d4db69]
7224:
7225: 2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
7226:
7227: * plugins/sudoers/sudoers.c:
7228: Also check sudoers gid if sudoers is group writable.
7229: [23ef96ca0d33]
7230:
7231: 2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
7232:
7233: * configure, configure.in:
7234: If dlopen is present but libtool doesn't find it, error out since it
7235: probably means that libtool doesn't support the system.
7236: [a9da0a5f7941]
7237:
7238: * mkpkg:
7239: configure args on the command line should override builtin defaults.
7240: Disable NLS for non-Linux/Solaris unless explicitly enabled.
7241: [b2fb05614504]
7242:
7243: * plugins/sudoers/auth/aix_auth.c:
7244: Fix loop that calls authenticate(). If there was an error message
7245: from authenticate(), display it.
7246: [063a0c4f0b9a]
7247:
7248: 2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
7249:
7250: * m4/libtool.m4, m4/ltversion.m4:
7251: Update to autoconf 2.68 and libtool 2.4
7252: [5a912a6eb67b]
7253:
7254: * config.guess, config.sub, configure, configure.in, ltmain.sh:
7255: Update to autoconf 2.68 and libtool 2.4
7256: [931ab56aecf6]
7257:
7258: * doc/sudoers.pod:
7259: Fix typo; OPT should be OTP
7260: [e97bd2e46544]
7261:
7262: * plugins/sudoers/Makefile.in:
7263: Rename libsudoers convenience library to libparsesudoers to avoid
7264: libtool confusion.
7265: [2a89a613f537]
7266:
7267: 2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
7268:
7269: * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
7270: Add Danish sudoers translation from translationproject.org
7271: [27b96e85eb13]
7272:
7273: * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
7274: Add dedicated callback function for runas_default sudoers setting
7275: that only sets runas_pw if no runas user or group was specified by
7276: the user.
7277: [b8382d8eea34]
7278:
7279: 2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
7280:
7281: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
7282: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
7283: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo,
7284: src/po/ru.po:
7285: Update Finish, Polish, Russian and Ukrainian translations from
7286: translationproject.org.
7287: [f9339aff664e]
7288:
7289: * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c,
7290: plugins/sudoers/testsudoers.c:
7291: Go back to using a callback for runas_default to keep runas_pw in
7292: sync. This is needed to make per-entry runas_default settings work
7293: with LDAP-based sudoers. Instead of declaring it a callback in
7294: def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
7295: bit naughty, but avoids requiring stub functions in visudo and the
7296: tests.
7297: [9aaefb908415]
7298:
7299: 2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
7300:
7301: * Makefile.in:
7302: Add check for out of date message catalogs when doing "make dist".
7303: [e45a29b612f4]
7304:
7305: 2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
7306:
7307: * configure:
7308: regen
7309: [d6f9ad26774a]
7310:
7311: * configure.in:
7312: Make sure compiler supports static-libgcc before using it.
7313: [b01bd9566e50]
7314:
7315: 2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
7316:
7317: * src/Makefile.in:
7318: Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
7319: [c99c7ab3edef]
7320:
7321: 2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
7322:
7323: * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
7324: plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo,
7325: plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po,
7326: src/po/zh_CN.mo:
7327: Add new Russian sudo translation from translationproject.org and
7328: rebuild the other translation files.
7329: [e20015459056]
7330:
7331: 2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
7332:
7333: * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po:
7334: Update Finish and Polish translations from translationproject.org
7335: [4e3dbba4a1de]
7336:
7337: * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:
7338: Go back to escaping the command args for "sudo -i" and "sudo -s"
7339: before calling the plugin. Otherwise, spaces in the command args
7340: are not treated properly. The sudoers plugin will unescape non-
7341: spaces to make matching easier.
7342: [dfa2c4636f33]
7343:
7344: 2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
7345:
7346: * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c,
7347: plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
7348: plugins/sudoers/set_perms.c, plugins/sudoers/toke.c,
7349: plugins/sudoers/toke.l:
7350: Fix some potential problems found by the clang static analyzer, none
7351: serious.
7352: [ff64aa74aae6]
7353:
7354: * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po,
7355: src/po/zh_CN.po:
7356: Updated Ukranian and Chinese (simplified) po files from
7357: translationproject.org
7358: [ec792becb48e]
7359:
7360: 2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
7361:
7362: * plugins/sudoers/po/pl.po:
7363: Updated Polish translation from translationproject.org
7364: [a3af53cb649c]
7365:
7366: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
7367: Rebuild pot files
7368: [c650524c0f0a]
7369:
7370: * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c:
7371: Don't try to audit failure if the runas user does not exist. We
7372: don't have the user's command at this point so there is nothing to
7373: audit. Add a NULL check in audit_success() and audit_failure() just
7374: to be on the safe side.
7375: [2a0007c2022f]
7376:
7377: * mkpkg:
7378: Add -g to CFLAG for PIE builds.
7379: [32a0a9693c9c]
7380:
7381: 2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
7382:
7383: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
7384: plugins/sudoers/sudoers.h, src/sudo.c:
7385: Remove fallback to per-group lookup when matching groups in sudoers.
7386: The sudo front-end will now use getgrouplist() to get the user's
7387: list of groups if getgroups() fails or returns zero groups so we
7388: always have a list of the user's groups. For systems with
7389: mbr_check_membership() which support more that NGROUPS_MAX groups
7390: (Mac OS X), skip the call to getgroups() and use getgrouplist() so
7391: we get all the groups.
7392: [51b3ed8c600b]
7393:
7394: 2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
7395:
7396: * common/setgroups.c:
7397: Fix setgroups() fallback code on EINVAL.
7398: [2b6faecd56a4]
7399:
7400: * plugins/sudoers/set_perms.c:
7401: Fix two PERM_INITIAL cases that were still using user_gids.
7402: [9680bab0acc6]
7403:
7404: * MANIFEST:
7405: Add Polish sudo message catalog
7406: [8bb40c3ba576]
7407:
7408: * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
7409: user_group is no longer used, remove it
7410: [9acede0fe6c5]
7411:
7412: 2011-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
7413:
7414: * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po:
7415: Add Polish translation from translationproject.org
7416: [afac5c638573]
7417:
7418: * MANIFEST, common/Makefile.in, common/setgroups.c,
7419: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c,
7420: src/sudo.h, src/sudo_edit.c:
7421: Add a wrapper for setgroups() that trims off extra groups and
7422: retries if setgroups() fails. Also add some missing addrefs for
7423: PERM_USER and PERM_FULL_USER.
7424: [224dfd8aae5c]
7425:
7426: * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in,
7427: configure, configure.in, include/missing.h, mkdep.pl,
7428: plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
7429: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
7430: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c:
7431: Instead of keeping separate groups and gids arrays, create struct
7432: group_info and use it to store both, along with a count for each.
7433: Cache group info on a per-user basis using getgrouplist() to get the
7434: groups. We no longer need special to special case the user or list
7435: user for user_in_group() and thus no longer need to reset the groups
7436: list when listing another user.
7437: [0ad849a8b2d5]
7438:
7439: * src/preload.c:
7440: Don't rely on NULL since we don't include a header for it.
7441: [b40937f1890c]
7442:
7443: 2011-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
7444:
7445: * doc/sudoers.pod:
7446: Fix typo
7447: [c1035360e169]
7448:
7449: 2011-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
7450:
7451: * plugins/sudoers/sudoers.c:
7452: Do not shadow global sudo_mode with a local variable in set_cmnd()
7453: [0c72969503ad]
7454:
7455: 2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
7456:
7457: * plugins/sudoers/sudoers.c:
7458: bash 2.x doesd not support the -l flag and exits with an error if it
7459: is specified so use --login instead. This causes an error with bash
7460: 1.x (which uses -login instead) but this version is hopefully less
7461: used than 2.x.
7462: [5c4c296e30e6]
7463:
7464: * src/po/pl.mo, src/po/pl.po:
7465: Add Polish translation from translationproject.org
7466: [48592dd6edcf]
7467:
7468: 2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
7469:
7470: * plugins/sudoers/set_perms.c:
7471: Make error strings translatable.
7472: [414c5c484768]
7473:
7474: * mkpkg:
7475: Only run configure with --with-pam-login for RHEL 5 and above.
7476: [6c16e4de4026]
7477:
7478: * sudo.pp:
7479: Fix typo in summary
7480: [9ac618c9a749]
7481:
7482: 2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
7483:
7484: * plugins/sudoers/logwrap.c:
7485: Add missing logwrap.c
7486: [c12a413ecc1d]
7487:
7488: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
7489: plugins/sudoers/logging.h,
7490: plugins/sudoers/regress/logging/check_wrap.c,
7491: plugins/sudoers/regress/logging/check_wrap.in,
7492: plugins/sudoers/regress/logging/check_wrap.out.ok:
7493: Split out log file word wrap code into its own file and add unit
7494: tests. Fixes an off-by one in the word wrap when the log line
7495: length matches loglinelen.
7496: [52ed277f6690]
7497:
7498: 2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
7499:
7500: * mkpkg:
7501: For SuSE, only use /usr/lib64 as libexec if generating 64-bit
7502: binaries.
7503: [645ab903cf77]
7504:
7505: * src/load_plugins.c, src/sudo.c:
7506: Fix build error when --without-noexec configure option is used.
7507: [b994f7b0d8b4]
7508:
7509: * configure, configure.in:
7510: Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX
7511: 5.3 and above.
7512: [c2a6f9b472f3]
7513:
7514: 2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
7515:
7516: * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
7517: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
7518: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
7519: Resolve the list of gids passed in from the sudo frontend (the
7520: result of getgroups()) to names and store both the group names and
7521: ids in the sudo_user struct. When matching groups in the sudoers
7522: file, match based on the names in the groups list first and only do
7523: a gid-based match when we absolutely have to. By matching on the
7524: group name (as it is listed in sudoers) instead of id (which we
7525: would have to resolve) we save a lot of group lookups for sudoers
7526: files with a lot of groups in them.
7527: [8dc19353f148]
7528:
7529: 2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
7530:
7531: * plugins/sudoers/sudoers.c:
7532: Workaround for "sudo -i command" and newer versions of bash which
7533: don't go into login mode when -c is specified unless -l is too.
7534: [9393762b80f3]
7535:
7536: 2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
7537:
7538: * plugins/sudoers/logging.c:
7539: Rewrite logfile word wrapping code to be more straight-forward and
7540: actually wrap at the correct place.
7541: [f712a0c90f55]
7542:
7543: 2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
7544:
7545: * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c:
7546: Set use_pty=true in command details when use_pty is set in sudoers.
7547: From Ludwig Nussel
7548: [8d95a163dfc1]
7549:
7550: 2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
7551:
7552: * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
7553: src/po/zh_CN.mo, src/po/zh_CN.po:
7554: Sync Chinese (simplified) PO files from translationproject.org
7555: [acce8eb7be18]
7556:
7557: 2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
7558:
7559: * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
7560: plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo:
7561: Add Danish translation from translationproject.org and add missing
7562: Basque mo files.
7563: [0c22bb21b9c4]
7564:
7565: * Makefile.in, configure, configure.in:
7566: No longer need to specify LINGUAS in configure, "make install-nls"
7567: now just installs all the .mo files it finds.
7568: [fcd45cf04885]
7569:
7570: 2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
7571:
7572: * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod:
7573: Build CONTRIBUTORS from newly-added contributors.pod
7574: [8b192f2720f4]
7575:
7576: * doc/CONTRIBUTORS:
7577: Rework the wording in the leading paragraph
7578: [312044145cdd]
7579:
7580: 2011-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
7581:
7582: * MANIFEST, doc/CONTRIBUTORS:
7583: Add a CONTRIBUTORS file with the names of folks who have contributed
7584: code or patches to sudo since I started maintaining it (plus the
7585: original authors).
7586: [b8bdd8b59528]
7587:
7588: 2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
7589:
7590: * plugins/sudoers/env.c:
7591: Preserve SHELL variable for "sudo -s". Otherwise we can end up with
7592: a situation where the SHELL variable and the actual shell being run
7593: do not match.
7594: [b8b3974aee3e]
7595:
7596: 2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
7597:
7598: * configure, configure.in:
7599: Only enable Solaris project support when setproject() is present in
7600: libproject.
7601: [49ad7857ab89]
7602:
7603: * sudo.pp:
7604: Explicitly set mode and owner of /etc/sudoers instead of relying on
7605: "cp -p" to work in the postinstall script. On AIX 6.1 at least the
7606: postinstall script runs before the final file permissions are set.
7607: [e41ffc0212b2]
7608:
7609: 2011-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
7610:
7611: * doc/sudo.pod, doc/sudoers.pod:
7612: Refer the user to the "Command Environment" section in description
7613: of sudo's -i option.
7614: [263cc3be7eef]
7615:
7616: * doc/sudo.pod:
7617: Fix typo
7618: [35dfac450f4d]
7619:
7620: 2011-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
7621:
7622: * mkdep.pl:
7623: If there is no old dependency for an object file, use the MANIFEST
7624: to find its source.
7625: [d15e3b9899f9]
7626:
7627: * compat/Makefile.in:
7628: Remove dependency for getgrouplist.lo as we don't ship that source
7629: file.
7630: [312a6d5fe6b0]
7631:
7632: 2011-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
7633:
7634: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
7635: Do not declare yyparse() static as the actual function generated by
7636: yacc is extern.
7637: [9017b79dcf55]
7638:
7639: 2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
7640:
7641: * Makefile.in:
7642: Remove locale files in "make uninstall"
7643: [201ff261ecbe]
7644:
7645: * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
7646: plugins/sudoers/po/uk.po, src/po/eu.po:
7647: Add Basque translation and sync Finish and Ukranian translations.
7648: [66d2c78c8a13]
7649:
7650: * configure, configure.in:
7651: FreeBSD no longer needs the main sudo binary to link with -lpam now
7652: that plug-ins are loaded with RTLD_GLOBAL.
7653: [96c710df2457]
7654:
7655: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
7656: Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
7657: problems with pam modules not having access to symbols provided by
7658: libpam on some platforms. Affects FreeBSD and SLES 10 at least.
7659: [0d016983ec84]
7660:
7661: * Makefile.in:
7662: Move xgettext invocation out of update-po target into update-pot
7663: [19a73c6d017c]
7664:
7665: 2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
7666:
7667: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
7668: Regenerate .pot files for 1.8.2rc2
7669: [c3037f591dd8]
7670:
7671: * Makefile.in, common/Makefile.in, compat/Makefile.in,
7672: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
7673: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
7674: src/Makefile.in, zlib/Makefile.in:
7675: Move nls targets to the top level Makefile so the paths in the pot
7676: file are saner
7677: [65b9285cd8d9]
7678:
7679: * src/po/fi.mo:
7680: Add compiled version of sudo Finish translation
7681: [8f2405384ea3]
7682:
7683: * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo:
7684: Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
7685: files
7686: [a165e70fa9ec]
7687:
7688: * configure, configure.in, plugins/sudoers/po/fi.po:
7689: Add Finish translation from translationproject.org
7690: [4466f8a96ceb]
7691:
7692: 2011-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
7693:
7694: * doc/sudoers.pod:
7695: The group named by exempt_group should not have a % prefix.
7696: [df084d6b32c8]
7697:
7698: 2011-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
7699:
7700: * doc/sudoers.pod:
7701: Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
7702: [5113699a3f8b]
7703:
7704: 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
7705:
7706: * src/exec.c, src/exec_pty.c:
7707: Fix compressed io log corruption in background mode by using _exit()
7708: instead of exit() to avoid flushing buffers twice.
7709:
7710: Improved background mode support. When not allocating a pty, the
7711: command is run in its own process group. This prevents write access
7712: to the tty. When running in a pty, stdin is not hooked up and we
7713: never read from /dev/tty, which results in similar behavior.
7714: [87c15149894c]
7715:
7716: * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
7717: Clean up regress files Generate proper dependencies for regress objs
7718: in compat
7719: [88bfc728c1e7]
7720:
7721: * plugins/sudoers/Makefile.in:
7722: Add missing dependency for check_fill.o.
7723: [0bd6362e3e17]
7724:
7725: 2011-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
7726:
7727: * INSTALL, configure, configure.in:
7728: Add support for --enable-nls[=location]
7729: [b90db44a050f]
7730:
7731: 2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
7732:
7733: * plugins/sudoers/linux_audit.c:
7734: Include gettext.h
7735: [7f909a6e48cb]
7736:
7737: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
7738: Quiet gcc warnings.
7739: [b41a6cdca583]
7740:
7741: * configure, configure.in:
7742: Don't install .mo files if gettext was not found.
7743: [1397b34cc165]
7744:
7745: 2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
7746:
7747: * src/exec.c:
7748: Always allocate a pty when running a command in the background but
7749: call setsid() after forking to make sure we don't end up with a
7750: controlling tty.
7751: [b6454ba172e8]
7752:
7753: * plugins/sudoers/iolog.c:
7754: Add missing space between command name and the first command line
7755: argument.
7756: [fe217f0a36d4]
7757:
7758: * plugins/sudoers/sudoreplay.c:
7759: Quiet a compiler warning on some platforms.
7760: [de9f2849f236]
7761:
7762: * plugins/sudoers/po/README, src/po/README:
7763: README file that directs people to translationproject.org
7764: [30c0fc323281]
7765:
7766: * plugins/sudoers/po/uk.po, src/po/fi.po:
7767: Sync translations with TP
7768: [1d7d64559cba]
7769:
7770: * Makefile.in:
7771: Add 'sync-po' target to top-level Makefile to rsync the po files
7772: from translationproject.org.
7773: [20508211aaa3]
7774:
7775: * plugins/sudoers/Makefile.in:
7776: install nls files from install target
7777: [5fc07b6cab38]
7778:
7779: * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp:
7780: Include .mo files in sudo binary packags.
7781: [278d4821a916]
7782:
7783: * configure, configure.in, plugins/sudoers/po/zh_CN.mo,
7784: plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po:
7785: Add simplified chinese translation
7786: [2b33ffc755b9]
7787:
7788: 2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
7789:
7790: * configure, configure.in, plugins/sudoers/po/uk.mo,
7791: plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po:
7792: Add ukranian translation
7793: [2d8102688e93]
7794:
7795: * compat/Makefile.in:
7796: refer to siglist.c, not ./siglist.c since not all makes will treat
7797: foo and ./foo the same.
7798: [6639d293ffba]
7799:
7800: * plugins/sudoers/sudoers.c:
7801: Set def_preserve_groups before searching for the command when the -P
7802: flag is specified.
7803: [0edc7942f875]
7804:
7805: * Makefile.in, compat/Makefile.in, mkdep.pl,
7806: plugins/sudoers/Makefile.in:
7807: Add dependency for siglist.lo in compat. This is a generated file
7808: so "make depend" needs to depend on it.
7809: [28d0932f8b50]
7810:
7811: * compat/Makefile.in:
7812: More dependency fixes.
7813: [aad0d05cd020]
7814:
7815: * compat/Makefile.in:
7816: Fix a few dependencies.
7817: [eb21aa35a032]
7818:
7819: * plugins/sudoers/Makefile.in, src/Makefile.in:
7820: Place compiled mo files in the src dir, not the build dir. When
7821: installing compiled mo files, display a status message.
7822: [e15634c29cd3]
7823:
7824: 2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
7825:
7826: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
7827: Tivoli Directory Server requires that seconds be present in a
7828: timestamp, even though RFC 4517 states that they are optional.
7829: [55fe23dd4ef9]
7830:
7831: * plugins/sudoers/sudo_nss.h:
7832: Add missing bit of copyright
7833: [d2eba3c364ca]
7834:
7835: * doc/visudo.pod:
7836: Mention cycle detection warnings
7837: [a76bef15ab67]
7838:
7839: * plugins/sudoers/visudo.c:
7840: When checking aliases, also check the contents of the alias in case
7841: there are problems with an alias that is referenced inside another.
7842: Replace the self reference check with real alias cycle detection.
7843: [a66c904cf53b]
7844:
7845: * plugins/sudoers/alias.c:
7846: Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
7847: ENOENT in alias_find() and alias_remove() if the entry could not be
7848: found.
7849: [b4f0b89e433c]
7850:
7851: * plugins/sudoers/visudo.c:
7852: Increment alias_seqno before calls to alias_remove_recursive() to
7853: avoid false positives with the alias loop detection. Fixes spurious
7854: warnings about unused aliases when they are nested.
7855: [a344483b8193]
7856:
7857: * MANIFEST:
7858: add mkdep.pl
7859: [86b7ed33eab2]
7860:
7861: * plugins/sudoers/Makefile.in:
7862: Add dependency on convenience libs to binaries
7863: [cd3078b3c997]
7864:
7865: * Makefile.in:
7866: mkdep.pl only works when run from the src dir
7867: [f35a5e47c944]
7868:
7869: * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl,
7870: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
7871: plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
7872: Auto-generate Makefile dependencies with a perl script.
7873: [a3e4afcd7975]
7874:
7875: 2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
7876:
7877: * plugins/sudoers/match.c:
7878: If the user specifies a runas group via sudo's -g option that
7879: matches the runas user's group in the passwd database and that group
7880: is not denied in the Runas_Spec, allow it. Thus, if user root's gid
7881: in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
7882: no groups are present in the Runas_Spec.
7883: [e3f9732dc564]
7884:
7885: 2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
7886:
7887: * plugins/sudoers/Makefile.in, src/Makefile.in:
7888: Add dependencies on gettext.h
7889: [a3a9dc51f78b]
7890:
7891: * plugins/sudoers/Makefile.in, src/Makefile.in:
7892: Fix install-nls target with HP-UX sh when gettext is not present.
7893: [0c6b9655cd41]
7894:
7895: 2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
7896:
7897: * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot,
7898: src/Makefile.in, src/po/sudo.pot:
7899: regenerate .pot files for lbuf changes
7900: [918ded125a0b]
7901:
7902: * configure, configure.in:
7903: Add missing "checking" message for gettext when using the cache.
7904: [9c21187ad1d2]
7905:
7906: * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c,
7907: plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c,
7908: src/parse_args.c:
7909: Add primitive format string support to the lbuf code to make
7910: translations simpler.
7911: [ee71c7ef5299]
7912:
7913: * MANIFEST, plugins/sudoers/Makefile.in,
7914: plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot:
7915: Add message catalog template files for sudo and the sudoers module.
7916: [f3f8acb1f014]
7917:
7918: * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c,
7919: config.h.in, configure.in, doc/Makefile.in, include/gettext.h,
7920: plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
7921: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
7922: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
7923: src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h:
7924: Add gettext.h convenience header. This is similar to but distinct
7925: from the one included with the gettext package.
7926: [930a0591f73c]
7927:
7928: 2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
7929:
7930: * configure, configure.in:
7931: Add checks for nroff -c and -Tascii flags
7932: [19ca990b3149]
7933:
7934: * configure, configure.in:
7935: Add check for HP bundled C Compiler (which cannot create shared
7936: libs)
7937: [517716a7072d]
7938:
7939: * plugins/sudoers/sudoreplay.c:
7940: Fix C format warnings.
7941: [6514326013fa]
7942:
7943: * include/error.h:
7944: Add __printflike
7945: [e1749a30a406]
7946:
7947: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
7948: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c,
7949: plugins/sudoers/visudo.c, src/parse_args.c:
7950: Translate help / usage strings.
7951: [ee1cc9b1a8bd]
7952:
7953: * plugins/sudoers/Makefile.in, src/Makefile.in:
7954: Set --msgid-bugs-address to the bugzilla url
7955: [5a0aa250ca21]
7956:
7957: * Makefile.in, common/Makefile.in, compat/Makefile.in, configure,
7958: configure.in, doc/Makefile.in, include/Makefile.in,
7959: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
7960: plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
7961: Add scaffolding to update .po files and install .mo files.
7962: [f05f4eed1fe1]
7963:
7964: * doc/license.pod:
7965: update copyright year
7966: [fa0c62523875]
7967:
7968: * INSTALL, README:
7969: No need to include version number at the top of these files.
7970: [9f2981325351]
7971:
7972: 2011-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
7973:
7974: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c,
7975: plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
7976: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
7977: plugins/sudoers/visudo.c:
7978: Minor warning/error cleanup
7979: [9236dc85aeab]
7980:
7981: * config.h.in, configure.in:
7982: Emulate ngettext for the non-nls case
7983: [13571d63fa36]
7984:
7985: * plugins/sudoers/ldap.c:
7986: Do not mark untranslatable strings for translation
7987: [735f5d4413fe]
7988:
7989: * plugins/sudoers/check.c:
7990: Use ROOT_UID not 0.
7991: [09a268db8da4]
7992:
7993: * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
7994: plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c,
7995: src/load_plugins.c, src/sudo.c, src/sudo_edit.c:
7996: Minor warning/error message cleanup
7997: [3c7b1a7939b5]
7998:
7999: * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c,
8000: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
8001: plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
8002: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c,
8003: src/exec_pty.c, src/net_ifs.c, src/selinux.c:
8004: cannot -> "unable to" in warning/error messages
8005: [31c3897649e9]
8006:
8007: * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c,
8008: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
8009: plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c,
8010: src/sudo.c, src/utmp.c:
8011: can't -> "unable to" in warning/error messages
8012: [127b75f15291]
8013:
8014: * configure, configure.in:
8015: FreeBSD needs the main sudo executable to link with -lpam when
8016: loading dynaic pam modules for some reason.
8017: [944522cc9bef]
8018:
8019: 2011-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
8020:
8021: * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c:
8022: We don't want to translate debugging messages.
8023: [56a1a365815a]
8024:
8025: * configure, configure.in, plugins/sudoers/Makefile.in,
8026: plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
8027: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
8028: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
8029: src/Makefile.in, src/sesh.c, src/sudo.c:
8030: Add calls to bindtextdomain() and textdomain() Currently there are
8031: two domains, one for the sudo front-end and one for the sudoers
8032: plugin and its associated utilities.
8033: [0426138f789e]
8034:
8035: * configure, configure.in:
8036: Fix caching of libc gettext check.
8037: [942142d2c43a]
8038:
8039: * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c,
8040: plugins/sudoers/mkdefaults:
8041: Mark defaults descriptions for translation
8042: [5b27f018e6cf]
8043:
8044: * NEWS:
8045: Update for sudo 1.8.1p2
8046: [747c4dee2ca7]
8047:
8048: 2011-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
8049:
8050: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8051: Quiet compiler warning when SELinux is enabled.
8052: [1fbf77dda240]
8053:
8054: * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
8055: src/error.c, src/net_ifs.c, src/sesh.c:
8056: Add missing includes of libintl.h.
8057: [bc1d66316082]
8058:
8059: * plugins/sudoers/auth/pam.c:
8060: Fix gettext marker.
8061: [a5cf4ed66c66]
8062:
8063: * common/aix.c, common/alloc.c, compat/strsignal.c,
8064: plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h:
8065: Include libint.h where needed.
8066: [2b0e5a663c7b]
8067:
8068: * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c,
8069: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
8070: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c,
8071: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
8072: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
8073: plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
8074: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
8075: plugins/sudoers/find_path.c, plugins/sudoers/gram.c,
8076: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
8077: plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
8078: plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
8079: plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
8080: plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c,
8081: plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
8082: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
8083: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
8084: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
8085: plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
8086: Prepare sudoers module messages for translation.
8087: [7212ae1909c5]
8088:
8089: * plugins/sudoers/sudoers.c:
8090: Only check gid of sudoers file if it is group-readable.
8091: [50e3bc0cb242]
8092:
8093: * plugins/sudoers/auth/aix_auth.c:
8094: For AIX, keep calling authenticate() until reenter reaches 0.
8095: [e240815b74b1]
8096:
8097: 2011-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
8098:
8099: * configure, configure.in:
8100: Cache the status of the initial gettext() check.
8101: [32751ebe1704]
8102:
8103: * INSTALL, configure, configure.in:
8104: Add --disable-nls flag and improve checks for gettext.
8105: [c7e6b17052de]
8106:
8107: * configure, configure.in:
8108: When building with gcc on HP-UX, use -march=1.1 to produce portable
8109: binaries on a pa-risc2 host. Previously, the +Dportable option was
8110: used for the HP-UX C compiler but gcc always produced native
8111: binaries.
8112: [8f4c749324d7]
8113:
8114: 2011-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
8115:
8116: * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c,
8117: src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c,
8118: src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c,
8119: src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
8120: Prepare sudo front end messages for translation.
8121: [2fc2fabceccb]
8122:
8123: 2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
8124:
8125: * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c:
8126: Add initial scaffolding to support localization via gettext()
8127: [7d47b59fcf95]
8128:
8129: * compat/fnmatch.h, compat/glob.h:
8130: Don't let the fnmatch/glob macros expand the function prototype.
8131: [a9014aa0288e]
8132:
8133: 2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
8134:
8135: * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h:
8136: Resolve namespace collisions on HP-UX ia64 and possibly others by
8137: adding a rpl_ prefix to our fnmatch and glob replacements and
8138: #defining rpl_foo to foo in the header files.
8139: [caa9b690a15d]
8140:
8141: 2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
8142:
8143: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8144: Split ALL, ROLE and TYPE into their own actions. Since you can only
8145: have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
8146: the non-SELinux case. This is safe because the actions are in one
8147: big switch() statement.
8148: [7473fc2cfa2c]
8149:
8150: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8151: Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
8152: [9be3480c2865]
8153:
8154: 2011-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
8155:
8156: * doc/UPGRADE, doc/sudoers.pod:
8157: askpass moved from sudoers to sudo.conf in sudo 1.8.0
8158: [b2c2956cec4e]
8159:
8160: * doc/sudoers.pod:
8161: Remove obsolete warning about runas_default and ordering. Move
8162: syslog facility and priority lists into the section where the
8163: relevant options are described.
8164: [e57b8dc3f779]
8165:
8166: 2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
8167:
8168: * plugins/sudoers/auth/sia.c:
8169: Fix SIA support; we no longer have access to the real argc and argv
8170: so allocate space for a fake one and use the argv passed to the
8171: plugin with "sudo" for argv[0].
8172: [1c0552772ad2]
8173:
8174: 2011-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
8175:
8176: * src/net_ifs.c:
8177: Remove useless realloc when trying to get the buffer size right.
8178: [792225380a62]
8179:
8180: * plugins/sudoers/set_perms.c:
8181: Be explicit when setting euid to 0 before call to setreuid(0, 0)
8182: [7bfeb629fccb]
8183:
8184: 2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
8185:
8186: * configure, configure.in:
8187: Need to do checks for krb5_verify_user, krb5_init_secure_context and
8188: krb5_get_init_creds_opt_alloc regardless of whether or not
8189: krb5-config is present.
8190: [9d1b98ece1d3]
8191:
8192: 2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
8193:
8194: * plugins/sudoers/set_perms.c:
8195: Work around weird AIX saved uid semantics on setuid() and
8196: setreuid(). On AIX, setuid() will only set the saved uid if the euid
8197: is already 0.
8198: [069fc08150ca]
8199:
8200: 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
8201:
8202: * sudo.pp:
8203: update copyright year
8204: [1c42d579ba6e]
8205:
8206: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8207: Treat a missing includedir like an empty one and do not return an
8208: error.
8209: [92f71d8cbfd4]
8210:
8211: 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
8212:
8213: * pp:
8214: Fix ARCH setting in cross-compile Solaris packages.
8215: [b0de281cc889]
8216:
8217: * sudo.pp:
8218: Fix aix version setting.
8219: [98437dbfb085]
8220:
8221: * plugins/sudoers/ldap.c:
8222: Remove extraneous parens in LDAP filter when sudoers_search_filter
8223: is enabled that causes a search error. From Matthew Thomas.
8224: [1d75bf1fc8d9]
8225:
8226: 2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
8227:
8228: * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
8229: Correct sizeof() to fix test failure.
8230: [fd2f7c0c0572]
8231:
8232: * plugins/sudoers/Makefile.in:
8233: "install" target should depend on "install-dirs". Fixes "make -j"
8234: problem and closes bz #487. From Chris Coleman.
8235: [083902d38edb]
8236:
8237: 2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
8238:
8239: * config.h.in:
8240: Add HAVE_RFC1938_SKEYCHALLENGE
8241: [a94cb33758a8]
8242:
8243: 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
8244:
8245: * NEWS:
8246: Mention plugin loading and libgcc changes
8247: [e11b30b5026a]
8248:
8249: * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
8250: Load plugins after parsing arguments and potentially printing the
8251: version. That way, an error loading or initializing a plugin
8252: doesn't break "sudo -h" or "sudo -V".
8253: [1b76f2b096a2]
8254:
8255: * Makefile.in:
8256: When using a sub-shell to invoke the sub-make, exec make instead of
8257: running it inside the shell to avoid an extra process.
8258: [fd2c04a71fbf]
8259:
8260: * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c:
8261: Stop testing unspecified behavior in fnmatch Make glob test more
8262: portable
8263: [229803093725]
8264:
8265: * compat/Makefile.in:
8266: No need to add current dir to include path and having it breaks the
8267: test programs that expect to get the system glob.h and fnmatch.h
8268: [68085f624be4]
8269:
8270: * INSTALL, configure, configure.in:
8271: Fix and document --with-plugindir; partially from Diego Elio Petteno
8272: [07edc52ea89e]
8273:
8274: * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
8275: compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c,
8276: compat/regress/glob/globtest.in:
8277: Fix fnmatch and glob tests to not use hard-coded flag values in the
8278: input file. Link test programs with libreplace so we get our
8279: replacement verions as needed.
8280: [c2cca448f660]
8281:
8282: * Makefile.in:
8283: If make in a subdir fails, fail the target in the upper level
8284: Makefile too. Adapted from a patch from Diego Elio Petteno
8285: [76fc9a0d96fd]
8286:
8287: * configure, configure.in, plugins/sudoers/auth/rfc1938.c:
8288: Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
8289: has this. Adapted from a patch from Diego Elio Petteno
8290: [a97279a59b93]
8291:
8292: * plugins/sudoers/Makefile.in:
8293: Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
8294: directly.
8295: [47b884029b3b]
8296:
8297: * configure, configure.in:
8298: Fix warnings when -without-skey, --without-opie, --without-kerb4,
8299: --without-kerb5 or --without-SecurID were specified.
8300: [71ad150f4d24]
8301:
8302: * MANIFEST:
8303: Add plugins/sudoers/sudoers_version.h
8304: [7423966de440]
8305:
8306: * configure, configure.in, plugins/sample/Makefile.in,
8307: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
8308: Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
8309: now include LDFLAGS in the sudoers Makefile.in. Add missing settng
8310: of @LDFLAGS@ in plugin Makefile.in files.
8311: [b835826f889c]
8312:
8313: 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
8314:
8315: * NEWS:
8316: Mention %#gid support in User_List and Runas_List
8317: [5a983dff017a]
8318:
8319: * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h,
8320: plugins/sudoers/visudo.c:
8321: Keep track of sudoers grammar version and report it in the -V
8322: output.
8323: [52901a3c0296]
8324:
8325: * plugins/sudoers/sudo_nss.h:
8326: Add multiple inclusion guard
8327: [50853aed046e]
8328:
8329: * configure, configure.in, plugins/sample/Makefile.in,
8330: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
8331: The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
8332: LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
8333: set it to -Wc,-static-libgcc if not using GNU ld so we don't
8334: have a dependency on the shared libgcc in sudoers.so.
8335: [66ad8bc5e32d]
8336:
8337: * doc/sudoers.pod:
8338: Fix typo; from Petr Uzel
8339: [f9a7afd80892]
8340:
8341: 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
8342:
8343: * plugins/sudoers/testsudoers.c:
8344: In dump-only mode, use "root" as the default username instead of
8345: "nobody" as the latter may not be available on all systems.
8346: [0c48e6414337]
8347:
8348: 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
8349:
8350: * plugins/sudoers/testsudoers.c:
8351: Remove NewArgv/NewArgc, they are no longer needed.
8352: [16e18f734c7e]
8353:
8354: * plugins/sudoers/testsudoers.c:
8355: Fix setting of user_args
8356: [aa29e0d0a54a]
8357:
8358: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8359: Add '!' token to lex tracing
8360: [5227ad266235]
8361:
8362: * plugins/sudoers/regress/testsudoers/test1.sh:
8363: Use group bin in test, not wheel as most systems have the bin group
8364: but the same is no longer true of wheel.
8365: [718802b3b45e]
8366:
8367: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8368: Avoid using pre or post increment in a parameter to a ctype(3)
8369: function as it might be a macro that causes the increment to happen
8370: more than once.
8371: [78e281152c3a]
8372:
8373: 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
8374:
8375: * sudo.pp:
8376: Strip off the beta or release candidate version when building AIX
8377: packages.
8378: [28fe31668559]
8379:
8380: * configure, configure.in:
8381: We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
8382: structure checks for glibc which only has __e_termination visible
8383: when _GNU_SOURCE is *not* defined.
8384: [59ae1698911f]
8385:
8386: * common/aix.c:
8387: getuserattr(user, ...) will fall back to the "default" entry
8388: automatically, there's no need to check "default" manually.
8389: [3c7a47a61fdb]
8390:
8391: 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
8392:
8393: * doc/UPGRADE:
8394: Document parser changes.
8395: [ec415503308d]
8396:
8397: * Makefile.in, common/Makefile.in, compat/Makefile.in,
8398: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
8399: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
8400: src/Makefile.in, zlib/Makefile.in:
8401: If there is an existing sudoers file, only install if it passes a
8402: syntax check.
8403: [37427c73e8cb]
8404:
8405: * plugins/sudoers/regress/sudoers/test6.out.ok,
8406: plugins/sudoers/testsudoers.c:
8407: Add runasgroup support to testsudoers
8408: [047ea5571f33]
8409:
8410: * plugins/sudoers/Makefile.in:
8411: For "make check", keep going even if a test fails.
8412: [ce6a0a73c372]
8413:
8414: * plugins/sudoers/testsudoers.c:
8415: More useful exit codes:
8416: * 0 - parsed OK and command matched.
8417: * 1 - parse error
8418: * 2 - command not matched
8419: * 3 - command denied
8420: [1d2ce1361903]
8421:
8422: * doc/sudoers.pod:
8423: Document %#gid, and %:#nonunix_gid syntax.
8424: [492d4f9696c4]
8425:
8426: * plugins/sudoers/pwutil.c:
8427: Add support to user_in_group() for treating group names that begin
8428: with a '#' as gids.
8429: [20240c94a134]
8430:
8431: * config.h.in, configure, configure.in, src/utmp.c:
8432: Add explicit check for struct utmpx.ut_exit.e_termination and struct
8433: utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
8434: ut_exit if we detect one or the other.
8435: [b4e8cab777e6]
8436:
8437: 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
8438:
8439: * plugins/sudoers/toke.c:
8440: Add back missing #include of config.h
8441: [9ab3897a1b2e]
8442:
8443: * plugins/sudoers/iolog_path.c,
8444: plugins/sudoers/regress/iolog_path/data:
8445: Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
8446: strftime() does.
8447: [93395762cdcd]
8448:
8449: * aclocal.m4:
8450: Quote first argument to AC_DEFUN(); from Elan Ruusamae
8451: [97f53ad31d77]
8452:
8453: 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
8454:
8455: * MANIFEST:
8456: add new sudoers tests
8457: [476af91b3da3]
8458:
8459: * plugins/sudoers/regress/sudoers/test8.in,
8460: plugins/sudoers/regress/sudoers/test8.out.ok,
8461: plugins/sudoers/regress/sudoers/test8.toke.ok:
8462: Add test for a newline in the middle of a string when no line
8463: continuation character is used.
8464: [de2394bc86ab]
8465:
8466: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8467: Use bitwise AND instead of modulus to check for length being odd. A
8468: newline in the middle of a string is an error unless a line
8469: continuation character is used.
8470: [bdb1d762a1d5]
8471:
8472: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
8473: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8474: Move lexer globals initialization into init_lexer.
8475: [1ce62211aadb]
8476:
8477: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8478: Fix a potential crash when a non-regular file is present in an
8479: includedir. Fixes bz #452
8480: [1586760c3525]
8481:
8482: * pp:
8483: On some Linux systems, "uname -p" contains detailed processor info
8484: so check "uname -m" first and then "uname -p" if needed. Recognize
8485: PLD Linux.
8486: [b8535cb9012e]
8487:
8488: 2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
8489:
8490: * plugins/sudoers/redblack.c:
8491: Don't need all sudoers.h here.
8492: [8c0929f42dab]
8493:
8494: * src/sudo.c:
8495: Print sudo version early, in case policy plugin init fails.
8496: [47cddc4358bc]
8497:
8498: 2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
8499:
8500: * plugins/sudoers/regress/sudoers/test4.toke.ok:
8501: Update to match change in input.
8502: [4a3af8e68790]
8503:
8504: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8505: Make an empty group or netgroup a syntax error.
8506: [66f51ddc2ff6]
8507:
8508: * plugins/sudoers/regress/sudoers/test7.in,
8509: plugins/sudoers/regress/sudoers/test7.out.ok,
8510: plugins/sudoers/regress/sudoers/test7.toke.ok:
8511: An empty group or netgroup should be a syntax error.
8512: [bd5bf1e2edce]
8513:
8514: * plugins/sudoers/regress/sudoers/test6.in,
8515: plugins/sudoers/regress/sudoers/test6.out.ok,
8516: plugins/sudoers/regress/sudoers/test6.toke.ok:
8517: Check that uids work in per-user and per-runas Defaults Check that
8518: uids and gids work in a Command_Spec
8519: [c5e848e6082b]
8520:
8521: * plugins/sudoers/regress/sudoers/test5.in,
8522: plugins/sudoers/regress/sudoers/test5.out.ok,
8523: plugins/sudoers/regress/sudoers/test5.toke.ok:
8524: Test empty string in User_Alias and Command_Spec
8525: [3a084d777e03]
8526:
8527: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8528: Allow a group ID in the User_Spec.
8529: [bc2859eb71dc]
8530:
8531: 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
8532:
8533: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8534: Return an error for the empty string when a word is expected. Allow
8535: an ID for per-user or per-runas Defaults.
8536: [915c259b00ff]
8537:
8538: * plugins/sudoers/testsudoers.c:
8539: Fix printing "User_Alias FOO = ALL"
8540: [ba58c3d548b3]
8541:
8542: 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
8543:
8544: * src/parse_args.c:
8545: Better error message about invalid -C argument
8546: [c9a8d15bbf5d]
8547:
8548: * NEWS:
8549: fix typo
8550: [cdcfbafed013]
8551:
8552: * doc/sudoers.pod:
8553: Fix placement of equal size ('=') in user specification summary.
8554: [5ad7178b230d]
8555:
8556: 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
8557:
8558: * MANIFEST:
8559: update to match sudoers regress
8560: [e04db0648717]
8561:
8562: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8563: Restore ability to define TRACELEXER and have trace output go to
8564: stderr.
8565: [d9531e4d1b20]
8566:
8567: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8568: Restore old behavior of setting sawspace = TRUE for command line
8569: args when a line continuation character is hit to avoid causing
8570: problems for existing sudoers files.
8571: [fd930ad25550]
8572:
8573: * plugins/sudoers/regress/sudoers/test4.in,
8574: plugins/sudoers/regress/sudoers/test4.out.ok,
8575: plugins/sudoers/regress/sudoers/test4.toke.ok:
8576: Add test for line continuation and aliases
8577: [29ab538ca6bb]
8578:
8579: * plugins/sudoers/Makefile.in:
8580: Make test output line up nicely for parse vs. toke
8581: [257ef82c1434]
8582:
8583: * plugins/sudoers/Makefile.in,
8584: plugins/sudoers/regress/sudoers/test1.in,
8585: plugins/sudoers/regress/sudoers/test1.out.ok,
8586: plugins/sudoers/regress/sudoers/test1.toke.ok,
8587: plugins/sudoers/regress/sudoers/test2.in,
8588: plugins/sudoers/regress/sudoers/test2.out.ok,
8589: plugins/sudoers/regress/sudoers/test2.toke.ok,
8590: plugins/sudoers/regress/sudoers/test3.in,
8591: plugins/sudoers/regress/sudoers/test3.out.ok,
8592: plugins/sudoers/regress/sudoers/test3.toke.ok,
8593: plugins/sudoers/regress/testsudoers/test1.ok,
8594: plugins/sudoers/regress/testsudoers/test1.out.ok,
8595: plugins/sudoers/regress/testsudoers/test1.sh,
8596: plugins/sudoers/regress/testsudoers/test2.out,
8597: plugins/sudoers/regress/testsudoers/test2.sh,
8598: plugins/sudoers/regress/testsudoers/test3.ok,
8599: plugins/sudoers/regress/testsudoers/test3.sh,
8600: plugins/sudoers/regress/visudo/test1.ok,
8601: plugins/sudoers/regress/visudo/test1.sh:
8602: Move parser tests to sudoers directory and test the tokenizer output
8603: too.
8604: [44f529b3cdb6]
8605:
8606: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8607: If we match a rule anchored to the beginning of a line after parsing
8608: a line continuation character, return an ERROR token. It would be
8609: nicer to use REJECT instead but that substantially slows down the
8610: lexer.
8611: [355478293f8c]
8612:
8613: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
8614: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
8615: plugins/sudoers/toke.l:
8616: Move LEXTRACE macro to toke.h so we can use it in yyerror().
8617: [72ee7a06d3ca]
8618:
8619: 2011-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
8620:
8621: * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
8622: plugins/sudoers/toke.l:
8623: Make lex tracing settable at run-time in testsudoers via the -t
8624: flag. Trace output goes to stderr. Will be used by regress tests
8625: to check lexer.
8626: [93bd53c413c8]
8627:
8628: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8629: Allow whitespace after the modifier in a Defaults entry. E.g.
8630: "Defaults: username set_home"
8631: [9dfcf8dd8a3a]
8632:
8633: 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
8634:
8635: * mkpkg:
8636: Don't set CC when cross-compiling.
8637: [4b95b0c04e1c]
8638:
8639: * NEWS:
8640: Credit Matthew Thomas for the sudoers_search_filter changes.
8641: [a65998ab09f7]
8642:
8643: * MANIFEST:
8644: Add the .sym files to the MANIFEST
8645: [f599225cc861]
8646:
8647: * NEWS:
8648: Update for sudo 1.8.1 beta
8649: [71021e854c49]
8650:
8651: * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c:
8652: user_shell -> run_shell to avoid confusion with the user's SHELL
8653: variable.
8654: [dc0ac6dafc21]
8655:
8656: * src/exec_pty.c:
8657: Save the controlling tty process group before suspending in pty
8658: mode. Previously, we assumed that the child pgrp == child pid
8659: (which is usually, but not always, the case).
8660: [10b2883b7875]
8661:
8662: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
8663: Add support for sudoers_search_filter setting in ldap.conf. This
8664: can be used to restrict the set of records returned by the LDAP
8665: query.
8666: [b0f1b721d102]
8667:
8668: 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
8669:
8670: * configure, configure.in:
8671: Remove the hack to disable -g in CFLAGS unless --with-devel
8672: [89822cf84ef4]
8673:
8674: * doc/sudoers.pod:
8675: The '@' character does not normally need to be quoted.
8676: [7823f5ed829a]
8677:
8678: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8679: We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
8680: if that whitespace is followed by a comma, we want to treat it as
8681: part of a list and not transition.
8682: [1ca6943e1824]
8683:
8684: * plugins/sudoers/regress/testsudoers/test3.ok,
8685: plugins/sudoers/regress/testsudoers/test3.sh:
8686: Add check for whitespace when a User_List is used for a per-user
8687: Defaults entry.
8688: [91f75e6dd19a]
8689:
8690: * plugins/sudoers/regress/testsudoers/test2.out,
8691: plugins/sudoers/regress/testsudoers/test2.sh:
8692: Expand quoted name checks to cover recent fixes.
8693: [ce4f76bca146]
8694:
8695: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8696: Fix parsing of double-quoted names in Defaultd and Aliases which was
8697: broken in 601d97ea8792.
8698: [424b0d6c1dc4]
8699:
8700: * plugins/sudoers/Makefile.in:
8701: toke_util.c lives in $(srcdir) not $(devdir)
8702: [94866bebee83]
8703:
8704: 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
8705:
8706: * configure, configure.in:
8707: Change trunk version to 1.8.x to distinguish from real 1.8.0.
8708: [a9781e61d064]
8709:
8710: * NEWS, doc/UPGRADE:
8711: Document major changes in 1.8.1 and add upgrade notes.
8712: [f2cf51b0d9ce]
8713:
8714: * plugins/sudoers/match.c:
8715: Be careful not to deref user_stat if it is NULL. This cannot
8716: currently happen in sudo but might in other programs using the
8717: parser.
8718: [06a2334dd674]
8719:
8720: * mkpkg:
8721: configure will not add -O2 to CFLAGS if it is already defined to add
8722: -O2 to the CFLAGS we pass in when PIE is being used.
8723: [1ce6481ece59]
8724:
8725: * doc/sudoers.pod:
8726: Warn about the dangers of log_input and mention iolog_file and
8727: iolog_dir in the log_input and log_output descriptions.
8728: [ae854ffb0768]
8729:
8730: * pp:
8731: sync with git version
8732: [a993e39ce3cb]
8733:
8734: * doc/sudoers.pod:
8735: It seems that h comes after i
8736: [0f621109220d]
8737:
8738: * doc/sudoers.pod:
8739: Move log_input and log_output to their proper, sorted, location.
8740: Document set_utmp and utmp_runas.
8741: [273b234b9c34]
8742:
8743: * src/exec.c:
8744: Save the controlling tty process group before suspending so we can
8745: restore it when we resume. Fixes job control problems on Linux
8746: caused by the previous attemp to fix resuming a shell when I/O
8747: logging not enabled.
8748: [f03a660315ee]
8749:
8750: * common/lbuf.c:
8751: Fix printing of the remainder after a newline. Fixes "sudo -l"
8752: output corruption that could occur in some cases.
8753: [25d83fb501fc]
8754:
8755: 2011-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
8756:
8757: * config.h.in, configure, configure.in, src/exec_pty.c,
8758: src/sudo_exec.h, src/utmp.c:
8759: Add support for ut_exit
8760: [b574c13f1bba]
8761:
8762: * doc/sudo_plugin.pod, plugins/sudoers/def_data.c,
8763: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
8764: plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c,
8765: src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c:
8766: Add support for controlling whether utmp is updated and which user
8767: is listed in the entry.
8768: [44a81632133f]
8769:
8770: * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h,
8771: plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults,
8772: plugins/sudoers/parse.c:
8773: Fix typo; tupple vs. tuple
8774: [697744acb710]
8775:
8776: * src/utmp.c:
8777: For legacy utmp, strip the /dev/ prefix before trying to determine
8778: slot since the ttys file does not include the /dev/ prefix.
8779: [7ad5b81ff90c]
8780:
8781: * aclocal.m4, configure, configure.in, pathnames.h.in:
8782: Add check for _PATH_UTMP
8783: [21e638029bfd]
8784:
8785: 2011-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
8786:
8787: * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
8788: Adapt check_iolog_path to sessid changes
8789: [728b5fe2be6f]
8790:
8791: * config.h.in, configure, configure.in, src/Makefile.in,
8792: src/exec_pty.c, src/sudo_exec.h, src/utmp.c:
8793: Redo utmp handling. If no getutent()/getutxent() is available,
8794: assume a ttyslot-based utmp. If getttyent() is available, use that
8795: directly instead of ttyslot() so we don't have to do the stdin dup2
8796: dance.
8797: [18aa455cd140]
8798:
8799: 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
8800:
8801: * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h,
8802: src/utmp.c:
8803: Move utmp handling into utmp.c
8804: [f6eae6c8e012]
8805:
8806: * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
8807: common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c,
8808: compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c,
8809: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
8810: compat/utimes.c, doc/sudo.pod, doc/visudo.pod,
8811: include/sudo_plugin.h, plugins/sample/sample_plugin.c,
8812: plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
8813: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
8814: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
8815: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
8816: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
8817: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
8818: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
8819: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
8820: plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c,
8821: plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
8822: plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
8823: plugins/sudoers/logging.c, plugins/sudoers/parse.c,
8824: plugins/sudoers/parse.h, plugins/sudoers/redblack.c,
8825: plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c,
8826: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c,
8827: src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c,
8828: src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
8829: src/sudo_plugin_int.h, src/tgetpass.c:
8830: Update copyright years.
8831: [16aa39f9060a]
8832:
8833: * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c,
8834: plugins/sudoers/sudoers.h, src/parse_args.c:
8835: Add "user_shell" boolean as a way to indicate to the plugin that the
8836: -s flag was given.
8837: [fb1ef0897b32]
8838:
8839: * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
8840: plugins/sudoers/sudoers.h:
8841: Move sessid out of sudo_user.
8842: [ba298ddb57f4]
8843:
8844: * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
8845: plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
8846: plugins/sudoers/sudoers.h:
8847: Log the TSID even if it is not a simple session ID.
8848: [d7cc1b9c513c]
8849:
8850: * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod:
8851: Document noexec in sample.sudo.conf and add back noexec_file section
8852: in sudoers with a note that it is deprecated.
8853: [4a6e961e494d]
8854:
8855: * plugins/sudoers/set_perms.c:
8856: Fix running commands as non-root on systems where setreuid() changes
8857: the saved uid based on the effective uid we are changing to.
8858: [df0769b71b34]
8859:
8860: 2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
8861:
8862: * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c,
8863: src/sudo.h:
8864: Move noexec path into sudo.conf now that sudo itself handles noexec.
8865: Currently can be configured in sudoers too but is now undocumented
8866: and will be removed in a future release.
8867: [6fa8befdc110]
8868:
8869: * doc/sudo.pod, doc/sudoers.pod:
8870: Document "Path noexec ..." in sudo.conf. No longer document
8871: noexec_file in sudoers, it will be removed in a future release.
8872: [24eee3a0b3e5]
8873:
8874: * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
8875: plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
8876: Move noexec handling to sudo front-end where it is documented as
8877: being.
8878: [3ed4f10d7052]
8879:
8880: * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
8881: src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
8882: src/sudo_exec.h:
8883: Add support for disabling exec via solaris privileges. Includes
8884: preparation for moving noexec support out of sudoers and into front
8885: end as documented.
8886: [dec843ed553e]
8887:
8888: * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym,
8889: plugins/sample_group/Makefile.in,
8890: plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
8891: plugins/sudoers/sudoers.sym:
8892: Only export the symbols corresponding to the plugin structs.
8893: [8d8d03b0ca54]
8894:
8895: * configure, configure.in, plugins/sample/Makefile.in,
8896: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
8897: Install plugins manually instead of using libtool. This works
8898: around a problem on AIX where libtool will install a .a file
8899: containing the .so file instead of the .so file itself.
8900: [796971cfbddb]
8901:
8902: * Makefile.in:
8903: Move check into its own rule since some versions of make will run
8904: both targets as the default rule.
8905: [34d759979176]
8906:
8907: * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
8908: m4/ltversion.m4, m4/lt~obsolete.m4:
8909: Update to libtool 2.2.10
8910: [34c130de6af7]
8911:
8912: 2011-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
8913:
8914: * src/exec.c:
8915: In handle_signals(), restart the read() on EINTR to make sure we
8916: keep up with the signal pipe. Don't return -1 on EAGAIN, it just
8917: means we have emptied the pipe.
8918: [d5b9c8eb9000]
8919:
8920: * compat/mktemp.c:
8921: Reorder functions to quiet a compiler warning.
8922: [c9e9a23729f0]
8923:
8924: * mkpkg:
8925: Use the Sun Studio C compiler on Solaris if possible
8926: [11a86e27891e]
8927:
8928: 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
8929:
8930: * mkpkg:
8931: Fix default setting of osversion variable.
8932: [52e49ca1cedd]
8933:
8934: * doc/sudo_plugin.pod:
8935: Make two login_class entris consistent.
8936: [18ff1fa94a91]
8937:
8938: * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c,
8939: src/sudo_exec.h:
8940: Add support for adding a utmp entry when allocating a new pty.
8941: Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
8942: Currently only creates a new entry if the existing tty has a utmp
8943: entry.
8944: [32db72b81d80]
8945:
8946: * plugins/sudoers/boottime.c:
8947: Avoid pulling in headers we don't need on Linux For getutx?id(),
8948: call setutx?ent() first and always call endutx?ent().
8949: [5dad21e1ee1b]
8950:
8951: * configure, configure.in:
8952: Add some more libs to SUDOERS_LIBS instead of relying on them to be
8953: pulled in by SUDO_LIBS.
8954: [18a7c21c09a7]
8955:
8956: * plugins/sudoers/sudoers.c:
8957: Fix return value of "sudo -l command" when command is not allowed,
8958: broken in [c7097ea22111]. The default return value is now TRUE and
8959: a bad: label is used when permission is denied. Also fixed missing
8960: permissions restoration on certain errors. On error()/errorx(), the
8961: password and group files are now closed before returning.
8962: [4f2d0e869ae5]
8963:
8964: 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
8965:
8966: * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
8967: Fix passing of login class back to sudo front end.
8968: [6f70a784ce48]
8969:
8970: * mkpkg:
8971: Add --osversion flag to specify OS instead of running "pp
8972: --probeonly"
8973: [a8efdccb7bc1]
8974:
8975: * sudo.pp:
8976: Fix expr usage w/ GNU expr
8977: [48895599ee63]
8978:
8979: 2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
8980:
8981: * plugins/sudoers/sudoers.c:
8982: Fix exit value for validate and list mode.
8983: [c7097ea22111]
8984:
8985: * plugins/sudoers/sudoers.c:
8986: Fix non-interactive mode with sudoers plugin.
8987: [172f29597bd2]
8988:
8989: 2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
8990:
8991: * doc/sudoreplay.pod:
8992: sudoreplay can now find IDs other than %{seq} and display the
8993: session.
8994: [fc3dd3be67e9]
8995:
8996: 2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
8997:
8998: * plugins/sudoers/sudoreplay.c:
8999: Add support for replaying sessions when iolog_file is set to
9000: something other than %{seq}.
9001: [ca3131243874]
9002:
9003: * plugins/sudoers/visudo.c:
9004: If we are killed by a signal, display the name of the signal that
9005: got us.
9006: [994bb76a990e]
9007:
9008: * configure, configure.in:
9009: Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
9010: where they belong.
9011: [40f94b936fa4]
9012:
9013: * configure.in:
9014: Fix bug in skey/opie check that could cause a shell warning.
9015: [83c043072be5]
9016:
9017: * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
9018: No longer need sudo_getepw() stubs.
9019: [bbee15c36912]
9020:
9021: 2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
9022:
9023: * plugins/sudoers/sudo_nss.c:
9024: Fix exit value of "sudo -l command" in sudoers module.
9025: [a6541867521b]
9026:
9027: 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
9028:
9029: * compat/regress/glob/globtest.c:
9030: Use fgets() not fgetln() for portability.
9031: [df1bb67fb168]
9032:
9033: * sudo.pp:
9034: Don't use the beta or release candidate version as the rpm release.
9035: [d661ef78021a]
9036:
9037: 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
9038:
9039: * configure, configure.in:
9040: version 1.8.0
9041: [f6530d56f6ae] [SUDO_1_8_0]
9042:
9043: * NEWS:
9044: update sudo 1.8 section
9045: [f2ee2cf95d18]
9046:
9047: 2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
9048:
9049: * plugins/sudoers/regress/testsudoers/test2.sh:
9050: fix test description
9051: [cd5730fa9f09]
9052:
9053: * plugins/sudoers/regress/testsudoers/test2.out,
9054: plugins/sudoers/regress/testsudoers/test2.sh,
9055: plugins/sudoers/regress/visudo/test2.out,
9056: plugins/sudoers/regress/visudo/test2.sh:
9057: convert test2 to use testsudoers
9058: [b5ec3f0b69f1]
9059:
9060: * include/sudo_plugin.h, src/sudo_plugin_int.h:
9061: Move struct generic_plugin to sudo_plugin_int.h
9062: [6f7bc629329c]
9063:
9064: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
9065: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
9066: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
9067: plugins/sudoers/sudoers.h:
9068: Allow sudoers file name, mode, uid and gid to be specified in the
9069: settings list. The sudo front end does not currently set these but
9070: may in the future.
9071: [22f38a0fda2a]
9072:
9073: 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
9074:
9075: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
9076: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
9077: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
9078: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
9079: doc/visudo.man.in:
9080: 1.8.0rc1
9081: [5d4588b9c057]
9082:
9083: * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
9084: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
9085: src/parse_args.c, src/sudo.h:
9086: add help text to sudo, visudo and sudoreplay for the -h option
9087: [52e7378d8476]
9088:
9089: 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
9090:
9091: * compat/snprintf.c:
9092: avoid using "howmany" for a parameter name since it is a select-
9093: related macro
9094: [a14d565401a1]
9095:
9096: * doc/sudoers.pod:
9097: mention group_plugin when describing nonunix_group
9098: [e0d1d0034b17]
9099:
9100: * doc/sudo_plugin.pod:
9101: Add missing period at end of sentence
9102: [6744d7e9056d]
9103:
9104: * Makefile.in, doc/Makefile.in, include/Makefile.in,
9105: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
9106: plugins/sudoers/Makefile.in, src/Makefile.in:
9107: add localstatedir; closes bug 471
9108: [7aefcab85088]
9109:
9110: * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
9111: src/exec.c, src/exec_pty.c:
9112: The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
9113: Bug 470
9114: [927ed6740f32]
9115:
9116: * configure.in:
9117: add missing AH_TEMPLATE for ENV_RESET
9118: [16300010c986]
9119:
9120: * src/exec.c:
9121: SVR5 systems return non-zero for success on socketpair(), check for
9122: -1 instead. Closes Bug 469
9123: [4d276494bf8e]
9124:
9125: 2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
9126:
9127: * configure, configure.in:
9128: 1.8.0b5
9129: [d611cd5d73d3]
9130:
9131: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
9132: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
9133: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
9134: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
9135: regen
9136: [85e96eeaed82]
9137:
9138: * doc/sudo.pod:
9139: Document that a sudo.conf file with no Pligin lines uses the default
9140: sudoers plugins.
9141: [88bd52da977f]
9142:
9143: * src/load_plugins.c:
9144: If sudo.conf contains no Plugin lines, use the default sudoers
9145: policy and I/O plugins.
9146: [fd8f4cb811ab]
9147:
9148: 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
9149:
9150: * plugins/sudoers/sudo_nss.c:
9151: Avoid printing empty "Runas and Command-specific defaults for user"
9152: line.
9153: [2dd330fe4f8b]
9154:
9155: * common/lbuf.c:
9156: Truncate the buffer at buf.len before printing in the non-wordwrap
9157: case.
9158: [901e9833f80d]
9159:
9160: * common/lbuf.c:
9161: Remove extra newline when the tty width is very small or unavailable
9162: [245c05506c0e]
9163:
9164: 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
9165:
9166: * plugins/sudoers/alias.c:
9167: Remove unneeded variable.
9168: [2c086d30b796]
9169:
9170: 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
9171:
9172: * configure, configure.in:
9173: Prefer getutxid over getutid
9174: [3f3322e9c93e]
9175:
9176: * plugins/sudoers/boottime.c:
9177: Include utmp.h / utmpx.h before missing.h as apparently including it
9178: afterwards causes a compilation problem on GNU Hurd.
9179: [a528029ae962]
9180:
9181: 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
9182:
9183: * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
9184: #include "foo.h", not <foo.h> for local includes.
9185: [f65ec693998e]
9186:
9187: * src/parse_args.c:
9188: remove bogus XXX
9189: [9136c17d53ce]
9190:
9191: * compat/mksiglist.c:
9192: Fix typo
9193: [1a3bb7b455c9]
9194:
9195: * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
9196: plugins/sudoers/match.c:
9197: return foo not return(foo)
9198: [5c9e0647359a]
9199:
9200: 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
9201:
9202: * src/exec.c:
9203: Remove duplicate FD_SET of signal_pipe[0]
9204: [3096527d2215]
9205:
9206: 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
9207:
9208: * compat/mksiglist.c:
9209: Use "missing.h" not <missing.h> in generated code.
9210: [d8e09cffbe09]
9211:
9212: 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
9213:
9214: * aclocal.m4, configure:
9215: fix --with-iologdir=no
9216: [a89699cb5f5f]
9217:
9218: * aclocal.m4, configure:
9219: fix typo that broke --with-iologdir
9220: [91b54eb22403]
9221:
9222: 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
9223:
9224: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
9225: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
9226: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
9227: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
9228: doc/visudo.man.in:
9229: Bump version to 1.8.0b4
9230: [e2b7f2cdc02e]
9231:
9232: * NEWS:
9233: sync
9234: [decf5a0a8a33]
9235:
9236: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
9237: Attempt to clarify how users and groups interact in Runas_Specs
9238: [e6fb3a2dbd77]
9239:
9240: * plugins/sudoers/regress/visudo/test2.out,
9241: plugins/sudoers/regress/visudo/test2.sh:
9242: Add test for quoted group that contains escaped double quotes
9243: [44596c48c629]
9244:
9245: * src/exec.c, src/exec_pty.c:
9246: Pass SIGUSR1/SIGUSR2 through to the child.
9247: [c3108a827b01]
9248:
9249: * src/exec_pty.c, src/sudo_exec.h:
9250: Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
9251: SIGUSR2 to indicate whether the child should be continued in the
9252: foreground or background.
9253: [35ca47cc6785]
9254:
9255: * src/exec.c:
9256: Use pid_t not int and check the return value of kill()
9257: [36ae7d37d7f9]
9258:
9259: 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
9260:
9261: * src/exec_pty.c:
9262: Remove obsolete comment
9263: [baebef4919f6]
9264:
9265: * src/exec.c:
9266: In non-pty mode before continuing the child, make it the foreground
9267: pgrp if possible. Fixes resuming a shell.
9268: [fef5b1d02ddb]
9269:
9270: * src/exec_pty.c:
9271: If we get a signal other than SIGCHLD in the monitor, pass it
9272: directly to the child.
9273: [b3ecb28163a0]
9274:
9275: * src/exec.c, src/exec_pty.c, src/sudo.h:
9276: Save signal state before changing handlers and restore before we
9277: execute the command.
9278: [faf7475dc4bf]
9279:
9280: 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
9281:
9282: * plugins/sudoers/iolog.c:
9283: Use a char array to map a number to a base36 digit.
9284: [257576c51f8b]
9285:
9286: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
9287: Be clear about what versions of sudo support new LDAP attributes.
9288: Fix up some formatting of attribute names. Minor other tweaks.
9289: [39f65df71f65]
9290:
9291: 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
9292:
9293: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
9294: match quoted strings the same way whether in a Defaults line or as a
9295: user/group/netgroup name. Fixes escaped double quotes in quoted
9296: user/group/netgroup names.
9297: [601d97ea8792]
9298:
9299: * plugins/sudoers/Makefile.in:
9300: 'make check' depends on visudo and testsudoers
9301: [127c5a24df8f]
9302:
9303: * plugins/sudoers/sudoers2ldif:
9304: Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
9305: [9029163a58c3]
9306:
9307: 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
9308:
9309: * doc/UPGRADE:
9310: Mention LDAP attribute compatibility status.
9311: [2c3595aaec63]
9312:
9313: 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
9314:
9315: * README.LDAP:
9316: Mention phpQLAdmin
9317: [9304c9064fbe]
9318:
9319: * INSTALL, NEWS, config.h.in, configure, configure.in,
9320: doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
9321: Add --disable-env-reset configure option.
9322: [8a753aa13a46]
9323:
9324: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
9325: Document that sudoers_locale also affects logging and email.
9326: [998d6ac11277]
9327:
9328: * NEWS, config.h.in, configure, configure.in,
9329: plugins/sudoers/logging.c:
9330: Do logging and email sending in the locale specified by the
9331: "sudoers_locale" setting ("C" by default). Email send by sudo
9332: includes MIME headers when the sudoers locale is not "C".
9333: [cb7e55408400]
9334:
9335: 2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
9336:
9337: * plugins/sudoers/check.c:
9338: Fix indentation
9339: [65ae7e92b9e4]
9340:
9341: 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
9342:
9343: * NEWS, src/parse_args.c, src/sudo.c:
9344: Perform command escaping for "sudo -s" and "sudo -i" after
9345: validating sudoers so the sudoers entries don't need to have all the
9346: backslashes.
9347: [4e168c103f4b]
9348:
9349: 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
9350:
9351: * plugins/sudoers/logging.c:
9352: Prepend "list " to the command logged when "sudo -l command" is used
9353: to make it clear that the command was listed, not run.
9354: [f392a6056cd6]
9355:
9356: * plugins/sudoers/parse.c:
9357: cosmetic change
9358: [7c0951dbc2dd]
9359:
9360: * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
9361: common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
9362: compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
9363: compat/nanosleep.c, compat/regress/glob/globtest.c,
9364: compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
9365: compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
9366: plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
9367: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
9368: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
9369: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
9370: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
9371: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
9372: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
9373: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
9374: plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
9375: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
9376: plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
9377: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
9378: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
9379: plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
9380: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
9381: plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
9382: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
9383: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
9384: plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
9385: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
9386: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
9387: src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
9388: src/sudo_noexec.c, src/tgetpass.c:
9389: standardize on "return foo;" rather than "return(foo);" or "return
9390: (foo);"
9391: [32d76c5aaf8c]
9392:
9393: * plugins/sudoers/sudoers.c:
9394: Do not reject sudoers file just because it is root-writable.
9395: [0febc579185b]
9396:
9397: 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
9398:
9399: * NEWS:
9400: sync
9401: [1ab03f8278ff]
9402:
9403: * plugins/sudoers/sudo_nss.c:
9404: For "sudo -U user -l" if user is not authorized on the host, say so.
9405: [289afe6dd15c]
9406:
9407: * plugins/sudoers/ldap.c:
9408: In sudo_ldap_lookup(), always do the initial sudoers check as the
9409: invoking user. If we are listing another user's privs we will do a
9410: separate lookup using list_pw later.
9411: [e52bc15de76d]
9412:
9413: 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
9414:
9415: * MANIFEST:
9416: add parser fill tests
9417: [4f65140d3515]
9418:
9419: * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
9420: Don't test features not supported by the bundled glob()
9421: [8ec7ace11949]
9422:
9423: * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
9424: compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
9425: doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
9426: doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
9427: doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
9428: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
9429: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
9430: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
9431: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
9432: plugins/sudoers/ldap.c, plugins/sudoers/match.c,
9433: plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
9434: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
9435: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
9436: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
9437: plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
9438: Update copyright year to 2011
9439: [ac1b45cb1809]
9440:
9441: * plugins/sudoers/sudo_nss.c:
9442: When listing, use separate lbufs for the defaults and the privileges
9443: and only print something if the number of privileges is non-zero.
9444: Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
9445: [d0854d39f8ef]
9446:
9447: * plugins/sudoers/ldap.c:
9448: Stash pointer to user group vector in LDAP handle and only reuse the
9449: query if it has not changed. We always allocate a new buffer when
9450: we reset the group vector so a simple pointer check is sufficient.
9451: [88861d4eba69]
9452:
9453: * plugins/sudoers/sudo_nss.c:
9454: Check initgroups() return value.
9455: [3bdaf58408a7]
9456:
9457: * plugins/sudoers/Makefile.in,
9458: plugins/sudoers/regress/parser/check_fill.c:
9459: Add tests for the fill functions in toke_util.c
9460: [bca587ab4956]
9461:
9462: 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
9463:
9464: * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
9465: fix copyright year
9466: [e2038cdaf055]
9467:
9468: * NEWS:
9469: sync
9470: [56ca5d5eaebe]
9471:
9472: 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
9473:
9474: * common/term.c:
9475: Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
9476: [b91f266624ec]
9477:
9478: 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
9479:
9480: * mkpkg, sudo.pp:
9481: Add Requires line for audit-libs >= 1.4 for RHEL5+
9482: [6c02f976171b]
9483:
9484: * pp:
9485: sync with git version
9486: [d301c32d5865]
9487:
9488: 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
9489:
9490: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
9491: fix typo
9492: [39353f92976f]
9493:
9494: 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
9495:
9496: * NEWS:
9497: Update for sudo 1.7.4p5
9498: [b444da76901f]
9499:
9500: * doc/schema.OpenLDAP, doc/schema.iPlanet:
9501: Add sudoNotBefore and sudoNotAfter attributes as optional attributes
9502: to the sudoRole object class. From Andreas Mueller
9503: [dacfad7e7a95]
9504:
9505: 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
9506:
9507: * NEWS:
9508: Mention "sudo -g group" password check fix.
9509: [1eb8fb14e53b]
9510:
9511: * plugins/sudoers/sudoers.c:
9512: Fix "sudo -g" support in the sudoers module.
9513: [07d1b0ce530e]
9514:
9515: * plugins/sudoers/check.c:
9516: If the user is running sudo as himself but as a different group we
9517: need to prompt for a password.
9518: [caf1fcc9a117]
9519:
9520: 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
9521:
9522: * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
9523: doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
9524: plugins/sudoers/ldap.c:
9525: Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
9526: LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
9527: derived LDAP SDKs but we can pass the timeout parameter to
9528: ldap_search_ext_s() or ldap_search_st() when possible.
9529: [5537049991f7]
9530:
9531: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
9532: regen
9533: [5b361c3c4324]
9534:
9535: * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
9536: Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
9537: with OpenLDAP ldap.conf files.
9538: [e97843bd16fb]
9539:
9540: * plugins/sudoers/pwutil.c:
9541: If user has no supplementary groups, fall back on checking the group
9542: file expliticly.
9543: [5223ad4eb690]
9544:
9545: 2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
9546:
9547: * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
9548: constify
9549: [6e132a4cca61]
9550:
9551: * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
9552: plugins/sudoers/toke.l:
9553: Move fill macro to toke.h
9554: [623d430798cf]
9555:
9556: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
9557: plugins/sudoers/toke.h, plugins/sudoers/toke.l,
9558: plugins/sudoers/toke_util.c:
9559: Split tokenizer utility functions out into toke_util.c
9560: [89a97bd51618]
9561:
9562: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
9563: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
9564: ANSIfy
9565: [ca0eba1dfaa9]
9566:
9567: 2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
9568:
9569: * MANIFEST:
9570: sync
9571: [a43f94064bb3]
9572:
9573: * plugins/sudoers/Makefile.in:
9574: Add visudo tests to check target
9575: [8c82fb4ed40f]
9576:
9577: * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
9578: compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
9579: compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
9580: Add my regress tests for fnmatch() and glob() from OpenBSD.
9581: [6e8c1f211723]
9582:
9583: * plugins/sudoers/regress/testsudoers/test1.sh,
9584: plugins/sudoers/regress/visudo/test1.ok,
9585: plugins/sudoers/regress/visudo/test1.sh:
9586: Add regress test for command tags using visudo -c
9587: [18b0ef207c0f]
9588:
9589: * plugins/sudoers/Makefile.in,
9590: plugins/sudoers/regress/testsudoers/test1.ok,
9591: plugins/sudoers/regress/testsudoers/test1.sh:
9592: Add support for regress tests using testsudoers
9593: [1fa94bd2671b]
9594:
9595: * plugins/sudoers/testsudoers.c:
9596: Need to set user_name explicitly due to internal changes made when
9597: converting sudoers to a plugin.
9598: [1fa54e86a364]
9599:
9600: 2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
9601:
9602: * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
9603: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
9604: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
9605: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
9606: plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
9607: zlib/Makefile.in:
9608: Add regression tests for iolog_path()
9609: [afa4b416e559]
9610:
9611: * Makefile.in, common/Makefile.in, compat/Makefile.in,
9612: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
9613: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
9614: src/Makefile.in, zlib/Makefile.in:
9615: Add support for "make Makefile" to regenerate Makefile from
9616: Makefile.in
9617: [98bd2dda3294]
9618:
9619: * plugins/sudoers/iolog_path.c:
9620: Quiest a bogus compiler warning.
9621: [5ff932a7ad67]
9622:
9623: 2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
9624:
9625: * plugins/sudoers/iolog_path.c:
9626: Protect call to setlocale() with HAVE_SETLOCALE
9627: [2c29ee3ccc81]
9628:
9629: 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
9630:
9631: * MANIFEST:
9632: mkstemps.c was renamed mktemp.c
9633: [ae299c3b1827]
9634:
9635: * NEWS:
9636: Update from 1.7 branch
9637: [20817d79717b]
9638:
9639: * Makefile.in:
9640: Use "mv -f" when regenerating ChangeLog
9641: [c163635206c6]
9642:
9643: * plugins/sudoers/match.c:
9644: Fix NULL dereference with "sudo -g group" when the sudoers rule has
9645: no runas user or group listed. Fixes RedHat bug Bug 667103.
9646: [41a6a1243d9e]
9647:
9648: 2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
9649:
9650: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9651: Correct the default sudo.conf example
9652: [4e791698cad1]
9653:
9654: 2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
9655:
9656: * plugins/sudoers/iolog_path.c:
9657: Reset slashp if we allocate a new buffer for strftime()
9658: [e491daa4203b]
9659:
9660: * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
9661: plugins/sudoers/sudoers.h:
9662: Add extra out parameter to expand_iolog_path() to allow the caller
9663: to split the path into dir and file components if needed.
9664: [88346bc5ae39]
9665:
9666: 2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
9667:
9668: * plugins/sudoers/iolog.c:
9669: mkdir_iopath() returns size_t now that it uses strlcpy() and not
9670: snprintf()
9671: [3c4c64d265eb]
9672:
9673: * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
9674: Trim leading slashes from iolog_file and trailing slashes from
9675: iolog_dir
9676: [a803b51f8948]
9677:
9678: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
9679: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
9680: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
9681: Pass a single I/O log file name in command_details instead of
9682: separate dir + file parameters.
9683: [d672a3e46e80]
9684:
9685: * plugins/sudoers/sudoreplay.c:
9686: change an error() to errorx()
9687: [8013dcfdd69d]
9688:
9689: * plugins/sudoers/iolog.c:
9690: Add missing cwd line to I/O log info file that got dropped when
9691: iolog_deserialize_info() was added
9692: [7cf84f208423]
9693:
9694: 2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
9695:
9696: * plugins/sudoers/iolog.c:
9697: Avoid relying on globals filled in by the sudoers policy module for
9698: the sudoers I/O log module. The I/O log open function now pulls the
9699: bits it needs out of user_info and command_info.
9700: [c02f6951b0cc]
9701:
9702: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
9703: plugins/sudoers/sudoers.h:
9704: If no iolog file is specified by the policy plugin, use io_nextid()
9705: to determine the next file in the sequence.
9706: [faa1130b1020]
9707:
9708: 2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
9709:
9710: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9711: Document iolog_compress in command_info
9712: [58895c7d12f5]
9713:
9714: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
9715: Add support for the iolog_compress variable in command_info.
9716: [36f13a2fd1c1]
9717:
9718: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
9719: Add sigsetjmp() calls to all plugin entry points just to be safe.
9720: [3fa482355bc4]
9721:
9722: * src/sudo.c, src/sudo.h:
9723: Don't need iolog variables in struct command_details, they are for
9724: the I/O log plugins to handle.
9725: [5111579ffd9d]
9726:
9727: 2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
9728:
9729: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
9730: Document use of mkdtemp() for iolog path teplates
9731: [5db6101408a9]
9732:
9733: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
9734: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
9735: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
9736: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
9737: regen
9738: [1ee11fd6d4eb]
9739:
9740: * doc/sudo_plugin.pod, doc/sudoers.pod:
9741: Document iolog_file and supported escape sequences for sudoers.
9742: Clarify that iolog_file can contain directories.
9743: [da611dedcbdb]
9744:
9745: * compat/Makefile.in, configure, configure.in:
9746: Fix building of mkstemps/mkdtemp replacements.
9747: [793a5e303122]
9748:
9749: * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
9750: configure.in, include/missing.h:
9751: Provide mkdtemp() for systems without it.
9752: [b0527dfa965c]
9753:
9754: * plugins/sudoers/iolog_path.c:
9755: Fix typo
9756: [277f6c514cba]
9757:
9758: * plugins/sudoers/iolog.c:
9759: Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
9760: glibc mkdtemp() returns EINVAL.
9761: [2e7323b05579]
9762:
9763: * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
9764: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
9765: plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
9766: plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
9767: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
9768: Allow sudoers to specify the iolog file in addition to the iolog
9769: dir. Add escape sequence support to iolog file and dir: sequence
9770: number, user, group, runas_user, runas_group, hostname and
9771: command in addition to any escape sequence recognized by
9772: strftime(3).
9773: [75cd32ee0435]
9774:
9775: * plugins/sudoers/iolog.c:
9776: Add missing sigsetjmp() call in I/O plugin open function. Fixes a
9777: crash when the I/O plugin calls error(), errorx() or log_error().
9778: [1a6718bd817d]
9779:
9780: 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
9781:
9782: * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
9783: plugins/sudoers/sudoers.c:
9784: Give the policy module fine-grained control over what the I/O plugin
9785: logs.
9786: [d29784fd2a66]
9787:
9788: * common/term.c:
9789: Clear OPOST from c_oflag like we used to. Fixes screen-based
9790: editors such as vi.
9791: [506ad5ae9b4e]
9792:
9793: * doc/sudoers.pod:
9794: Clarify umask option description. From Reuben Thomas.
9795: [1294ac84222b]
9796:
9797: 2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
9798:
9799: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
9800: Pick last match in LDAP sudoers too
9801: [fbfd8e85703b]
9802:
9803: * doc/sudo_plugin.pod:
9804: Document iolog_file, iolog_dir and use_pty
9805: [26120a59c20e]
9806:
9807: * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
9808: plugins/sudoers/sudoers.c:
9809: Adapt plugins to version I/O logging ABI 1.1
9810: [880dd64bc1e8]
9811:
9812: * src/exec.c, src/sudo.h:
9813: Add use_pty command_info flag for policies to indicate that a pty
9814: should be allocated even if no I/O logging is performed.
9815: [e7b167f8a6e5]
9816:
9817: * src/sudo.c:
9818: Add remaining plugin convenience functions
9819: [ffeaf96da031]
9820:
9821: * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
9822: src/sudo_plugin_int.h:
9823: Change I/O log API to pass in command info to the I/O log open
9824: function. Add iolog_file and iolog_dir parameters to command info.
9825: This allows the policy plugin to specify the I/O log pathname. Add
9826: convenience functions for calling plugin functions that handle ABI
9827: backwards compatibility.
9828: [9b81dce76ce5]
9829:
9830: * compat/dlopen.c:
9831: Remove useless cast
9832: [7cecce969739]
9833:
9834: 2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
9835:
9836: * configure, configure.in:
9837: Bump version to 1.8.0b3
9838: [1dc9f040aae0]
9839:
9840: 2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
9841:
9842: * configure.in:
9843: Remove extraneous newline
9844: [71c94551eea5]
9845:
9846: 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
9847:
9848: * doc/sudoers.pod, plugins/sudoers/def_data.c,
9849: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
9850: plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
9851: Make I/O log dir configurable.
9852: [99b576667a38]
9853:
9854: * aclocal.m4, configure, configure.in, doc/sudoers.pod:
9855: Rename io_logdir to iolog_dir
9856: [0731662acc8d]
9857:
9858: 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
9859:
9860: * pp:
9861: Add missing '*' that prevented the generic ELF case from matching.
9862: [be77ca26bfb2]
9863:
9864: * pp:
9865: If file(1) can't identify the ELF binary type, try readelf(1).
9866: [38a18d32a9e3]
9867:
9868: 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
9869:
9870: * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
9871: plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
9872: plugins/sudoers/sudoers.c, src/sudo.c:
9873: Use %u to print uid/gid, not %lu and adjust casts to match.
9874: [03c43b8749cf]
9875:
9876: * doc/sudoers.ldap.pod:
9877: Clarify ordering of entries and attributes.
9878: [924e2a6bb603]
9879:
9880: * doc/sudoers.ldap.pod:
9881: Fix typo and editing goof.
9882: [79dc7ccd85a8]
9883:
9884: * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
9885: doc/sudoers.ldap.pod:
9886: Merge in ordered LDAP entry support from Andreas Mueller.
9887: [ea5885989bad]
9888:
9889: * plugins/sudoers/ldap.c:
9890: Make sure we don't dereference a NULL handle.
9891: [1a9f9ee15371]
9892:
9893: 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
9894:
9895: * pp:
9896: Add support for RHEL 6 file modes that include a trailing dot on
9897: files with an SELinux security context
9898: [dc09be959547]
9899:
9900: 2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
9901:
9902: * src/sudo.c:
9903: exec_setup() does not need to setuid(0), the Ubuntu issue was in the
9904: sudoers module.
9905: [d6dd99fc6062]
9906:
9907: * plugins/sudoers/sudoers.c:
9908: create_admin_success_flag() should use restore_perms() rather than
9909: set_perms() to restore the uid.
9910: [eba7a91c1f57]
9911:
9912: * src/sudo.c:
9913: In exec_setup() call setuid(0) to make certain the subsequent uid
9914: and gid changes will succeed. Fixes a problem on Ubuntu.
9915: [c5d32abf0645]
9916:
9917: * src/sudo_edit.c:
9918: Error out if we cannot change to root's uid so we catch the failure
9919: early.
9920: [7a2e7f8f2c80]
9921:
9922: 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
9923:
9924: * doc/sudoers.pod:
9925: fix typo; from Michael T Hunter
9926: [a574a9d0db5b]
9927:
9928: * plugins/sudoers/match.c:
9929: In sudoedit mode, assume command line arguments are paths and pass
9930: FNM_PATHNAME to fnmatch().
9931: [ce0abff8ce9f]
9932:
9933: 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
9934:
9935: * configure, configure.in:
9936: Add workaround for an error in sys/types.h on HP-UX 11.23 when large
9937: file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
9938: broken bits of the header file.
9939: [e337217f097a]
9940:
9941: * aclocal.m4:
9942: Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
9943: [fbbcee28961f]
9944:
9945: * sudo.pp:
9946: For Tru64, strip off beta version.
9947: [eeccd762df5e]
9948:
9949: * MANIFEST, plugins/sudoers/testsudoers.c,
9950: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
9951: Avoid conflicts with system definitions in grp.h and pwd.h
9952: [b219ffe1da09]
9953:
9954: * zlib/gzguts.h:
9955: Include stdio.h after zlib.h, not before. We need the large file
9956: defines to come first.
9957: [21d6df39790f]
9958:
9959: 2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
9960:
9961: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
9962: regen
9963: [3ff8750d0aac]
9964:
9965: * Makefile.in:
9966: Don't clean ChangeLog
9967: [ab0d30d289d4]
9968:
9969: * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
9970: Add prototype for cleanup()
9971: [75626fd3769a]
9972:
9973: 2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
9974:
9975: * plugins/sudoers/group_plugin.c:
9976: Avoid deferencing group_plugin if it is NULL in
9977: group_plugin_query(). This should not happen.
9978: [4f2933c8da7e]
9979:
9980: * plugins/sudoers/group_plugin.c:
9981: group plugin init function return TRUE when successful
9982: [198024477030]
9983:
9984: 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
9985:
9986: * plugins/sudoers/ldap.c:
9987: Enlarge the array of entry wrappers int blocks of 100 entries to
9988: save on allocation time. From Andreas Mueller
9989: [375c916bb03b]
9990:
9991: * plugins/sudoers/ldap.c:
9992: Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
9993: that was mistakenly dropped.
9994: [1555f5bc132d]
9995:
9996: 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
9997:
9998: * doc/TROUBLESHOOTING:
9999: Mention that sudo needs "ar" to build.
10000: [65582ace2d09]
10001:
10002: * configure, configure.in:
10003: Fail with a more useful error if "ar" is not found.
10004: [d1cb83719c17]
10005:
10006: 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
10007:
10008: * plugins/sudoers/ldap.c:
10009: Merge in ordered LDAP entry support from Andreas Mueller and add
10010: local changes from the 1.7 branch.
10011: [bca29e461618]
10012:
10013: 2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
10014:
10015: * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
10016: doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
10017: Add timed entry support from Andreas Mueller.
10018: [e18d1df46a8d]
10019:
10020: * plugins/sudoers/group_plugin.c:
10021: Don't try to unload if group_plugin is NULL. Don't call dlclose() if
10022: group_handle is NULL
10023: [de2273da37d5]
10024:
10025: * plugins/sudoers/sudoers.h:
10026: It is now plugin_cleanup(), not cleanup()
10027: [da62a4e1a78c]
10028:
10029: * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
10030: Call plugin_cleanup(), not cleanup()
10031: [e800ad8b33ad]
10032:
10033: 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
10034:
10035: * plugins/sudoers/ldap.c:
10036: Use efree() not free() and remove malloc.h include since we never
10037: directly call malloc() or free().
10038: [107fffd134bb]
10039:
10040: 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
10041:
10042: * sudo.pp:
10043: set PSTAMP for Solaris and move the backend-specific bits to their
10044: own %if [xxx] %endif blocks in %set.
10045: [a94ebe8920c1]
10046:
10047: * pp:
10048: sync with git repo
10049: [75ff509696b4]
10050:
10051: * configure, configure.in:
10052: Only substitute file zlib files when using the builtin zlib
10053: [6c8145b2deb4]
10054:
10055: * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
10056: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
10057: src/Makefile.in, zlib/Makefile.in:
10058: Give up on using VPATH to find sources as it is implemented
10059: inconsistenly in different versions of make.
10060: [60517c69aaee]
10061:
10062: * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
10063: plugins/sudoers/gram.c, plugins/sudoers/toke.c:
10064: Include config.h before any other includes to make sure we get the
10065: right value for _FILE_OFFSET_BITS.
10066: [8fb007ca832e]
10067:
10068: * MANIFEST:
10069: Add zlib
10070: [04a3e23dfaa9]
10071:
10072: * zlib/Makefile.in:
10073: Add missing targets
10074: [40e45a177168]
10075:
10076: * src/Makefile.in:
10077: g/c unused $(GENERATED)
10078: [c8758068c1bc]
10079:
10080: 2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
10081:
10082: * plugins/sudoers/group_plugin.c:
10083: Zero out group_plugin on unload just to be safe.
10084: [0b10f4d101ca]
10085:
10086: * plugins/sudoers/group_plugin.c:
10087: Unload group plugin if its init function fails.
10088: [6552cdac4b7c]
10089:
10090: * src/sudo.c:
10091: Only chdir to cwd if it is different from the current cwd or there
10092: is a new root (chroot).
10093: [b8203e875e84]
10094:
10095: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
10096: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
10097: doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
10098: Bump version to 1.8.0b2
10099: [6dadeb75a878]
10100:
10101: 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
10102:
10103: * INSTALL:
10104: Better --enable-zlib description
10105: [e0da54fa59a6]
10106:
10107: * mkpkg:
10108: Use system zlib on Linux Let configure decide on Solaris For all
10109: others, use builtin zlib
10110: [3d52eddb523c]
10111:
10112: * zlib/zconf.h.in:
10113: Add large file support.
10114: [bec01215270d]
10115:
10116: * config.h.in:
10117: Add large file support.
10118: [244e95b034ec]
10119:
10120: * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
10121: zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
10122: zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
10123: zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
10124: zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
10125: zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
10126: zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
10127: zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
10128: Add local copy of zlib for systems that lack it.
10129: [7542ca465c5a]
10130:
10131: 2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
10132:
10133: * src/exec.c:
10134: If perform_io() fails, kill the child before exiting so it doesn't
10135: complain about connection reset. We can get an I/O error if, for
10136: example, and we get EIO reading from stdin.
10137: [e59a05fa729f]
10138:
10139: 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
10140:
10141: * plugins/sudoers/sudoers.c, src/sudo.c:
10142: Fix complilation on systems with set_auth_parameters() Sprinkle
10143: volatile to quiet warnings from gcc 2.8.0
10144: [a34c2b924ba7]
10145:
10146: * compat/dlfcn.h, compat/dlopen.c:
10147: Avoid potential namespace issues with dlopen() emulation.
10148: [aedfababd6ca]
10149:
10150: * MANIFEST:
10151: sync
10152: [6afb97e6d308]
10153:
10154: * plugins/sudoers/interfaces.c:
10155: Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
10156: exist).
10157: [ddfca5af1a36]
10158:
10159: * Makefile.in:
10160: Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
10161: [e9d04bfa4505]
10162:
10163: * configure, configure.in:
10164: HP-UX 10.20 libc has an incompatible getline
10165: [2e7bc202e78d]
10166:
10167: * plugins/sudoers/visudo.c:
10168: Quiet an HP-UX compiler warning.
10169: [55b9d587ac8c]
10170:
10171: * configure, configure.in:
10172: Check for vi even with --with-editor specified; the sample plugin
10173: needs it.
10174: [94dfc3643f76]
10175:
10176: 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
10177:
10178: * compat/dlopen.c:
10179: Fix remaining syntax errors.
10180: [9d729b5b577e]
10181:
10182: * src/Makefile.in:
10183: sudo binary depends on the libtool-generated libs
10184: [9e6148406adb]
10185:
10186: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
10187: Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
10188: include the local or system dlfcn.h
10189: [68cfe4c1089b]
10190:
10191: * pp:
10192: Don't use run_as_superuser=false on HP-UX
10193: [532242370b09]
10194:
10195: * src/net_ifs.c:
10196: Use memset() instead of zero_bytes() since we don't include
10197: sudoers.h
10198: [a187c18c2472]
10199:
10200: * plugins/sudoers/interfaces.c:
10201: Fix pasto; AF_INET not AF_INET6
10202: [2d2e9d7dc6f9]
10203:
10204: * compat/dlopen.c:
10205: Actually call shl_load()
10206: [ed8153b8a3cd]
10207:
10208: * pp:
10209: Update from git repo. Debian: version numbers now compliant with
10210: policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
10211: 10.20
10212: [ecf2692bceeb]
10213:
10214: * configure, configure.in:
10215: Fix dlopen() detection for systems where dlopen() is in a separate
10216: library.
10217: [fa6b175582b6]
10218:
10219: * plugins/sudoers/auth/pam.c:
10220: If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
10221: useful message and return AUTH_FATAL so sudo does not keep trying to
10222: validate the user.
10223: [1be8857e5291]
10224:
10225: * src/preload.c:
10226: sudo_preload_table is an array
10227: [b7704e72a9da]
10228:
10229: * compat/dlopen.c:
10230: Quiet a compiler warning and fix sudo_preload_table external
10231: definition.
10232: [8234987664cc]
10233:
10234: * compat/dlfcn.h:
10235: Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
10236: [8bab6a4053cc]
10237:
10238: * plugins/sudoers/group_plugin.c:
10239: Make this compile correctly when no dlopen is available.
10240: [57643879bd2b]
10241:
10242: 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
10243:
10244: * plugins/sudoers/check.c:
10245: Having a timestamp file defined is no longer indicative of tty
10246: tickets being enabled. Check def_tty_tickets directly.
10247: [efcc11ad157f]
10248:
10249: * src/exec_pty.c, src/sudo.h, src/ttysize.c:
10250: Fix TCGETWINSZ compat.
10251: [da3a8b17cf7a]
10252:
10253: 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
10254:
10255: * src/exec_pty.c, src/ttysize.c:
10256: Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
10257: [926492dd10a6]
10258:
10259: 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
10260:
10261: * plugins/sudoers/sudoers.c, src/sudo.c:
10262: Move set_project() from sudoers module into sudo proper.
10263: [beabafac03b4]
10264:
10265: * configure, configure.in:
10266: Fix typo and regenerate
10267: [4a3caf4234f3]
10268:
10269: * plugins/sudoers/ldap.c:
10270: When iterating over returned LDAP entries, keep looking at remaining
10271: matches even if we have a positive match. This catches negative
10272: matches that may exist in other entries and more closely match the
10273: sudoers file behavior.
10274: [f47db6e609b0]
10275:
10276: * pp:
10277: Add support for multiple package instances on Solaris.
10278: [7f2a8b942545]
10279:
10280: * src/exec.c:
10281: Add missing signal_pipe[0] to fdsr for the non-pty case.
10282: [79d01e11b19c]
10283:
10284: * mkpkg:
10285: Add --with-project for Solaris
10286: [ffa4c2bb93f7]
10287:
10288: * README:
10289: Need ar and ranlib too
10290: [5c2f679172ef]
10291:
10292: 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
10293:
10294: * plugins/sudoers/env.c:
10295: Preserve ODMDIR environment variable by default on AIX.
10296: [bd47cb1e804f]
10297:
10298: 2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
10299:
10300: * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
10301: config.h.in, configure, configure.in, plugins/sample/Makefile.in,
10302: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
10303: plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
10304: plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
10305: src/preload.c:
10306: Add dlopen() emulation for systems without it. For HP-UX 10, emulate
10307: using shl_load(). For others, link sudoers plugin statically and use
10308: a lookup table to emulate dlsym().
10309: [e92edfb3c642]
10310:
10311: 2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
10312:
10313: * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
10314: compat/nanosleep.c, compat/utimes.c:
10315: When including compat headers, use the compat dir as part of the
10316: path so we are sure to get the correct header.
10317: [6c2a45da6af5]
10318:
10319: 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
10320:
10321: * plugins/sudoers/linux_audit.c:
10322: Ignore ECONNREFUSED from audit_log_user_command() which will occur
10323: if auditd is not running.
10324: [d314fe4c8d03]
10325:
10326: 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
10327:
10328: * pp:
10329: Sync with git version
10330: [1c0357744222]
10331:
10332: 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
10333:
10334: * common/fileops.c, plugins/sudoers/defaults.c:
10335: Cast isblank argument to unsigned char.
10336: [c822dbb3ca54]
10337:
10338: 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
10339:
10340: * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
10341: doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
10342: Implement --with-umask-override configure flag.
10343: [863e3047df22]
10344:
10345: * plugins/sudoers/env.c:
10346: Take MODE_LOGIN_SHELL into account when initially setting reset_home
10347: instead of special-casing it later.
10348: [5d6b16480fd6]
10349:
10350: * plugins/sudoers/sudoers.c:
10351: In login mode, make a copy of the runas user's pw_shell for
10352: NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
10353: freed before exec.
10354: [1d1ccb568dfa]
10355:
10356: * plugins/sudoers/env.c:
10357: Reset HOME for "sudo -i" even if HOME was listed in env_keep.
10358: [c1c1c65a2d63]
10359:
10360: * src/sudo.c:
10361: Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
10362: [7443454e5f88]
10363:
10364: * src/sudo.c:
10365: Reset signal mask at sudo startup time; we need to be able to rely
10366: on normal signal delivery to control the child process.
10367: [95800163ff94]
10368:
10369: 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
10370:
10371: * install-sh:
10372: Use sed instead of expr to split a flag from its argument. Fixes a
10373: problem with expr interpreting its arguments as a flag when they
10374: start with a dash.
10375: [736065e14301]
10376:
10377: * common/lbuf.c:
10378: Do not need sys/time.h after all
10379: [91f6f668ccda]
10380:
10381: * common/lbuf.c:
10382: Include sys/time.h for utimes() and struct timeval. No longer need
10383: ioctl.h or termios.h
10384: [2d75273d3213]
10385:
10386: * compat/snprintf.c:
10387: Quiet bogus compiler warnings.
10388: [fe252e1968f5]
10389:
10390: * include/missing.h:
10391: Declare innetgr() for HP-UX which is missing a declaration. Declare
10392: domainname() for HP-UX and Solaris which are missing a declaration.
10393: [b37c50751138]
10394:
10395: * plugins/sudoers/bsm_audit.c:
10396: Use __sun for consistency with the rest of the sources.
10397: [6b086b61ccb6]
10398:
10399: * plugins/sudoers/group_plugin.c:
10400: Quiet a bogus compiler warning.
10401: [ebc069842c4a]
10402:
10403: * plugins/sudoers/pwutil.c:
10404: Don't try to delref a NULL group.
10405: [f6ff0838be21]
10406:
10407: * common/alloc.c, common/lbuf.c:
10408: Include memory.h on systems that need it.
10409: [4e676da81c6f]
10410:
10411: 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
10412:
10413: * src/exec.c:
10414: Quiet gcc warnings on glibc systems that use warn_unused_result for
10415: write(2).
10416: [0532da0b7cf7]
10417:
10418: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
10419: sudo_plugin is in section 8; from Ted Percival
10420: [b4506a0de87e]
10421:
10422: * plugins/sudoers/Makefile.in:
10423: testsudoers depends on libsudoers.la, not sudoreplay
10424: [cdb1cc3bf06a]
10425:
10426: 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
10427:
10428: * src/exec.c:
10429: Read as many signals on the signal pipe as we can before returning.
10430: [b181671da047]
10431:
10432: * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
10433: Instead of using a array to store received signals, open a pipe and
10434: have the signal handler write the signal number to one end and
10435: select() on the other end. This makes it possible to handle signals
10436: similar to I/O without race conditions.
10437: [ee84d65c16b6]
10438:
10439: 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
10440:
10441: * doc/visudo.pod, plugins/sudoers/visudo.c:
10442: Make "visudo -c -f -" check the standard input.
10443: [195a3d2a9a26]
10444:
10445: * doc/sudoers.pod:
10446: set_home and always_set_home have an effect if HOME is present in
10447: the env_keep list.
10448: [159d0b9dc5c8]
10449:
10450: * plugins/sudoers/env.c:
10451: Make -H flag work when HOME is listed in env_keep. Also makes
10452: "set_home" and "always_set_home" override override HOME in env_keep.
10453: [a3e5b966193f]
10454:
10455: 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
10456:
10457: * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
10458: plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
10459: plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
10460: plugins/sudoers/visudo.c, src/net_ifs.c:
10461: Convert sudoers plugin to use interface list passed in settings.
10462: [87d9b5f4f586]
10463:
10464: * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
10465: src/parse_args.c, src/sudo.h:
10466: Query local network interfaces in the main sudo driver and pass to
10467: the plugin as "network_addrs" in the settings list.
10468: [7f35bcfe77a7]
10469:
10470: * plugins/sudoers/bsm_audit.c:
10471: Solaris BSM audit return EINVAL when auditing is not enabled,
10472: whereas OpenBSM returns ENOSYS.
10473: [411b980ec58b]
10474:
10475: 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
10476:
10477: * compat/fnmatch.c:
10478: missing.h should come before most local includes
10479: [53921a7b8b5b]
10480:
10481: * plugins/sudoers/sudoreplay.c:
10482: missing.h should come before most local includes
10483: [e9abb0db1aac]
10484:
10485: * plugins/sudoers/sudoers.h:
10486: Make local includes consistent; use double quotes for local includes
10487: except for generated ones where we use angle brackets.
10488: [09de4faa9547]
10489:
10490: * plugins/sudoers/sudoers.c:
10491: Always fill in NewArgv for audit code.
10492: [7c3aca60519f]
10493:
10494: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10495: Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
10496: [007cf6560f92]
10497:
10498: * common/alloc.c, common/atobool.c, common/fileops.c,
10499: common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
10500: common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
10501: compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
10502: compat/getprogname.c, compat/glob.c, compat/isblank.c,
10503: compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
10504: compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
10505: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
10506: compat/unsetenv.c, compat/utimes.c, include/compat.h,
10507: plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
10508: plugins/sample_group/plugin_test.c,
10509: plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
10510: plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
10511: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
10512: plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
10513: plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
10514: plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
10515: src/sudo_noexec.c, src/ttysize.c:
10516: Make local includes consistent; use double quotes for local includes
10517: except for generated ones where we use angle brackets. Also g/c
10518: unused compat.h.
10519: [e57070dc8f04]
10520:
10521: 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
10522:
10523: * plugins/sudoers/match.c:
10524: When matching the runas user and runas group (-u and -g command line
10525: options), keep track of runas group and runas user matches
10526: separately. Only return a positive match if we have a match for
10527: both runas user and runas group (if specified).
10528: [815219e04cc8]
10529:
10530: 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
10531:
10532: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
10533: Add support for multiple URI lines by joining the contents and
10534: passing the result to ldap_initialize.
10535: [a47cae3b72e8]
10536:
10537: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
10538: Do not return -1 on error from the display functions; the caller
10539: expects a return value >= 0.
10540: [101456a7dd00]
10541:
10542: * plugins/sudoers/sudoers.c:
10543: Do not set both MODE_EDIT and MODE_RUN
10544: [8faa36694d54]
10545:
10546: 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
10547:
10548: * include/missing.h:
10549: Move includes to the top of the file.
10550: [a51436798e8c]
10551:
10552: 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
10553:
10554: * plugins/sudoers/Makefile.in:
10555: Add missing definition of timedir
10556: [458a749c2c5e]
10557:
10558: * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
10559: compat/mksiglist.c, compat/strsignal.c,
10560: plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
10561: Add #include of sys/types.h for .c files that include missing.h to
10562: be sure that size_t and ssize_t are defined.
10563: [08e3132dbf4f]
10564:
10565: * plugins/sudoers/Makefile.in:
10566: Install sudoers file from the build dir not hte src dir.
10567: [ca89e962dbf4]
10568:
10569: 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
10570:
10571: * plugins/sudoers/set_perms.c:
10572: If runas_pw changes, reset the stashed runas aux group vector.
10573: Otherwise, if runas_default is set in a per-command Defaults
10574: statement, the command runs with root's aux group vector (i.e. the
10575: one that was used when locating the command).
10576: [24f9107cedd2]
10577:
10578: * plugins/sudoers/Makefile.in:
10579: Add target to generate sudoers file Remove generated sudoers file as
10580: part of distclean
10581: [fb7422e90f03]
10582:
10583: 2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
10584:
10585: * src/exec.c:
10586: When not logging I/O install a handler for SIGCONT and deliver it to
10587: the command upon resume. Fixes bugzilla #431
10588: [495dce52a5aa]
10589:
10590: 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
10591:
10592: * plugins/sudoers/sudoers.h:
10593: g/c unused auth_pw extern definition
10594: [40eb7477ba17]
10595:
10596: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
10597: Move get_auth() into check.c where it is actually used.
10598: [e31db0ce3a61]
10599:
10600: 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
10601:
10602: * common/lbuf.c:
10603: Convert a remaining puts() and putchar() to use the output function.
10604: [d69e363a506b]
10605:
10606: * plugins/sudoers/plugin_error.c:
10607: Plug memory leak
10608: [68895469ea8d]
10609:
10610: 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
10611:
10612: * plugins/sudoers/env.c:
10613: Set dupcheck to TRUE when setting new HOME value if !env_reset but
10614: always_set_home is true. Prevents a duplicate HOME in the
10615: environment (old value plus the new one) introduced in f421f8827340.
10616: [9ca19183794f]
10617:
10618: * configure, configure.in, plugins/sudoers/sudoers,
10619: plugins/sudoers/sudoers.in:
10620: Substitute sysconfdir in the installed sudoers file to get the
10621: correct path for sudoers.d.
10622: [86072b6cd55d]
10623:
10624: 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
10625:
10626: * src/get_pty.c:
10627: Fix typo that prevented compilation on Irix; Friedrich Haubensak
10628: [b48be51b65fc]
10629:
10630: 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
10631:
10632: * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
10633: common/atobool.c, common/fileops.c, common/fmt_string.c,
10634: common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
10635: compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
10636: compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
10637: compat/getprogname.c, compat/glob.c, compat/isblank.c,
10638: compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
10639: compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
10640: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
10641: compat/unsetenv.c, compat/utimes.c, include/compat.h,
10642: include/missing.h, plugins/sample/sample_plugin.c,
10643: plugins/sample_group/getgrent.c,
10644: plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
10645: plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
10646: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
10647: plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
10648: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
10649: plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
10650: src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
10651: Merge compat.h and missing.h into missing.h
10652: [572909ae9716]
10653:
10654: 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
10655:
10656: * plugins/sudoers/auth/pam.c:
10657: If the user hits ^C while a password is being read, error out before
10658: reading any further passwords in the pam conversation function.
10659: Otherwise, if multiple PAM auth methods are required, the user will
10660: have to hit ^C for each one.
10661: [23782631748c]
10662:
10663: 2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
10664:
10665: * plugins/sudoers/check.c:
10666: Update comment
10667: [a5296cb3a20a]
10668:
10669: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
10670: Document sudo_conv_t function and sudo_printf_t return values.
10671: [745c0017814c]
10672:
10673: * src/conversation.c:
10674: Make _sudo_printf return the number of characters printed on success
10675: like printf(3).
10676: [8eeefe8d7e77]
10677:
10678: 2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
10679:
10680: * plugins/sudoers/sudoers.c:
10681: sudoers.h includes sudo_plugin.h for us
10682: [cabe68e07807]
10683:
10684: * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
10685: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
10686: src/sudo_edit.c:
10687: Use gettimeofday() directly instead of via the gettime() wrapper.
10688: [7490426c99ae]
10689:
10690: * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
10691: compat/strerror.c, config.h.in, configure, configure.in,
10692: include/compat.h, include/missing.h, plugins/sudoers/logging.c,
10693: plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
10694: Remove some obsolete configure tests, ancient Unix systems are no
10695: longer supported.
10696: [2be6218c3a36]
10697:
10698: 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
10699:
10700: * sudo.pp:
10701: Set pp_kit_version and strip off patch level
10702: [aacfda1b676d]
10703:
10704: * sudo.pp:
10705: Better handling of versions with a patchlevel. For rpm and deb, use
10706: the patchlevel+1 as the release. For AIX, use the patchlevel as the
10707: 4th version number. For the rest, just leave the patchlevel in the
10708: version string.
10709: [638bd35f2346]
10710:
10711: 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
10712:
10713: * plugins/sudoers/auth/sudo_auth.c:
10714: For non-standalone auth methods, stop reading the password if the
10715: user enters ^C at the prompt.
10716: [82c2911bb264]
10717:
10718: * configure, configure.in, plugins/sudoers/Makefile.in,
10719: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
10720: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
10721: plugins/sudoers/pwutil.c:
10722: No need to look up shadow password unless we are doing password-
10723: style authentication. This moves the shadow password lookup to the
10724: auth functions that need it.
10725: [ba9e3eba2b72]
10726:
10727: * plugins/sudoers/sudoers.c:
10728: Retain final passwd/group refs until the policy close() function.
10729: Note that this doesn't get called in all cases so putting this in a
10730: cleanup function is probably better.
10731: [bbe214cb4119]
10732:
10733: * plugins/sudoers/check.c:
10734: Fix mismerge
10735: [395115f89dd6]
10736:
10737: * plugins/sudoers/check.c:
10738: When removing/resetting the timestamp file ignore the tty ticket
10739: contents.
10740: [b709f5667a0b]
10741:
10742: * plugins/sudoers/sudoers.c:
10743: delref sudo_user.pw, runas_pw and runas_gr immediately before we
10744: return.
10745: [4d67d15dfd3b]
10746:
10747: 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
10748:
10749: * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
10750: plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
10751: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
10752: Reference count cached passwd and group structs. The cache holds
10753: one reference itself and another is added by sudo_getgr{gid,nam} and
10754: sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
10755: group structs are persistent for now.
10756: [e544685523c3]
10757:
10758: * doc/UPGRADE:
10759: fix typo
10760: [e32f2d35e6c9]
10761:
10762: 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
10763:
10764: * plugins/sudoers/check.c:
10765: Do not produce a warning for "sudo -k" if the ticket file does not
10766: exist.
10767: [1598f6061b75]
10768:
10769: * plugins/sudoers/pwutil.c:
10770: Instead of caching struct passwd and struct group in the red-black
10771: tree, store a struct cache_item which includes both the key and
10772: datum. This allows us to user the actual name that was looked up as
10773: the key instead of the contents of struct passwd or struct group.
10774: This matters because the name in the database may not match what we
10775: looked up, due either to case folding or truncation (historically at
10776: 8 characters). Also mark the disabled calls to sudo_freepwcache()
10777: and sudo_freegrcache() as broken since we use cached data for things
10778: like set_perms() and the logging functions. Fixing this would
10779: require making a copy of the structs for user and runas or adding a
10780: reference count (better).
10781: [225d4a22f60e]
10782:
10783: * plugins/sudoers/Makefile.in:
10784: Fix path to mkinstalldirs
10785: [b4968379b12d]
10786:
10787: * plugins/sudoers/check.c, plugins/sudoers/logging.c,
10788: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
10789: src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
10790: Quiet gcc warnings on glibc systems that use warn_unused_result for
10791: write(2) and others.
10792: [c99f138960e0]
10793:
10794: 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
10795:
10796: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10797: Add %option noinput
10798: [72b9cd49b4f1]
10799:
10800: * aclocal.m4, configure, configure.in:
10801: Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
10802: back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
10803: cross-compiling.
10804: [e385c176d0ee]
10805:
10806: 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
10807:
10808: * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
10809: Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
10810: and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
10811: [cf3e60d9c440]
10812:
10813: 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
10814:
10815: * pp:
10816: Update to latest version
10817: [32f93be33961]
10818:
10819: 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
10820:
10821: * sudo.pp:
10822: Let pp determine pp_aix_version itself.
10823: [7cf0245d84ed]
10824:
10825: * INSTALL, config.h.in, configure, configure.in, mkpkg,
10826: plugins/sudoers/sudoers.c:
10827: Add support for Ubuntu admin flag file and enable it when building
10828: Ubuntu packages.
10829: [00e27cff2dfb]
10830:
10831: * plugins/sudoers/sudoers, sudo.pp:
10832: Add commented out SuSE-like targetpw settings
10833: [4605d47b7413]
10834:
10835: * configure, configure.in:
10836: Only try to use +DAportable for non-GCC on hppa
10837: [75d0f284ccf7]
10838:
10839: * configure, configure.in:
10840: Prevent configure from adding the -g flag unless in devel mode
10841: [b1fd3f8d45c0]
10842:
10843: 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
10844:
10845: * sudo.pp:
10846: Go back to sudo-flavor to match existing packages and only use an
10847: underscore for those that need it.
10848: [d737069d1e1c]
10849:
10850: * sudo.pp:
10851: Use sudo_$flavor instead of sudo-$flavor since that causes the least
10852: amount of trouble for the various package managers.
10853: [71f547af35fc]
10854:
10855: * mkpkg:
10856: Fix handling of the ldap flavor Remove destdir unless --debug was
10857: specified Make distclean before running configure if there is a
10858: Makefile present
10859: [6316f08de7d3]
10860:
10861: * sudo.pp:
10862: Add back include file.
10863: [195627bf68b8]
10864:
10865: * mkpkg:
10866: Pass extra args on to configure on HP-UX, if we don't have the HP C
10867: compiler, disable zlib to prevent gcc from finding it in
10868: /usr/local/lib.
10869: [473efa0e2bac]
10870:
10871: * mkpkg:
10872: Use the HP ANSI C compiler on HP-UX if possible
10873: [fb249b6b175d]
10874:
10875: * plugins/sudoers/sudoreplay.c:
10876: Some getline() implementations (FreeBSD 8.0) do not ignore the
10877: length pointer when the line pointer is NULL as they should.
10878: [2410a1a3543c]
10879:
10880: * plugins/sudoers/sudoreplay.c:
10881: Don't need to check for *cp being non-zero, isdigit() will do that.
10882: [7df11ea8a487]
10883:
10884: * plugins/sudoers/sudoreplay.c:
10885: Add setlocale() so the command line arguments that use floating
10886: point work in different locales. Since sudo now logs the timing
10887: data in the C locale we must Parse the seconds in the timing file
10888: manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
10889: the number of seconds with the user's locale so if the decimal point
10890: is not '.' try using the locale-specific version.
10891: [4d385765f23b]
10892:
10893: * src/exec.c:
10894: Do I/O logging in the C locale so the floating point numbers in the
10895: timing file are not locale-dependent.
10896: [5961cec044ec]
10897:
10898: * plugins/sudoers/sudoreplay.c:
10899: Use errorx() not error() for thingsthat don't set errno.
10900: [0fe5e692af84]
10901:
10902: 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
10903:
10904: * pp:
10905: Better support for 1.2.3 style versions in Tru64 kits
10906: [997c549bb777]
10907:
10908: * sudo.pp:
10909: Add Tru64 kit support
10910: [e273a954f981]
10911:
10912: * pp:
10913: Remove apparently unnecessary use of sudo
10914: [be8840d85125]
10915:
10916: * Makefile.in, plugins/sudoers/Makefile.in:
10917: Create timedir as part of install-dirs target.
10918: [c736bc2fb14f]
10919:
10920: * src/exec_pty.c:
10921: Handle ENXIO from read/write which can occur when reading/writing a
10922: pty that has gone away.
10923: [fa2e8059879f]
10924:
10925: * plugins/sudoers/pwutil.c:
10926: sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
10927: [3a045475d5ee]
10928:
10929: * mkpkg:
10930: platform is a pp flag not a variable
10931: [12eba39a47c1]
10932:
10933: * Makefile.in, mkpkg, sudo.pp:
10934: Add simple arg parsing for mkpkg so we can set debug, flavor or
10935: platform.
10936: [ada839fe252d]
10937:
10938: * pp:
10939: Make rpm backend work on AIX 5.x
10940: [549a76d11393]
10941:
10942: 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
10943:
10944: * plugins/sudoers/sudoers:
10945: Add commented out Defaults entry for log_output
10946: [7e67d7588900]
10947:
10948: 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
10949:
10950: * doc/Makefile.in:
10951: Remove sudo docdir completely
10952: [dce8e82878ef]
10953:
10954: * doc/sample.sudo.conf:
10955: Add sample sudo.conf
10956: [aafdba3fc411]
10957:
10958: 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
10959:
10960: * plugins/sudoers/Makefile.in:
10961: Add PACKAGE_TARNAME for docdir
10962: [930c92b8f8f0]
10963:
10964: 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
10965:
10966: * src/Makefile.in:
10967: Pass install-sh -b~ here too.
10968: [c3f5eb446c38]
10969:
10970: * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
10971: plugins/sudoers/Makefile.in, src/Makefile.in:
10972: Install binary files with -b~ to make a backup. Fixes "text file
10973: busy" error on HP-UX during install.
10974: [81f306f54f8c]
10975:
10976: * install-sh:
10977: "mv -f" on HP-UX doesn't unlink the destination first so add an
10978: explicit rm before moving the temporary into place.
10979: [fb719a79582d]
10980:
10981: * configure, configure.in:
10982: Some more ${foo} -> $(foo) conversion for consistent Makefiles.
10983: [0aa098770074]
10984:
10985: * doc/Makefile.in, plugins/sudoers/Makefile.in:
10986: Install sudoers2ldif in the doc dir
10987: [33ac3b53d7f5]
10988:
10989: 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
10990:
10991: * pathnames.h.in:
10992: Add missing include of maillock.h for Solaris
10993: [5a58883be23a]
10994:
10995: * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
10996: doc/sample.syslog.conf, doc/sudoers.cat:
10997: Change the default syslog facility from local2 to authpriv (or auth
10998: if the operating system doesn't support authpriv).
10999: [3b70ba514f49]
11000:
11001: * Makefile.in, sudo.pp:
11002: Install sudoers as /etc/sudoers on RPM and debian systems where the
11003: package manager will not replace a user-modified configuration file.
11004: This fixes upgrades from the vendor sudo packages.
11005: [d886b6d60b5b]
11006:
11007: * pp:
11008: RPM: use %config(noreplace) instead of %config for volatile This
11009: results in the new file being installed with a .rpmnew suffix
11010: instead of the file being replaced and the old one renamed with a
11011: .rpmsave suffix.
11012: [58be2119f8e8]
11013:
11014: 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
11015:
11016: * compat/mkstemps.c, plugins/sudoers/boottime.c:
11017: Include time.h for struct timeval
11018: [ddf8b04f0276]
11019:
11020: * src/exec_pty.c:
11021: The return value of strsignal() may be const and should be treated
11022: as const regardless.
11023: [620074ae1e77]
11024:
11025: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
11026: Mention that 127.0.0.1 will not match, nor will localhost unless
11027: that is the actual host name.
11028: [8b574122eb8f]
11029:
11030: * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
11031: Rename WHATSNEW -> NEWS
11032: [d1a2c8c47d89]
11033:
11034: * pp:
11035: Updated pp with latest patches
11036: [98e16b9b8f62]
11037:
11038: * WHATSNEW:
11039: Sync with 1.7.4
11040: [65ac4dafeef7]
11041:
11042: * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
11043: plugins/sudoers/sudoers:
11044: Add commented out line to add HOME to env_keep and add a warning to
11045: the note about the HOME change in UPGRADE.
11046: [0d6a775bb6c8]
11047:
11048: 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
11049:
11050: * plugins/sudoers/sudoreplay.c:
11051: Add LINE_MAX define for those without it.
11052: [446d9dbe7859]
11053:
11054: * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
11055: doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
11056: plugins/sudoers/defaults.c:
11057: The tty_tickets option is now on by default.
11058: [a01c48206d80]
11059:
11060: * WHATSNEW:
11061: Mention that AIX authdb support has been fixed.
11062: [87bd7f4eba6a]
11063:
11064: * common/aix.c:
11065: setauthdb() only sets the "old" registry if it was set by a previous
11066: call to setauthdb(). To restore the original value, passing NULL
11067: (or an empty string) to setauthdb() is sufficient.
11068: [470da190a254]
11069:
11070: 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
11071:
11072: * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
11073: doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
11074: plugins/sudoers/env.c:
11075: Reset HOME when env_reset is enabled unless it is in env_keep
11076: [f421f8827340]
11077:
11078: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
11079: The default for set_logname has been "true" for some time now.
11080: [f489da5674c3]
11081:
11082: * plugins/sudoers/boottime.c:
11083: Add missing include of time.h
11084: [624d7014932f]
11085:
11086: * plugins/sudoers/logging.c:
11087: Fix check for dup2() return value.
11088: [140ea2d50d20]
11089:
11090: * plugins/sudoers/env.c:
11091: Add PYTHONUSERBASE to initial_badenv_table
11092: [3149aae5b12c]
11093:
11094: * plugins/sudoers/visudo.c:
11095: Treat an unknown defaults entry as a parse error.
11096: [b3ebad73efb2]
11097:
11098: * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
11099: Check return value of setdefs() but don't stop setting defaults if
11100: we hit an unknown one.
11101: [945e752239ab]
11102:
11103: * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
11104: doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
11105: doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
11106: plugins/sudoers/env.c:
11107: If env_reset is enabled, set the MAIL environment variable based on
11108: the target user unless MAIL is explicitly preserved in sudoers.
11109: [a1b03e2e0e96]
11110:
11111: 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
11112:
11113: * pp:
11114: decode debian code names
11115: [8741280d9960]
11116:
11117: * WHATSNEW:
11118: fix typo
11119: [a8a19451110b]
11120:
11121: 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
11122:
11123: * WHATSNEW:
11124: Merge with 1.7.4
11125: [9348fa7e15b8]
11126:
11127: * src/sudo.c:
11128: Restore RLIMIT_NPROC after the uid switch if it appears that
11129: runas_setup() did not do it for us. Fixes a bash script problem on
11130: SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
11131: [786fb272e5fd]
11132:
11133: 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
11134:
11135: * mkpkg, pp, sudo.pp:
11136: Restore the dot removal in the os version reported by polypkg. Adapt
11137: mkpkg and sudo.pp to the change.
11138: [dcafdd53b88f]
11139:
11140: 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
11141:
11142: * INSTALL:
11143: document --with-pam-login
11144: [ea93e4c6873c]
11145:
11146: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
11147: The tag is NOSETENV, not UNSETENV. From Petr Uzel.
11148: [2ac90d8de36e]
11149:
11150: 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
11151:
11152: * sudo.pp:
11153: Include flavor in solaris package name
11154: [e605f6364c9f]
11155:
11156: * mkpkg:
11157: Older shells don't support IFS= so set explictly to space, tab,
11158: newline.
11159: [7773960bc8a0]
11160:
11161: * mkpkg:
11162: Use '=' not '==' in test
11163: [c99d42bc48e6]
11164:
11165: * mkpkg:
11166: Fix typo that prevented debian from matching
11167: [84421078fcb7]
11168:
11169: * mkpkg:
11170: Add missing prefix setting for debian
11171: [6466f23de4aa]
11172:
11173: * sudo.pp:
11174: Use tab indents to reduce the chance of problem with <<- Fix the
11175: debian %set section, pp does not set pp_deb_distro Uncomment %sudo
11176: line in sudoers for debian Uncomment some env_keep lines for RHEL,
11177: SLES and debian to more closely match the vendor sudoers files.
11178: Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
11179: debian for ldap flavor
11180: [c5b49feb1a0c]
11181:
11182: * plugins/sudoers/sudoers:
11183: Add commented out env_keep entries, sample Aliases and a %sudo line
11184: for debian.
11185: [387719e52d0f]
11186:
11187: * configure, configure.in:
11188: Move zlib check later on in the script to avoid a strange shell
11189: problem on SLES11.
11190: [1a3153bb1291]
11191:
11192: * configure.in:
11193: Remove check for egrep; configure has its own
11194: [a3b9d98cb5d2]
11195:
11196: 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
11197:
11198: * mkpkg:
11199: Enable zlib for linux distros
11200: [8fa51a1405a4]
11201:
11202: * mkpkg:
11203: Add ldap flavor to default build
11204: [97644f5a555f]
11205:
11206: * mkpkg, sudo.pp:
11207: Simplify rpm linux distro settings
11208: [b9dcf10cdf20]
11209:
11210: * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
11211: Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
11212: [2c549c1acde9]
11213:
11214: * Makefile.in:
11215: Fix ChangeLog creation from build dir
11216: [3d0c7904f173]
11217:
11218: * plugins/sudoers/sudoers.c:
11219: Handle getcwd() failure.
11220: [aef7bef87394]
11221:
11222: * doc/Makefile.in, mkpkg, sudo.pp:
11223: Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
11224: environment variable.
11225: [be6ed611b7a8]
11226:
11227: * sudo.pp:
11228: Create sudo group on debian
11229: [6ed6c032042e]
11230:
11231: * mkpkg, sudo.pp:
11232: Add debian 4/5/6 and use the dot when doing version matches
11233: [6bcb664d1f4f]
11234:
11235: * aclocal.m4, configure:
11236: Use a loop when searching for mv, sendmail and sh
11237: [d5e9369f8d13]
11238:
11239: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
11240: Remove spurious "and"; from debian
11241: [a21e6f7c5b99]
11242:
11243: * aclocal.m4, configure, configure.in, doc/sudoers.cat,
11244: doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
11245: doc/visudo.man.in, doc/visudo.pod:
11246: Substitute the value of EDITOR into the sudoers and visudo manuals.
11247: [cd79e587dd7f]
11248:
11249: 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
11250:
11251: * mkpkg, pp, sudo.pp:
11252: Initial support for debian 4.0
11253: [ac6707915fa8]
11254:
11255: * mkpkg:
11256: Some platforms need -fPIE instead of -fpie
11257: [fd6be19e5bc2]
11258:
11259: * plugins/sudoers/auth/pam.c:
11260: Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
11261: On Linux it causes a DNS lookup via libaudit.
11262: [1e10105ade5b]
11263:
11264: * MANIFEST:
11265: Update MANIFEST to match packaging changes
11266: [ef86ee557b5b]
11267:
11268: * sudo.psf:
11269: We now use pp to generate HP-UX packages
11270: [f7aa8da7844e]
11271:
11272: * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
11273: Remove vestiges of old binary package bits.
11274: [afffd005452f]
11275:
11276: * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
11277: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
11278: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
11279: src/Makefile.in:
11280: install-man -> install-doc
11281: [99b5fa05567c]
11282:
11283: * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
11284: plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
11285: Use http://rc.quest.com/topics/polypkg/ for packaging
11286: [5ca8eb75b223]
11287:
11288: * install-sh:
11289: Just ignore the -c option, it is the default Add support for -d
11290: option
11291: [a8b6b0a131e8]
11292:
11293: 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
11294:
11295: * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
11296: Use _PATH_STDPATH instead of _PATH_DEFPATH
11297: [137fa911908e]
11298:
11299: * plugins/sudoers/Makefile.in, src/Makefile.in:
11300: Do not strip binaries.
11301: [20166e287176]
11302:
11303: * INSTALL, configure, configure.in:
11304: Add --insults=disabled configure option to allow people to build in
11305: insult support but have the insults disabled unless explicitly
11306: enabled in sudoers.
11307: [523b8c552e90]
11308:
11309: * compat/mkstemps.c:
11310: Add prototype for gettime()
11311: [275eee40473b]
11312:
11313: * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
11314: plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
11315: plugins/sudoers/sudoers.h:
11316: Add support for a sudo-i pam.d file to be used for "sudo -i".
11317: Adapted from a RedHat patch.
11318: [06d34f16520b]
11319:
11320: 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
11321:
11322: * include/missing.h:
11323: Fix mkstemps() prototype
11324: [2421841e815b]
11325:
11326: * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
11327: config.h.in, configure, configure.in, include/missing.h,
11328: src/sudo_edit.c:
11329: Use mkstemps() instead of mkstemp() in sudoedit. This allows
11330: sudoedit to preserve the file extension (if any) which may be used
11331: by the editor (like emacs) to choose the editing mode.
11332: [d33172d2c086]
11333:
11334: 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
11335:
11336: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
11337: plugins/sudoers/ldap.c:
11338: TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
11339: TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
11340: code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
11341: should avoid disabling TLS_CHECKPEER is possible.
11342: [196622436212]
11343:
11344: 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
11345:
11346: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
11347: Make sudo_plugin format a bit more like a man page
11348: [048d596e32da]
11349:
11350: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
11351: Add suport for negated user/host/command lists in a Defaults entry.
11352: E.g. Defaults:!baduser noexec
11353: [d41112cf0342]
11354:
11355: * Makefile.in, common/Makefile.in, compat/Makefile.in,
11356: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
11357: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
11358: src/Makefile.in:
11359: Add uninstall target
11360: [fea66ebf136a]
11361:
11362: * common/Makefile.in, compat/Makefile.in:
11363: Remove unused AR, SED and RANLIB variables
11364: [2ff9928bfdb3]
11365:
11366: * Makefile.in:
11367: Do not install sample plugins
11368: [5443b87bd1c3]
11369:
11370: 2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
11371:
11372: * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
11373: configure.in, plugins/sudoers/env.c:
11374: Now that sudoers is a dynamically loaded module we cannot override
11375: the libc environment functions because the symbols may already have
11376: been resolved via libc. Remove getenv/putenv/setenv/unsetenv
11377: replacements from sudoers and add replacements for setenv/unsetenv
11378: for systems that lack them.
11379: [3f2b43cb8851]
11380:
11381: * configure, configure.in, plugins/sudoers/Makefile.in:
11382: Link testsudoers with -ldl when needed
11383: [f79606f9fcd7]
11384:
11385: * plugins/sample_group/plugin_test.c:
11386: Remove unused time.h and add limits.h for PATH_MAX
11387: [3f5d0074d621]
11388:
11389: * doc/sudoers.ldap.pod:
11390: Fix typo.
11391: [bc855fd57397]
11392:
11393: 2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
11394:
11395: * plugins/sample_group/plugin_test.c:
11396: Do not depend on strlcpy/strlcat
11397: [6e7e2b5af051]
11398:
11399: * plugins/sample_group/plugin_test.c:
11400: Standalone test driver for sudoers group plugin.
11401: [eb1235fc3b8e]
11402:
11403: 2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
11404:
11405: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
11406: Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
11407: aid.
11408: [2a34e616229b]
11409:
11410: * plugins/sample_group/sample_group.c:
11411: Fix style nit in function declarations
11412: [ab87c7c76bf9]
11413:
11414: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
11415: Document group_plugin syntax.
11416: [ed1faf72ddcb]
11417:
11418: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
11419: Document the sudoers group plugin.
11420: [f19a62dc8cfc]
11421:
11422: * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
11423: configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
11424: plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
11425: plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
11426: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
11427: plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
11428: plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
11429: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
11430: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
11431: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
11432: Replace built-in non-unix group support with a sudoers group plugin.
11433: Include a sample plugin that can read Unix-format group files.
11434: [8fc58ce0b1a8]
11435:
11436: * configure, configure.in, src/load_plugins.c:
11437: Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
11438: [5c491dddb8ef]
11439:
11440: 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
11441:
11442: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
11443: doc/sudoers.man.in, doc/sudoers.pod:
11444: Move sudoers-specific bits out of sudo(8) and into sudoers(5)
11445: [e8a5a5830cfe]
11446:
11447: * aclocal.m4, configure, configure.in:
11448: Substitute @io_logdir@ for the sudoers I/O log directory.
11449: [21a75ca7b0ab]
11450:
11451: 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
11452:
11453: * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
11454: common/atobool.c, common/fileops.c, common/fmt_string.c,
11455: common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
11456: compat/getgrouplist.c, compat/getline.c, compat/glob.c,
11457: compat/snprintf.c, config.h.in, configure, configure.in,
11458: include/fileops.h, plugins/sample/sample_plugin.c,
11459: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
11460: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
11461: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
11462: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
11463: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
11464: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
11465: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
11466: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
11467: plugins/sudoers/boottime.c, plugins/sudoers/check.c,
11468: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
11469: plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
11470: plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
11471: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
11472: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
11473: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
11474: plugins/sudoers/logging.c, plugins/sudoers/match.c,
11475: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
11476: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
11477: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
11478: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
11479: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
11480: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
11481: src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
11482: src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
11483: src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
11484: Set usrinfo for AIX Set adminstrative domain for the process when
11485: looking up user's password or group info and when preparing for
11486: execve(). Include strings.h even if string.h exists since they may
11487: define different things. Fixes warnings on AIX and others.
11488: [cf8b93e872c9]
11489:
11490: * Makefile.in:
11491: Add a separate all target for AIX make which was using the entire
11492: LHS (not just the first entry) of the first target as the implicit
11493: target.
11494: [a45b980a01ef]
11495:
11496: * plugins/sudoers/env.c:
11497: Do not rely on env.env_len when unsetting a variable, just use the
11498: NULL terminator.
11499: [ca6eb239c829]
11500:
11501: * plugins/sudoers/env.c:
11502: In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
11503: [7046ba7caa4e]
11504:
11505: 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
11506:
11507: * plugins/sudoers/vasgroups.c:
11508: Use warningx() instead of log_error() since the latter is not
11509: available to visudo or testsudoers. This does mean that they don't
11510: end up in syslog.
11511: [152b7c50f426]
11512:
11513: * plugins/sudoers/sudoers.c:
11514: Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
11515: closed the sudoers sources. From Quest sudo.
11516: [c1cd573bab94]
11517:
11518: * plugins/sudoers/pwutil.c:
11519: Ignore case when matching user/group names in the cache. From Quest
11520: sudo.
11521: [2aa4ecc7d7f5]
11522:
11523: 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
11524:
11525: * config.h.in, configure, configure.in, src/selinux.c:
11526: Add check for setkeycreatecon() when --with-selinux is specified.
11527: [affae247b4e0]
11528:
11529: * configure, configure.in:
11530: Error out if libaudit.h is missing or ununable when --with-linux-
11531: audit was specified
11532: [d82e743fac04]
11533:
11534: * doc/HISTORY, doc/history.pod:
11535: Add =head3 entries, mostly for the html version
11536: [ee93112d0308]
11537:
11538: 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
11539:
11540: * doc/HISTORY, doc/history.pod:
11541: Mention when LDAP was incorporate.
11542: [2923dc17f79c]
11543:
11544: 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
11545:
11546: * configure, configure.in:
11547: Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
11548: not covered by _ALL_SOURCE.
11549: [c92fd69809d0]
11550:
11551: 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
11552:
11553: * plugins/sudoers/iolog.c:
11554: Add a cast to quiet a compiler warning.
11555: [a200e07ee1bc]
11556:
11557: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
11558: Quiet a compiler warning.
11559: [c9acfc927cea]
11560:
11561: * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
11562: Call set_fqdn() after sudoers has parsed instead of inline as a
11563: callback.
11564: [5f4e5d075f2d]
11565:
11566: * WHATSNEW, plugins/sudoers/sudoers.c:
11567: Do not call set_fqdn() until sudoers parses (where is gets run as a
11568: callback).
11569: [09040fca6d40]
11570:
11571: * WHATSNEW:
11572: mention the change in tty ticket behavior when there is no tty
11573: [575a1fd98f05]
11574:
11575: * plugins/sudoers/check.c:
11576: Do not update tty ticket if there is no tty.
11577: [63f9c33ce6a7]
11578:
11579: * doc/LICENSE, doc/license.pod:
11580: Update copyright year
11581: [0722ab5d404b]
11582:
11583: * doc/Makefile.in:
11584: Do not rely on BSD make's $>
11585: [936a86398bd9]
11586:
11587: * configure, configure.in:
11588: Set timedir to /var/db/sudo for darwin to match Apple sudo's
11589: location
11590: [d5b9b03096f1]
11591:
11592: 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
11593:
11594: * plugins/sudoers/sudoers.h:
11595: Add stub declarations for struct stat and struct timeval
11596: [f6d90551a4fd]
11597:
11598: * MANIFEST:
11599: Remove compat/sigaction.c
11600: [d0ed6d9a770e]
11601:
11602: * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
11603: plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
11604: Check for zlib.h in addition to libz.
11605: [6e191b4a6065]
11606:
11607: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
11608: src/sudo_exec.h:
11609: Move functions and symbols shared between exec.c and exec_pty.c into
11610: sudo_exec.h.
11611: [14ae63403544]
11612:
11613: * doc/Makefile.in:
11614: Comment out rules to build .man.in and .cat files unless --with-
11615: devel
11616: [3cf7e5606a85]
11617:
11618: * doc/Makefile.in:
11619: Comment out rules to build .man.in and .cat files unless --with-
11620: devel
11621: [d30495b0e29e]
11622:
11623: * src/parse_args.c:
11624: Quote any non-alphanumeric characters other than '_' or '-' when
11625: passing a command to be run via the shell for the -s and -i options.
11626: [d633f74fe2d9]
11627:
11628: * doc/Makefile.in:
11629: Add back .man suffix
11630: [6e63b60a2739]
11631:
11632: * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
11633: plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
11634: plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
11635: plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
11636: src/selinux.c:
11637: Add Linux audit support.
11638: [5a2f445e0bd4]
11639:
11640: 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
11641:
11642: * plugins/sudoers/iolog.c:
11643: Remove an XXX
11644: [a170cbe651d1]
11645:
11646: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
11647: plugins/sudoers/sudoreplay.c:
11648: Add -f (filter) option to sudoreplay to allow certain streams to be
11649: replayed and others ignored.
11650: [62e51b432ea1]
11651:
11652: * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
11653: src/tgetpass.c:
11654: Fix -A flag when askpass is specified in sudo.conf or if sudo
11655: doesn't need to read a password.
11656: [2e401e4a00e3]
11657:
11658: * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
11659: src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
11660: Clean up some XXXs
11661: [689f0b002d3d]
11662:
11663: * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
11664: doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
11665: Add support for multiple sudoers_base entries in ldap.conf. From
11666: Joachim Henke
11667: [e3e4a3c2bd5b]
11668:
11669: * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
11670: src/exec_pty.c:
11671: remove setsid check, we require a POSIX system
11672: [cc73cb9e22c0]
11673:
11674: * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
11675: src/sudo.c, src/tgetpass.c:
11676: Check for dup2() failure.
11677: [5d46d66794f5]
11678:
11679: * config.h.in, configure, configure.in:
11680: Remove dup2() check, it is not optional.
11681: [5f1d56de4384]
11682:
11683: 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
11684:
11685: * WHATSNEW:
11686: sync with sudo 1.7.3
11687: [88e5c0bd6d59]
11688:
11689: * INSTALL:
11690: SunOS does not ship with an ANSI compiler
11691: [f13c85c67069]
11692:
11693: * INSTALL:
11694: Update OS specific notes. Delete some really ancient ones and move
11695: older ones to the end of the list.
11696: [59ce592c4c52]
11697:
11698: * README:
11699: Sudo can be downloaded from the web site too Mention "OS dependent
11700: notes" section in INSTALL
11701: [191871538984]
11702:
11703: * src/exec_pty.c, src/selinux.c:
11704: Call selinux_restore_tty() as part of cleanup() so it gets called
11705: from error()/errorx()
11706: [bb017da6b6da]
11707:
11708: * MANIFEST, doc/PORTING:
11709: Remove obsolete porting guide
11710: [321e35591344]
11711:
11712: * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
11713: Move union sudo_in_addr_un into interfaces.h
11714: [b2c8b19ee094]
11715:
11716: * doc/Makefile.in:
11717: Remove useless circular dependencies
11718: [5682181b59cf]
11719:
11720: * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
11721: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
11722: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
11723: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
11724: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
11725: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
11726: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
11727: Convert to ANSI C function declarations
11728: [a4f76927d034]
11729:
11730: * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
11731: common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
11732: compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
11733: compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
11734: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
11735: compat/strlcpy.c, compat/timespec.h, compat/utime.h,
11736: compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
11737: include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
11738: include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
11739: plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
11740: plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
11741: plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
11742: plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
11743: plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
11744: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
11745: plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
11746: plugins/sudoers/logging.h, plugins/sudoers/match.c,
11747: plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
11748: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
11749: plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
11750: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
11751: plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
11752: plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
11753: src/conversation.c, src/error.c, src/load_plugins.c,
11754: src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
11755: src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
11756: Update copyright year
11757: [26ac7991f7d8]
11758:
11759: * doc/Makefile.in:
11760: Fix commented DEVDOCS when not in devel mode.
11761: [e0a97eaf3793]
11762:
11763: * plugins/sudoers/match.c:
11764: Quiet a compiler warning.
11765: [b2a17ebd5d38]
11766:
11767: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
11768: Quiet a compiler warning.
11769: [687843bc593d]
11770:
11771: * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
11772: Make all functions in ldap.c static
11773: [b2111e89eeba]
11774:
11775: * doc/schema.ActiveDirectory:
11776: Updates from Alain Roy to provide better examples for importing the
11777: schema and to fix problems caused by Windows validating attributes
11778: which have not yet been added before committing the changes.
11779: [69f4c5ccaf89]
11780:
11781: 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
11782:
11783: * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
11784: doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
11785: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
11786: doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
11787: doc/visudo.cat, doc/visudo.man.in:
11788: Leave rules to build .man.in and .cat files uncommented but only
11789: make them part of the "all" rule in devel mode. Generate .cat files
11790: directly from .man.in instead of .man using default values in
11791: configure.in
11792: [c3054a44f6a5]
11793:
11794: * configure, configure.in:
11795: Bump sudo version to 1.8.0b1
11796: [8f79c85135e1]
11797:
11798: * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
11799: Print configure args with verbose version information.
11800: [1ce690660ed2]
11801:
11802: * TODO, plugins/sudoers/visudo.c:
11803: Remove tfd from struct sudoersfile; it is not used. Add prev pointer
11804: to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
11805: Use tq_append to append sudoers entries to the tail queue.
11806: [1743f9a286e4]
11807:
11808: 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
11809:
11810: * WHATSNEW:
11811: Describe tty timestamp improvements
11812: [e214e863a313]
11813:
11814: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
11815: A comment character may not be part of a command line argument
11816: unless it is quoted with a backslash. Fixes parsing of:
11817: testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
11818: [ea2e990f85ed]
11819:
11820: * doc/sudoers.pod:
11821: Make this read a little bit better when passwd_timeout is 0.
11822: [39d362757f31]
11823:
11824: * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
11825: Attempt to handle a default password prompt timeout of zero more
11826: gracefully.
11827: [ea47d43acf5b]
11828:
11829: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
11830: Do not override value of keepopen global, instead restore it to the
11831: value we pushed onto the stack when popping.
11832: [fe282e5a3402]
11833:
11834: * plugins/sudoers/Makefile.in:
11835: Add dependency for utility programs on libreplace and libcommon
11836: [2339aba64928]
11837:
11838: * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
11839: plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
11840: src/exec.c, src/exec_pty.c, src/tgetpass.c:
11841: Remove sigaction emulation Use SA_INTERRUPT in sa_flags
11842: [7dd61f1bd8d2]
11843:
11844: * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
11845: We don't use getgrouplist() at the moment so there's no need to
11846: provide a compat version.
11847: [1597536fbada]
11848:
11849: * TODO:
11850: sync with reality
11851: [9e1a874e7885]
11852:
11853: * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
11854: src/conversation.c, src/sudo.h, src/tgetpass.c:
11855: Fix visiblepw sudoers option; the plugin API portion still needs
11856: documenting
11857: [60b6933ef5e0]
11858:
11859: * src/sudo.c:
11860: Print sudo version as well.
11861: [987ed459b459]
11862:
11863: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
11864: Use sudo_printf for I/O log version Clarify policy plugin version
11865: string
11866: [5a58b7e8c80b]
11867:
11868: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
11869: plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
11870: Silence some compiler warnings
11871: [afb1eba90915]
11872:
11873: * src/load_plugins.c, src/tgetpass.c:
11874: Store askpass path in a global instead of uses setenv() which many
11875: systems lack.
11876: [b440bcc0e660]
11877:
11878: 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
11879:
11880: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
11881: doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
11882: plugins/sudoers/check.c, plugins/sudoers/def_data.c,
11883: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
11884: plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
11885: plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
11886: src/tgetpass.c:
11887: Move askpass path specification from sudoers to sudo.conf.
11888: [5507ab867c26]
11889:
11890: * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
11891: Use a flag bit in struct command_details for selinux instead of a
11892: separate field.
11893: [c59ca4acded9]
11894:
11895: * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
11896: Implement background mode. If I/O logging we use pipes instead of a
11897: pty.
11898: [c07a4b356cbd]
11899:
11900: * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
11901: src/exec.c, src/exec_pty.c, src/tgetpass.c:
11902: Move compat definition of NSIG to compat.h
11903: [ab0385467f25]
11904:
11905: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
11906: doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
11907: Mention plugins in the sudo manual and add some missing path
11908: substitution in the sudo_plugin manual.
11909: [570f831f47a3]
11910:
11911: * src/Makefile.in:
11912: Set _PATH_SUDO_CONF based on $(sysconfdir)
11913: [fde51869cf07]
11914:
11915: * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
11916: src/exec.c, src/exec_pty.c, src/ttysize.c:
11917: Require POSIX termios to build sudo
11918: [9ec6b41f3f95]
11919:
11920: * src/tgetpass.c:
11921: Ignore SIGPIPE for "sudo -S"
11922: [7ad27fde0c06]
11923:
11924: * src/tgetpass.c:
11925: Fix uninitialized variable in TGP_ECHO case and print a newline if
11926: the user interrupted password input.
11927: [ce19204d8dd4]
11928:
11929: * src/tgetpass.c:
11930: Make TGP_ECHO override TGP_MASK and don't try to restore the
11931: terminal if we didn't modify it.
11932: [a7e11abfe7e4]
11933:
11934: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
11935: include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
11936: src/conversation.c, src/sudo.h, src/tgetpass.c:
11937: Add SUDO_CONV_PROMPT_MASK define which corresponds to the
11938: "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
11939: set.
11940: [e0550590cabe]
11941:
11942: * src/exec_pty.c:
11943: Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
11944: [762448182fe3]
11945:
11946: 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
11947:
11948: * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
11949: Add selinux_enabled flag into struct command_details and set it in
11950: command_info_to_details(). Return an error from selinux_setup()
11951: instead of exiting. Call selinux_setup() from exec_setup().
11952: [011bea23a5a0]
11953:
11954: 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
11955:
11956: * src/exec_pty.c:
11957: Remove commented out copy of old sudo_execve() function.
11958: [9c5e21380472]
11959:
11960: 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
11961:
11962: * plugins/sudoers/sudoers.c:
11963: Fix setting selinux type on command line.
11964: [814b20a0b3be]
11965:
11966: * plugins/sudoers/iolog.c:
11967: In sudoers_io_close(), skip NULL io_fds[] elements.
11968: [4011ff7d4daf]
11969:
11970: * include/compat.h:
11971: No longer need NGROUPS_MAX define
11972: [cae4c49d7077]
11973:
11974: * compat/nanosleep.c, config.h.in, configure, configure.in,
11975: include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
11976: plugins/sudoers/visudo.c, src/sudo_edit.c:
11977: Replace timerfoo macros with timevalfoo since the timer macros are
11978: known to be busted on some systems.
11979: [4f97d79f2d41]
11980:
11981: * src/exec_pty.c:
11982: Remove duplicate call to selinux_setup().
11983: [82bd52764e21]
11984:
11985: * plugins/sudoers/auth/pam.c:
11986: If pam_open_session() fails, pass its status to pam_end.
11987: [1d8de4cf8ff3]
11988:
11989: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
11990: If a file in a #includedir has improper permissions or owner just
11991: skip it. This prevents packages that incorrectly install a file
11992: into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
11993: #includedir files still result in a parse error (for now).
11994: [ade99a4549a4]
11995:
11996: * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
11997: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
11998: plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
11999: Add use_pty sudoers option to force use of a pty even when not
12000: logging I/O.
12001: [b280a8972a79]
12002:
12003: * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
12004: Make env_init() void as it never fails.
12005: [d3890e55daa7]
12006:
12007: * plugins/sudoers/env.c:
12008: No longer use _NSGetEnviron so don't need crt_externs.h
12009: [9b4e0e139881]
12010:
12011: * plugins/sudoers/env.c:
12012: Remove unused VNULL define
12013: [a42cacb263e3]
12014:
12015: 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
12016:
12017: * plugins/sudoers/iolog.c:
12018: Add #define for maximum session id
12019: [9e18c17a28c2]
12020:
12021: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
12022: Split exec.c into exec.c and exec_pty.c
12023: [d52376327332]
12024:
12025: * MANIFEST:
12026: Sync with source file moves.
12027: [4a62c6c9e846]
12028:
12029: * src/Makefile.in, src/get_pty.c, src/pty.c:
12030: Rename pty.c -> get_pty.c
12031: [5696a12bd29b]
12032:
12033: 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
12034:
12035: * plugins/sudoers/iolog.c:
12036: Only use I/O input log file if def_log_input is set and output file
12037: if def_log_output is set.
12038: [d866992f1681]
12039:
12040: 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
12041:
12042: * compat/strsignal.c:
12043: Update copyright year
12044: [a96f2593fd4e]
12045:
12046: * src/pty.c:
12047: uid -> ttyuid
12048: [c3454d74ebcb]
12049:
12050: * plugins/sudoers/sudoers.c:
12051: For sudoedit, make a local copy of editor string si become part of
12052: argv. If no editor environment variable, split def_editor on ':'
12053: since it may be a colon-delimited path.
12054: [2ee298506a6e]
12055:
12056: * src/sudo_edit.c:
12057: Remove unneeded endpwent()/endgrent()
12058: [623f6743d101]
12059:
12060: * doc/Makefile.in:
12061: Use value of nroff from configure
12062: [b2ce649125ab]
12063:
12064: * src/exec.c:
12065: Add missing const to I/O log action function
12066: [d764a3955e04]
12067:
12068: * plugins/sudoers/check.c:
12069: Update copyright year and fix whitespace
12070: [e648c35b16be]
12071:
12072: * configure, configure.in:
12073: Fix typo
12074: [8e0bdfc47da4]
12075:
12076: * plugins/sudoers/iolog.c:
12077: Remove redundant tty signal blocking in log function.
12078: [f17f575dabd4]
12079:
12080: 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
12081:
12082: * plugins/sudoers/iolog.c:
12083: Place static keyword where it belongs
12084: [b01aec7c86b4]
12085:
12086: * plugins/sudoers/logging.c:
12087: Always use a printf format string for send_mail()
12088: [13b1ada644c9]
12089:
12090: * common/atobool.c, plugins/sudoers/ldap.c:
12091: Extend atobool() so we can use it in the LDAP code.
12092: [73f8e6807044]
12093:
12094: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
12095: Sudo now stashes tty ctime for tty_tickets on Solaris too.
12096: [e82df13ad3fd]
12097:
12098: * plugins/sudoers/boottime.c:
12099: Fix dummy version of get_boottime()
12100: [01d69c06013b]
12101:
12102: 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
12103:
12104: * plugins/sudoers/check.c:
12105: Enable tty_is_devpts() support for Solaris with the "devices"
12106: filesystem.
12107: [237c6b25fa84]
12108:
12109: * src/exec.c:
12110: Unbreak the non-io logging case.
12111: [4822b9f709fb]
12112:
12113: * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
12114: Fix symbol name conflict with sudo_printf.
12115: [0d44eab0a8f6]
12116:
12117: * plugins/sudoers/auth/pam.c:
12118: Fix OpenPAM detection for newer versions.
12119: [1b2abed232d8]
12120:
12121: * plugins/sudoers/vasgroups.c:
12122: Sync with Quest sudo git repo
12123: [f1d98b3cba02]
12124:
12125: * aclocal.m4, configure, configure.in:
12126: HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
12127: Add missing template for ENV_DEBUG Adapted from Quest sudo
12128: [695dbd7b28f4]
12129:
12130: * README.LDAP:
12131: Fix typos; from Quest Sudo
12132: [4eba9da33b8e]
12133:
12134: 2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
12135:
12136: * plugins/sudoers/Makefile.in:
12137: Add back -I$(top_srcdir); we need it for including compat/foo.h
12138: since we cannot rely on "foo.h" being found relative to the source
12139: file when the cwd is different.
12140: [bbf24695f325]
12141:
12142: * src/exec.c:
12143: Fix a bug where we could treat EAGAIN as a permanent error. Also set
12144: cstat if perform_io() returns an error.
12145: [200475c4326f]
12146:
12147: * common/alloc.c, plugins/sudoers/boottime.c,
12148: plugins/sudoers/sudoers.c:
12149: Add casts to quiet compiler warnings.
12150: [85eb1c336697]
12151:
12152: * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
12153: plugins/sudoers/visudo.c:
12154: Fix typo in ternary operator usage.
12155: [6492ac1450e2]
12156:
12157: 2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
12158:
12159: * INSTALL, configure, configure.in:
12160: Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
12161: [92121d693b30]
12162:
12163: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
12164: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
12165: Update docs to match sudoers I/O logging changes
12166: [18d651989e49]
12167:
12168: * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
12169: pathnames.h.in, plugins/sudoers/def_data.c,
12170: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
12171: plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
12172: plugins/sudoers/gram.h, plugins/sudoers/gram.y,
12173: plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
12174: plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
12175: plugins/sudoers/sudoreplay.c:
12176: Break sudoers transcript feature up into log_input and log_output.
12177: [db3c1248d2ad]
12178:
12179: * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
12180: plugins/sudoers/visudo.c:
12181: Use setprogname() as needed.
12182: [6beee63a4553]
12183:
12184: * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
12185: Adapt sudoreplay to iolog changes.
12186: [581f52c05f0f]
12187:
12188: 2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
12189:
12190: * plugins/sudoers/iolog.c:
12191: Log all input and output into separate files and store a number on
12192: each timing file line to indicate which file the data is in.
12193: [fb460c5273dd]
12194:
12195: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
12196: plugins/sudoers/sudoers.h:
12197: Make sudoers_io functions static to iolog.c
12198: [b2df3cc3eecb]
12199:
12200: 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
12201:
12202: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
12203: src/sudo_usage.h.in:
12204: Completely remove the -L flag from the sudo front end.
12205: [3d220030b720]
12206:
12207: * plugins/sudoers/sudoreplay.c:
12208: Fix EAGAIN handling when writing to stdout.
12209: [4766d77cea49]
12210:
12211: * plugins/sudoers/sudoers.c:
12212: Eliminate unused variables
12213: [83bd711e79c4]
12214:
12215: * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
12216: Re-enable cleanup functions in sudoers plugin and sudo driver for
12217: error()/errorx().
12218: [43093f937dd8]
12219:
12220: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
12221: plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
12222: plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
12223: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
12224: Use sudo_printf to display verbose version information.
12225: [435cc9f8d4a2]
12226:
12227: * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
12228: plugins/sudoers/Makefile.in, src/Makefile.in:
12229: Minor Makefile cleanup: fix a typo, change the removal order in the
12230: clean targets, and remove a superfluous include path for the sudoers
12231: plugin.
12232: [6e3b2d6b4437]
12233:
12234: * plugins/sudoers/env.c:
12235: Handle duplicate variables in the environment. For unsetenv(), keep
12236: looking even after remove the first instance. For sudo_putenv(),
12237: check for and remove dupes after we replace an existing value.
12238: [c1bbb88d0435]
12239:
12240: 2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
12241:
12242: * plugins/sudoers/Makefile.in:
12243: Use explicit path to source file instead of $< for files that live
12244: in devdir and top_srcdir.
12245: [358ab7f6cc64]
12246:
12247: * plugins/sudoers/Makefile.in:
12248: Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
12249: ending LIBSUDOERS_OBJS with a backslash
12250: [481a5c96d47e]
12251:
12252: * plugins/sudoers/Makefile.in, src/Makefile.in:
12253: Link libcommon before libreplace since libcommon may use functions
12254: only present in libreplace.
12255: [1847c496ff5b]
12256:
12257: * common/Makefile.in:
12258: Move code common to sudo and the sudoers plugin to a convenience
12259: library, libcommon. Removes the need to make links in the sudoers
12260: plugin dir and reduces re-compilation of duplicate object files.
12261: [4c8986352937]
12262:
12263: * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
12264: common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
12265: common/term.c, common/zero_bytes.c, configure, configure.in,
12266: plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
12267: src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
12268: src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
12269: src/zero_bytes.c:
12270: Move code common to sudo and the sudoers plugin to a convenience
12271: library, libcommon. Removes the need to make links in the sudoers
12272: plugin dir and reduces re-compilation of duplicate object files.
12273: [1d1d98bd55b9]
12274:
12275: * src/exec.c, src/sudo.c, src/sudo.h:
12276: Rename script_execve to sudo_execve and rename script_foo in exec.c
12277: [a35ec80de96a]
12278:
12279: * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
12280: rename script.c exec.c and fix up the MANIFEST file
12281: [36bc3bff9578]
12282:
12283: * src/script.c, src/sudo.c, src/sudo.h:
12284: Rename script_setup() to pty_setup() and call from script_execve()
12285: directly.
12286: [899b0fb2a14d]
12287:
12288: * configure, configure.in:
12289: bump version to 1.8.0a2
12290: [0b1c1ca9d4e5]
12291:
12292: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
12293: Document init_session
12294: [b5324785a406]
12295:
12296: * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
12297: plugins/sudoers/auth/sudo_auth.h:
12298: Clean up the sudoers auth API a bit and update the docs.
12299: [c40fd4cb6e68]
12300:
12301: * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
12302: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
12303: plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
12304: Add init_session function to struct policy_plugin that gets called
12305: before the uid/gid/etc changes. A struct passwd pointer is passed
12306: in,which may be NULL if the user does not exist in the passwd
12307: database.The sudoers module uses init_session to open the pam
12308: session as needed.
12309: [d71723320ee8]
12310:
12311: 2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
12312:
12313: * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
12314: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
12315: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
12316: Add open/close session to sudo auth, only used by PAM. This allows
12317: us to open (and close) the PAM session from sudoers.
12318: [2665e2920d0d]
12319:
12320: * plugins/sudoers/Makefile.in:
12321: Add explicit rule to build getdate.o for HP-UX make.
12322: [7f049e989956]
12323:
12324: * plugins/sudoers/Makefile.in:
12325: Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
12326: rules as an alternate way to prevent HP-UX make (and others) from
12327: trying to rebuild the parser in non-dev mode.
12328: [f84badad98c5]
12329:
12330: * plugins/sudoers/sudoers.c:
12331: Re-enable PATH_MAX check for command
12332: [40d8a50da136]
12333:
12334: * Makefile.in:
12335: For distclean, clean the main directory last since the subdirs need
12336: to be able to run libtool to clean things.
12337: [8949a9861634]
12338:
12339: * compat/Makefile.in:
12340: Fix generation of mksiglist.h
12341: [b7cdc9b36650]
12342:
12343: * src/script.c:
12344: Now that we defer sending cstat until the end of script_child() we
12345: cannot reuse cstat when reading command status from parent.
12346: [25c882643466]
12347:
12348: 2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
12349:
12350: * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
12351: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
12352: doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
12353: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
12354: Use numeric registers to handle conditionals instead of trying to do
12355: it all with text processing.
12356: [478079c3fd4b]
12357:
12358: * doc/sudoers.pod:
12359: Document per-command SELinux settings
12360: [13840d566805]
12361:
12362: * plugins/sudoers/sudoers.c:
12363: Repair "sudo -l -U username"
12364: [10a0dcdf2ddf]
12365:
12366: * plugins/sudoers/sudoers.c:
12367: Set selinux role and type in command details.
12368: [8ae6d35a126d]
12369:
12370: * src/script.c, src/selinux.c, src/sudo.h:
12371: Rework SELinux support.
12372: [83279cc94bf2]
12373:
12374: 2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
12375:
12376: * src/script.c, src/selinux.c, src/sudo.h:
12377: Make SELinux support compile again. Needs more work to be complete.
12378: [3d3addebcf82]
12379:
12380: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
12381: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
12382: src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
12383: src/sudo.h:
12384: Bring back closefrom settings.
12385: [b1c6257d4bbb]
12386:
12387: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
12388: plugins/sudoers/sudoers.h:
12389: If running a command or sudoedit in transcript mode, call
12390: io_nextid() before log_allowed() so the session id is logged.
12391: [c42f3ae40150]
12392:
12393: * configure, configure.in:
12394: Use mandoc(1) if nroff(1) is not present.
12395: [daad4bbd04af]
12396:
12397: * doc/Makefile.in:
12398: Use the --file argument to config.status instead of setting
12399: CONFIG_FILES in the environment.
12400: [c89411a8bf70]
12401:
12402: * plugins/sudoers/Makefile.in:
12403: We cannot conditionally update gram.h or the dependency ordering
12404: gets messed up in devel mode.
12405: [c938953231d9]
12406:
12407: 2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
12408:
12409: * Makefile.in, compat/Makefile.in, configure, configure.in,
12410: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
12411: plugins/sudoers/Makefile.in, src/Makefile.in:
12412: Substitute @SHELL@ into Makefiles
12413: [36aa6a095335]
12414:
12415: * config.sub:
12416: Fix typo
12417: [16d294d26b58]
12418:
12419: * config.guess, config.sub, configure, configure.in:
12420: Update to autoconf 2.65
12421: [4fa6ea8caea3]
12422:
12423: * Makefile.in:
12424: Fix libtool target (space vs. tabs)
12425: [755cf3892618]
12426:
12427: * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
12428: Remove use of RETSIGTYPE; all modern systems have signal handlers
12429: that return void.
12430: [42b4e3aee668]
12431:
12432: * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
12433: ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
12434: m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
12435: plugins/sudoers/Makefile.in, src/Makefile.in:
12436: Update to libtool-2.2.6b. I haven't made any local modifications
12437: this time, which should be OK since we install sudo_noexec.so by
12438: hand now.
12439: [6f79ced593bb]
12440:
12441: * compat/Makefile.in, plugins/sample/Makefile.in,
12442: plugins/sudoers/Makefile.in, src/Makefile.in:
12443: Use libtool to clean objects
12444: [1581057d6472]
12445:
12446: * include/Makefile.in:
12447: Install sudo_plugin.h as part of "make install" and make other
12448: install targets callable from the top-level Makefile
12449: [aaaeb027d774]
12450:
12451: * configure, configure.in:
12452: regen with autoupdate to eliminate AC_TRY_LINK
12453: [5d5541c230f5]
12454:
12455: * Makefile.in, compat/Makefile.in, configure, configure.in,
12456: doc/Makefile.in, plugins/sample/Makefile.in,
12457: plugins/sudoers/Makefile.in, src/Makefile.in:
12458: Install sudo_plugin.h as part of "make install" and make other
12459: install targets callable from the top-level Makefile
12460: [b258b8401b1c]
12461:
12462: * plugins/sample/sample_plugin.c:
12463: The sample plugin doesn't support being run with no args so return a
12464: usage error in this case.
12465: [473b3cf965be]
12466:
12467: * plugins/sudoers/iolog.c:
12468: Set close on exec flag for descriptors used for I/O logging so they
12469: are not present in the command being run.
12470: [2c7e8708df76]
12471:
12472: * plugins/sudoers/tsgetgrpw.c:
12473: Set close on exec flag in private versions of setpwent() and
12474: setgrent().
12475: [64fef78cb833]
12476:
12477: * src/script.c:
12478: Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
12479: Fixes extra fds being present in the command when it is part of a
12480: pipeline.
12481: [060451617713]
12482:
12483: * plugins/sudoers/sudoers.c:
12484: Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
12485: is used when logging). Note that user_ttypath will still be NULL if
12486: there is no tty.
12487: [31b69a6ecda7]
12488:
12489: * src/script.c, src/sudo.h:
12490: Cosmetic changes: add comments, remove orphaned prototype and
12491: make a global static.
12492: [f7851af0143e]
12493:
12494: 2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
12495:
12496: * src/script.c:
12497: Move check for maxfd == -1 to flush_output where it belongs.
12498: [b826a95b4491]
12499:
12500: * src/script.c:
12501: Break out of select loop if all the fds we want to select on are -1.
12502: [f5b387024238]
12503:
12504: * src/sudo.c:
12505: Avoid possible malloc(0) if plugin returns an empty groups list.
12506: [9765a8fe5ce7]
12507:
12508: * src/sudo.c:
12509: Add debugging info when calling plugin close function
12510: [95a273c7ff66]
12511:
12512: * src/script.c:
12513: Avoid closing stdin/stdout/stderr when we are piping output.
12514: [330e76423caf]
12515:
12516: * src/script.c:
12517: When execve() of the command fails, it is possible to receive
12518: SIGCHLD before we've read the error status from the pipe. Re-order
12519: things such that we send the final status at the very end and prefer
12520: error status over wait status.
12521: [b0dcf825244f]
12522:
12523: 2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
12524:
12525: * plugins/sudoers/auth/sudo_auth.c:
12526: Fix compilation for non PAM/BSD auth/AIX auth
12527: [e382b39d2e4f]
12528:
12529: 2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
12530:
12531: * src/script.c:
12532: Additional checks to make sure we don't close /dev/tty by mistake.
12533: When flushing, sleep in select as long as we have buffers that need
12534: to be written out.
12535: [8139cbd3dd54]
12536:
12537: * src/script.c:
12538: Now that we can use pipes for stdin/stdout/stderr there is no longer
12539: a need to error out when there is no tty. We just need to make sure
12540: we don't try to use the tty fd if it is -1.
12541: [666621635d26]
12542:
12543: 2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
12544:
12545: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
12546: include/sudo_plugin.h, plugins/sample/sample_plugin.c,
12547: plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
12548: Add argc and argv to I/O logger open function.
12549: [0d7faa007d27]
12550:
12551: * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
12552: plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
12553: src/parse_args.c, src/sudo.c, src/sudo_edit.c:
12554: Remove check_sudoedit function pointer in struct sudo_policy.
12555: Instead, sudo will set sudoedit=true in the settings array. The
12556: plugin should check for this and modify argv_out as appropriate in
12557: check_policy.
12558: [c0328e3276b8]
12559:
12560: 2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
12561:
12562: * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
12563: src/sudo_edit.c:
12564: If plugin sets "sudoedit=true" in the command info, enable sudoedit
12565: mode even if not invoked as sudoedit. This allows a plugin to
12566: enable sudoedit when the user runs an editor.
12567: [96d67b99e42e]
12568:
12569: 2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
12570:
12571: * plugins/sudoers/Makefile.in:
12572: gram.h must not depend on gram.y if we want to avoid unnecessary
12573: rebuilding of targets dependent on gram.h when gram.y changes.
12574: [9db4b767fdca]
12575:
12576: * plugins/sample/sample_plugin.c:
12577: Refactor common bits of check_policy and check_edit
12578: [ac4d366a04cf]
12579:
12580: * plugins/sample/sample_plugin.c:
12581: Add sudoedit support
12582: [a1a6cc4c0cef]
12583:
12584: 2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
12585:
12586: * plugins/sudoers/Makefile.in:
12587: Rely more on VPATH; fixes a dependency issue with the parser.
12588: [45e406ebdea2]
12589:
12590: * include/compat.h:
12591: Fix typo introduced in last commit
12592: [3ccb0f853d11]
12593:
12594: * include/compat.h:
12595: Emulate seteuid using setreuid() or setresuid() as needed. There are
12596: still a few places that call seteuid() directly.
12597: [36e8efa3a99d]
12598:
12599: * src/parse_args.c, src/sudo_edit.c:
12600: Attempt to fix building on systems that only have setuid.
12601: [8e9ba4083318]
12602:
12603: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
12604: Clarify sudoedit a tad.
12605: [d39dfaa14ade]
12606:
12607: 2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
12608:
12609: * src/sudo_edit.c:
12610: Fix compilation on HP-UX
12611: [f6e47843d139]
12612:
12613: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
12614: Document sudoedit
12615: [4cbf5196d993]
12616:
12617: * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
12618: Change how we handle the sudoedit argv. We now require that there
12619: be a "--" in argv to separate the editor and any command line
12620: arguments from the files to be edited.
12621: [20623d549a3c]
12622:
12623: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
12624: plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
12625: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
12626: src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
12627: src/sudo.h, src/sudo_edit.c:
12628: Work in progress support for sudoedit. The actual interface used by
12629: the plugin for sudoedit is likely to change.
12630: [c31262a31997]
12631:
12632: * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
12633: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
12634: Make find_path() a little more generic by not checking def_foo
12635: variables inside it. Instead, pass in ignore_dot as a function
12636: argument.
12637: [9c23101a094d]
12638:
12639: * plugins/sudoers/env.c:
12640: Add version of getenv(3) that uses our own environ pointer.
12641: [0e3783e63534]
12642:
12643: 2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
12644:
12645: * src/script.c:
12646: Avoid a potential race condition if SIGCHLD is received immediately
12647: before we call select().
12648: [99adc5ea7f0a]
12649:
12650: * plugins/sudoers/sudoers.c:
12651: Call env_init() before we open the sudoers sources as those may call
12652: our setenv() replacement.
12653: [5f82601f5ab0]
12654:
12655: * plugins/sudoers/env.c:
12656: Initialize env_len in env_init()
12657: [7ae02b3029b5]
12658:
12659: 2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
12660:
12661: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
12662: Document time stamp shortcomings under SECURITY NOTES Use "time
12663: stamp" instead of timestamp.
12664: [2b86120815b2]
12665:
12666: * doc/Makefile.in:
12667: Make sed substitution of mansectsu and mansectform global.
12668: [94588632dba0]
12669:
12670: * plugins/sudoers/check.c:
12671: If the tty lives on a devpts filesystem, stash the ctime in the tty
12672: ticket file, as it is not updated when the tty is written to. This
12673: helps us determine when a tty has been reused without the user
12674: authenticating again with sudo.
12675: [0e62a31bceb0]
12676:
12677: * src/tgetpass.c:
12678: Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
12679: is what our compat checks set.
12680: [df50f0a040c9]
12681:
12682: * configure, configure.in:
12683: Add check for whether sudo need to link with -ldl to get dlopen().
12684: This is a bit of a hack that will get reworked when libtool is
12685: updated.
12686: [63bdcf579533]
12687:
12688: * plugins/sudoers/check.c:
12689: Fix timestamp removal with -k/-K
12690: [6b4639fef973]
12691:
12692: * plugins/sudoers/Makefile.in:
12693: audit.c is now private to the sudoers plugin
12694: [1974f342ae0b]
12695:
12696: * configure, configure.in:
12697: Link with -lpthread on HP-UX since a plugin may be linked with
12698: -lpthread and dlopen() will fail if the shared object has a
12699: dependency on -lpthread but the main program is not linked with it.
12700: [d42139391263]
12701:
12702: * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
12703: Add separate test for getresuid() since HP-UX has setresuid() but no
12704: getresuid().
12705: [910fe727a374]
12706:
12707: * doc/Makefile.in:
12708: Remove errant backslash
12709: [dd5464257c69]
12710:
12711: * src/script.c:
12712: Fix SIGPIPE handling. Now that we use may use pipes for
12713: stdin/stdout we need to pass any SIGPIPE we receive to the running
12714: command.
12715: [3f6b1991f4fd]
12716:
12717: * src/script.c:
12718: Also start the command in the background if stdin is not a tty.
12719: [d93bc33a3740]
12720:
12721: 2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
12722:
12723: * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
12724: No need to use pseudo-cbreak mode now that we use pipes when stdout
12725: is not a tty. Instead, check whether stdin is a tty and if not,
12726: delay setting the tty to raw mode until the command tries to access
12727: it itself (and receives SIGTTIN or SIGTTOU).
12728: [e68315cf8c6b]
12729:
12730: * src/tgetpass.c:
12731: Use an array for signals received instead of a single variable so we
12732: don't lose any when there are multiple different signals.
12733: [2ac726dac864]
12734:
12735: * src/tgetpass.c:
12736: Do signal setup after turning off echo, not before. If we are using
12737: a tty but are not the foreground pgrp this will generate SIGTTOU so
12738: we want the default action to be taken (suspend process).
12739: [bebb6209c795]
12740:
12741: 2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
12742:
12743: * src/script.c:
12744: Flush the iobufs on suspend or child exit using the same logic as
12745: the main event loop.
12746: [c627feee1035]
12747:
12748: * src/script.c:
12749: Free memory after we are done with it.
12750: [8db9b611b45a]
12751:
12752: 2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
12753:
12754: * doc/HISTORY:
12755: Quest now sponsors Sudo development
12756: [6cc490083bc7]
12757:
12758: 2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
12759:
12760: * doc/Makefile.in:
12761: Install sudo_plugin man page.
12762: [c253729790b2]
12763:
12764: * src/script.c:
12765: Go back to reseting io_buffer offset and length (and now also the
12766: EOF handling) in the loop we do the FD_SET, not after we drain the
12767: buffer after write() since we don't know what order reads and writes
12768: will occur in.
12769: [5f38bfa8497f]
12770:
12771: * MANIFEST:
12772: audit files moved to sudoers plugin directory
12773: [b1ead182428e]
12774:
12775: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
12776: Document plugin_printf and new logging functions.
12777: [fe9430b60ab5]
12778:
12779: * src/script.c:
12780: Add support for logging stdin when it is not a tty. There is still a
12781: bug where "cat | sudo cat" has problems because both cat and sudo
12782: are trying to read from the tty.
12783: [04c9c59fcfba]
12784:
12785: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
12786: plugins/sudoers/sudoers.c, src/script.c:
12787: Add separate I/O logging functions for tty in/out and
12788: stdin/stdout/stderr. NOTE: stdin logging does not currently work and
12789: is disabled for now.
12790: [a36dfd4ca935]
12791:
12792: 2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
12793:
12794: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
12795: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
12796: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
12797: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
12798: src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
12799: Add pointer to a printf like function to plugin open functon. This
12800: can be used instead of the conversation function to display info and
12801: error messages.
12802: [98734eea8ef1]
12803:
12804: * Makefile.in:
12805: Stop if make in a subdir fails
12806: [228bb3ad2dbc]
12807:
12808: * src/script.c:
12809: Only set user's tty to blocking mode when doing the final flush.
12810: Flush pipes as well as pty master when the process is done.
12811: [20ff67218666]
12812:
12813: 2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
12814:
12815: * plugins/sudoers/ldap.c:
12816: Use print_error() when displaying ldap config info in debugging
12817: mode.
12818: [d142e0cacb22]
12819:
12820: * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
12821: No longer need strdup() or strndup() replacements.
12822: [df53697174ec]
12823:
12824: * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
12825: plugins/sudoers/sudoers.h:
12826: Add print_error() function that uses the conversation function to
12827: print a variable number of error strings and use it in log_error().
12828: [b1fa2861b575]
12829:
12830: * src/script.c, src/sudo.h, src/term.c:
12831: Do not need the opost flag to term_copy() now that we use pipes for
12832: stdout/stderr when they are not a tty.
12833: [f42811f70a19]
12834:
12835: * src/script.c:
12836: Use pipes to the sudo process if stdout or stderr is not a tty.
12837: Still needs some polishing and a decision as to whether it is
12838: desirable to add additonal entry points for logging
12839: stdout/stderr/stdin when they are not ttys. That would allow a
12840: replay program to keep things separate and to know whether the
12841: terminal needs to be in raw mode at replay time.
12842: [1a945e0ab2da]
12843:
12844: 2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
12845:
12846: * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
12847: plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
12848: src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
12849: Move audit sources into the sudoers plugin dir; the driver does not
12850: use them.
12851: [50ec36422cd0]
12852:
12853: * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
12854: compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
12855: plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
12856: plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
12857: plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
12858: src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
12859: src/term.c, src/ttysize.c:
12860: Use angle brackets when including headers that can only be found
12861: when an -I flag is specified. The files in the compat dir could get
12862: away with double quotes here but I've converted all the source files
12863: to use angle brackets for consistency.
12864: [9e30a8fc6d4b]
12865:
12866: * plugins/sudoers/Makefile.in:
12867: Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
12868: dir can be found when building outside the source tree.
12869: [1150934b79dd]
12870:
12871: * plugins/sudoers/Makefile.in:
12872: Clean up links in distclean
12873: [78595028be8b]
12874:
12875: * plugins/sudoers/Makefile.in:
12876: Hack around VPATH semantic differences by symlinking files we need
12877: from ../../src into the current directory and build those. A better
12878: fix would be to either make a .a or .la file with those files in it
12879: or simply use a single, flat, Makefile instead of per-subdirs
12880: Makefiles.
12881: [892c332d3f05]
12882:
12883: * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
12884: fmt_string is used by the sudoers plugin too so do not include
12885: sudo.h (which is not really needed here anyway)
12886: [231c35e3941f]
12887:
12888: * compat/Makefile.in, plugins/sample/Makefile.in,
12889: plugins/sudoers/Makefile.in, src/Makefile.in:
12890: Fix building with non-BSD versions of make such as GNU make.
12891: Requires VPATH support, which should be in any non-neolithic make.
12892: [dc174f135919]
12893:
12894: * configure, configure.in, plugins/sudoers/Makefile.in,
12895: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
12896: src/Makefile.in:
12897: Re-enable bsm audit. Currently auditing is done within the sudoers
12898: plugin itself. If possible, this should really be done in the main
12899: driver but we don't presently have the needed data to do that. This
12900: will be re-evaluated when Linux audit support is added.
12901: [1d05a3236bfe]
12902:
12903: * compat/Makefile.in, plugins/sample/Makefile.in,
12904: plugins/sudoers/Makefile.in, src/Makefile.in:
12905: Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
12906: of explicit rules in the dependency.
12907: [88f80efd25f0]
12908:
12909: * plugins/sudoers/visudo.c:
12910: Fix mismerge; alias_remove_recursive() now returns int
12911: [6257a4849641]
12912:
12913: 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
12914:
12915: * plugins/sudoers/visudo.c:
12916: Fix a crash when checking a sudoers file that has aliases that
12917: reference themselves. Based on a diff from David Wood.
12918: [545d194484a7]
12919:
12920: * src/script.c:
12921: Print signal info after restoring the tty mode, not before.
12922: [a68618e67435]
12923:
12924: * src/script.c:
12925: Defer call to alarm() until after we fork the child. Pass correct
12926: pid to terminate_child() If the command exits due to signal, set
12927: alive to false like we do when it exits normally. Add missing
12928: check for errpipe[0] != -1 before using it in FD_ISSET
12929: [22f0a1549391]
12930:
12931: 2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
12932:
12933: * plugins/sudoers/boottime.c:
12934: Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
12935: [0e627170c6e8]
12936:
12937: 2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
12938:
12939: * src/Makefile.in:
12940: Simplify dependencies by using .c.o and .c.lo rules.
12941: [6abcaef5d1ac]
12942:
12943: * configure, configure.in, plugins/sudoers/Makefile.in,
12944: src/Makefile.in:
12945: Substitute in @PROGS@ into src/Makefile to add sesh
12946: [cc46d3b6208f]
12947:
12948: 2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
12949:
12950: * plugins/sudoers/sudoers.c:
12951: Add back calls to log_denial() if sudoers does not allow the
12952: command.
12953: [9783316207f0]
12954:
12955: * plugins/sudoers/sudoers.c:
12956: Pass in correct pwflag for list and validate.
12957: [973dd56d4b81]
12958:
12959: * plugins/sudoers/env.c:
12960: Add missing check for NULL in validate_env_vars
12961: [1d6eb6957824]
12962:
12963: * src/Makefile.in:
12964: Add sudo_noexec.la to "all" target, otherwise it only gets built at
12965: install time.
12966: [644a9694d2ef]
12967:
12968: * plugins/sudoers/sudoers.c:
12969: Only set sudo_user.env_vars if the env_add list is empty.
12970: [fccdf6f0e0e2]
12971:
12972: * plugins/sudoers/sudoers.c:
12973: Set sudo_user.env_vars so that environment variables specified on
12974: the command line get logged correctly.
12975: [9b51012c491e]
12976:
12977: * plugins/sudoers/env.c, plugins/sudoers/logging.c,
12978: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
12979: Re-enable environment files and setting environment variables on the
12980: command line.
12981: [5662d5645dbd]
12982:
12983: 2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
12984:
12985: * plugins/sudoers/check.c:
12986: Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
12987: a pointer to time_t as tv_sec in struct timeval may be long.
12988: [4de0c46e788e]
12989:
12990: * plugins/sudoers/check.c:
12991: Don't stash ctime in on-disk tty ticket info for now; on many
12992: (most?) systems the ctime is updated when the tty is written to.
12993: Once I have a better idea of what systems do not update ctime on
12994: ttys (and have a way to test for this) the ctime stash will be
12995: conditionally re-enabled.
12996: [a90eeec0f648]
12997:
12998: 2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
12999:
13000: * MANIFEST, Makefile.in:
13001: Add back "dist" target, this time using a MANIFEST file
13002: [29277c05499f]
13003:
13004: * Makefile.in:
13005: Remove Makefile in distclean target
13006: [83d695f4f450]
13007:
13008: * Makefile.in, src/Makefile.in:
13009: Update clean and cleandir targets
13010: [ad7b2afeb9c1]
13011:
13012: * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
13013: src/sudo.h:
13014: Move fileops.c defines and prototypes to filesops.h
13015: [4545e9b6892d]
13016:
13017: * plugins/sudoers/check.c:
13018: Lock the tty timestamp when writing. We shouldn't have to lock when
13019: reading since the file is updated via a single write system call.
13020: [0c7276f02696]
13021:
13022: 2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
13023:
13024: * plugins/sudoers/alias.c, plugins/sudoers/check.c,
13025: plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
13026: plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
13027: plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
13028: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
13029: plugins/sudoers/logging.c, plugins/sudoers/match.c,
13030: plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
13031: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
13032: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
13033: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
13034: plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
13035: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
13036: Convert to ANSI C function declarations
13037: [9c45def57cf7]
13038:
13039: * plugins/sudoers/sudoers.h:
13040: Remove extraneous bits and classify by source file.
13041: [e8ea9f109ebb]
13042:
13043: * include/compat.h:
13044: Add timercmp macro for systems without it
13045: [d3bf87b1d08e]
13046:
13047: * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
13048: plugins/sudoers/sudoers.h:
13049: get_boottime() now fills in a timeval struct
13050: [3573c3f44e11]
13051:
13052: * plugins/sudoers/check.c:
13053: Store info from stat(2)ing the tty in the tty ticket when tty
13054: tickets are in use. On most systems, this closes the loophole
13055: whereby a user can log out of a tty, log back in and still have the
13056: timestamp be valid.
13057: [53380f9f5242]
13058:
13059: * config.h.in, configure.in:
13060: Add timespec2timeval and use it when getting ctime/mtime
13061: [4cb7f7caec2c]
13062:
13063: 2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
13064:
13065: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
13066: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
13067: plugins/sudoers/testsudoers.c:
13068: Convert perm setting to push/pop model; still needs some work Use
13069: the stashed runas groups instead of using getgrouplist() Reset perms
13070: to the initial value on error
13071: [09c072ebde8b]
13072:
13073: * config.h.in, configure.in:
13074: fix ctim_get and mtim_get macros
13075: [58773dc1e360]
13076:
13077: * config.h.in, configure, configure.in, include/compat.h,
13078: plugins/sudoers/check.c, plugins/sudoers/gettime.c,
13079: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
13080: Use timeval directly instead of converting to timespec when dealing
13081: with file times and time of day.
13082: [a0ce1ae00a67]
13083:
13084: * plugins/sudoers/Makefile.in:
13085: Don't like sudoreplay with libsudoers.la due to a yacc symbol
13086: conflict.
13087: [f1a59cc63a15]
13088:
13089: 2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
13090:
13091: * configure, configure.in:
13092: Darwin >= 9.x has real setreuid(2)
13093: [7ec942a64275]
13094:
13095: 2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
13096:
13097: * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
13098: Ansify env.c
13099: [f58551bad10a]
13100:
13101: * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
13102: plugins/sudoers/sudoers.h:
13103: Remove remaining references to the environ pointer.
13104: [96faa530816a]
13105:
13106: 2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
13107:
13108: * config.h.in, configure, configure.in, plugins/sudoers/env.c:
13109: Don't change the environ directly in the sudoers plugin
13110: [6db48ed3f7e0]
13111:
13112: 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
13113:
13114: * plugins/sudoers/sudoers.c:
13115: Fix typo
13116: [4aa452b07f8f]
13117:
13118: * plugins/sudoers/alias.c:
13119: Fix use after free in error message when a duplicate alias exists.
13120: [ce1d2812ee34]
13121:
13122: 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
13123:
13124: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
13125: src/parse_args.c:
13126: Add a "noninteractive" boolean to the settings passed in to the
13127: plugin's open function that is set when the user specifies the -n
13128: flag.
13129: [68f8d9d6d4d0]
13130:
13131: * config.h.in, configure, configure.in, plugins/sudoers/env.c:
13132: Add workaround for the lack of the environ pointer on Mac OS X in
13133: dlopen()ed modules. Use of environ in the sudoers plugin should
13134: ultimately be removed but this will do for the moment.
13135: [80c61647434f]
13136:
13137: * plugins/sudoers/visudo.c:
13138: Set errorfile to the sudoers path if we set parse_error manually.
13139: This prevents a NULL dereference in printf() when checking a sudoers
13140: file in strict mode when alias errors are present.
13141: [45e249ca99f7]
13142:
13143: * plugins/sudoers/sudoers.c:
13144: Main sudo no longer print "unable to execute" on exec failure so do
13145: it here.
13146: [50aaf62b43b5]
13147:
13148: 2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
13149:
13150: * src/script.c:
13151: Use a pipe to pass back errno to the parent if execve() fails. If we
13152: get an error in script_child(), kill the command and exit.
13153: [dc3bf870f91b]
13154:
13155: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
13156: src/parse_args.c, src/sudo.c:
13157: Handle plugin's open function returning -2 (usage error).
13158: [aadf900c1de8]
13159:
13160: * src/script.c:
13161: If execve() fails, leave it to the plugin to print an error string.
13162: [e25748f2d5b9]
13163:
13164: * src/script.c:
13165: If execve fails in logging mode, pass the errno directly to the
13166: grandparent on the backchannel and exit. The immediate parent will
13167: get SIGCHLD and try to report that status but its parent will no
13168: longer be listening. It would probably be cleaner to pass this over
13169: a pipe in script_child().
13170: [cb122acc81a8]
13171:
13172: * plugins/sudoers/sudoers.c:
13173: Don't override rval with results of check_user() unless it failed.
13174: [46fb7e87ac7d]
13175:
13176: 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
13177:
13178: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
13179: Fix typo
13180: [ccd0b693f3da]
13181:
13182: * src/parse_args.c:
13183: NULL-terminate env_add
13184: [2c534368a0c3]
13185:
13186: 2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
13187:
13188: * src/sudo.c:
13189: Call the I/O log open function before the I/O version function.
13190: [e88bf898990b]
13191:
13192: * plugins/sudoers/iolog.c:
13193: Remove io_conv and just use sudo_conv
13194: [a280052468eb]
13195:
13196: * plugins/sudoers/set_perms.c:
13197: Fix set/restore perms for systems w/o setresuid
13198: [4160517f6666]
13199:
13200: 2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
13201:
13202: * plugins/sudoers/check.c, plugins/sudoers/logging.c,
13203: plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
13204: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
13205: Primitive set/restore permissions. Will be replaced by a push/pop
13206: model.
13207: [aae102290866]
13208:
13209: * src/script.c:
13210: Only need to take action on SIGCHLD in parent if no I/O logger. If
13211: there is an I/O logger we will receive ECONNRESET or EPIPE when we
13212: try to read from the socketpair.
13213: [e1e4560401f6]
13214:
13215: 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
13216:
13217: * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
13218: doc/sudoers.pod, plugins/sudoers/find_path.c:
13219: Merge fb4d571495fa from the 1.7 branch to trunk.
13220: [c8fb424ad4d2]
13221:
13222: 2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
13223:
13224: * src/script.c:
13225: Don't set SA_RESTART when registering SIGALRM handler. Do set
13226: SA_RESTART when registering SIGWINCH handler.
13227: [173472b76525]
13228:
13229: * doc/Makefile.in:
13230: Add dev targets for *.man.in and *.cat that don't specfify the
13231: $(srcdir) prefix.
13232: [b62f425da2e4]
13233:
13234: * src/script.c:
13235: If log_input or log_output returns false, terminate the command.
13236: [074f4c0c34a0]
13237:
13238: * src/script.c:
13239: Better signal handling. Instead of using a single variable to store
13240: the received signal, use an array so we can't lose a signal when
13241: multiple are sent. Fix process termination by SIGALRM in non-I/O
13242: logger mode. Fix relaying terminal signals to the child in non-I/O
13243: logger mode.
13244: [7a4723aca99d]
13245:
13246: * src/script.c:
13247: Fix a race between when we get the child pid in the parent and when
13248: the child process exits. The problem exhibited as a hang after a
13249: short-lived process, e.g. "sudo id" when no IO logger was enabled.
13250: [80bcc0aca70b]
13251:
13252: 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
13253:
13254: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
13255: Add a note about the security implications of the fast_glob option.
13256: [c37a92ab7c93]
13257:
13258: 2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
13259:
13260: * config.h.in, configure, configure.in:
13261: Fix up some AC_DEFINE descriptions and regen config.h.in
13262: [f4655adc0db3]
13263:
13264: 2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
13265:
13266: * include/missing.h:
13267: No longer check for strdup or strndup for LIBOBJ replacement.
13268: [fdc764ee8109]
13269:
13270: * src/script.c:
13271: Avoid installing signal handlers that are io-logger specific. Fixes
13272: job control when no io logger is enabled.
13273: [0853dd0906d4]
13274:
13275: * doc/Makefile.in:
13276: Only regen man pages from pod when configured with --with-devel
13277: [ab1995f8103d]
13278:
13279: 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
13280:
13281: * Makefile, Makefile.in, configure, configure.in:
13282: Top-level Makefile.in. Nothing is currently substituted but this is
13283: needed for separate build dirs.
13284: [e80873cbd201]
13285:
13286: * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
13287: plugins/sudoers/Makefile.in, src/Makefile.in:
13288: Fix out-of-tree builds
13289: [59a35bef07b8]
13290:
13291: * Merge
13292: [386b848047e9]
13293:
13294: * doc/Makefile.in:
13295: We always install sudoreplay in 1.8
13296: [ce52ba6617c9]
13297:
13298: 2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
13299:
13300: * compat/siglist.in:
13301: SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
13302: [6d69e1b05faf]
13303:
13304: 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
13305:
13306: * configure, configure.in:
13307: No need to provide strdup() or strndup(), sudo uses estrdup() and
13308: estrndup()
13309: [57ec23b72958]
13310:
13311: 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
13312:
13313: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
13314: Free str after using it in the version method. Use sudo_conv, not
13315: io_conv since we don't have the IO conversation function pointer in
13316: the I/O version method anymore now that io_open is delayed.
13317: [f2ed132adeb0]
13318:
13319: 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
13320:
13321: * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
13322: compat/siglist.in:
13323: Add license to mksiglist.c and note that the bits from pdksh are
13324: public domain
13325: [d8121a2467e8]
13326:
13327: * compat/Makefile.in:
13328: Fix LIBOBJDIR vs. srcdir wrt the siglist bits
13329: [164160148421]
13330:
13331: * plugins/sudoers/Makefile.in:
13332: Add sudoreplay testsudoers and visudo to clean target
13333: [138a17e51c0c]
13334:
13335: * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
13336: compat/siglist.in, compat/strsignal.c, configure, configure.in,
13337: include/missing.h, src/script.c:
13338: Create our own sys_siglist for systems without it for use by
13339: strsignal()
13340: [2e5da011ebc3]
13341:
13342: * compat/Makefile.in:
13343: Remove duplicate $(LIBOBJDIR)
13344: [adf9abc9432f]
13345:
13346: 2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
13347:
13348: * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
13349: Main sudo should not block signals; the plugin should do this in
13350: check_policy.
13351: [3f3736a7c5ed]
13352:
13353: 2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
13354:
13355: * src/script.c:
13356: Fix a sizeof(ptr) vs. sizeof(*ptr)
13357: [aa1bcf5afcce]
13358:
13359: * src/script.c:
13360: Unlike most operating systems, HP-UX select() is not interrupted by
13361: SIGCHLD when the signal is registered with SA_RESTART. If we clear
13362: SA_RESTART when calling sigaction() for SIGCHLD we get the expected
13363: behavior and the code in the select() loops already handles EINTR
13364: correctly.
13365: [9eba0115e35a]
13366:
13367: * compat/getprogname.c:
13368: progname should be const
13369: [130228f062b7]
13370:
13371: * plugins/sudoers/Makefile.in:
13372: Move --tag=disable-static to when we link sudoers.la, not when we
13373: install.
13374: [ceb5e6c3b78b]
13375:
13376: * src/load_plugins.c:
13377: Load the sudoers I/O plugin by default too now that it is hooked up.
13378: [ea38befd0742]
13379:
13380: 2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
13381:
13382: * src/pty.c:
13383: It looks like AIX doesn't need to push STREAMS modules for ptys.
13384: [22da618ba0a1]
13385:
13386: 2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
13387:
13388: * src/parse_args.c, src/sudo.c:
13389: Delay calling the I/O plugin open function until the policy plugin
13390: returns success.
13391: [f3297c325b48]
13392:
13393: 2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
13394:
13395: * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
13396: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
13397: plugins/sudoers/sudoers.h:
13398: Add back io logging (transcript) support. Currently, the open
13399: function runs too early and it is not possible to use the io module
13400: independently of the policy module.
13401: [9bd932f66226]
13402:
13403: * plugins/sudoers/set_perms.c:
13404: Comment out dead code; will be removed when set_perms is rewritten.
13405: [af7a995284f8]
13406:
13407: 2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
13408:
13409: * plugins/sudoers/sudoers.c:
13410: Fix off by one error when allocating user_groups.
13411: [6281fcf9c3bb]
13412:
13413: 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
13414:
13415: * configure, configure.in, plugins/sudoers/Makefile.in:
13416: Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
13417: [fbce3e9eda3a]
13418:
13419: * plugins/sudoers/sudoers.c:
13420: Fix typo in preserve groups case
13421: [1fd72024fb5a]
13422:
13423: * plugins/sudoers/sudoers.c:
13424: In command_info it is "runas_groups" not "groups".
13425: [5c64dce4f285]
13426:
13427: * src/sudo.c:
13428: Fix iteration over runas_groups list.
13429: [b3c45a0cd643]
13430:
13431: * configure, configure.in, plugins/sudoers/env.c,
13432: plugins/sudoers/match.c, src/script.c:
13433: Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
13434: [a8108a0776c2]
13435:
13436: * compat/getgrouplist.c:
13437: getgrouplist(3) for those without it
13438: [4ab4d21e3b16]
13439:
13440: * plugins/sudoers/sudoers.c:
13441: Set preserve_groups or groups list in command_info
13442: [1266119ad654]
13443:
13444: * src/sudo.c:
13445: Fix setting of groups list
13446: [e75315e40bd4]
13447:
13448: * config.h.in, configure, configure.in, include/compat.h,
13449: include/missing.h:
13450: Add checks for getgrset and getgrouplist and use replacement
13451: getgrouplist if the system doesn't support it.
13452: [a62b8ba50863]
13453:
13454: * src/parse_args.c:
13455: Pass in preserve_groups when the -P flag is specified as per the
13456: design
13457: [7420c5d15474]
13458:
13459: * plugins/sudoers/sudoers.c:
13460: Check preserve_groups and ignore_ticket args with atobool instead of
13461: assuming they are true if present.
13462: [71c905702697]
13463:
13464: 2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
13465:
13466: * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
13467: plugins/sudoers/plugin_error.c:
13468: Rename plugin-specific error.c to plugin_error.c Wire up visudo,
13469: sudoreplay and testsudoers in the build
13470: [9d581d5fa4d4]
13471:
13472: * src/Makefile.in, src/term.c:
13473: term.c does not needto include sudo.h
13474: [f6683cdcd2dd]
13475:
13476: * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
13477: doc/sudo_plugin.pod:
13478: Document the -2 return in the check_policy section too
13479: [e9cb4c34bbcf]
13480:
13481: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
13482: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
13483: src/parse_args.c, src/sudo.c, src/sudo.h:
13484: Fix the -s and -i flags and add support for the "implied_shell"
13485: option. If the user does not specify a command, sudo will now pass
13486: in the path to the user's shell and set impied_shell=true. The
13487: plugin can them either check the command normally or return -2 to
13488: cause sudo to print a usage message and exit.
13489: [bf889c38f229]
13490:
13491: 2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
13492:
13493: * config.h.in, configure, configure.in, src/load_plugins.c:
13494: Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
13495: Darwin where libraries end in .dylib but modules end in .so
13496: [2c56aaa38e21]
13497:
13498: * plugins/sudoers/parse.c:
13499: Better prefix determination now that we can't rely on len==0 to tell
13500: the beginning on an entry.
13501: [622bf18179e9]
13502:
13503: * plugins/sudoers/ldap.c:
13504: display_bound_defaults() stub should return 0, not 1 since it is a
13505: count, not a boolean.
13506: [0327a6c3d55d]
13507:
13508: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13509: Document progname in settings
13510: [42031d56a2e3]
13511:
13512: * compat/getprogname.c, include/compat.h,
13513: plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
13514: src/parse_args.c, src/sudo.c:
13515: Rewrite compat/getprogname.c and add setprogname(). The progname is
13516: now passed to the plugin via the settings array.
13517: [25d8663e6006]
13518:
13519: * configure, configure.in, plugins/sudoers/Makefile.in:
13520: Fix --with-ldap
13521: [b64b633f426d]
13522:
13523: * plugins/sudoers/sudo_nss.c:
13524: Add missing whitespace for Runas and Command-specific defaults
13525: [65f4ddf5545e]
13526:
13527: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
13528: plugins/sudoers/sudo_nss.c:
13529: Use embedded newlines in lbuf instead of multiple calls to
13530: lbuf_print.
13531: [eed3af9cc3e1]
13532:
13533: * src/lbuf.c:
13534: Add support for embedded newlines.
13535: [e11f79b18deb]
13536:
13537: 2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
13538:
13539: * compat/getprogname.c:
13540: If system doesn't support getprogname or __programe and we are
13541: building a shared object don't bother with Argc/Argv, just return
13542: "sudo"
13543: [aebde9062be7]
13544:
13545: * config.h.in, configure, configure.in, src/load_plugins.c:
13546: Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
13547: appears to always install a shared object with the .so suffix.
13548: [f9bbd0c0e9d3]
13549:
13550: * compat/Makefile.in, configure, configure.in,
13551: plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
13552: src/Makefile.in:
13553: Play more nicely with libtool and let it build libreplace (was
13554: libmissing) for us.
13555: [a4c6ebb2495c]
13556:
13557: * include/missing.h:
13558: Include stdarg.h for va_list rather than requiring all consumers of
13559: missing.h to include stdarg.h themselves.
13560: [37382df948de]
13561:
13562: * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
13563: plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
13564: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
13565: src/parse_args.c:
13566: Pass in output function to lbuf_init() instead of writing to stdout.
13567: A side effect is that the usage info can now go to stderr as it
13568: should.
13569: [6d261261a072]
13570:
13571: 2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
13572:
13573: * include/lbuf.h, plugins/sudoers/sudo_nss.c,
13574: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
13575: src/parse_args.c, src/sudo.c:
13576: Use number of tty columns that is passed in user_info instead of
13577: getting it directly in the lbuf code.
13578: [8a16635c2638]
13579:
13580: * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
13581: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
13582: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
13583: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
13584: plugins/sudoers/defaults.h, plugins/sudoers/env.c,
13585: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
13586: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
13587: plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
13588: plugins/sudoers/logging.h, plugins/sudoers/match.c,
13589: plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
13590: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
13591: plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
13592: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
13593: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
13594: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
13595: plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
13596: plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
13597: plugins/sudoers/visudo.c:
13598: Kill __P in sudoers
13599: [63601e6cb171]
13600:
13601: * config.h.in, configure, configure.in, src/load_plugins.c:
13602: Set the sudoers plugin name in configure so we get the extension
13603: right.
13604: [edad89924cd1]
13605:
13606: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13607: Document lines/cols in user_info
13608: [a808872394f3]
13609:
13610: * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
13611: Add tty size to user info
13612: [23f3d27e77a7]
13613:
13614: * src/script.c:
13615: Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
13616: [a2208dd09051]
13617:
13618: 2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
13619:
13620: * plugins/sudoers/sudoers.c:
13621: Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
13622: out if we fail to lookup the user's name that is passed in
13623: [e4e3728ed482]
13624:
13625: * plugins/sudoers/error.c:
13626: Pass the error value back via siglongjmp.
13627: [667b8ad575ce]
13628:
13629: * plugins/sudoers/check.c:
13630: Use conversation function for lecture.
13631: [1ab4719f509b]
13632:
13633: * plugins/sudoers/check.c:
13634: Don't update ticket file if verify_user returns FALSE.
13635: [2bbc46a39a2b]
13636:
13637: 2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
13638:
13639: * plugins/sudoers/sudoers.c, src/sudo.c:
13640: Wire up invalidate and validate methods for sudoers
13641: [c0630c7bca47]
13642:
13643: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
13644: plugins/sudoers/sudoers.h:
13645: Add support for -k flag with a command.
13646: [edad239b098b]
13647:
13648: * src/parse_args.c:
13649: Allow -k to be specified with a command.
13650: [43a45add9974]
13651:
13652: * plugins/sudoers/sudoers.c:
13653: Wire up policy_list
13654: [27cc35699eca]
13655:
13656: * plugins/sudoers/error.c:
13657: Add newline at the end of message and space after the colon in
13658: warning message
13659: [5a591aa8e744]
13660:
13661: * plugins/sudoers/auth/sudo_auth.c:
13662: Add missing newline after pass password warning
13663: [337dba3870a7]
13664:
13665: * plugins/sudoers/sudoers.c:
13666: Set user_groups and user_ngroups based on user_info
13667: [61bee85128c8]
13668:
13669: * plugins/sudoers/error.c:
13670: Make this compile
13671: [7041c441e1c8]
13672:
13673: * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
13674: Make _warning in error.c use the conversation function and remove
13675: commented out warning/warningx in sudoers.c.
13676: [7c9b09024b63]
13677:
13678: * plugins/sudoers/logging.c:
13679: Use siglongjmp() in log_error for fatal errors
13680: [b50e26f1c73f]
13681:
13682: * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
13683: Quiet a libtool warning
13684: [b2331fb006bc]
13685:
13686: * Makefile:
13687: Build sudoers plugin
13688: [5cdf06e66978]
13689:
13690: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
13691: Use warningx in yyerror() so the conversation function gets used
13692: when built as part of sudoers.
13693: [85f964215eef]
13694:
13695: 2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
13696:
13697: * plugins/sudoers/auth/pam.c:
13698: Rename sudo_conv to conversation to avoid a namespace conflict.
13699: [1ad359d36be9]
13700:
13701: * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
13702: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
13703: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
13704: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
13705: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
13706: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
13707: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
13708: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
13709: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
13710: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
13711: plugins/sudoers/env.c, plugins/sudoers/error.c,
13712: plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
13713: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
13714: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
13715: plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
13716: plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
13717: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
13718: plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
13719: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
13720: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
13721: plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
13722: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
13723: Initial bits of sudoers plugin; still needs work.
13724: [af2a2c59a952]
13725:
13726: * config.h.in:
13727: Add HAVE_STRDUP and HAVE_STRNDUP
13728: [50a3c0dd510f]
13729:
13730: * compat/Makefile.in, configure, configure.in:
13731: Build libmissing in two flavors (one PIC one non-PIC) and link with
13732: the appropriate one.
13733: [b62f411a4c18]
13734:
13735: * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
13736: compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
13737: Build libmissing in two flavors (one PIC one non-PIC) and link with
13738: the appropriate one.
13739: [e1e04972b5fe]
13740:
13741: 2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
13742:
13743: * include/missing.h:
13744: Add strdup and strndup and fix strsignal
13745: [c159babe2896]
13746:
13747: 2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
13748:
13749: * compat/strdup.c, compat/strndup.c, configure, configure.in,
13750: plugins/sample/Makefile.in, src/Makefile.in:
13751: Add strdup and strndup to compat
13752: [25c9fd399a4d]
13753:
13754: * plugins/sample/sample_plugin.c:
13755: Need to include compat.h before missing.h
13756: [c94f7aad380f]
13757:
13758: * compat/strsignal.c:
13759: Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
13760: it doesn't exist configure will set it to 0.
13761: [384580566389]
13762:
13763: * compat/glob.c:
13764: Fix botched ANSI C coversion of globexp2()
13765: [4a344b8cbe49]
13766:
13767: * configure, configure.in:
13768: Remove redundant getgroups check
13769: [0b16ec210c81]
13770:
13771: * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
13772: Require either termios or termio, no more sgtty.
13773: [9b2fa2f17a1c]
13774:
13775: * compat/strsignal.c, config.h.in, configure, configure.in:
13776: Change the sys_siglist check to use AC_CHECK_DECLS and also check
13777: for _sys_siglist and__sys_siglist
13778: [2e078fed2408]
13779:
13780: 2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
13781:
13782: * configure, configure.in, src/Makefile.in:
13783: Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
13784: use SUDO_OBJS for the main driver as part of OBJS.
13785: [9ae4a80a5ade]
13786:
13787: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13788: Mention in the conversation function section that a newline is not
13789: implicit.
13790: [04a233b6c491]
13791:
13792: * include/compat.h:
13793: Add definition of WCOREDUMP for systems without it. This is known
13794: to work on AIX and SunOS 4, but may be incorrect on other systems
13795: that lack WCOREDUMP.
13796: [c85b3ce6b77d]
13797:
13798: 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
13799:
13800: * plugins/sample/sample_plugin.c, src/conversation.c:
13801: conversation function no longer puts a newline at the end of info or
13802: error messages.
13803: [c534cae1ac4a]
13804:
13805: 2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
13806:
13807: * src/script.c:
13808: Use parent process group id instead of parent process id when
13809: checking foreground status and suspending parent. Fixes an issue
13810: when running commands under /usr/bin/time and others.
13811: [564f528c3bb7]
13812:
13813: 2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
13814:
13815: * aclocal.m4:
13816: transcript option is now --with not --enable
13817: [0646fac4cf93]
13818:
13819: * plugins/sample/sample_plugin.c:
13820: Add support to -u and -g flags Check fmt_string retval Add timeout
13821: for debugging purposes
13822: [cfefa4fa60b5]
13823:
13824: * src/script.c, src/sudo.c:
13825: Wire up SIGALRM handler Set close on exec flag for child side of the
13826: socketpair Fix signal handling when not doing I/O logging
13827: [379581ec7272]
13828:
13829: * src/sudo.c:
13830: g/c unused SIGCHLD handler
13831: [0afa03912dce]
13832:
13833: * src/fmt_string.c, src/parse_args.c, src/sudo.c:
13834: Don't use emalloc() in fmt_string(); we want to be able to use it
13835: from a plugin.
13836: [ade64d368147]
13837:
13838: * include/list.h:
13839: tq_remove not list_remove
13840: [0e0e1fd5c31c]
13841:
13842: * configure, configure.in:
13843: AUTH_OBJS should contain .lo files not .o files.
13844: [c64c82c9d5a2]
13845:
13846: 2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
13847:
13848: * src/parse_args.c:
13849: Simplify conversion of command line args to name=value pairs.
13850: [75ab127c6a94]
13851:
13852: * plugins/sample/sample_plugin.c:
13853: Handle NULL reply from conversation function
13854: [6ce09b6cb204]
13855:
13856: * compat/getline.c:
13857: Don't depend on emalloc/erealloc
13858: [73df09e2109f]
13859:
13860: * plugins/sample/Makefile.in:
13861: Use $(OBJS) instead of sample_plugin.lo
13862: [2d995db9aa99]
13863:
13864: * plugins/sample/sample_plugin.c:
13865: runas_user is in settings not user_info
13866: [7ee12068bc57]
13867:
13868: * src/parse_args.c:
13869: Fix a mismatch between sudo_settings and settings_pairs that causes
13870: some settings to get the wrong values.
13871: [b1bc6d81a65f]
13872:
13873: 2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
13874:
13875: * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
13876: src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
13877: src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
13878: Convert to ANSI C
13879: [d03b6e4a3b75]
13880:
13881: * src/load_plugins.c:
13882: Fix strlcpy() return value check.
13883: [7cd66999a374]
13884:
13885: * INSTALL, configure, configure.in:
13886: No longer need to substitute in script.o and pty.o; I/O logging
13887: support is always built.
13888: [45250024c5dc]
13889:
13890: 2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
13891:
13892: * src/script.c:
13893: Add fallback to /bin/sh when execve() fails with ENOEXEC.
13894: [7684a15a1352]
13895:
13896: * include/alloc.h, src/alloc.c:
13897: Add estrndup()
13898: [47621c83bed9]
13899:
13900: 2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
13901:
13902: * src/script.c, src/sudo.c:
13903: Refactor script_execve() a bit so that it can be used in non-script
13904: mode. Needs more cleanup.
13905: [f09e022d547c]
13906:
13907: * src/sudo.c:
13908: Ignore empty entries in command_info list
13909: [1eea9a8de21c]
13910:
13911: * include/list.h, src/list.c:
13912: Add tq_remove
13913: [40908a617cb2]
13914:
13915: * src/conversation.c:
13916: Pass timeout to tgetpass()
13917: [9e66c918b771]
13918:
13919: * Makefile:
13920: Add ChangeLog target
13921: [da4a39150838]
13922:
13923: * README, WHATSNEW:
13924: Bump version and update things slightly for sudo 1.8.0
13925: [4b73cc45e2d4]
13926:
13927: * configure, configure.in:
13928: Sudo now requires an ANSI/ISO C compiler
13929: [1e51f72e6964]
13930:
13931: * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
13932: src/sudo_noexec.c:
13933: Convert to ANSI C
13934: [5cbd315dbde8]
13935:
13936: * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
13937: include/list.h, include/missing.h:
13938: Convert to ANSI C
13939: [3f5016ff64f4]
13940:
13941: * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
13942: compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
13943: compat/getprogname.c, compat/glob.c, compat/glob.h,
13944: compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
13945: compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
13946: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
13947: compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
13948: compat/utimes.c:
13949: Convert to ANSI C
13950: [0d635c85461c]
13951:
13952: 2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
13953:
13954: * src/sudo.c, src/tgetpass.c:
13955: Make user_details extern so tgetpass can get at the uid and gid. Set
13956: uid/gid to user before executing askpass program. Check environment
13957: for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
13958: set the askpass program itself
13959: [d33606396176]
13960:
13961: * src/sudo.c:
13962: No longer need sudo_usage.h in sudo.c
13963: [063e2946c382]
13964:
13965: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
13966: doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
13967: src/sudo_usage.h.in:
13968: Document -D level command line flag which maps to the debug_level
13969: setting.
13970: [61f1e2ab3ac1]
13971:
13972: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13973: Document debug_level in plugin doc. Still need to document the -D
13974: flag in sudo itself.
13975: [8c62daea3e9b]
13976:
13977: 2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
13978:
13979: * plugins/sample/sample_plugin.c:
13980: include missing,h for vasprintf
13981: [92503de49b39]
13982:
13983: * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
13984: doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13985: Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
13986: [14cfb4775238]
13987:
13988: * plugins/sample/sample_plugin.c:
13989: Need to include limits.h
13990: [bda7f74343d2]
13991:
13992: * compat/glob.c:
13993: No more sudo_getpw*
13994: [232e52907634]
13995:
13996: * plugins/sample/Makefile.in, src/Makefile.in:
13997: Add missing compat bits
13998: [4843dd000e08]
13999:
14000: * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
14001: compat files should not include sudo.h wire up compat in sample
14002: plugin
14003: [a175b8185e0f]
14004:
14005: * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
14006: Fix up compat dependencies. Fix distclean target in doc/Makefile.in
14007: [57e49bc20857]
14008:
14009: * configure, configure.in:
14010: Fix typo
14011: [333655e3d5fe]
14012:
14013: * plugins/sample/sample_plugin.c:
14014: Log input and output to temp files for proof of concept.
14015: [ae1dfc34f7d6]
14016:
14017: * Makefile, configure, configure.in, doc/Makefile.in:
14018: Add doc Makefile.in and wire it up
14019: [6a310443c87d]
14020:
14021: * src/script.c:
14022: Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
14023: suspending a shell with the "suspend" builtint.
14024: [3d65f182819a]
14025:
14026: * src/script.c:
14027: In child, handle parent side of the pipe going away.
14028: [a29c14d78cd9]
14029:
14030: * src/script.c:
14031: No longer need to check for explicit death of the child (process #2)
14032: since if it dies we will get EPIPE from the socketpair. Fix a
14033: sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
14034: sudo_debug.
14035: [24c55dd4ff60]
14036:
14037: * src/sudo.c:
14038: Make sudo_debug do a single vfprintf() which will result in a single
14039: write call on most systems. Avoids problems with interleaved debug
14040: printf from different processes. Also remove an extraneous error
14041: case since recv() can't return a short read and add some more XXX.
14042: [b37a8533ef1e]
14043:
14044: 2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
14045:
14046: * src/script.c:
14047: Fix uninitialized variable.
14048: [e012a0a30890]
14049:
14050: * src/Makefile.in:
14051: Fix sudo install target
14052: [1417fa4b4ab9]
14053:
14054: * src/parse_args.c, src/sudo.c, src/sudo.h:
14055: Wire up debug_level
14056: [144fab289c73]
14057:
14058: * src/Makefile.in:
14059: Fix dependencies
14060: [5170940af2ce]
14061:
14062: * configure, configure.in:
14063: Fix setting of plugin dir
14064: [144eda170a72]
14065:
14066: * Makefile:
14067: add clean targets
14068: [d53f6f6f5c3a]
14069:
14070: * src/atobool.c:
14071: Add missing source for sudo front end
14072: [42487de9c489]
14073:
14074: * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
14075: Sample plugin demonstrating the sudo plugin API
14076: [f1fd62d7644f]
14077:
14078: * Makefile, configure, configure.in, install-sh, pathnames.h.in,
14079: plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
14080: src/fileops.c, src/fmt_string.c, src/load_plugins.c,
14081: src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
14082: src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
14083: sudo_usage.h.in:
14084: Modular sudo front-end which loads policy and I/O plugins that do
14085: most the actual work. Currently relies on dynamic loading using
14086: dlopen(). See doc/plugin.pod for the plugin API.
14087: [924f6eb2fbba]
14088:
14089: * doc/plugin.pod, include/sudo_plugin.h:
14090: Sudo plugin API
14091: [374ccbbd24ae]
14092:
14093: * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
14094: compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
14095: plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
14096: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
14097: src/fileops.c, src/sudo_edit.c:
14098: Replace emul/include.h with compat/include.h to match new source
14099: tree layout.
14100: [7eccd10449a1]
14101:
14102: * src/lbuf.c:
14103: Include missing.h for memrchr() proto
14104: [03abd63a8a33]
14105:
14106: * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
14107: TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
14108: alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
14109: auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
14110: auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
14111: auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
14112: auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
14113: closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
14114: compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
14115: compat/getline.c, compat/getprogname.c, compat/glob.c,
14116: compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
14117: compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
14118: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
14119: compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
14120: compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
14121: def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
14122: doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
14123: doc/license.pod, doc/sample.pam, doc/sample.sudoers,
14124: doc/sample.syslog.conf, doc/schema.ActiveDirectory,
14125: doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
14126: doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
14127: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
14128: doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
14129: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
14130: doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
14131: emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
14132: error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
14133: getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
14134: gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
14135: include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
14136: include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
14137: ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
14138: interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
14139: list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
14140: mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
14141: nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
14142: plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
14143: plugins/sudoers/alias.c, plugins/sudoers/auth/API,
14144: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
14145: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
14146: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
14147: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
14148: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
14149: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
14150: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
14151: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
14152: plugins/sudoers/boottime.c, plugins/sudoers/check.c,
14153: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
14154: plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
14155: plugins/sudoers/defaults.h, plugins/sudoers/env.c,
14156: plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
14157: plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
14158: plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
14159: plugins/sudoers/gram.c, plugins/sudoers/gram.h,
14160: plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
14161: plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
14162: plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
14163: plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
14164: plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
14165: plugins/sudoers/logging.c, plugins/sudoers/logging.h,
14166: plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
14167: plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
14168: plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
14169: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
14170: plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
14171: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
14172: plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
14173: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
14174: plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
14175: plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
14176: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
14177: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
14178: plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
14179: sample.pam, sample.sudoers, sample.syslog.conf,
14180: schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
14181: selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
14182: src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
14183: src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
14184: src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
14185: src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
14186: strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
14187: sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
14188: sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
14189: sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
14190: sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
14191: sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
14192: term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
14193: tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
14194: visudo.man.in, visudo.pod, zero_bytes.c:
14195: Rework source layout in preparation for modular sudo.
14196: [7fc1978c6ad5]
14197:
14198: 2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
14199:
14200: * Avoid a duplicate fclose() of the sudoers file.
14201: [5dba851088c1]
14202:
14203: * Fix size arg when realloc()ing include stack. From Daniel Kopecek
14204: [0a2935061e33]
14205:
14206: * Use setrlimit64(), if available, instead of setrlimit() when setting
14207: AIX resource limits since rlim_t is 32bits.
14208: [353db89bac61]
14209:
14210: * Fix use after free when sending error messages. From Timo Juhani
14211: Lindfors
14212: [e50dbd902382]
14213:
14214: * ChangeLog, Makefile.in:
14215: Generate the ChangeLog as part of "make dist" instead of having it
14216: in the repo.
14217: [251b70964673]
14218:
14219: 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
14220:
14221: * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
14222: auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
14223: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
14224: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
14225: auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
14226: closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
14227: emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
14228: fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
14229: gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
14230: ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
14231: isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
14232: logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
14233: mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
14234: pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
14235: sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
14236: sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
14237: strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
14238: sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
14239: sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
14240: sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
14241: term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
14242: utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
14243: Remove CVS $Sudo$ tags.
14244: [de683a8b31f5]
14245:
14246: 2010-01-18 convert-repo <convert-repo>
14247:
14248: * .hgtags:
14249: update tags
14250: [9b7aa44ae436]
14251:
14252: 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
14253:
14254: * sudo_usage.h.in:
14255: make this match sudoers SYNOPSIS
14256: [c74ba66944c2]
14257:
14258: * lbuf.c, parse.c:
14259: Print a newline between Runas and Command-specific defaults in sudo
14260: -l.
14261: [b5bdfcc9ce4b]
14262:
14263: * term.c:
14264: Use SET and CLR macros in term_raw
14265: [50ca42609d6c]
14266:
14267: * sudoreplay.c:
14268: Set stdin to non-blocking mode early instead of in check_input. Use
14269: term_raw instead of term_cbreak since the data we get has already
14270: been expanded via OPOST.
14271: [51c47e803d62]
14272:
14273: 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
14274:
14275: * script.c, term.c:
14276: Enable/disable all postprocessing instead of just nl->crnl
14277: processing since things like tab expansion matter too. However, if
14278: stdout is a tty leave postprocessing on in the pty since we run into
14279: problems doing it only on the real stdout with .e.g nvi.
14280: [62666e309673]
14281:
14282: 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
14283:
14284: * check.c:
14285: If tty_tickets is enabled and there is no tty, prompt for a
14286: password. Do not lecture user for "sudo -k command" if user has a
14287: timestamp.
14288: [5880200c5f6b]
14289:
14290: * INSTALL:
14291: Document missing options: --with-efence and --with-bsm-audit
14292: [d83afcdf9ff3]
14293:
14294: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
14295: sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
14296: sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
14297: visudo.man.in, visudo.pod:
14298: username -> user name groupname -> group name hostname -> host name
14299: [10c85646f45d]
14300:
14301: * INSTALL, README.LDAP, sudoers.pod:
14302: filename -> file name like the rest of the docs
14303: [1ef8ab5a9018]
14304:
14305: 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
14306:
14307: * parse.c:
14308: Fix printing of entries with multiple host entries on a single line.
14309: [226ceaf91d8d]
14310:
14311: 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
14312:
14313: * sudoers.pod:
14314: Mention that targetpw affects the timestamp file name.
14315: [a26e22e4f72e]
14316:
14317: * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
14318: sudoers.pod:
14319: Add compress_transcript option.
14320: [6e94f8cb9dfb]
14321:
14322: 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
14323:
14324: * configure, configure.in:
14325: bump to 1.7.3b2
14326: [906d7e347d15]
14327:
14328: * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
14329: Better split of membership vs. traditional group check in
14330: user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
14331: [6ebc55d4716b]
14332:
14333: 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
14334:
14335: * pwutil.c:
14336: Fix pasto and add default return value.
14337: [7973b5e4599c]
14338:
14339: * check.c, match.c, pwutil.c, sudo.h:
14340: refactor group member checking into user_in_group()
14341: [48ca8c2eddf8]
14342:
14343: * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
14344: sudo.h:
14345: Add support for mbr_check_membership() as present in darwin.
14346: [5501aed02b9f]
14347:
14348: 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
14349:
14350: * match.c:
14351: Rename label to be accurate
14352: [3af17dd960f7]
14353:
14354: * Makefile.in, boottime.c, check.c, config.h.in, configure,
14355: configure.in, sudo.h:
14356: Treat timestamp files from before we booted as old. Idea from and
14357: Apple patch.
14358: [5c96e484c05a]
14359:
14360: 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
14361:
14362: * sudo.c, sudo.pod, sudo_usage.h.in:
14363: Allow the -u flag to be used in conjunction with the -v flag as per
14364: older versions of sudo.
14365: [591e9fc13c1a]
14366:
14367: * logging.c:
14368: fix typo in last commit
14369: [4fd0c692dcf0]
14370:
14371: 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
14372:
14373: * logging.c:
14374: Convert fmt_first and fmt_confd into macros.
14375: [32e870158b29]
14376:
14377: * sudoers.pod:
14378: timeouts can be floats now
14379: [89de639a9679]
14380:
14381: * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
14382: defaults.h, mkdefaults:
14383: Add support for floating point timeout values (e.g. 2.5 minutes).
14384: [210ffa291733]
14385:
14386: 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
14387:
14388: * sudo.pod:
14389: The -L flag will be removed in sudo 1.7.4
14390: [ffd026084333]
14391:
14392: 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
14393:
14394: * sudoreplay.c:
14395: Fix a bug due to order of operators.
14396: [938d34464283]
14397:
14398: 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
14399:
14400: * match.c:
14401: cmnd_matches() already deals with negation so _cmndlist_matches()
14402: does not need to do so itself. Fixes a bug with negated entries in
14403: a Cmnd_List.
14404: [71c845f6ce73]
14405:
14406: 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
14407:
14408: * sudo.c:
14409: Don't exit() from open_sudoers, just return NULL for all errors.
14410: [8cfa832f972a]
14411:
14412: * script.c:
14413: Can't rely on the shell sending us SIGCONT when transitioning from
14414: backgroup to foreground process.
14415: [3c6c5b6cb4b3]
14416:
14417: * toke.c, toke.l:
14418: Add missing extern def for parse_error
14419: [45b7b59d03b7]
14420:
14421: 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
14422:
14423: * toke.c, toke.l:
14424: Avoid a parse error when #includedir doesn't find any files. Closes
14425: bug #375
14426: [1ce1b850e9e6]
14427:
14428: * Makefile.in:
14429: Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
14430: [6a22e32da108]
14431:
14432: 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
14433:
14434: * script.c:
14435: Start command out in foreground mode if stdout is a tty. Works
14436: around issues with some curses-based programs that don't handle
14437: tcsetattr getting interrupted by a signal. Still allows us to avoid
14438: hogging the tty if the command is part of a pipeline.
14439: [1c32f2b94769]
14440:
14441: * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
14442: Use a socketpair to pass signals from parent to child. Child will
14443: now pass command status change info back via the socketpair. This
14444: allows the parent to distinguish between signals it has been sent
14445: directly and signals the command has received. It also means the
14446: parent can once again print the signal notifications to the tty so
14447: all writes to the pty master occur in the parent. The command is
14448: now always started in background mode with tty signals handled by
14449: the parent.
14450: [c6790b82986d]
14451:
14452: 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
14453:
14454: * configure, configure.in:
14455: Fix a few typos in the descriptions; from Jeff Makey Only do the
14456: check for krb5_get_init_creds_opt_free() taking two arguments if we
14457: find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
14458: positive when using our own krb5_get_init_creds_opt_free which takes
14459: only a single argument.
14460: [845a9ff6f93d]
14461:
14462: 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
14463:
14464: * configure, configure.in:
14465: Remove a spurious comma in the kerb5 bits.
14466: [3433eab083db]
14467:
14468: * auth/kerb5.c:
14469: Call krb5_get_init_creds_opt_init() in our emulated
14470: krb5_get_init_creds_opt_alloc() for MIT kerberos.
14471: [7ffb40bf43e9]
14472:
14473: 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
14474:
14475: * config.h.in:
14476: Add HAVE_ZLIB
14477: [9297bde61ecc]
14478:
14479: * script.c:
14480: Need to ignore SIGTT{IN,OU} in child when running the command in the
14481: background. Also some minor cleanup.
14482: [dc208d982319]
14483:
14484: 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
14485:
14486: * script.c:
14487: Instead of calling sigsuspend when waiting for SIGUSR[12] from
14488: parent, install the signal handlers w/o SA_RESTART and let them
14489: interrupt waitpid().
14490: [759c7d18203b]
14491:
14492: * script.c:
14493: Pass along SIGHUP and SIGTERM from parent to child.
14494: [035b0e254568]
14495:
14496: * script.c:
14497: Close unused bits of script_fds in processes that don't need them.
14498: Restore default SIGCONT handler in child.
14499: [e037378ab0c1]
14500:
14501: * script.c:
14502: Update foreground/background status in SIGCONT handler in parent
14503: process.
14504: [3f7f91333264]
14505:
14506: 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
14507:
14508: * script.c:
14509: Defer setting terminal into raw mode until just before we fork() and
14510: only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
14511: and sudo is already in the foreground be sure to set raw mode before
14512: continuing the child.
14513: [1102ef40832c]
14514:
14515: 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
14516:
14517: * script.c:
14518: Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
14519: give the command the controlling tty if the main sudo process is the
14520: foreground process.
14521: [cf3a91cb5682]
14522:
14523: * script.c:
14524: Don't bother with sudo_waitpid() here for now.
14525: [9086de480c2d]
14526:
14527: * script.c:
14528: fix non-zlib case
14529: [a258bff0f9a6]
14530:
14531: 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
14532:
14533: * script.c:
14534: Remove non-wroking code that crept into rev 1.55
14535: [2802dd55cff5]
14536:
14537: 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
14538:
14539: * INSTALL, configure, configure.in, script.c, sudoreplay.c:
14540: First pass at zlib support for transcript data files
14541: [5d10260807da]
14542:
14543: * Makefile.in:
14544: remove vestiges of ZLDFLAGS
14545: [1fa0caf1c0fb]
14546:
14547: * script.c:
14548: Add missing variable declaration for when TIOCSCTTY is not defined.
14549: Need to include sys/termio.h for TIOCSCTTY on some systems.
14550: [ee7f41ac2709]
14551:
14552: * script.c:
14553: when resuming command, send SIGCONT to its pgrp not just pid
14554: [5cd63c1d565b]
14555:
14556: * selinux.c:
14557: remove unused variable
14558: [df67df4be228]
14559:
14560: * script.c:
14561: include selinux.h for is_selinux_enabled() proto
14562: [85ebaa880cc1]
14563:
14564: * script.c:
14565: Don't use log_error() in the child process.
14566: [def65fe2a433]
14567:
14568: * script.c:
14569: Do I/O in parent instead of child since the parent can have both
14570: /dev/tty as well as the pty fds open. The child just sets things up
14571: and waits for its grandchild and writes the signal description to
14572: the pty master if the command was killed by a signal.
14573: [95e473208982]
14574:
14575: 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
14576:
14577: * missing.h, sudo.h:
14578: Move two struct forward declarations from sudo.h to missing.h
14579: [90ad28294a8c]
14580:
14581: * script.c:
14582: Make comment at the top of script_exec() match reality.
14583: [c5042d27dbe0]
14584:
14585: * sudo.c:
14586: if neither stdin nor stdout is a tty, check stderr
14587: [c532ff20c8d8]
14588:
14589: * Makefile.in:
14590: Add back dependecy of gram.h on gram.y
14591: [c58382b7fcca]
14592:
14593: * script.c:
14594: Make transcript mode work as long as we can figure out our tty, even
14595: if it is not stdin. We'd like to use /dev/tty but that won't be
14596: valid after the setsid().
14597: [7b8bba8d99e7]
14598:
14599: 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
14600:
14601: * config.h.in, configure, configure.in, pty.c:
14602: Add support for IRIX-style dynamic ptys
14603: [bedc9bac44c1]
14604:
14605: * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
14606: Move alloc.c protos into alloc.h
14607: [b6a90649617d]
14608:
14609: * missing.h:
14610: Move prototypes for missing libc functions to missing.h
14611: [dda9ae1ccaf8]
14612:
14613: * Makefile.in, sudo.h, sudoreplay.c:
14614: Move prototypes for missing libc functions to missing.h
14615: [7483166b577b]
14616:
14617: 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
14618:
14619: * config.h.in, configure, configure.in:
14620: Disable transcript support if no tcsetpgrp until we support older
14621: BSD-style job control.
14622: [27ac1d8163df]
14623:
14624: * configure, configure.in, pty.c, script.c:
14625: Break out pty code into pty.c
14626: [e85509b25d41]
14627:
14628: * compat.h, config.h.in, configure, configure.in:
14629: add killpg macro if no killpg function
14630: [3a125f4a51f0]
14631:
14632: * config.h.in, configure, configure.in, script.c:
14633: Push ptem and ldterm for STERAMS-based systems when allocating a
14634: pty.
14635: [36bb39b30ff2]
14636:
14637: 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
14638:
14639: * script.c:
14640: Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
14641: [d94bd5c9bf4e]
14642:
14643: * script.c:
14644: Call tcgetpgrp() in the parent, not the child and have the child
14645: spin until it is granted. Fixes a race on darwin.
14646: [6e8d435339ce]
14647:
14648: * script.c:
14649: Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
14650: reopen slave.
14651: [0bdc63c019ca]
14652:
14653: 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
14654:
14655: * script.c:
14656: In script mode, if the command is killed by a signal, print the
14657: signal description as well as a core dump notification like the
14658: shell does.
14659: [9df61738df07]
14660:
14661: * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
14662: sudo.h:
14663: Add check for strsignal() and a simple implementation if it is not
14664: there but sys_siglist is
14665: [61421a188ef4]
14666:
14667: * script.c:
14668: Add missing WUNTRACED and store the signal that stopped the
14669: grandchild in suspended, not signo.
14670: [df65042b200e]
14671:
14672: * script.c:
14673: g/c unused code
14674: [40d8cb5c9203]
14675:
14676: * script.c:
14677: Associate the grandchild's pgrp with the tty instead of the child's
14678: and just get suspend notifications via SIGCHLD instead of directly.
14679: This fixes a hang with programs that try to set terminal attributes
14680: and is more consistent with how the shell handles things.
14681: [6865abff7e94]
14682:
14683: 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
14684:
14685: * script.c:
14686: Move setpgid() of child into the parent side of the fork() where it
14687: belongs.
14688: [3defa782777c]
14689:
14690: 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
14691:
14692: * script.c:
14693: fix typo
14694: [b6a612b3622c]
14695:
14696: * script.c:
14697: Run command in its own pgrp (like the shell does) for easier
14698: signalling. No need to relay SIGINT or SIGQUIT to parent, just send
14699: to grandchild. Don't want grandchild stopped events in the child
14700: (only termination). Flush output after suspending grandchild before
14701: signalling parent.
14702: [db556bf2176f]
14703:
14704: * script.c:
14705: Back out revision 1.34; the problem lies elsewhere.
14706: [85f590a03275]
14707:
14708: * script.c:
14709: Don't set stdout to blocking mode when flushing remaining output.
14710: It can cause us to hang when trying to exit. Need to investigate
14711: why.
14712: [6f803a3e33ca]
14713:
14714: * script.c:
14715: Handle SIGTTOU and remove some debugging.
14716: [52d17279053e]
14717:
14718: * term.c:
14719: Back out revision 1.10 as the signal that interrupts us may be
14720: SIGTTOU or SIGTTIN which the caller must handle.
14721: [7e2fa9107975]
14722:
14723: * script.c:
14724: Apparently we need to send SIGSTOP to the command as well as ourself
14725: when we get SIGTSTP, the kernel doesn't automatically stop the
14726: process for us.
14727: [1a936e9309c4]
14728:
14729: * script.c:
14730: Use an extra process to act as the glue bewteen the sessions
14731: associated with the user's controlling tty (what the shell uses) and
14732: the tty that sudo is using to do its logging. Basically, this means
14733: that if we get, e.g. SIGTSTP from the process sudo is running, we
14734: relay the signal to the parent so it's shell can do the job control.
14735: [6dd296988060]
14736:
14737: * term.c:
14738: Handle getting/setting terminal attributes when the fd is in non-
14739: blocking mode.
14740: [ae5ae535ea7b]
14741:
14742: 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
14743:
14744: * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
14745: Add support for pausing and changing the speed in interactive mode.
14746: [72a2063780a7]
14747:
14748: * script.c:
14749: Already define O_NOCTTY in compat.h, don't need it here
14750: [b5d80ed3e5ce]
14751:
14752: 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
14753:
14754: * sudoreplay.c:
14755: Add missing protos
14756: [c4cb4e7f4d8a]
14757:
14758: 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
14759:
14760: * sudo_edit.c:
14761: Always update the stashed mtime of the temp file instead of using
14762: what we have for the original because the time resolution of the
14763: filesystem the temporary is on may not match that of the filesystem
14764: that holds the original. Should fix bz #371 found by Philippe Levan.
14765: [c86ca4bec60c]
14766:
14767: * sudoreplay.c:
14768: Use cbreak mode instead of raw mode and add signal handlers to
14769: restore the tty on interrupt.
14770: [84dd283da41c]
14771:
14772: * script.c, sudo.h, term.c:
14773: Retain NL to NLCR conversion on the real tty and skip it on the pty
14774: we allocate. That way, if stdout is not a pty there are no extra
14775: carriage returns.
14776: [32e4f570414e]
14777:
14778: * script.c:
14779: Fix log_output(); just pass in a string and a length.
14780: [ca980cc0a3fb]
14781:
14782: 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
14783:
14784: * script.c:
14785: do not use errno when complaining out lack of a tty
14786: [8f9b8c55ab8e]
14787:
14788: 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
14789:
14790: * Makefile.in, sudoreplay.c, term.c:
14791: Instead of messing with line endings, just set terminal to raw mode
14792: in sudoreplay.
14793: [90943fa87acb]
14794:
14795: * term.c:
14796: When copying the terminal attributes to the pty, be sure not to set
14797: ONLCR. This prevents extra carriage returns from ending up in the
14798: script output file.
14799: [e6b5475ac2aa]
14800:
14801: * script.c:
14802: Convert a do {} while into a while
14803: [e461310d2c77]
14804:
14805: * Makefile.in:
14806: Use if then instead of test && when installing binaries that may not
14807: exist.
14808: [ad4f9490d971]
14809:
14810: * script.c:
14811: Add O_NOCTTY when opening a tty device. Explicitly disconnect from
14812: old tty before associatng with new one.
14813: [0e0ca634b80c]
14814:
14815: * script.c, selinux.c, sudo.c, sudo.h:
14816: First cut at refactoring some of the selinux code so it can be used
14817: in conjunction with sudo's transcript support.
14818: [779b0d8f9d29]
14819:
14820: 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
14821:
14822: * aclocal.m4, configure, configure.in:
14823: Fix default case of transcript_enabled being unset.
14824: [f8aa96186e6b]
14825:
14826: * script.c, sudoreplay.c:
14827: Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
14828: [2844a7a851fa]
14829:
14830: * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
14831: Hook up --disable-transcript and --enable-transcript=DIR
14832: [b3fa7e6b2480]
14833:
14834: 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
14835:
14836: * aclocal.m4, configure, configure.in, pathnames.h.in:
14837: _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
14838: transcript=DIR option to specify the directory
14839: [b0bb76d43cda]
14840:
14841: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
14842: regen
14843: [c7a8a0a9027c]
14844:
14845: * configure, configure.in, sudoers.man.pl, sudoers.pod:
14846: Substitute in default value for secure_path
14847: [c8f9ac6dbf93]
14848:
14849: * sudo.pod:
14850: Mention that the password must be followed by a newline with the -S
14851: option.
14852: [2fc589a3ee7e]
14853:
14854: 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
14855:
14856: * script.c:
14857: Go back to dropping out of the select() loop when the process dies;
14858: Linux ptys apparently don't behave the same as BSD in regards to
14859: select(). No need to flush remaining output to the transcript, only
14860: to stdout. Add back code to check the master pty for additional data
14861: when we exit the main select loop.
14862: [abed9a9cbc6b]
14863:
14864: 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
14865:
14866: * Makefile.in:
14867: Add getline.o to COMMON_OBJS
14868: [04ef7643cbc2]
14869:
14870: * Makefile.in:
14871: sudoreplay depends on libsudo.a
14872: [142bd0472631]
14873:
14874: * Makefile.in:
14875: More pwutil.o into COMMON_OBJS
14876: [4a016b933629]
14877:
14878: * pwutil.c, testsudoers.c, tsgetgrpw.c:
14879: Remove my_* redirection in pwutil.c for testsudoers and just use the
14880: normal libc get{pw,gr}* names.
14881: [9b76d637d86b]
14882:
14883: * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
14884: More time and date examples
14885: [c6ee0175ec56]
14886:
14887: * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
14888: Move nanosleep() emulation into its own file Check librt.a for
14889: nanosleep if we don't find it in libc
14890: [4da0cc26aad7]
14891:
14892: * Makefile.in, configure, configure.in:
14893: Build libsudo with the common bits and link things against that.
14894: [2b53bc0b081a]
14895:
14896: * script.c:
14897: Fix final flush.
14898: [6da287d833da]
14899:
14900: * script.c:
14901: Keep reading from the pty master -> log file until read returns <=
14902: 0. Do our best to write everything to stdout when flushing any
14903: remaining bits.
14904: [2a45d4ae280c]
14905:
14906: * sudoreplay.c:
14907: Use unbuffered I/O when writing to stdout and make sure we write the
14908: entire buffer.
14909: [f39ef9844a47]
14910:
14911: 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
14912:
14913: * sudoreplay.c:
14914: Only use max_wait if it is non-zero
14915: [f6c10604d2e8]
14916:
14917: * getdate.c, getdate.y, getline.c:
14918: Need compat.h here
14919: [5d6722e225a0]
14920:
14921: * sudoreplay.c:
14922: Fix nanosleep emulation
14923: [34e5e5d72a76]
14924:
14925: * script.c:
14926: Fix comment after #endif
14927: [bd1347718b25]
14928:
14929: * sudoreplay.c:
14930: Add protos for missing libc bits
14931: [644f496427a2]
14932:
14933: * configure, configure.in:
14934: add missing line continuation char
14935: [db13c0d402cd]
14936:
14937: * config.h.in, configure, configure.in, getline.c:
14938: Implement getline() in terms of fgetln() if we have it.
14939: [3ab786eaadc5]
14940:
14941: * sudoreplay.c:
14942: Print year when formatting log line
14943: [90be669e3443]
14944:
14945: * sudoreplay.pod:
14946: Document cwd, attempt to document time/date formats.
14947: [6290fb9b65c6]
14948:
14949: * sudoreplay.c:
14950: Fix getline return value check.
14951: [d696d6657261]
14952:
14953: * Makefile.in, config.h.in, configure, configure.in, getline.c,
14954: sudoreplay.c:
14955: Use getline() if the system has it, else use provide our own for
14956: sudoreplay.
14957: [afca1d6fbe5e]
14958:
14959: * script.c:
14960: Refactor code to update output and timing files.
14961: [361491332b1a]
14962:
14963: 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
14964:
14965: * sudoreplay.c:
14966: Make sudo_getln() behave more like glibc getline.
14967: [40c9f2ea29e6]
14968:
14969: * script.c:
14970: When flushing remaining output, also update timing file.
14971: [5a9a5a627549]
14972:
14973: * sudoreplay.c:
14974: Use get_timestr() and make the -l output look like the regular sudo
14975: log.
14976: [452ba9d436c9]
14977:
14978: * logging.c, sudo.h, timestr.c:
14979: Make get_timestr() take a time_t so we can use it properly in
14980: sudoreplay.
14981: [82e67cc53c9c]
14982:
14983: * script.c:
14984: Create session dir earlier now that we update the seq number early.
14985: [797fe8d6dc61]
14986:
14987: 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
14988:
14989: * sudoreplay.c:
14990: Use fromdate and todate as the keywords instead of from and to; the
14991: short forms will still be accepted.
14992: [d14d9b116df4]
14993:
14994: * sudoreplay.c:
14995: Fix reading long liensin sudo_getln()
14996: [58dadd74118c]
14997:
14998: * script.c, sudoreplay.c:
14999: Log the cwd in the script log file. Add sudo_getln() to read
15000: arbitrarily long lines.
15001: [faceb802ab8f]
15002:
15003: * Makefile.in, logging.c, sudo.h, timestr.c:
15004: Move get_timestr() into its own source file so sudoreplay can use
15005: it.
15006: [99b054bfa20a]
15007:
15008: 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
15009:
15010: * sudoreplay.c:
15011: Add to and from perdicates (date ranges); needs documentation
15012: [1d629174dcf4]
15013:
15014: 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
15015:
15016: * Makefile.in, getdate.c, getdate.y:
15017: Fix warning and add generated getdate.c
15018: [b877a86b5a03]
15019:
15020: * Makefile.in, getdate.y:
15021: Add getdate.y to be used for sudoreplay date parsing.
15022: [b8e26fbb7a40]
15023:
15024: 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
15025:
15026: * sudoreplay.c:
15027: Check more than just the first character of a predicate
15028: [4fe53728adb1]
15029:
15030: * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
15031: Add examples, sort predicates
15032: [70f8075cbccc]
15033:
15034: * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
15035: sudoreplay.pod:
15036: Implement search expressions in sudoreplay similar in concept to
15037: what find or tcpdump uses. TODO: date ranges
15038: [f7ce4fb4cf3a]
15039:
15040: 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
15041:
15042: * script.c:
15043: Remove vhangup as it was hanging up the wrong tty. Should really
15044: vhangup in the child after it as set its tty.
15045: [2eed9df73010]
15046:
15047: * sudoers.pod:
15048: Fix cut at documenting transcript support.
15049: [e6c533a5568a]
15050:
15051: * logging.c:
15052: ID= -> TSID= for transcript ID
15053: [1bf755a35333]
15054:
15055: 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
15056:
15057: * sudoers.pod:
15058: Move fast_glob description to where it belongs in sorted order
15059: [5901cfb0d25f]
15060:
15061: * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
15062: parse.c, parse.h, sudo.c:
15063: Rename script -> transcript
15064: [e06cf823122c]
15065:
15066: 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
15067:
15068: * compat.h:
15069: Add timeradd and timersub for those without them
15070: [929f8aa06c2b]
15071:
15072: * script.c:
15073: Sanity check sessid before using it.
15074: [aa8ca5211d43]
15075:
15076: * sudo.c:
15077: Only set the session id if we are running a command or editing a
15078: file.
15079: [7205d717c098]
15080:
15081: * script.c:
15082: Actually. qsort is fine since most versions fal back to a cheaper
15083: sort when the number of elements to sort is small (like in our
15084: case).
15085: [d11c7cd352fe]
15086:
15087: * config.h.in, configure, configure.in, script.c:
15088: Check for dup2 and use dup instead if we don't have it.
15089: [98bd89830f8a]
15090:
15091: * script.c, sudo.c, sudo.h:
15092: Move the code to dup2 the script fds to low numbered descriptors
15093: into script_duplow() and fix the fd sorting.
15094: [9453fdc5fba6]
15095:
15096: * script.c, sudo.c, sudo.h:
15097: Move script_setup() back to immediately before we drop privs and
15098: call the new script_nextid() in its place, which will set
15099: sudo_user.sessid for the logging functions.
15100: [8434d0c8ff08]
15101:
15102: 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
15103:
15104: * Makefile.in:
15105: Install sudoreplay
15106: [6acf2cdb4d3f]
15107:
15108: * sudoreplay.c:
15109: remove unused variable
15110: [2316360bb992]
15111:
15112: 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
15113:
15114: * logging.c, script.c, sudo.c, sudo.h:
15115: Log the session ID, if there is one. Currently logs ID=XXXXXX,
15116: perhaps should be SESSIONID or SESSID.
15117: [53976905b0a6]
15118:
15119: * Makefile.in, configure, configure.in, sudoreplay.cat,
15120: sudoreplay.man.in, sudoreplay.pod:
15121: Add sudoreplay docs
15122: [da4f14f0e64c]
15123:
15124: * sudoreplay.c:
15125: add -V (version) flag
15126: [b5e743639ee3]
15127:
15128: * sudoreplay.c:
15129: Hook up max_wait.
15130: [2ec5697a92ba]
15131:
15132: * script.c, sudoreplay.c:
15133: Use base36 number for the ID and store script files with paths like
15134: /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
15135: (2,176,782,336) unique IDs.
15136: [6aab019d07aa]
15137:
15138: 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
15139:
15140: * config.h.in, configure.in:
15141: Add check for regcomp
15142: [44c3ebd7ff34]
15143:
15144: * sudoreplay.c:
15145: Add support for selecting by pattern and tty when listing.
15146: [66189f840c52]
15147:
15148: 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
15149:
15150: * sudoreplay.c:
15151: The beginnings of a list mode.
15152: [8d0150b4a52c]
15153:
15154: 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
15155:
15156: * Makefile.in:
15157: fix pasto
15158: [616b4640b8a8]
15159:
15160: * Makefile.in, config.h.in, configure.in:
15161: Add scaffolding for building sudoreplay
15162: [a32958505dbe]
15163:
15164: * sudoreplay.c:
15165: include error.h first arg to nanotime is const
15166: [fe5a7bb31bc5]
15167:
15168: * sudoreplay.c:
15169: Initial cut at sudoreplay; replay a sudo session.
15170: [f149fba372bd]
15171:
15172: 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
15173:
15174: * script.c:
15175: Fix wait() usage and use correct wait status.
15176: [f4745ed7ad05]
15177:
15178: * sudo.c, sudo.h, tgetpass.c:
15179: Add protos for term_* to sudo.h
15180: [14fe1abd7e7b]
15181:
15182: * script.c:
15183: Fix detection of the child process exiting. Since the child is in
15184: its own session we should only ever get SIGCHLD for that process but
15185: better safe than sorry.
15186: [7edfdadd8505]
15187:
15188: * config.h.in:
15189: Add UNIX98 pty support.
15190: [82f4b53a0e8f]
15191:
15192: * configure, configure.in, script.c:
15193: Add UNIX98 pty support.
15194: [795b8bb0a3a1]
15195:
15196: 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
15197:
15198: * term.c:
15199: For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
15200: if it is defined.
15201: [40f8b83baf69]
15202:
15203: * auth/pam.c:
15204: Set PAM_RUSER and PAM_RHOST early so they can be used during
15205: authentication. Based on a patch from Jamie Beverly.
15206: [3d567b453a6a]
15207:
15208: * match.c:
15209: Close dir before returning if strlcpy() reports overflow. From
15210: Martynas Venckus.
15211: [6a82f96473e5]
15212:
15213: * config.h.in, configure, configure.in, script.c:
15214: On Linux, the openpty proto libes in pty.h
15215: [98643a018d1c]
15216:
15217: * script.c:
15218: Call vhangup on exit if the system has it Use setpgrp() if no
15219: setsid()
15220: [3a9e13149829]
15221:
15222: 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
15223:
15224: * config.h.in, configure, configure.in:
15225: Add checks for revoke and vhangup if we don't have openpty
15226: [fcb04572e994]
15227:
15228: * script.c:
15229: Session logging guts that got forgotten in the previous commit.
15230: [c2af08a63ea9]
15231:
15232: * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
15233: configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
15234: gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
15235: tgetpass.c:
15236: First cut at session logging for sudo. Still need to write
15237: get_pty() for Unix 98 and old-style BSD ptys. Also needs
15238: documentation and general cleanup.
15239: [77e3f5e25738]
15240:
15241: 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
15242:
15243: * sudo.c, sudo_edit.c:
15244: Fix a bug introduced with def_closefrom. The value of def_closefrom
15245: already includes the +1.
15246: [7291c136300d]
15247:
15248: 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
15249:
15250: * Makefile.in:
15251: Generate sudo distributions with pax in ustar mode. No longer need
15252: to use a temp file or have the source dir name match the version.
15253: [9778177a8272]
15254:
15255: 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
15256:
15257: * toke.c, toke.l:
15258: Fix expansion of %h in #include names. Fixes bugzilla 363
15259: [6e346879ba24]
15260:
15261: 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
15262:
15263: * mkdefaults:
15264: If no arg assume def_data.in
15265: [c1dd28c0e675]
15266:
15267: * README, WHATSNEW:
15268: Update for 1.7.2
15269: [f5ad45f69f05] [SUDO_1_7_2]
15270:
15271: * ChangeLog:
15272: sync
15273: [6283549396ff]
15274:
15275: 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
15276:
15277: * sudoers.cat, sudoers.man.in, sudoers.pod:
15278: Add missing single quotes around a colon in Runas_Spec definition.
15279: From Elias Benali.
15280: [ccc6ee4fca83]
15281:
15282: 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
15283:
15284: * sudo.man.in, sudoers.man.in:
15285: regen
15286: [546e75304ebf]
15287:
15288: * redblack.c:
15289: In rbrepair, re-color the root or the first non-block node we find
15290: to be black. Re-coloring the root is probably not needed but won't
15291: hurt.
15292: [34d01ebe241b]
15293:
15294: * sudo.cat, sudoers.cat:
15295: regen
15296: [bebf5a39f54f]
15297:
15298: 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
15299:
15300: * redblack.c:
15301: When repairing the tree, don't touch the root node.
15302: [9841f0d5d789]
15303:
15304: 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
15305:
15306: * set_perms.c:
15307: Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
15308: Reported by Josef Schmid.
15309: [ed044b1eb879]
15310:
15311: 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
15312:
15313: * sudoers.pod:
15314: Document that we accept env_pam-style environment files
15315: [e3b545456352]
15316:
15317: * env.c:
15318: Adapt to accept pam_env-style /etc/environment which allows shell-
15319: style lines such as: export EDITOR="/usr/bin/vi"
15320: [752eb75bf007]
15321:
15322: * sudoers.pod:
15323: Make it clear that env_delete only works when !env_reset. From Lo??c
15324: Minier
15325: [3bd3f8e351ba]
15326:
15327: 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
15328:
15329: * sudo.pod, sudoers.pod:
15330: Add non-unix group bits, adapted from Quest
15331: [8ce427de8dea]
15332:
15333: * Makefile.in:
15334: build the .cat page in the current working dir, not the src dir
15335: [00e87a307674]
15336:
15337: * env.c:
15338: Return EINVAL in setenv() if var is NULL or the empty string to
15339: match glibc behavior.
15340: [23fd7c247142]
15341:
15342: 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
15343:
15344: * configure, configure.in:
15345: Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
15346: [fedd4a3e2a85]
15347:
15348: 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
15349:
15350: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
15351: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
15352: regen
15353: [7b9f461a40b3]
15354:
15355: 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
15356:
15357: * INSTALL:
15358: Document --with-libvas and --with-libvas-rpath
15359: [a071e6d96c89]
15360:
15361: 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
15362:
15363: * ldap.c, sudoers.ldap.pod:
15364: For netscape-derived LDAP SDKs the cert and key paths may be a
15365: directory or a file. However, version 5.0 of the SDK only seems to
15366: support using a directory. If ldapssl_clientauth_init fails and the
15367: cert or key paths look like they could be files, strip off the last
15368: path element and try again.
15369: [ac4e49d83043]
15370:
15371: * Makefile.in:
15372: Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
15373: [4547cc1a335f]
15374:
15375: 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
15376:
15377: * configure, configure.in, match.c, sudo.c, vasgroups.c:
15378: Update non-Unix group support from Quest, as reworked by me.
15379: [1abafce29dc6]
15380:
15381: * toke.c:
15382: regen
15383: [01bfca9148b7]
15384:
15385: * toke.l:
15386: Add support for escaped hex chars in names, e.g. \x20 for space.
15387: [3c7be8e58a39]
15388:
15389: 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
15390:
15391: * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
15392: auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
15393: fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
15394: logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
15395: set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
15396: sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
15397: tgetpass.c, toke.l, visudo.c:
15398: Update copyright years.
15399: [e615f676c764]
15400:
15401: 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
15402:
15403: * interfaces.c, lbuf.c:
15404: Minor fixes for Minix-3
15405: [898c510d23f9]
15406:
15407: 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
15408:
15409: * set_perms.c:
15410: Handle getgroups() returning 0. Also add missing check for
15411: HAVE_GETGROUPS.
15412: [d73b958f9ffd]
15413:
15414: 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
15415:
15416: * Makefile.in, config.h.in, configure, configure.in, sudo.c,
15417: version.h, visudo.c:
15418: Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
15419: [5050579a264d]
15420:
15421: 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
15422:
15423: * set_perms.c:
15424: Remove group setting code in setusercontext case, we will do it
15425: ourselves later on in runas_setup. Set the gid after
15426: initgroups/setgroups is called, since on Mac OS X it seems to change
15427: the egid.
15428: [09dc21d8b42d]
15429:
15430: 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
15431:
15432: * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
15433: vasgroups.c:
15434: Initial bits of non-unix group support using Quest Authentication
15435: Services
15436: [1eecab0ff27e]
15437:
15438: * toke.c, toke.l:
15439: Accept %:foo as a non-Unix group
15440: [4c4b5dd899a6]
15441:
15442: * toke.c, toke.l:
15443: Allow user/group to be double quoted in the case of non-Unix groups
15444: which contain spaces.
15445: [47a3d568b7e8]
15446:
15447: 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
15448:
15449: * match.c:
15450: Don't allow the user to specify the default runas user if their
15451: sudoers entry only allows them to run as a group.
15452: [4d726177227c]
15453:
15454: 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
15455:
15456: * sudo.c:
15457: Must call audit_success before we change uids.
15458: [04a9e6ce6e55]
15459:
15460: * logging.c, set_perms.c, sudo.h, testsudoers.c:
15461: Add option for set_perm to not exit on failure and use this in the
15462: logging routines.
15463: [833dce7b7f42]
15464:
15465: * parse.c:
15466: In -l mode, if the user is only allowed to run as a group, display
15467: the user's name, not root's before the allowed group.
15468: [ef92ff99d265]
15469:
15470: * sudo.c:
15471: Fix -g mode, broken by rev 1.503 which had the side effect of
15472: setting the runas user to root unilaterally.
15473: [50a2f7df4385]
15474:
15475: 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
15476:
15477: * fileops.c:
15478: When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
15479: [30fbe832dcf3]
15480:
15481: * pwutil.c:
15482: Only cache by the method we fetched for pwd and grp lookups.
15483: Previously we cached both by namd and id but this can cause problems
15484: for entries that share the same id. Also add more info in the error
15485: message in case the insert fails (which should now be impossible).
15486: [ef95a4f0bab5]
15487:
15488: 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
15489:
15490: * sudoers.pod:
15491: Add a clarification from Nick Sieger
15492: [1eadad329561]
15493:
15494: 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
15495:
15496: * env.c:
15497: Inline the setting of the environment string.
15498: [9515d11c6295]
15499:
15500: 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
15501:
15502: * env.c:
15503: setenv(3) in Linux treats a NUL value as the empty string setenv(3)
15504: in BSD doesn't return an error if the name has '=' in it, it just
15505: treats the '=' as end of string.
15506: [941260bf94d2]
15507:
15508: 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
15509:
15510: * toke.c, toke.l:
15511: Not all systems have d_namlen
15512: [e377b18d8e2d]
15513:
15514: 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
15515:
15516: * sudoers.pod:
15517: Fix up some pod2html issues.
15518: [823a1f10ab60]
15519:
15520: 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
15521:
15522: * interfaces.c:
15523: Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
15524: Quest Software.
15525: [73de36653131]
15526:
15527: * sudoers.pod:
15528: Ignore files ending in '~' in sudo.d (emacs backup files)
15529: [7871fad702db]
15530:
15531: * toke.c, toke.l:
15532: Ignore files ending in '~' in sudo.d (emacs backup files)
15533: [53fded2a469f]
15534:
15535: 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
15536:
15537: * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
15538: For #includedir, ignore any file containing a dot
15539: [a7daa1bce6c2]
15540:
15541: * Makefile.in, version.h:
15542: Bump version
15543: [ef60f14ffc44]
15544:
15545: * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
15546: sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
15547: visudo.c:
15548: Implement #includedir directive. Files in an includedir are not
15549: edited by visudo unless they contain a syntax error.
15550: [3923d85a6c79]
15551:
15552: * ChangeLog:
15553: sync
15554: [8741ed61a78b] [SUDO_1_7_1]
15555:
15556: * WHATSNEW:
15557: Forgot umask_override
15558: [7c86a21a5504]
15559:
15560: * ChangeLog, TODO:
15561: sync
15562: [57339ca6bccf]
15563:
15564: 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
15565:
15566: * visudo.c:
15567: Rewind stream if we fdopen sudoers since it may not be at the
15568: beginning. Set the keepopen flag on already-open files too so the
15569: lexer doesn't close them out from under us.
15570: [61292d819aff]
15571:
15572: * visudo.c:
15573: Print the proper file name when there is a parse error in an include
15574: file.
15575: [b0e85d4aedde]
15576:
15577: 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
15578:
15579: * WHATSNEW:
15580: Sync
15581: [997e5d485ea3]
15582:
15583: 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
15584:
15585: * configure, configure.in:
15586: Fix a warning when --without-ldap is specified.
15587: [d91fd9481b30]
15588:
15589: 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
15590:
15591: * alias.c, parse.h, visudo.c:
15592: Store aliases that we remove during check_aliases in a freelist and
15593: free them at the end so we don't leak memory.
15594: [805e2272f6a3]
15595:
15596: 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
15597:
15598: * visudo.c:
15599: Check aliases in -c mode too.
15600: [9199e188d9f2]
15601:
15602: * alias.c, parse.h, visudo.c:
15603: Make alias_remove return the alias struct instead of freeing it
15604: directly. Fixes a use after free in alias_remove_recursive, the only
15605: consumer.
15606: [a04b61804800]
15607:
15608: * alias.c, match.c, parse.c, parse.h, visudo.c:
15609: Rename find_alias -> alias_find for consistency.
15610: [48b0a82924f3]
15611:
15612: 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
15613:
15614: * visudo.c:
15615: When checking for unused aliases, recurse if the alias points to
15616: another alias.
15617: [2d4d1a7f3a41]
15618:
15619: 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
15620:
15621: * ldap.c:
15622: Back out rev 1.105 for now. Real ldapux_client.conf support will be
15623: done later after some refactoring.
15624: [8ad72e69b277]
15625:
15626: 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
15627:
15628: * ldap.c:
15629: Treat ldap_hostport the same as "host" for ldapux.
15630: [3281dcc66da8]
15631:
15632: * configure, configure.in:
15633: Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
15634: Fixes compilation with ldapux.
15635: [ca1ed585ef0e]
15636:
15637: 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
15638:
15639: * fileops.c:
15640: fix char subscript
15641: [41e51f080d00]
15642:
15643: 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
15644:
15645: * Makefile.in:
15646: remove errant carriage returns
15647: [e9e258a31c7b]
15648:
15649: * audit.c, env.c:
15650: fix K&R compilation
15651: [d182e8920f13]
15652:
15653: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
15654: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
15655: regen
15656: [791a5cbf04e5]
15657:
15658: 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
15659:
15660: * config.h.in:
15661: Add missing HAVE_BSM_AUDIT
15662: [49ad1bb96f04]
15663:
15664: * WHATSNEW:
15665: Add 1.7.1 features
15666: [f107f1604c61]
15667:
15668: * INSTALL:
15669: Mention --with-netsvc
15670: [d1e90d147795]
15671:
15672: * sudoers.ldap.pod:
15673: Document netsvc.conf support
15674: [e78f8abce6af]
15675:
15676: * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
15677: sudo_nss.h:
15678: Add support for AIX netsvc.conf (like nsswitch.conf).
15679: [1df56a84dee5]
15680:
15681: 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
15682:
15683: * config.h.in, configure, configure.in, env.c:
15684: Add --enable-env-debug flag to enable environment sanity checks.
15685: [128cdd8832e7]
15686:
15687: * sudoers.ldap.pod, sudoers.pod:
15688: Work around some pod2html issue.
15689: [e733b9609bd2]
15690:
15691: 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
15692:
15693: * env.c:
15694: Only sync environ for putenv, setenv, and unsetenv. We need to make
15695: sure that sudo_putenv and sudo_setenv only modify env.envp, not
15696: environ.
15697: [be3ac732243c]
15698:
15699: 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
15700:
15701: * env.c:
15702: Really fix UNSETENV_VOID
15703: [08ab7e882507]
15704:
15705: * env.c:
15706: Fix unsetenv when UNSETENV_VOID
15707: [d3038b3f2f15]
15708:
15709: * aclocal.m4, configure:
15710: Fix SUDO_FUNC_PUTENV_CONST
15711: [de35569c572b]
15712:
15713: * ldap.c:
15714: tivoli-based ldap does not have ldapssl_err2string
15715: [c63fd90d5e99]
15716:
15717: * configure:
15718: regen
15719: [f38f1ee828ad]
15720:
15721: 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
15722:
15723: * config.h.in, configure, configure.in, ldap.c:
15724: Add support for Tivoli-based LDAP start TLS as seen in AIX.
15725: Untested.
15726: [8f8771829f85]
15727:
15728: * env.c:
15729: Add sanity checks for setenv/unsetenv
15730: [adbd1d95856b]
15731:
15732: * Makefile.in:
15733: Include bsm_audit.h in the tarball
15734: [4a4aa02b2c32]
15735:
15736: * Makefile.in, version.h:
15737: bump version for sudo 1.7.1
15738: [362c71d21595]
15739:
15740: * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
15741: env.c, ldap.c, sudo.h:
15742: Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
15743: provide our own setenv/unsetenv/putenv that operates on own env
15744: pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
15745: [276edcd23032]
15746:
15747: 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
15748:
15749: * sudo.c:
15750: Make "sudoedit -h" work as expected
15751: [2bcbbb45d389]
15752:
15753: * auth/pam.c:
15754: Make sure def_prompt is always defined. This is a workaround for
15755: pam configs that prompt for a password in the session but don't have
15756: an auth line. A better fix is to expand the sudo prompt earlier and
15757: set def_prompt to that when initializing.
15758: [ee073c04aec3]
15759:
15760: * sudo.pod:
15761: Mention that the helper for -A may be graphical.
15762: [b64a940c4082]
15763:
15764: * TROUBLESHOOTING:
15765: Document what happens if there is no tty.
15766: [313d58a856a5]
15767:
15768: * sudo.c:
15769: cosmetic changes
15770: [894f5e3b0c3e]
15771:
15772: * term.c:
15773: Fix term_restore
15774: [6c6315ff14bc]
15775:
15776: * sudo.c:
15777: Fix "sudo -k" with no other args
15778: [59e94dc419c6]
15779:
15780: 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
15781:
15782: * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
15783: Allow the -k flag to be specified in conjunction with a command or
15784: another option that may require authentication.
15785: [5960ff20355d]
15786:
15787: 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
15788:
15789: * configure, configure.in:
15790: Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
15791: [e86ab69c4a57]
15792:
15793: * Makefile.in:
15794: Parallel make fix. From Diego E. 'Flameeyes'
15795: [1289d7ee27db]
15796:
15797: 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
15798:
15799: * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
15800: Implement umask_override
15801: [8b87a3f7c5aa]
15802:
15803: * toke.c:
15804: regen
15805: [79d7ca9ac873]
15806:
15807: * sudoers.pod, toke.l, visudo.c:
15808: Implement %h escape in sudoers include filenames.
15809: [a7f288dd64f0]
15810:
15811: * audit.c:
15812: Need to include compat.h
15813: [c0dc07ce2f70]
15814:
15815: * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
15816: Make audit_success and audit_failure generic functions in
15817: preparation for integrating linux audit support.
15818: [7df020a8fd6f]
15819:
15820: * term.c:
15821: remove duplicate include
15822: [1dfcd01a7e46]
15823:
15824: 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
15825:
15826: * bsm_audit.c:
15827: Add missing include
15828: [fb56e08c37ee]
15829:
15830: * sudo.c:
15831: May need to update the runas user after parsing command-based
15832: defaults.
15833: [246f130d7802]
15834:
15835: 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
15836:
15837: * glob.c:
15838: Add missing pair of braces introduced with character class support.
15839: [0e2afa2e03e9]
15840:
15841: 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
15842:
15843: * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
15844: Rename pwstars to pwfeedback
15845: [a9f85a57ebac]
15846:
15847: 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
15848:
15849: * bsm_audit.c, bsm_audit.h:
15850: Add const to make MacOS happy.
15851: [4274432d6627]
15852:
15853: * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
15854: configure.in, sudo.c:
15855: Add bsm audit support from Christian S.J. Peron
15856: [bef61cd8693d]
15857:
15858: * term.c:
15859: This is new code, no DARPA notice.
15860: [ec6ad09b9c23]
15861:
15862: 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
15863:
15864: * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
15865: Rename simple_glob -> fast_glob
15866: [68d9ed803cc1]
15867:
15868: * match.c:
15869: g/c unused var
15870: [693fa0464eb6]
15871:
15872: * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
15873: Add simple_glob option to use fnmatch() instead of glob(). This is
15874: useful when you need to specify patterns that reference network file
15875: systems.
15876: [77ba634f6949]
15877:
15878: * tgetpass.c:
15879: add term_* proto
15880: [520f5149d073]
15881:
15882: * sudoers.pod:
15883: mention glob()
15884: [ddaab8e03c52]
15885:
15886: 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
15887:
15888: * tgetpass.c:
15889: Delete any pwstars we wrote after the user hits return. That way
15890: there is no record on screen as to the user's password length.
15891: [fae25cda762b]
15892:
15893: 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
15894:
15895: * term.c:
15896: Move terminal setting bits from tgetpass.c to term.c
15897: [03d43325ee99]
15898:
15899: * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
15900: tgetpass.c:
15901: Add pwstars sudoers option that causes sudo to print a star every
15902: time the user presses a key.
15903: [7aab417e184d]
15904:
15905: 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
15906:
15907: * Makefile.in:
15908: Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
15909: [64f70e879816]
15910:
15911: 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
15912:
15913: * ldap.c:
15914: For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
15915: indicate no limit. From Mark Janssen.
15916: [e2c5732d54f5]
15917:
15918: 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
15919:
15920: * toke.c, toke.l:
15921: Comments that begin with #- should not be parsed as uids.
15922: [a72a50f12f41]
15923:
15924: 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
15925:
15926: * sudo.c:
15927: Do not try to set the close on exec flag if we didn't actually open
15928: sudoers.
15929: [ece3ca256904]
15930:
15931: 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
15932:
15933: * ChangeLog:
15934: regen
15935: [e11f0e4c1bdd] [SUDO_1_7_0]
15936:
15937: 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
15938:
15939: * TODO:
15940: sync
15941: [5b8954462bb3]
15942:
15943: 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
15944:
15945: * auth/pam.c:
15946: Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
15947: password prompt.
15948: [8563601cb3de]
15949:
15950: * configure, configure.in:
15951: Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
15952: as it cannot generate shared objects.
15953: [6d4262ef9669]
15954:
15955: * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
15956: K&R compilation fixes
15957: [77921678d17c]
15958:
15959: * parse.c:
15960: Use tq_foreach_fwd when checking pseudo-commands to make it clear
15961: that we are not short-circuiting on last match. When pwcheck is
15962: 'all', initialize nopass to TRUE and override it with the first non-
15963: TRUE entry.
15964: [96b209f4778f]
15965:
15966: 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
15967:
15968: * parse.c:
15969: Do not short circuit pseudo commands when we get a match since,
15970: depending on the settings, we may need to examine all commands for
15971: tags.
15972: [fdbaf89d6f35]
15973:
15974: 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
15975:
15976: * sudoers.cat, sudoers.man.in:
15977: regen
15978: [1ecce7c1b841]
15979:
15980: * sudoers.pod:
15981: hostnames may also contain wildcards
15982: [82b76695601c]
15983:
15984: * Makefile.in:
15985: remove stamp-* files and linux core files in clean target
15986: [22003f091467]
15987:
15988: 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
15989:
15990: * auth/sudo_auth.h, config.h.in, configure, configure.in:
15991: Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
15992: [6905bede8410]
15993:
15994: 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
15995:
15996: * configure, configure.in:
15997: correctly enable SIA on Digital UNIX
15998: [a51881d13995]
15999:
16000: * TODO:
16001: checkpoint
16002: [af0fe8d94d42]
16003:
16004: * ChangeLog:
16005: sync
16006: [831f623cf99c]
16007:
16008: 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
16009:
16010: * check.c, sudo.h, tgetpass.c:
16011: Even if neither stdin nor stdout are ttys we may still have /dev/tty
16012: available to us.
16013: [20f306ba883b]
16014:
16015: 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
16016:
16017: * sudoers.cat, sudoers.man.in:
16018: regen
16019: [76d97c4c318f]
16020:
16021: * sudoers.pod:
16022: fix typos; Markus Lude
16023: [bff8bc1e2066]
16024:
16025: * ChangeLog:
16026: sync
16027: [f108552531cd]
16028:
16029: * toke.c:
16030: regen
16031: [de828413c67e]
16032:
16033: * toke.l:
16034: Fix matching of a line that only consists of a comment char
16035: [09c953d8d5ca]
16036:
16037: 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
16038:
16039: * auth/pam.c:
16040: MacOS pam will retry conversation function if it fails so just treat
16041: ^C as an empty password.
16042: [d056058930bc]
16043:
16044: * visudo.c:
16045: When checking for alias use, also check defaults bindings.
16046: [2647f82c7dbd]
16047:
16048: * redblack.c:
16049: unused var
16050: [b7ff71c17c18]
16051:
16052: * redblack.c:
16053: Replace my rbdelete with Emin's version (which actually works ;-)
16054: [21b133dd0c72]
16055:
16056: 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
16057:
16058: * testsudoers.c:
16059: malloc debugging
16060: [0fb446fa3279]
16061:
16062: * visudo.c:
16063: malloc options in devel mode for visudo too
16064: [98d06c6afeef]
16065:
16066: 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
16067:
16068: * sudo.c:
16069: fix compilation on non-C99; from Theo
16070: [7c304e16c536]
16071:
16072: * visudo.c:
16073: fix check_aliases
16074: [83f30a3b1765]
16075:
16076: * alias.c:
16077: when destroying an alias, free the correct data pointer
16078: [6e1a8bd86c01]
16079:
16080: * auth/sudo_auth.h:
16081: add proto for aixauth_cleanup; from Dale King
16082: [eba94ffc8f63]
16083:
16084: 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
16085:
16086: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
16087: visudo.man.in:
16088: regen
16089: [409fa57fff83]
16090:
16091: * sudo.pod, sudoers.pod, visudo.pod:
16092: standardize on the term 'option' for command line options (not flag)
16093: [228caefc2e36]
16094:
16095: 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
16096:
16097: * INSTALL:
16098: Add note on configuring HP-UX pam
16099: [f7674a581baf]
16100:
16101: 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
16102:
16103: * check.c, sudo.c:
16104: Move tty checks into check_user() so we only do them if we actually
16105: need a password.
16106: [7d997d7106d6]
16107:
16108: * sudo.c:
16109: Don't error out if no tty or askpass unless we actually need to
16110: authenticate.
16111: [9f23b83ed66c]
16112:
16113: 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
16114:
16115: * ChangeLog:
16116: regen
16117: [23f9aef32da6]
16118:
16119: * pathnames.h.in, sudo.c:
16120: s/overriden/overridden/; from Tobias Stoeckmann
16121: [9f7459a8fac5]
16122:
16123: 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
16124:
16125: * WHATSNEW, visudo.c:
16126: check sudoers owner and mode in strict mode
16127: [a3468c5ac1c4]
16128:
16129: * gram.c, toke.c:
16130: regen
16131: [7d6b515a5443]
16132:
16133: * sudo.man.in, sudoers.man.in, visudo.man.in:
16134: Update copyright years.
16135: [52d340cb8cba]
16136:
16137: * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
16138: auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
16139: auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
16140: closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
16141: gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
16142: interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
16143: parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
16144: sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
16145: testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
16146: visudo.pod, zero_bytes.c:
16147: Update copyright years.
16148: [b4e6bf2beafa]
16149:
16150: * emul/charclass.h, fnmatch.c, glob.c:
16151: add my copyright
16152: [28681385014a]
16153:
16154: 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
16155:
16156: * toke.c, toke.l:
16157: The loop in fill_cmnd() was going one byte too far past the end,
16158: resulting in a NUL being written immediately after the buffer end.
16159: [a5a49d603cd7]
16160:
16161: * UPGRADE, WHATSNEW:
16162: add sections on tgetpass changes
16163: [2e6929b6a102]
16164:
16165: * tgetpass.c:
16166: Treat EOF w/o newline as an error.
16167: [aa02b1db9240]
16168:
16169: 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
16170:
16171: * parse.c:
16172: Fix "sudo -v" when NOPASSWD is set.
16173: [f4914711ea80]
16174:
16175: * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
16176: auth/sudo_auth.h:
16177: No longer treat an empty password at the prompt as special. To quit
16178: out of sudo you now need to hit ^C at the password prompt.
16179: [980f760ad419]
16180:
16181: * sudoers.cat, sudoers.man.in:
16182: regen
16183: [6ca21a2cd869]
16184:
16185: * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
16186: Sudo will now refuse to run if no tty is present unless the new
16187: visiblepw sudoers flag is set.
16188: [0cc56943252e]
16189:
16190: 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
16191:
16192: * aix.c:
16193: just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
16194: defined
16195: [24fc6f712d5c]
16196:
16197: * aix.c:
16198: fix fallback value for RLIM_SAVED_MAX
16199: [e09e04e1af89]
16200:
16201: * auth/aix_auth.c, auth/sudo_auth.h:
16202: Move clearing of AUTHSTATE into aixauth_cleanup.
16203: [e14ae7bd259c]
16204:
16205: * auth/aix_auth.c, env.c:
16206: Unset AUTHSTATE after calling authenticate() as it may not be
16207: correct for the user we are running the command as.
16208: [d14f68f1b0ab]
16209:
16210: * isblank.c:
16211: Add isblank() function for systems without it. Needed for POSIX
16212: character class matching in fnmatch.c and glob.c.
16213: [16cba30b283f]
16214:
16215: 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
16216:
16217: * TROUBLESHOOTING:
16218: expound on sudo and cd
16219: [8e0fa9033637]
16220:
16221: 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
16222:
16223: * ChangeLog:
16224: regen
16225: [40cf320a10fc]
16226:
16227: * sudoers.cat, sudoers.man.in:
16228: regen
16229: [7cac761ae2c6]
16230:
16231: * sudoers.pod:
16232: mention defauts parse order
16233: [4e2ce86d1394]
16234:
16235: 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
16236:
16237: * Makefile.in, aclocal.m4, compat.h, configure:
16238: Add isblank() function for systems without it. Needed for POSIX
16239: character class matching in fnmatch.c and glob.c.
16240: [a1ab55da8424]
16241:
16242: * Makefile.in:
16243: add emul/charclass.h to HDRS
16244: [7e8a019dcaa4]
16245:
16246: 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
16247:
16248: * TODO:
16249: checkpoint
16250: [afeb9bc1baed]
16251:
16252: * defaults.c, parse.c, testsudoers.c, visudo.c:
16253: Move update_defaults into defaults.c and call it properly from
16254: visudo and testsudoers.
16255: [f4dbb369461f]
16256:
16257: * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
16258: tsgetgrpw.c:
16259: use zero_bytes() instead of memset() for consistency
16260: [4cee0465f4a8]
16261:
16262: * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
16263: visudo.c:
16264: Zero out sigaction_t before use in case it has non-standard entries.
16265: [120092225459]
16266:
16267: * match.c:
16268: quiet gcc
16269: [098a1df49b23]
16270:
16271: * match.c:
16272: Short circuit glob() checks if basename(pattern) !=
16273: basename(command). Refactor code that checks for a command in a
16274: directory and use it in the glob case if the resolved pattern ends
16275: in a '/'.
16276: [3c46fd317acb]
16277:
16278: 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
16279:
16280: * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
16281: Defer setting runas defaults until after runaspw/gr is setup.
16282: [12e75ee49c0c]
16283:
16284: 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
16285:
16286: * match.c, sudo.c, testsudoers.c:
16287: Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
16288: systems do not include space for the NUL in the size. Also manually
16289: NUL-terminate buffer from gethostname() since POSIX is wishy-washy
16290: on this.
16291: [7266ab3296a3]
16292:
16293: 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
16294:
16295: * sudo.c, sudoers.pod:
16296: When setting the umask, use the union of the user's umask and the
16297: default value set in sudoers so that we never lower the user's umask
16298: when running a command.
16299: [4e804b004e38]
16300:
16301: * sudo.c:
16302: Don't try to read from a zero-length sudoers file. Remove the bogus
16303: Solaris work-around for EAGAIN. Since we now use fgetc() it should
16304: not be a problem.
16305: [bb8e5f68d944]
16306:
16307: 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
16308:
16309: * parse.c:
16310: In update_defaults() check the return value of user*_matches against
16311: ALLOW so we don't inadvertantly match on UNSPEC.
16312: [4e422fa1527e]
16313:
16314: 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
16315:
16316: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
16317: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
16318: regen man pages; no more hyphenation
16319: [15de4fe2fe01]
16320:
16321: * sudo.c:
16322: Don't error out on a zero-length sudoers file. With the advent of
16323: #include the user could create a situation where sudo is unusable.
16324: [6eb461319fa5]
16325:
16326: 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
16327:
16328: * auth/kerb5.c, config.h.in, configure, configure.in:
16329: Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
16330: krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
16331: all. Add configure tests to handle all the cases.
16332: [4b554a98470d]
16333:
16334: 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
16335:
16336: * sudo.pod:
16337: resort ENVIRONMENT
16338: [f4f20f40653e]
16339:
16340: * sudoers.pod:
16341: document sudoers_locale
16342: [0bffd2dbe806]
16343:
16344: * sudo.pod, sudo_edit.c:
16345: add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
16346: or EDITOR
16347: [0ef8cb248cee]
16348:
16349: * toke.c, toke.l:
16350: In fill_cmnd(), collapse any escaped sudo-specific characters.
16351: Allows character classes to be used in pathnames.
16352: [5685244c8e44]
16353:
16354: 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
16355:
16356: * lbuf.c:
16357: fix typo in non-C89 function declaration
16358: [99a7113b3a05]
16359:
16360: * sudoers.pod:
16361: Mention POSIX characters classes now that out fnmatch() and glob()
16362: support them.
16363: [9c916f1230c3]
16364:
16365: * sample.sudoers, sudoers.pod:
16366: Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
16367: locale agnostic.
16368: [a60a62bec244]
16369:
16370: * parse.h:
16371: use __signed char if we are going to assign a negative value since
16372: on Power, char is unsigned by default
16373: [2877b319df17]
16374:
16375: * config.h.in, configure, configure.in:
16376: Add tests for __signed char and signed char.
16377: [5eb874fdf1d4]
16378:
16379: * aix.c:
16380: Fix AIX limit setting. getuserattr() returns values in disk blocks
16381: rather than bytes. The default hard stack size in newer AIX is
16382: RLIM_SAVED_MAX. From Dale King.
16383: [3db67415ecc3]
16384:
16385: 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
16386:
16387: * emul/charclass.h, fnmatch.c, glob.c:
16388: Add character class support to included glob(3) and fnmatch(3).
16389: [6b5b4ad77899]
16390:
16391: 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
16392:
16393: * emul/fnmatch.h:
16394: Remove UCB advertising clause and some compatibility defines.
16395: [2ade7bee74e1]
16396:
16397: 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
16398:
16399: * sudo_edit.c:
16400: Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
16401: or sudo. This allows one to set EDITOR to sudoedit without getting
16402: into an infinite loop of sudoedit running itself until the path gets
16403: too big.
16404: [aa49ab68f82d]
16405:
16406: * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
16407: Add sudoers_locale Defaults option to override the default sudoers
16408: locale of "C".
16409: [0639886a35bf]
16410:
16411: 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
16412:
16413: * sudo.c:
16414: Set locale to system default except for during sudoers parse.
16415: [016dd2736728]
16416:
16417: 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
16418:
16419: * match.c:
16420: Redo change in 1.34 to use pointer arithmetic.
16421: [f9e7b63bb450]
16422:
16423: 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
16424:
16425: * match.c:
16426: Fix a dereference (read) of a freed pointer. Reported by Patrick
16427: Williams.
16428: [69877b633753]
16429:
16430: 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
16431:
16432: * sudo.c:
16433: Set locale to "C" to avoid interpretation issues with character
16434: ranges in sudoers. May want to make the locale a sudoers option in
16435: the future.
16436: [098a95de1746]
16437:
16438: 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
16439:
16440: * config.h.in:
16441: we no longer use setproctitle
16442: [c7f20fb747ea]
16443:
16444: * sudo.h:
16445: remove #if 1
16446: [a368ee6816c6]
16447:
16448: * LICENSE, mkstemp.c:
16449: Use my replacement mkstemp() from the mktemp package.
16450: [d07c2beb0f9e]
16451:
16452: 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
16453:
16454: * gram.c:
16455: regen with yacc skeleton bug fixed
16456: [24784571cbb8]
16457:
16458: * sudoers.pod:
16459: Remove duplicate "as root". From Martin Toft.
16460: [97241acfee5e]
16461:
16462: 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
16463:
16464: * pwutil.c, sudo.c, sudo.h, testsudoers.c:
16465: Flesh out the fake passwd entry used for running commands as a uid
16466: not listed in the passwd database. Fixes an issue with some PAM
16467: modules.
16468: [a6648227f3f2]
16469:
16470: 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
16471:
16472: * sudo.c:
16473: Error out in -i mode if the user has no shell. This can happen when
16474: running commands as a uid with no password entry.
16475: [0c174bef36ff]
16476:
16477: 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
16478:
16479: * toke.c, toke.l:
16480: Better fix for line continuation inside double quotes. Now accepts
16481: whitespace between the backslash and the newline like the main
16482: lexer.
16483: [64efcdf86d31]
16484:
16485: 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
16486:
16487: * toke.c, toke.l:
16488: Fix line continuation in strings. It was only being honored if
16489: preceded by whitespace.
16490: [96c21271a3e4]
16491:
16492: 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
16493:
16494: * config.h.in, configure, configure.in, logging.c:
16495: Replace the double fork with a fork + daemonize.
16496: [328505441e67]
16497:
16498: 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
16499:
16500: * env.c, sudo.c:
16501: The -i flag should imply env_reset. This got broken in sudo 1.6.9.
16502: [3caedfeaec87]
16503:
16504: * logging.c, sudo.c, sudo_edit.c, visudo.c:
16505: Change how the mailer is waited for. Instead of having a SIGCHLD
16506: handler, use the double fork trick to orphan the child that opens
16507: the pipe to sendmail. Fixes a problem running su on some Linux
16508: distros.
16509: [b59ce60a393d]
16510:
16511: 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
16512:
16513: * configure, configure.in:
16514: Fix configure test for dirfd() on Linux where DIR is opaque.
16515: [b8f729cdfecc]
16516:
16517: 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
16518:
16519: * tgetpass.c:
16520: Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
16521: this problem we'll need to revisit this again.
16522: [c17fee8ad530]
16523:
16524: 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
16525:
16526: * logging.c:
16527: Ignore SIGPIPE instead of blocking it when piping to the mailer. If
16528: we only block the signal it may be delivered later when we unblock.
16529: Also, there is no need to block SIGCHLD since we no longer do the
16530: double fork. The normal SIGCHLD handler is sufficient.
16531: [e94a49e992e5]
16532:
16533: 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
16534:
16535: * configure, configure.in:
16536: Add description for NO_PAM_SESSION, from a redhat patch.
16537: [b9e4c939ec09]
16538:
16539: 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
16540:
16541: * sudo.cat, sudo.man.in, sudo.pod:
16542: Fix typos in -i usage
16543: [2d7ce5de0235]
16544:
16545: 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
16546:
16547: * configure, configure.in:
16548: Redo the test for dgettext() in a way that hopefully will work
16549: around the libintl_dgettext() undefined problem.
16550: [d27beb0cf85e]
16551:
16552: 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
16553:
16554: * schema.ActiveDirectory:
16555: change filename in comment
16556: [733da4ee9ac5]
16557:
16558: 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
16559:
16560: * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
16561: sudoers.ldap.pod:
16562: Reference schema.ActiveDirectory
16563: [d6aec537800e]
16564:
16565: 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
16566:
16567: * schema.OpenLDAP, schema.iPlanet:
16568: Mark sudoRunAs as deprecated.
16569: [00c50df807af]
16570:
16571: * schema.ActiveDirectory:
16572: add sudoRunAsUser and sudoRunAsGroup
16573: [19bcce6f72fb]
16574:
16575: * schema.ActiveDirectory:
16576: Active Directory schema by Chantal Paradis and Eric Paquet
16577: [06a09c92c6a5]
16578:
16579: 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
16580:
16581: * parse.c:
16582: remove an XXX that was fixed
16583: [b88038062fa2]
16584:
16585: * ChangeLog:
16586: sync
16587: [8fc27c17270e]
16588:
16589: * parse.c:
16590: Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
16591: fixes a problem where the tag value printed was influenced by
16592: defaults set in the first pass through the parser.
16593: [588ccd630367]
16594:
16595: 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
16596:
16597: * Makefile.in, sudo.psf:
16598: No point in packaging the TODO file
16599: [9590248fffe1]
16600:
16601: * ChangeLog:
16602: sync
16603: [152acf4c6813]
16604:
16605: 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
16606:
16607: * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
16608: sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
16609: Add env_file Defaults option that is similar to /etc/environment on
16610: some systems.
16611: [1daf53d51e18]
16612:
16613: 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
16614:
16615: * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
16616: sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
16617: version.h, visudo.cat, visudo.man.in:
16618: change version to 1.7.0
16619: [d41d126b9bd8]
16620:
16621: * UPGRADE:
16622: initial valgrind pass done
16623: [c59c3876d8ca]
16624:
16625: 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
16626:
16627: * ldap.c:
16628: Fix typo/think in sudo_ldap_read_secret() when storing the secret.
16629: [830d246c09b0]
16630:
16631: 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
16632:
16633: * ldap.c:
16634: define LDAPS_PORT if the system headers do not
16635: [247b12325701]
16636:
16637: 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
16638:
16639: * gram.c, gram.y:
16640: Fix another memory leak in init_parser().
16641: [7bba47deba11]
16642:
16643: * configure, configure.in:
16644: There was a missing space before the ldap libs in SUDO_LIBS for some
16645: configurations.
16646: [7524cfc93759]
16647:
16648: * alias.c, gram.c, gram.y, toke.c, toke.l:
16649: Clean up some memory leaks pointed out by valgrind.
16650: [a965866ece1a]
16651:
16652: 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
16653:
16654: * sudo.c:
16655: fix "sudo -s" broken by mode/flags breakout
16656: [acffe984d408]
16657:
16658: * configure, configure.in:
16659: remove duplicate check for dgettext
16660: [58145529133c]
16661:
16662: 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
16663:
16664: * aix.c:
16665: Fall back to default stanza if no user-specific limit is found.
16666: [7b8cb29123ee]
16667:
16668: 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
16669:
16670: * snprintf.c:
16671: include stdint.h if present
16672: [f0ec38529306]
16673:
16674: * snprintf.c:
16675: Use LLONG_MAX, not the old QUAD_MAX
16676: [01041ce508fb]
16677:
16678: 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
16679:
16680: * sudoers.ldap.pod:
16681: fix cut and pasto
16682: [34240fdef5ab]
16683:
16684: 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
16685:
16686: * pwutil.c:
16687: Add #ifdef PURITY
16688: [ce1b571ad526]
16689:
16690: 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
16691:
16692: * auth/bsdauth.c:
16693: remove useless cast
16694: [494f8a862e1d]
16695:
16696: 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
16697:
16698: * ChangeLog:
16699: sync
16700: [f5c97ffaabcc]
16701:
16702: * TODO:
16703: sync
16704: [96ff1c44c182]
16705:
16706: * sudo.h:
16707: Split MODE_* defines into primary and flags.
16708: [c02ee3027cb9]
16709:
16710: 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
16711:
16712: * aix.c:
16713: It turns out the logic for getting AIX limits is more convoluted
16714: than I realized and differs depending on whether the soft and/or
16715: hard limits are defined.
16716: [cf8d3f85d395]
16717:
16718: 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
16719:
16720: * Makefile.in, configure, configure.in:
16721: Back out AIX-specific change to set the sudo_noexec path to the .a
16722: file, we do really want to use the .so file. Since libtool doesn't
16723: do that correctly, just install the .so file ourselves in the
16724: Makefile.
16725: [05c6f33177d9]
16726:
16727: * install-sh:
16728: If the file given to install is a path, only use the basename of the
16729: file when building the destination path.
16730: [695ba4e429ce]
16731:
16732: 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
16733:
16734: * sudo.c:
16735: parse_args() cleanup: Sort command line options in the getopt()
16736: switch The -U option requires a parameter Normalize a few ISSET
16737: calls Split mode into mode and flags and retire the now-obsolete
16738: excl variable
16739: [0d156835f861]
16740:
16741: * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
16742: sudo_usage.h.in:
16743: Add -n (non-interactive) flag.
16744: [e3e50400d32d]
16745:
16746: * sudo.c:
16747: Move version printing, etc. into a separate function.
16748: [18c91b476e2c]
16749:
16750: * sudo.c:
16751: Don't try to cleanup nsswitch if it has not been initialized.
16752: [aeb1ca1b399d]
16753:
16754: 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
16755:
16756: * logging.c:
16757: Block SIGPIPE in send_mail() so sudo is not killed by a problem
16758: executing the mailer.
16759: [f130e7924cca]
16760:
16761: 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
16762:
16763: * configure, configure.in:
16764: AIX shared libs end in .a, not .so.
16765: [a5deb07020d8]
16766:
16767: 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
16768:
16769: * env.c:
16770: Preserve HOME by default too. Matches documentation and previous
16771: behavior.
16772: [c16f17f1047c]
16773:
16774: 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
16775:
16776: * sudo.c:
16777: Use getopt() to parse the command line. We need to be able to
16778: intersperse env variables and options yet still honor "--"" which
16779: complicates things slightly.
16780: [60f271ce5c16]
16781:
16782: 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
16783:
16784: * ChangeLog:
16785: sync
16786: [685e67964eda]
16787:
16788: * acsite.m4, configure, ltmain.sh:
16789: update to libtool-1.5.26
16790: [4c9a8c3d3b40]
16791:
16792: * config.guess, config.sub:
16793: update from libtool-1.5.26 distribution
16794: [c6641aef2527]
16795:
16796: * aix.c, sudo.h:
16797: attempt to fix compilation errors on AIX
16798: [edb13e5b2184]
16799:
16800: * Makefile.in:
16801: fix typo in last commit
16802: [25ba7f7ceae4]
16803:
16804: * Makefile.in:
16805: Add WHATSNEW file to the distribution
16806: [213f4115de8f]
16807:
16808: * visudo.c:
16809: use warningx instead of fprintf(stderr, ...)
16810: [a3494b8ccb19]
16811:
16812: * list.c:
16813: add DEBUG to list2tq
16814: [115d24a3000c]
16815:
16816: * ChangeLog, TODO:
16817: sync
16818: [60e6f4d1fac0]
16819:
16820: * WHATSNEW:
16821: mention mailfrom
16822: [e2498f9e18d6]
16823:
16824: * Makefile.in, aix.c, config.h.in, configure, configure.in,
16825: set_perms.c, sudo.h:
16826: Add aix_setlimits() to set resource limits on AIX using a
16827: combination of getuserattr() and setrlimit(). Currently untested.
16828: [9b1441fd89ca]
16829:
16830: 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
16831:
16832: * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
16833: sudoers.man.in, sudoers.pod:
16834: Add mailfrom Defaults option that sets the value of the From: field
16835: in the warning/error mail. If unset the login name of the invoking
16836: user is used.
16837: [029b9f05d3d9]
16838:
16839: * defaults.c:
16840: store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
16841: [a90e407d5e00]
16842:
16843: * gram.c, gram.y:
16844: When adding a default, only call list2tq() once to do the list to tq
16845: conversion. It is not legal to call list2tq multiple times on the
16846: same list since list2tq consumes and modifies the list argument.
16847: [fbc25d245c4a]
16848:
16849: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
16850: comment out XXXs for now
16851: [595a1d43309d]
16852:
16853: * WHATSNEW:
16854: mention askpass
16855: [b993e0837c22]
16856:
16857: 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
16858:
16859: * sudo.c:
16860: Error out if both -A and -S are specified Error out if -A is
16861: specified but no askpass is configured
16862: [24f1df2638f6]
16863:
16864: * configure, configure.in:
16865: we are not going to ship a sudo-specific askpass
16866: [61949e7a3943]
16867:
16868: 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
16869:
16870: * sudo.h:
16871: fix definition of TGP_ASKPASS
16872: [0447c57ba4c3]
16873:
16874: * def_data.c, def_data.in:
16875: make askpass boolean-capable
16876: [e0885893a325]
16877:
16878: * INSTALL:
16879: document --with-askpass
16880: [c76e15ba97cf]
16881:
16882: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
16883: sudoers.man.in, visudo.cat:
16884: regen
16885: [8d16242980b7]
16886:
16887: 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
16888:
16889: * sudo.pod, sudo_usage.h.in, sudoers.pod:
16890: document -A and askpass
16891: [02c07505a78c]
16892:
16893: * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
16894: def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
16895: sudo_usage.h.in, tgetpass.c:
16896: Add support for running a helper program to read the password when
16897: no tty is present (or when specified with the -A flag). TODO: docs.
16898: [05780f5f71fd]
16899:
16900: * def_data.c, def_data.in:
16901: add missing printf format to SELinux role and type strings
16902: [2b32774715e7]
16903:
16904: 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
16905:
16906: * INSTALL, configure, configure.in:
16907: Disable use of gss_krb5_ccache_name() by default and add
16908: --enable-gss-krb5-ccache-name configure option to enable it. It
16909: seems that gss_krb5_ccache_name() doesn't work properly with some
16910: combinations of Heimdal and OpenLDAP.
16911: [f61ebd3b19bd]
16912:
16913: 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
16914:
16915: * selinux.c:
16916: Ignore setexeccon() failing in permissive mode. Also add a call to
16917: setkeycreatecon() (though this is probably insufficient). From Dan
16918: Walsh.
16919: [52564fc1c069]
16920:
16921: * auth/pam.c:
16922: Only set std_prompt for the PAM_PROMPT_* cases. The conversation
16923: function may be called for non-password reading purposes so we must
16924: be careful not to use def_prompt in cases where it may not be set.
16925: [29d88ca575ba]
16926:
16927: 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
16928:
16929: * selinux.c:
16930: Don't free the new tty context, we need to keep it around when we
16931: restore the tty context after the command completes
16932: [5b4bd39b6ea8]
16933:
16934: 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
16935:
16936: * selinux.c:
16937: s/newrole/sudo/
16938: [21b8a96ff8df]
16939:
16940: * sudo.man.pl, sudo.pod:
16941: Only put login_cap(3) in SEE ALSO section if we have login.conf
16942: support
16943: [05250ddff2c0]
16944:
16945: 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
16946:
16947: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
16948: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
16949: regen
16950: [301e5c5ccdbe]
16951:
16952: * sudoers.pod:
16953: Substitute in comment characters for lines partaining to login.conf,
16954: BSD auth and SELinux and only enable them if pertinent.
16955: [c1c98fa163ce]
16956:
16957: * sudoers.man.pl:
16958: Substitute in comment characters for lines partaining to login.conf,
16959: BSD auth and SELinux and only enable them if pertinent.
16960: [6c88f30b878a]
16961:
16962: * sudo.pod:
16963: Substitute in comment characters for lines partaining to login.conf,
16964: BSD auth and SELinux and only enable them if pertinent.
16965: [acdbdfd24e1d]
16966:
16967: * sudo.man.pl:
16968: Substitute in comment characters for lines partaining to login.conf,
16969: BSD auth and SELinux and only enable them if pertinent.
16970: [0c56d4750ac3]
16971:
16972: * Makefile.in, configure, configure.in:
16973: Substitute in comment characters for lines partaining to login.conf,
16974: BSD auth and SELinux and only enable them if pertinent.
16975: [9a02bd6a6658]
16976:
16977: * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
16978: Remove the =cut on the first line (above the copyright notice) to
16979: quiet pod2man. Also remove the hackery in the FILES section and
16980: just deal with the fact that there will a newline between each
16981: pathname.
16982: [2ac1ab191835]
16983:
16984: 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
16985:
16986: * Makefile.in:
16987: run sudo.man.pl when generating sudo.man.in
16988: [859727369168]
16989:
16990: * configure, configure.in, sudo.man.pl:
16991: comment out SELinux manual bits unless --with-selinux was specified
16992: [97ff4212b649]
16993:
16994: * sudoers.pod:
16995: document role and type defaults for SELinux
16996: [870f303366b3]
16997:
16998: * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
16999: Document "sudo -ll" and make "sudo -l -l" be equivalent.
17000: [3ce6dc429ea3]
17001:
17002: 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
17003:
17004: * configure, configure.in:
17005: Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
17006: Debian GNU/kFreeBSD.
17007: [c4efa567a328]
17008:
17009: 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
17010:
17011: * auth/kerb5.c:
17012: Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
17013: verify_krb_v5_tgt()
17014: [f80538e5a6fa]
17015:
17016: * logging.c, logging.h, sudo.c:
17017: Remove dependence on VALIDATE_NOT_OK in logging functions. Split
17018: log_auth() into log_allowed() and log_denial() Replace mail_auth()
17019: with should_mail() and a call to send_mail()
17020: [58aac9997557]
17021:
17022: 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
17023:
17024: * ldap.c:
17025: Add debugging so we can tell if the krb5 ccache is accessible
17026: [c679322527bb]
17027:
17028: * INSTALL:
17029: mention --with-selinux
17030: [9efbe0b52194]
17031:
17032: 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
17033:
17034: * configure:
17035: regen
17036: [467a834f867c]
17037:
17038: * selinux.c:
17039: add Sudo tag
17040: [d004ee669bed]
17041:
17042: * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
17043: sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
17044: testsudoers.c, toke.c, toke.l:
17045: Add support for SELinux RBAC. Sudoers entries may specify a role
17046: and type. There are also role and type defaults that may be used.
17047: To make sure a transition occurs, when using RBAC commands are
17048: executed via the new sesh binary. Based on initial changes from Dan
17049: Walsh.
17050: [1d4abfe2c004]
17051:
17052: * sesh.c:
17053: Add support for SELinux RBAC. Sudoers entries may specify a role
17054: and type. There are also role and type defaults that may be used.
17055: To make sure a transition occurs, when using RBAC commands are
17056: executed via the new sesh binary. Based on initial changes from Dan
17057: Walsh.
17058: [1e3b395ce049]
17059:
17060: * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
17061: def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
17062: pathnames.h.in, selinux.c:
17063: Add support for SELinux RBAC. Sudoers entries may specify a role
17064: and type. There are also role and type defaults that may be used.
17065: To make sure a transition occurs, when using RBAC commands are
17066: executed via the new sesh binary. Based on initial changes from Dan
17067: Walsh.
17068: [6b421948286e]
17069:
17070: 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
17071:
17072: * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
17073: Add long list (sudo -ll) support for printing verbose LDAP and
17074: sudoers file entries. Still need to update manual.
17075: [2875be37935c]
17076:
17077: 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
17078:
17079: * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
17080: Unify the -l output for file and ldap based sudoers and use lbufs
17081: for both. The ldap output does not currently include options that
17082: cannot be represented as tags. This will be remedied in a long list
17083: output mode to come.
17084: [b2e429456596]
17085:
17086: 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
17087:
17088: * set_perms.c:
17089: Use a specific error message for errno == EAGAIN when setuid() et al
17090: fails. On Linux systems setuid() will fail with errno set to EAGAIN
17091: if changing to the new uid would result in a resource limit
17092: violation.
17093: [08d0aecd9f03]
17094:
17095: * sudo.c:
17096: Unlimit nproc on Linux systems where calling the setuid() family of
17097: syscalls causes the nroc resource limit to be checked. The limits
17098: will be reset by pam_limits.so when PAM is used. In the non-PAM
17099: case the nproc limit will remain unlimited but there doesn't seem to
17100: be a way around that other than having sudo parse
17101: /etc/security/limits.conf directly.
17102: [df024b415a8d]
17103:
17104: * env.c, sudo.c, sudo.pod:
17105: Only read /etc/environment on Linux and AIX
17106: [90669e2aefdb]
17107:
17108: 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
17109:
17110: * configure, configure.in:
17111: Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
17112: ldap.conf and ldap.secret paths from going into config.h. Avoid
17113: single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
17114: since in some versions of bash they will end up literally in the
17115: resulting define.
17116: [25390f3ef10a]
17117:
17118: 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
17119:
17120: * README.LDAP:
17121: mention --with-nsswitch=no
17122: [c509df927263]
17123:
17124: * configure, configure.in:
17125: ldap_ssl.h depends on ldap.h being included first
17126: [d96d90e9b21f]
17127:
17128: * config.h.in, configure, configure.in, ldap.c:
17129: Include ldap_ssl.h if we can find it. Needed for the
17130: ldapssl_set_strength defines on HP-UX at least.
17131: [9e530470948a]
17132:
17133: * sudoers.ldap.pod:
17134: sync
17135: [b9d101f4673a]
17136:
17137: * TODO:
17138: sync
17139: [2ce951b2ecd0]
17140:
17141: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
17142: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
17143: regen
17144: [b61d793987e0]
17145:
17146: * Makefile.in:
17147: Use 78n line length when formatting cat pages.
17148: [761bee9d5759]
17149:
17150: * README.LDAP:
17151: Remove redundant info that is now in sudoers.ldap.pod
17152: [01828dcce59e]
17153:
17154: 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
17155:
17156: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
17157: Reorganize the first section a bit. Substitute the proper path for
17158: /etc/sudoers.
17159: [11ae165e065d]
17160:
17161: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
17162: Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
17163: schema into EXAMPLES
17164: [ab6509d1dde7]
17165:
17166: * configure, configure.in:
17167: Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
17168: sudoers.ldap.man.
17169: [6e689972f465]
17170:
17171: * configure, configure.in:
17172: substitute for sudoers.ldap.man
17173: [5a4a25766dee]
17174:
17175: * Makefile.in:
17176: Fix cut & pasto introduced when adding sudoers.ldap man page.
17177: [a7b069af8894]
17178:
17179: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
17180: Fill in some of the missing pieces. Still needs some reorganization
17181: and editing.
17182: [5e7331722166]
17183:
17184: 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
17185:
17186: * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
17187: sudoers.ldap.pod:
17188: Beginnings of a sudoers.ldap man page. Currently, much of the
17189: information is adapted from README.LDAP.
17190: [aad28c8a922d]
17191:
17192: 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
17193:
17194: * pwutil.c:
17195: When copying gr_mem we must guarantee that the storage space for
17196: gr_mem is properly aligned. The simplest way to do this is to
17197: simply store gr_mem directly after struct group. This is not a
17198: problem for gr_passwd or gr_name as they are simple strings.
17199: [af58fc76f1ed]
17200:
17201: * ldap.c:
17202: Fix a typo/thinko in one of the calls to
17203: sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
17204: [70b2eb8097f5]
17205:
17206: 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
17207:
17208: * config.h.in, configure, configure.in, ldap.c:
17209: include <mps/ldap_ssl.h> in ldap.c if available
17210: [34346206ef16]
17211:
17212: 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
17213:
17214: * gram.c, gram.y:
17215: Make sure we define SIZE_MAX for yacc's skeleton.c
17216: [d8a45c7a3c42]
17217:
17218: * tgetpass.c:
17219: Use TCSAFLUSH when restoring terminal settings (and echo) to
17220: guarantee that any pending output is discarded
17221: [549a184479e5]
17222:
17223: 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
17224:
17225: * sudoers:
17226: no longer need to specify SETENV when user has sudo ALL
17227: [3051b41f8032]
17228:
17229: * testsudoers.c:
17230: sync user_args size calculation with sudo.c Add -g group option,
17231: renaming old -g to -G Add set_runasgr() and set_runaspw() and use
17232: them
17233: [0850325180f0]
17234:
17235: * sudo.c, sudo.h:
17236: Make set_runaspw static void
17237: [5d44d7a340ce]
17238:
17239: * testsudoers.c, visudo.c:
17240: g/c set_runaspw stub
17241: [79ebb5e2cc38]
17242:
17243: * configure, configure.in:
17244: Don't add -llber twice.
17245: [4356d302eef4]
17246:
17247: 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
17248:
17249: * ldap.c:
17250: fix typo
17251: [249cecc557e9]
17252:
17253: 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
17254:
17255: * gram.c:
17256: regen
17257: [2f94ea375b67]
17258:
17259: * configure, configure.in:
17260: Fix check that determines whether -llber is required.
17261: [6afa99523379]
17262:
17263: * README.LDAP, config.h.in, configure, configure.in, ldap.c:
17264: For netscape-based LDAP, use ldapssl_set_strength() to implement the
17265: checkpeer ldap.conf option.
17266: [16ae24d73795]
17267:
17268: * auth/kerb5.c:
17269: Delay krb5_cc_initialize() until we actually need to use the cred
17270: cache, which is what krb5_verify_user() does. Better cleanup on
17271: failure.
17272: [d12e5f1695b8]
17273:
17274: 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
17275:
17276: * auth/kerb5.c:
17277: Rewrite verify_krb_v5_tgt() based on what heimdal's
17278: krb5_verify_user() does.
17279: [05b5815f86c9]
17280:
17281: 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
17282:
17283: * gram.c:
17284: The U suffix on constants is an ANSI feature
17285: [c6dfce3167f1]
17286:
17287: * configure, configure.in:
17288: Add check for ber_set_option() in -llber
17289: [43d0c0566074]
17290:
17291: 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
17292:
17293: * README.LDAP:
17294: default if no nsswitch.conf is files only
17295: [c13001d9c998]
17296:
17297: 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
17298:
17299: * README.LDAP:
17300: don't tell people to mail aaron about LDAP stuff
17301: [8165ec1ef0c6]
17302:
17303: * README.LDAP:
17304: timelimit and bind_timelimit
17305: [44f74cbed167]
17306:
17307: * ChangeLog:
17308: sync
17309: [aba1a0ab02bd]
17310:
17311: * ldap.c:
17312: Move ldap.secret reading into a separate function.
17313: [1948acc9f7a4]
17314:
17315: * check.c:
17316: user_runas -> runas_pw
17317: [334490fc2bae]
17318:
17319: 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
17320:
17321: * TODO:
17322: sync
17323: [c7b165cc47c6]
17324:
17325: * check.c, sudo.pod, sudoers.pod:
17326: Add and document the %p escape in the password prompt. Based on a
17327: patch from Patrick Schoenfeld.
17328: [3972d4f31ffa]
17329:
17330: * ldap.c:
17331: Check strlcpy() return values.
17332: [9b42f3ae8ff1]
17333:
17334: * ldap.c:
17335: refactor ldap binding code into sudo_ldap_bind_s()
17336: [cb0c66a4d955]
17337:
17338: * README.LDAP:
17339: Make it clear that host and uri can take multiple parameters. URI is
17340: now supported for more than just openldap nsswitch.conf does't
17341: accept "compat"
17342: [f610dea656d6]
17343:
17344: * sudo.c:
17345: comment cleanup and update (c) year
17346: [6cd69c810ca5]
17347:
17348: * parse.c, sudo_nss.c:
17349: Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
17350: This should make it possible to build an LDAP-only sudo binary.
17351: [61c3f27066a0]
17352:
17353: * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
17354: Improve chaining of multiple sudoers sources by passing in the
17355: previous return value to the next in the chain
17356: [2c0b722b1b2d]
17357:
17358: * gram.y:
17359: Free up parser data structures in sudo_file_close().
17360: [2251531d4519]
17361:
17362: * gram.c, parse.c:
17363: Free up parser data structures in sudo_file_close().
17364: [8371f130f401]
17365:
17366: * ldap.c:
17367: Parse uri ourself if no ldap_initialize() is present Use
17368: ldap_create() instead of deprecated ldap_init() Use
17369: ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
17370: [85d3825b1953]
17371:
17372: * config.h.in, configure, configure.in:
17373: Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
17374: CFLAGS
17375: [240524512bc5]
17376:
17377: 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
17378:
17379: * config.h.in, configure, configure.in:
17380: add check for ldap_create
17381: [3089badd73b8]
17382:
17383: 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
17384:
17385: * config.h.in, configure, configure.in, ldap.c:
17386: Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
17387: dn using the mechanism appropriate for the LDAP SDK in use. Use
17388: ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
17389: ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
17390: [6deeca3d00cc]
17391:
17392: * lbuf.c:
17393: include unistd.h
17394: [8419ed0bae7f]
17395:
17396: * config.h.in, configure.in:
17397: fix typo in mtim_getnsec
17398: [2d5f21230a60]
17399:
17400: 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
17401:
17402: * config.h.in, configure, configure.in:
17403: add check for st__tim in struct stat as used by SCO
17404: [587060ea2a89]
17405:
17406: * ldap.c:
17407: use ldap_search_ext_s instead of deprecated ldap_search_s
17408: [5fc44fe3b44c]
17409:
17410: * Makefile.in, TODO, sudo.cat, sudo.man.in:
17411: add sudo_nss.h to HDRS
17412: [86f01a70ff29]
17413:
17414: * ldap.c:
17415: Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
17416: ldap_rdn2str().
17417: [aa217002cfae]
17418:
17419: 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
17420:
17421: * ldap.c:
17422: Use ldap_get_values_len()/ldap_value_free_len() instead of the
17423: deprecated ldap_get_values()/ldap_value_free().
17424: [e22dceb85e57]
17425:
17426: * ChangeLog:
17427: sync
17428: [adad27b36107]
17429:
17430: * TODO:
17431: sync
17432: [c449eb47e0ef]
17433:
17434: * gettime.c, sudo.c:
17435: Remove some already fixed XXXs
17436: [532788d0e6da]
17437:
17438: * ldap.c:
17439: Same return value as non-existent sudoers if LDAP was unable to
17440: connect.
17441: [5819810e8e4e]
17442:
17443: * sudo.pod:
17444: mention /etc/environment
17445: [ea8e6102f853]
17446:
17447: * README.LDAP, UPGRADE, WHATSNEW:
17448: Update to reflect recent developments.
17449: [ed1fb026fe77]
17450:
17451: * sudo.c:
17452: Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
17453: [55b68a58260d]
17454:
17455: * ldap.c:
17456: When building up a query don't list groups in the aux group vector
17457: that are the same as the passwd file group. On most systems the
17458: first gid in the group vector is the same as the passwd entry gid.
17459: [4bb51e297e0d]
17460:
17461: * env.c, ldap.c:
17462: Define LDAPNOINIT before calling ldap_init(), etc. to disable user
17463: ldaprc and system defaults that could affect how LDAP works.
17464: [ce5036440db2]
17465:
17466: * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
17467: sudo_nss.c, sudo_nss.h:
17468: Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
17469: to specify nsswitch.conf path or disable it. If --with-nsswitch=no
17470: but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
17471: file and --with-ldap-secret-file
17472: [ea5d7704381f]
17473:
17474: * parse.c:
17475: Honor def_ignore_local_sudoers
17476: [f38e1121fae1]
17477:
17478: 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
17479:
17480: * ldap.c:
17481: no longer need to check def_ignore_local_sudoers here
17482: [fce2a72f96fb]
17483:
17484: * parse.c:
17485: Refactor group vector resetting into a function and also call it
17486: from display_cmnd. Stop after the first sucessful match in
17487: display_cmnd. Print a newline between each display_privs method.
17488: [981b37b5adff]
17489:
17490: * parse.c:
17491: fix double free introduced in rev 1.218
17492: [c574b02d8747]
17493:
17494: * ldap.c:
17495: belt and suspenders; zero out result after freeing it
17496: [7732988d4620]
17497:
17498: * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
17499: Refactor line reading into a separate function, sudo_parseln(),
17500: which removes comments, leading/trailing whitespace and newlines.
17501: May want to rethink the use of sudo_parseln() for /etc/ldap.secret
17502: [61d9068f0645]
17503:
17504: * parse.c, sudo.c:
17505: Make the inability to read the sudoers file a non-fatal error if
17506: there are other sudoers sources available. sudoers_file_lookup now
17507: returns "not OK" if sudoers was not present
17508: [643babf597a8]
17509:
17510: * ldap.c:
17511: make it clear that the global options are from LDAP
17512: [9ff950349463]
17513:
17514: * logging.c:
17515: allocate proper amount of space for error string
17516: [8bebb7d46d19]
17517:
17518: * sudo_nss.c, sudo_nss.h:
17519: actual sudo nss code
17520: [5bd7d52d7738]
17521:
17522: * ldap.c, parse.c, sudo.c, sudo.h:
17523: nss-ify display_privs and display_cmnd.
17524: [cccfdd3253f2]
17525:
17526: * defaults.c, parse.c, testsudoers.c, visudo.c:
17527: move update_defaults() to parse.c
17528: [ace144b958a9]
17529:
17530: * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
17531: Use nsswitch to hide some sudoers vs. ldap implementation details
17532: and reduce the number of #ifdef LDAP TODO: fix display routines and
17533: error handling
17534: [6225edde89a6]
17535:
17536: 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
17537:
17538: * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
17539: First cut at nsswitch.conf support. Further reorganizaton and
17540: related changes are forthcoming.
17541: [717f59d0790b]
17542:
17543: 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
17544:
17545: * env.c, pathnames.h.in, sudo.c, sudo.h:
17546: Add support for reading and /etc/environment file. Still needs to
17547: be documented and should probably only applies to OSes that have it
17548: (AIX and Linux, maybe others).
17549: [15d3edae27e4]
17550:
17551: * ldap.c:
17552: include limits.h
17553: [e19875ef0f82]
17554:
17555: 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
17556:
17557: * WHATSNEW:
17558: reword LDAP SASL
17559: [7ec3c4ec31b5]
17560:
17561: 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
17562:
17563: * TODO:
17564: sync
17565: [87c5a7aea7bf]
17566:
17567: * README.LDAP:
17568: Add an example sudoRole, clarify netscape vs. openldap a bit more
17569: [6f96c0ca8107]
17570:
17571: * README.LDAP:
17572: Be clear on what is OpenLDAP vs. Netscape-derived
17573: [a33c8314dec5]
17574:
17575: * config.h.in, configure, configure.in, ldap.c:
17576: Use ldapssl_init() for ldaps support instead of trying to do it
17577: manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
17578: and tls_key for cert7.db and key3.db respectively. Don't print
17579: debugging info for options that are not set. Add warning if
17580: start_tls specified when not supported.
17581: [abb62dc7e4a3]
17582:
17583: * ldap.c:
17584: fix compilation on solaris
17585: [03d449684e80]
17586:
17587: * Makefile.in:
17588: add missing .h and .c files for missing lib objs
17589: [8b37825bdfc7]
17590:
17591: 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
17592:
17593: * ldap.c:
17594: fix LDAP_OPT_NETWORK_TIMEOUT setting
17595: [226eba89c0ad]
17596:
17597: * ldap.c:
17598: fix compilation on Solaris
17599: [917d47639eb6]
17600:
17601: 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
17602:
17603: * configure, configure.in:
17604: fix typo
17605: [009d5c81b225]
17606:
17607: * README.LDAP:
17608: try to clear up which variables are for OpenLDAP and which are for
17609: netscape-derived SDKs
17610: [f8d9823ee73c]
17611:
17612: * config.h.in, configure, configure.in, ldap.c:
17613: Add support for "ssl on" in both netscape and openldap flavors. Only
17614: the OpenLDAP flavor has been tested.
17615: [952745829ec5]
17616:
17617: * logging.c, sudo.c, sudo.h:
17618: Call cleanup() before exit in log_error() instead of calling
17619: sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
17620: [da02d1b67a2c]
17621:
17622: * sudo.c:
17623: ld -> ldap_conn
17624: [01afa6d927cc]
17625:
17626: 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
17627:
17628: * logging.c, sudo.c, sudo.h:
17629: Better ldap cleanup.
17630: [25b9abe2d617]
17631:
17632: * ldap.c:
17633: Distinguish between LDAP conf settings that are connection-specific
17634: (which take an ld pointer) and those that are default settings
17635: (which do not).
17636: [d48dc6c9c3b4]
17637:
17638: 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
17639:
17640: * ldap.c:
17641: Improved warnings on error.
17642: [c8dce7b4feb4]
17643:
17644: * ldap.c:
17645: Make ldap config table driven and set the config *after* we open the
17646: connection.
17647: [d9698b5a2681]
17648:
17649: 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
17650:
17651: * ldap.c:
17652: fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
17653: [598c6df06660]
17654:
17655: * configure, configure.in:
17656: some operating systems need to link with -lkrb5support when using
17657: krb5
17658: [8896365dde9e]
17659:
17660: 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
17661:
17662: * WHATSNEW:
17663: minor update
17664: [acfeeb7f4886]
17665:
17666: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
17667: regen
17668: [a3c6699674f9]
17669:
17670: 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
17671:
17672: * ChangeLog, TODO:
17673: sync
17674: [138e99b925ee]
17675:
17676: * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
17677: add -g support for LDAP
17678: [8fc27dbe9287]
17679:
17680: 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
17681:
17682: * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
17683: The -i and -s flags can now take an optional command.
17684: [6afec104ee77]
17685:
17686: 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
17687:
17688: * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
17689: sudoers.pod:
17690: Add passprompt_override flag to sudoers that will cause the prompt
17691: to be overridden in all cases. This flag is also set when the user
17692: specifies the -p flag.
17693: [e4c5402131a6]
17694:
17695: * sudo.c:
17696: Move setting of login class until after sudoers has been parsed. Set
17697: NewArgv[0] for -i after runas_pw has been set.
17698: [62a48c8c56fa]
17699:
17700: * configure, configure.in:
17701: Move the dgettext check.
17702: [5fd8a4712d1c]
17703:
17704: 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
17705:
17706: * auth/pam.c, config.h.in, configure, configure.in:
17707: Add basic support for looking up the string "Password: " in the PAM
17708: localized text db. This allows us to determine whether the PAM
17709: prompt is the default "Password: " one even if it has been
17710: localized.
17711:
17712: TODO: concatenate non-std PAM prompts and user-specified sudo
17713: prompts.
17714: [81c25a415d41]
17715:
17716: 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
17717:
17718: * Makefile.in, config.h.in, configure, configure.in, parse.c,
17719: set_perms.c, sudo.c, sudo.h:
17720: Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
17721: insufficient.
17722: [1cce6ec1a91e]
17723:
17724: * acsite.m4, configure, interfaces.c, memrchr.c:
17725: Fix typos; Martynas Venckus
17726: [be1233cca11a]
17727:
17728: 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
17729:
17730: * set_perms.c:
17731: Don't assume runas_pw is set; it may not be in the -g case.
17732: [aa11bd2193ac]
17733:
17734: 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
17735:
17736: * logging.c, set_perms.c:
17737: Set aux group vector for PERM_RUNAS and restore group vector for
17738: PERM_ROOT if we previously changed it. Stash the runas group vector
17739: so we don't have to call initgroups more than once. Also add no-op
17740: check to check_perms.
17741: [53837fc755f7]
17742:
17743: 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
17744:
17745: * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
17746: ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
17747: pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
17748: sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
17749: testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
17750: Add support for runas groups. This allows the user to run a command
17751: with a different effective group. If the -g option is specified
17752: without -u the command will be run as the current user (only the
17753: group will change). the -g and -u options may be used together.
17754: TODO: implement runas group for ldap improve runas group
17755: documentation add testsudoers support
17756: [9019309df6d0]
17757:
17758: * configure, configure.in:
17759: fix setting of mandir
17760: [2c60f269399f]
17761:
17762: * sudo.pod, sudoers.pod:
17763: document that ALL implies SETENV
17764: [bcc8e5b703b9]
17765:
17766: * ldap.c:
17767: s/setenv_ok/setenv_implied/g
17768: [f005df2c2eea]
17769:
17770: * ldap.c:
17771: hostname_matches() returns TRUE on match in sudo 1.7.
17772: [c3d4377b6e8b]
17773:
17774: * ldap.c:
17775: use strcmp, not strcasecmp when comparing ALL
17776: [e486024574a1]
17777:
17778: * ldap.c:
17779: Make sudo ALL imply setenv. Note that unlike with file-based
17780: sudoers this does affect all the commands in the sudoRole.
17781: [bc12f54321d1]
17782:
17783: * gram.c, gram.y, parse.c, parse.h:
17784: sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
17785: it is not passed on to other commands in the list.
17786: [026e2cb40680]
17787:
17788: * visudo.c:
17789: Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
17790: sudo_getpwuid() instead of getpwuid().
17791: [86f30a8fbd49]
17792:
17793: 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
17794:
17795: * sudoers:
17796: Expand on the dangers of not using visudo to edit sudoers.
17797: [e434e8057d02]
17798:
17799: 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
17800:
17801: * parse.c:
17802: Don't quote *?[]! on output since the lexer does not strip off the
17803: backslash when reading those in.
17804: [561da4a13afa]
17805:
17806: 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
17807:
17808: * glob.c:
17809: expand "u_foo" types to "unsigned foo" to avoid compatibility
17810: issues.
17811: [b0d7c64d78c3]
17812:
17813: 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
17814:
17815: * logging.c:
17816: Refactor log line generation in to new_logline().
17817: [6a9b9730615d]
17818:
17819: 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
17820:
17821: * TROUBLESHOOTING:
17822: fix typo
17823: [9e19d4f86e47]
17824:
17825: 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
17826:
17827: * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
17828: match.c:
17829: Add configure check for struct in6_addr instead of relying on
17830: AF_INET6 since some systems define AF_INET6 but do not include IPv6
17831: support.
17832: [e24082c416bd]
17833:
17834: 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
17835:
17836: * configure, configure.in:
17837: Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
17838: use.
17839: [76a9df4a63be]
17840:
17841: 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
17842:
17843: * configure, configure.in:
17844: POSIX states that struct timespec be declared in time.h so check
17845: there regardless of the value of TIME_WITH_SYS_TIME.
17846: [e42c55ec9daf]
17847:
17848: 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
17849:
17850: * tgetpass.c:
17851: Instead of defining a macro to call the appropriate method for
17852: turning on/off echo, just define tc[gs]etattr() and the related
17853: defines that use the correct terminal ioctls if needed. Also go back
17854: to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
17855: [5dfb2379d995]
17856:
17857: 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
17858:
17859: * Makefile.in:
17860: g/c @ALLOCA@
17861: [e6946c2e3820]
17862:
17863: * configure:
17864: regen
17865: [9bac7159a138]
17866:
17867: * INSTALL, auth/pam.c, config.h.in, configure.in:
17868: Add --disable-pam-session configure option to disable calling
17869: pam_{open,close}_session. May work around bugs in some PAM
17870: implementations.
17871: [273d0fdb4a9d]
17872:
17873: 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
17874:
17875: * tgetpass.c:
17876: quiet gcc warnings
17877: [325565c5a579]
17878:
17879: * tgetpass.c:
17880: Avoid printing the prompt if we are already backgrounded. E.g. if
17881: the user runs "sudo foo &" from the shell. In this case, the call
17882: to tcsetattr() will cause SIGTTOU to be delivered.
17883: [db2139a8d8b8]
17884:
17885: 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
17886:
17887: * def_data.c, def_data.h, def_data.in:
17888: Reorder things such that the definition of env_reset come right
17889: before the env variable lists.
17890: [e0d8e22a581a]
17891:
17892: * parse.h:
17893: Shrink type and seqno in struct alias from int to u_short
17894: [9425263dd565]
17895:
17896: * alias.c, match.c, parse.c, parse.h:
17897: Add a sequence number in the aliases for loop detection. If we find
17898: an alias with the seqno already set to the current (global) value we
17899: know we've visited it before so ignore it.
17900: [301a0548ffff]
17901:
17902: 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
17903:
17904: * TODO, auth/pam.c, sudo.c, sudo.h:
17905: PAM wants the full tty path so add user_ttypath which holds the full
17906: path to the tty or is NULL if no tty was present.
17907: [c7c1dd4b36c8]
17908:
17909: * auth/pam.c:
17910: Set PAM_RHOST to work around a bug in Solaris 7 and lower that
17911: results in a segv.
17912: [3a8865b3a357]
17913:
17914: 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
17915:
17916: * gram.c:
17917: regen
17918: [5647be127950]
17919:
17920: * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
17921: parse.h, testsudoers.c, visudo.c:
17922: rename lh_ -> tq_
17923: [8f500c542c4a]
17924:
17925: 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
17926:
17927: * alloc.c:
17928: remove some useless casts
17929: [409a448b23f5]
17930:
17931: * alloc.c:
17932: pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
17933: predates the final C99 spec and the standard specifies that it shall
17934: include stdint.h anyway
17935: [ae478fdef61a]
17936:
17937: 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
17938:
17939: * Makefile.in, alloca.c, configure.in:
17940: Since we ship with a pre-generated parser there is no need to ship a
17941: bogus alloca implementation.
17942: [3f611a7cc0e5]
17943:
17944: * configure:
17945: regen
17946: [771eccf5269c]
17947:
17948: * configure.in:
17949: remove initial setting of CHECKSIA, we require that it be unset if
17950: not used
17951: [a2e91adc5aa2]
17952:
17953: * Makefile.in:
17954: add list.c to SRCS
17955: [7db0e56cf5b9]
17956:
17957: * configure:
17958: regen
17959: [3716ec30172e]
17960:
17961: * configure.in:
17962: only do SIA checks on Digital Unix
17963: [6a96e1af2597]
17964:
17965: 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
17966:
17967: * sudoers.cat, sudoers.man.in:
17968: regen
17969: [ac1dc29de72b]
17970:
17971: * ChangeLog, TODO:
17972: sync
17973: [781effce0a2d]
17974:
17975: * auth/kerb5.c:
17976: Remove call to krb5_cc_register() as it is not needed for modern
17977: kerb5.
17978: [351b8b764f16]
17979:
17980: * configure:
17981: regen
17982: [ac21dbcc9c2c]
17983:
17984: * aclocal.m4, configure.in:
17985: New method for setting the default authentication type and avoiding
17986: conflicts in auth types.
17987: [5fb15be11f78]
17988:
17989: * match.c, parse.c, testsudoers.c:
17990: Each entry in a cmndlist now has an associated runaslist so no need
17991: to keep track of the most recent non-NULL one.
17992: [582e015786b0]
17993:
17994: 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
17995:
17996: * ldap.c:
17997: back out partial ldaps support mistakenly committed
17998: [357703e94b2d]
17999:
18000: * ldap.c:
18001: Add support for unix groups and netgroups in sudoRunas
18002: [2f04eb91c6d0]
18003:
18004: 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
18005:
18006: * sudo_edit.c:
18007: Fix sudoedit of a non-existent file. From Tilo Stritzky.
18008: [a5488a03bddd]
18009:
18010: 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
18011:
18012: * configure:
18013: regen
18014: [541177376ee1]
18015:
18016: * INSTALL:
18017: update --passprompt escape info
18018: [6d57db4cd538]
18019:
18020: * configure.in:
18021: remove now-bogus comment and update copyright date
18022: [6a4af45fa331]
18023:
18024: * configure.in:
18025: Fix up use of with_passwd
18026: [7c79d8640f77]
18027:
18028: * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
18029: Update to autoconf-2.61 andf libtool-1.5.24
18030: [045259b0b439]
18031:
18032: * Makefile.in:
18033: "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
18034: [f5b6a7afb817]
18035:
18036: 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
18037:
18038: * gram.c:
18039: regen
18040: [b5b78e71d2cb]
18041:
18042: * gram.y:
18043: move tags and runaslist propagation to be earlier
18044: [94f7805f4489]
18045:
18046: * visudo.c:
18047: If -f flag given use the permissions of the original file as a
18048: template
18049: [9303d22bddb0]
18050:
18051: * gram.y:
18052: prevent a double free() when re-initing the parser
18053: [5b3907c4de5a]
18054:
18055: 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
18056:
18057: * configure:
18058: regen
18059: [49a90b19a17d]
18060:
18061: * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
18062: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
18063: auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
18064: configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
18065: parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
18066: sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
18067: Remove support for compilers that don't support void *
18068: [35e1d01ae197]
18069:
18070: * gram.c:
18071: regen
18072: [70ce412a458a]
18073:
18074: * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
18075: parse.c, parse.h, testsudoers.c, visudo.c:
18076: Move list manipulation macros to list.h and create C versions of the
18077: more complex ones in list.c. The names have been down-cased so they
18078: appear more like normal functions.
18079: [9cea0e281148]
18080:
18081: * Makefile.in:
18082: Fix cmp command when regenerating parser. Make gram.o the first
18083: dependency for all programs so gram.h will be generated before
18084: anything that needs it.
18085: [429ea065abf1]
18086:
18087: * gram.y, parse.h:
18088: Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
18089: [2f3433833589]
18090:
18091: * match.c, parse.c, testsudoers.c:
18092: Use LH_FOREACH_REV when checking permission and short-circuit on the
18093: first non-UNSPEC hit we get for the command. This means that
18094: instead of cycling through the all the parsed sudoers entries we
18095: start at the end and work backwards and quit after the first
18096: positive or negative match.
18097: [881474532f3e]
18098:
18099: * gram.c:
18100: regen
18101: [9152a19d4188]
18102:
18103: * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
18104: Change list head macros to take a pointer, not a struct.
18105: [054f1dcce4cc]
18106:
18107: * gram.c:
18108: regen
18109: [be154aae6235]
18110:
18111: * gram.y:
18112: Propagate the runasspec from one command to the next in a cmndspec.
18113: [4957b1cb03a3]
18114:
18115: 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
18116:
18117: * match.c:
18118: Replace has_meta() with a macro that calls strpbrk().
18119: [a2e58846a542]
18120:
18121: * regen
18122: [5a932a5c9451]
18123:
18124: * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
18125: testsudoers.c, visudo.c:
18126: Use a list head struct when storing the semi-circular lists and
18127: convert to tail queues in the process. This will allow us to
18128: reverse foreach loops more easily and it makes it clearer which
18129: functions expect a list as opposed to a single member.
18130:
18131: Add macros for manipulating lists. Some of these should become
18132: functions.
18133:
18134: When freeing up a list, just pop off the last item in the queue
18135: instead of going from head to tail. This is simpler since we don't
18136: have to stash a pointer to the next member, we always just use the
18137: last one in the queue until the queue is empty.
18138:
18139: Rename match functions that take a list to have list in the name.
18140: Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
18141: [7c37b271607a]
18142:
18143: * parse.c:
18144: Fix pasto, append "!" not negated (which is an int) for sudo -l
18145: output.
18146: [93a444c3997f]
18147:
18148: * Makefile.in:
18149: Remove the dependency of gram .h on gram.y, the .c dependency is
18150: enough. Only move y.tab.h to gram.h if it is different; avoids
18151: needless rebuilding.
18152: [67bf4ea2a2e5]
18153:
18154: 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
18155:
18156: * sudoers.pod:
18157: Defaults lines may be associated with lists of users, hosts,
18158: commands and runas users, not just single entries.
18159: [795effacb6be]
18160:
18161: 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
18162:
18163: * Makefile.in:
18164: Revert the "cmp" portion of the last diff, it doesn't make sense.
18165: [26f34bf4e2e3]
18166:
18167: * Makefile.in:
18168: Remove *.lo for clean: When generating the parser, only move the
18169: generated files into place if they differ from the existing ones.
18170: [84673fea371b]
18171:
18172: 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
18173:
18174: * toke.c, toke.l:
18175: Replace IPV6 regexp with a much simpler (readable) one and add an
18176: extra check when it matches to make sure we have a valid address.
18177: [592e9f690556]
18178:
18179: * match.c:
18180: Fix thinko introduced when merging IPV6 support.
18181: [da38cd5eb8c7]
18182:
18183: 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
18184:
18185: * HISTORY, LICENSE:
18186: regen
18187: [0d7b27b90634]
18188:
18189: * license.pod:
18190: add 2007
18191: [510e5048ae1a]
18192:
18193: * UPGRADE:
18194: mention #uid vs. comment pitfall
18195: [4d2861898bcc]
18196:
18197: * acsite.m4:
18198: Merge in a patch from the libtool cvs that fixes a problem with the
18199: latest autoconf. From Stepan Kasal.
18200: [0c279ae7df3e]
18201:
18202: * parse.h:
18203: Back out he XOR swap trick, it is slower than a temp variable on
18204: modern CPUs.
18205: [91c4b024e317]
18206:
18207: * gram.c:
18208: regen
18209: [cb6d4106fb74]
18210:
18211: * gram.y, parse.h:
18212: Convert the tail queue to a semi-circle queue and use the XOR swap
18213: trick to swap the prev pointers during append.
18214: [8bf4d9fbee58]
18215:
18216: 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
18217:
18218: * parse.h:
18219: remove useless statement
18220: [421ec1dd73e6]
18221:
18222: * toke.c, toke.l:
18223: Refactor #include parsing into a separate function and return
18224: unparsed chars (such as newline or comment) back to the lexer.
18225: [64166917aa3d]
18226:
18227: 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
18228:
18229: * WHATSNEW:
18230: mention better uid support
18231: [56f510e7f2ec]
18232:
18233: * sudoers.pod:
18234: Users may now consist of a uid.
18235: [5fd31b2c55ed]
18236:
18237: * gram.c, gram.h, toke.c:
18238: regen
18239: [599e58af6dc1]
18240:
18241: * parse.c:
18242: Use lbuf_append_quoted() for sudo -l output to quote characters that
18243: would require quoting in sudoers.
18244: [3132d05c990a]
18245:
18246: * lbuf.c, lbuf.h:
18247: Add lbuf_append_quoted() which takes a set of characters which
18248: should be quoted with a backslash when displayed.
18249: [ab09bebb1d65]
18250:
18251: * toke.l:
18252: Require that the first character after a comment not be a digit or a
18253: dash. This allows us to remove the GOTRUNAS state and treat
18254: uid/gids similar to other words. It also means that we can now
18255: specify uids in User_Lists and a User_Spec may now contain a uid.
18256: [461fe01f8392]
18257:
18258: * gram.y, toke.l:
18259: Replace RUNAS token with '(' and ')' tokens to make the runas
18260: portion of the grammar more natural.
18261: [e0c383b4684d]
18262:
18263: * BUGS:
18264: The BUGS file is history
18265: [4d9a809585c7]
18266:
18267: * Makefile.in, README:
18268: The BUGS file is history
18269: [d9500e261172]
18270:
18271: 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
18272:
18273: * toke.c, toke.l:
18274: Allow comments after a RunasAlias as long as the character after the
18275: pound sign isn't a digit or a dash.
18276: [d7f3bd94eeda]
18277:
18278: * WHATSNEW:
18279: Glob support was back-ported to 1.6.9
18280: [d1d5cfd46228]
18281:
18282: 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
18283:
18284: * Makefile.in:
18285: remove sudo_usage.h in distclean
18286: [df05ce9c4127]
18287:
18288: * parse.c:
18289: If a Defaults value contains a blank, double-quote the string.
18290: [9057a910daad]
18291:
18292: * toke.c, toke.l:
18293: Properly deal with Defaults double-quoted strings that span multiple
18294: lines using the line continuation char. Previously, the entire
18295: thing, including the continuation char, newline, and spaces was
18296: stored as-is.
18297: [4a4e8eacefe6]
18298:
18299: * sudo.c:
18300: Be consistent when using single quotes and backticks.
18301: [d010b83a0fa1]
18302:
18303: 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
18304:
18305: * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
18306: sudo.c, sudo_usage.h.in:
18307: Add new linebuf code to do appends of dynamically allocated strings
18308: and word-wrapped output. Currently used for sudo's usage() and sudo
18309: -l output. Sudo usage strings are now in sudo_usage.h which is
18310: generated at configure time.
18311: [4dfd0ee8d961]
18312:
18313: 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
18314:
18315: * parse.c, sudo.c, sudo.h:
18316: Fix line wrapping in usage() and use the actual tty width instead of
18317: assuming 80.
18318: [700eab37c5a6]
18319:
18320: 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
18321:
18322: * history.pod:
18323: some more info
18324: [8140112a8ae1]
18325:
18326: * history.pod:
18327: Mentioned Chris Jepeway's parser and also the new one that is in
18328: sudo 1.7.
18329: [2132d00f0597]
18330:
18331: 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
18332:
18333: * sudo.pod, visudo.pod:
18334: For the options list, add flag args where appropriate and increase
18335: the indent level so there is room for them.
18336: [2b60fb572e12]
18337:
18338: 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
18339:
18340: * parse.c:
18341: Fix some spacing in "sudo -l" and add a comment about some bogosity
18342: in the line wrapping.
18343: [b59b056f5ee2]
18344:
18345: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
18346: visudo.man.in:
18347: regen
18348: [5fb719f18ebc]
18349:
18350: * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
18351: def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
18352: parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
18353: testsudoers.c, toke.c, toke.l:
18354: Remove monitor support until there is a versino of systrace that
18355: uses a lookaside buffer (or we have a better mechanism to use).
18356: [61ff76878e4a]
18357:
18358: * config.h.in, configure, configure.in, sudo.c:
18359: use getaddrinfo() instead of gethostbyname() if it is available
18360: [cc33c136aa6a]
18361:
18362: 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
18363:
18364: * parse.c, sudo.c:
18365: Deal with OSes where sizeof(gid_t) < sizeof(int).
18366: [130a89cbdfba]
18367:
18368: * interfaces.c:
18369: repair non-getifaddrs() code after ipv6 integration
18370: [7ae7a89e2236]
18371:
18372: * sudo.c:
18373: If we can open sudoers but fail to read the first byte, close the
18374: file stream before trying again.
18375: [6f31272fae7b]
18376:
18377: 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
18378:
18379: * toke.c:
18380: regen
18381: [4d7afe0aa6fa]
18382:
18383: * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
18384: Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
18385: [4e6ff2965a42]
18386:
18387: * sudo.pod, sudoers.pod, visudo.pod:
18388: Add some missing markup Update copyright
18389: [7e6d3c686b5e]
18390:
18391: 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
18392:
18393: * configure, configure.in:
18394: fix sudo_noexec extension which got broken in the libtool update
18395: [3a5b447df861]
18396:
18397: 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
18398:
18399: * Makefile.in:
18400: explicitly specify -Tascii to nroff
18401: [45c8da4cbefe]
18402:
18403: 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
18404:
18405: * logging.c:
18406: remove an ANSI-ism that crept in
18407: [29086f87b2ca]
18408:
18409: 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
18410:
18411: * sudo.pod:
18412: Adjust list indents Prevent -- from being turned into an em dash Use
18413: a list for the environment instead of a literal paragraph
18414: [c3abcd8f76f4]
18415:
18416: * visudo.pod:
18417: Use a list for the environment instead of an indented literal
18418: paragraph.
18419: [0ffcfcb7349f]
18420:
18421: * sudoers.pod:
18422: Adjust list indentation
18423: [615c89e3123a]
18424:
18425: * license.pod:
18426: add =head3
18427: [8b2e0d38c0bd]
18428:
18429: 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
18430:
18431: * sudo.pod:
18432: mention that when specifying a uid for the -u option the shell may
18433: require that the # be escaped
18434: [3e3a17bff150]
18435:
18436: 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
18437:
18438: * match.c:
18439: Fix off by one in group matching.
18440: [b529602b7fba]
18441:
18442: 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
18443:
18444: * env.c:
18445: Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
18446: [ffbf8907c6e7]
18447:
18448: 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
18449:
18450: * configure, configure.in:
18451: Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
18452: -lgssapi_krb5 case.
18453: [2b85a89c2252]
18454:
18455: * aclocal.m4, configure, configure.in:
18456: Fix link tests such that new gcc doesn't optimize away the test.
18457: [83484ec95cba]
18458:
18459: 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
18460:
18461: * sudo.pod, sudoers.pod, visudo.pod:
18462: add missing over/back
18463: [251a12c89b91]
18464:
18465: * sudo.pod, sudoers.pod, visudo.pod:
18466: Change FILES section to use =item
18467: [60b9efc3a0b2]
18468:
18469: * env.c:
18470: Add back allocation of the env struct in rebuild_env but save a copy
18471: of the old pointer and free it before returning.
18472: [1100cd4fa997]
18473:
18474: * env.c:
18475: Don't init the private environment in rebuild_env() since it may
18476: have already been done implicitly sudo_setenv/sudo_unsetenv.
18477:
18478: Multiply length by sizeof(char *) in memcpy/memmove when copying the
18479: environment so we copy the full thing.
18480:
18481: Add missing set of parens so we deref the right pointer in
18482: sudo_unsetenv when searching for a matching variable.
18483: [9086a8f756b1]
18484:
18485: 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
18486:
18487: * sudo.pod, sudoers.pod, visudo.pod:
18488: Use file markup for paths in the FILES section
18489: [940d99f731f2]
18490:
18491: * sudo.pod, sudoers.pod, visudo.pod:
18492: Don't capitalize sudo/visudo
18493: [f067a455d44b]
18494:
18495: * sudoers.pod:
18496: Sort sudoers options; based on a diff from Igor Sobrado.
18497: [a9b9befe85ac]
18498:
18499: 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
18500:
18501: * sudo.pod, sudoers.pod, visudo.pod:
18502: Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
18503: latter confuses pod2man. The Makefile rules for the .man.in file
18504: will add @mansectsu@ and @mansectform@ back in after pod2man is done
18505: anyway.
18506: [b50ea0db727c]
18507:
18508: 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
18509:
18510: * LICENSE, Makefile.in, license.pod:
18511: Move license info to pod format
18512: [25bdd82e592b]
18513:
18514: * configure, configure.in, sudoers.pod:
18515: Substitute value of path_info into sudoers man page.
18516: [9ba661a82798]
18517:
18518: * WHATSNEW:
18519: remove features that were back-ported to 1.6.9
18520: [e76d756cbe65]
18521:
18522: * sudo.c, sudo.pod, visudo.c, visudo.pod:
18523: Sort SYNOPSIS and sync usage. From Igor Sobrado.
18524: [4970386c9e54]
18525:
18526: * env.c:
18527: Only need sudo_setenv/sudo_unsetenv if we are going to use
18528: ldap_sasl_interactive_bind_s() but don't have
18529: gss_krb5_ccache_name().
18530: [f1a73d8b35c5]
18531:
18532: * ChangeLog:
18533: rebuild without branch info
18534: [5d5a33494677]
18535:
18536: * Makefile.in:
18537: Add ChangeLog target
18538: [a702034fdd89]
18539:
18540: * auth/pam.c:
18541: Run cleanup code if the user hits ^C at the password prompt.
18542: [9cf87768e921]
18543:
18544: * auth/pam.c:
18545: Some versions of pam_lastlog have a bug that will cause a crash if
18546: PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
18547: string.
18548: [5b63f6c88866]
18549:
18550: 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
18551:
18552: * Makefile.in:
18553: ChageLog not Changelog
18554: [1243d8473ceb]
18555:
18556: * ChangeLog:
18557: sync
18558: [d887df98c6b0]
18559:
18560: * Makefile.in:
18561: CHANGE -> Changelog
18562: [917738df30dd]
18563:
18564: * TODO:
18565: sync
18566: [cd382f7d1948]
18567:
18568: 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
18569:
18570: * config.h.in, configure, configure.in, ldap.c:
18571: Add configure hooks for gss_krb5_ccache_name() and the gssapi
18572: headers.
18573: [139606209991]
18574:
18575: 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
18576:
18577: * env.c, sudo.c:
18578: rebuild_env() and insert_env_vars() no longer return environment
18579: pointer, they set environ directly.
18580:
18581: No longer need to pass around an envp pointer since we just operate
18582: on environ now.
18583:
18584: Add dosync argument to insert_env() that indicates whether it should
18585: reset environ when realloc()ing env.envp.
18586:
18587: Use an initial size of 128 for the environment.
18588: [4735fd5fddb8]
18589:
18590: * env.c:
18591: Split sudo_setenv() into an external version and a version only for
18592: use by rebuild_env().
18593: [fda7d655adb1]
18594:
18595: 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
18596:
18597: * ldap.c:
18598: Add support for using gss_krb5_ccache_name() instead of setting
18599: KRB5CCNAME. Also use sudo_unsetenv() in the non-
18600: gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
18601: original environment. TODO: configure setup for
18602: gss_krb5_ccache_name()
18603: [fcafa5a49caf]
18604:
18605: * README.LDAP:
18606: add krb5_ccname
18607: [fceb8f883886]
18608:
18609: * README.LDAP, ldap.c:
18610: Add support for sasl_secprops in ldap.conf
18611: [1f06f4bf7347]
18612:
18613: * env.c, sudo.h:
18614: Add sudo_unsetenv() and refactor private env syncing code into
18615: sync_env().
18616: [045ecb3fd22b]
18617:
18618: * README.LDAP, ldap.c:
18619: The ldap.conf variable is sasl_auth_id not sasl_authid.
18620: [a5f98491311b]
18621:
18622: 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
18623:
18624: * ldap.c, sudo.c, sudo.h:
18625: Add support for krb5_ccname in ldap.conf. If specified, it will
18626: override the default value of KRB5CCNAME in the environment for the
18627: duration of the call to ldap_sasl_interactive_bind_s().
18628: [b08a10c3045b]
18629:
18630: * env.c, sudo.h:
18631: Remove format_env() Add sudo_setenv() to replace most format_env() +
18632: insert_env() combinations. insert_env() no longer takes a struct
18633: environment *
18634: [131da52f43f3]
18635:
18636: * ldap.c:
18637: Fix use_sasl vs. rootuse_sasl logic.
18638: [0c0417b6918c]
18639:
18640: * README.LDAP, config.h.in, configure, configure.in, ldap.c:
18641: Add support for SASL auth when connecting to an LDAP server. Adapted
18642: from a diff by Tom McLaughlin.
18643: [a6285f1356ea]
18644:
18645: 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
18646:
18647: * configure, configure.in:
18648: Only enable AIX or BSD auth if no other exclusive auth method has
18649: been chosen. Allows people to e.g., use PAM on AIX without adding
18650: --without-aixauth. A better solution is needed to deal with default
18651: authentication since if a non-exclusive method is chosen we will
18652: still get an error.
18653: [83f7afdc0ec3]
18654:
18655: 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
18656:
18657: * HISTORY, Makefile.in, history.pod:
18658: Generate HISTORY from history.pod (which is also used for web pages)
18659: [60bcd5164931]
18660:
18661: 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
18662:
18663: * sudo.man.in, sudoers.man.in:
18664: regen
18665: [63956a366191]
18666:
18667: * sudo.pod:
18668: Better explanation of environment handling in the sudo man page.
18669: [6c247742f7ee]
18670:
18671: * env.c, sudo.c:
18672: Defer setting user-specified env vars until after authentication.
18673: [4750b79323ee]
18674:
18675: * env.c:
18676: honor def_default_path for PATH set on the command line
18677: [6db31d9b6d65]
18678:
18679: * env.c, sudo.c, sudo.pod, sudoers.pod:
18680: Allow user to set environment variables on the command line as long
18681: as they are allowed by env_keep and env_check. Ie: apply the same
18682: restrictions as normal environment variables. TODO: deal with
18683: secure_path
18684: [26c0da3840cf]
18685:
18686: 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
18687:
18688: * sudo.c, sudo_edit.c:
18689: Call rebuild_env() in call cases. Pass original envp to sudo_edit().
18690: Don't allow -E or env var setting in sudoedit mode. More accurate
18691: usage() when called as sudoedit.
18692: [a4af20658361]
18693:
18694: * ldap.c:
18695: warn -> warning
18696: [d87d1192b048]
18697:
18698: * sudo.pod:
18699: add -c option to sudoedit synopsis
18700: [15b596a7e2db]
18701:
18702: * TODO:
18703: udpate to reality
18704: [e2f8fde89db1]
18705:
18706: * parse.c:
18707: Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
18708: value from {user,host,runas,cmnd}_matches(). Rename *matches
18709: variables -> *match. Purely cosmetic.
18710: [e54a44c00a88]
18711:
18712: * parse.c:
18713: Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
18714: in behavior.
18715: [c6272b4f2127]
18716:
18717: * sudoers:
18718: add SETENV tag
18719: [3a3066bb6788]
18720:
18721: 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
18722:
18723: * parse.c:
18724: Make pwcheck local to the pwflag block. Use pwcheck even if user
18725: didn't match since Defaults options may still apply.
18726: [45da9efbbafd]
18727:
18728: * check.c, sudo.c:
18729: Do not update timestamp if user not validated by sudoers.
18730: [a4a9d4364827]
18731:
18732: * set_perms.c:
18733: for PERM_RUNAS, set the egid to the runas user's gid and restore to
18734: the user's original in PERM_ROOT
18735: [1514bfb32847]
18736:
18737: * logging.c, mon_systrace.c, set_perms.c, sudo.h:
18738: PERM_FULL_ROOT is now no different than PERM_ROOT so remove
18739: PERM_FULL_ROOT
18740: [b9d047a3178c]
18741:
18742: * check.c:
18743: don't check timestamp mtime if we are just going to remove it
18744: [5d2470bc6cbd]
18745:
18746: * sudoers.pod:
18747: Move sudoers defaults parameters into their own section.
18748: [54701fbc0ff3]
18749:
18750: * testsudoers.c:
18751: Reduce a level of indent by a few placed continue statements.
18752: [5d5a9838c8ef]
18753:
18754: * parse.c:
18755: Make matching but negated commands/hosts/runas entries override a
18756: previous match as expected. Also reduce some levels of indent by a
18757: few placed continue statements.
18758: [dd59fa4b91a1]
18759:
18760: 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
18761:
18762: * parse.c:
18763: Print default runas in "sudo -l" if sudoers don't specify one.
18764: [07d408c400bd]
18765:
18766: * match.c:
18767: Less hacky way of testing whether the domain was set.
18768: [a537059776e5]
18769:
18770: 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
18771:
18772: * INSTALL:
18773: Mention pam-devel and openldap-devel for Linux
18774: [9e708c54ecc3]
18775:
18776: 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
18777:
18778: * README.LDAP:
18779: or vs. are
18780: [abe8c0f3a410]
18781:
18782: 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
18783:
18784: * sudo.c:
18785: fix typo in Solaris project support
18786: [2ffeb2d80959]
18787:
18788: * HISTORY:
18789: update
18790: [df162b36f120]
18791:
18792: * sudo.c:
18793: Make -- on the command line match the manual page. The implied shell
18794: case has been simplified as a result.
18795: [cd217a1f6694]
18796:
18797: 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
18798:
18799: * sudoers2ldif:
18800: add simplistic support for sudoRunas; note that if a sudoers entry
18801: contains multiple Runas users, all will apply to the sudoRole
18802: [65b11421f5c8]
18803:
18804: * sudoers2ldif:
18805: honor SETENV and NOSETENV tags
18806: [2c0d5ba7a09b]
18807:
18808: 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
18809:
18810: * mon_systrace.c:
18811: Redo setting of user_args. We now build up a private copy of argv
18812: first and then replace the NULs?with spaces.
18813: [ccbba72ea112]
18814:
18815: * mon_systrace.c:
18816: getcwd() returns NULL on failure, not 0 on success
18817: [88cd9e66e530]
18818:
18819: * mon_systrace.c:
18820: allow chunksiz to reach 1 before erroring out
18821: [619d68f14964]
18822:
18823: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
18824: visudo.man.in:
18825: regen
18826: [8db512d3caf0]
18827:
18828: 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
18829:
18830: * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
18831: logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
18832: toke.c, toke.l:
18833: Add support for setting environment variables on the command line.
18834: This is only allowed if the setenv sudoers options is enabled or if
18835: the command is prefixed with the SETENV tag.
18836: [5744caebd969]
18837:
18838: * README.LDAP:
18839: replace Aaron's email address with the sudo-workers list
18840: [2ffce5f9afc0]
18841:
18842: * configure:
18843: regen
18844: [8013dff82c0c]
18845:
18846: 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
18847:
18848: * schema.OpenLDAP, schema.iPlanet:
18849: Break schema out into separate files.
18850: [15e598e4c60b]
18851:
18852: * Makefile.in, README.LDAP:
18853: Break schema out into separate files.
18854: [1a53966ca1fa]
18855:
18856: 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
18857:
18858: * auth/aix_auth.c:
18859: free message if set by authenticate()
18860: [849c220c1236]
18861:
18862: * match.c:
18863: deal with NULL gr_mem
18864: [49e4d74f0bbe]
18865:
18866: 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
18867:
18868: * config.h.in:
18869: regen
18870: [fead999ad3e9]
18871:
18872: * configure.in:
18873: add template for HAVE_PROJECT_H
18874: [e6c42c2eaad1]
18875:
18876: * closefrom.c:
18877: include fcntl.h
18878: [54d98b382f03]
18879:
18880: 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
18881:
18882: * INSTALL:
18883: mention --with-project
18884: [d3ea3baad7c5]
18885:
18886: * config.h.in, configure.in, sudo.c:
18887: Add Solaris 10 "project" support. From Michael Brantley.
18888: [f14f3c8c6554]
18889:
18890: * sudoers.pod:
18891: fix typo
18892: [50db81a19787]
18893:
18894: * configure:
18895: regen
18896: [ea71afd3e564]
18897:
18898: * configure.in:
18899: Fix preservation of LDFLAGS in the LDAP case.
18900: [40a3a47e8059]
18901:
18902: * memrchr.c:
18903: Remove dependecy on NULL
18904: [c957ae5e1733]
18905:
18906: * configure:
18907: regen
18908: [4955ce0c6912]
18909:
18910: * aclocal.m4, configure.in:
18911: Can't use the regular autoconf fnmatch() check since we need
18912: FNM_CASEFOLD so go back to our custom one.
18913: [f10d76237486]
18914:
18915: * env.c:
18916: Fix preserving of variables in env_keep.
18917: [d040049d6b84]
18918:
18919: * env.c:
18920: add XAUTHORIZATION
18921: [0d589a5fe015]
18922:
18923: * UPGRADE:
18924: expand upon env resetting and mention that it began in 1.6.9 not
18925: 1.7.
18926: [dba251655c76]
18927:
18928: * sudoers.pod:
18929: Update descriptions of env_keep and env_check to match current
18930: reality.
18931: [dba77357954b]
18932:
18933: 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
18934:
18935: * env.c:
18936: Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
18937: LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
18938: [eec4632bd190]
18939:
18940: * env.c, logging.c:
18941: Treat USERNAME environemnt variable like LOGNAME/USER
18942: [09f52dcfd70c]
18943:
18944: * env.c:
18945: Don't need to populate keepenv table with the contents of the
18946: checkenv table.
18947: [527a14afd973]
18948:
18949: * sudo.c:
18950: Don't force sudo into the C locale.
18951: [8a5bd301ef96]
18952:
18953: * env.c:
18954: Make env_check apply when env_reset it true. Environment variables
18955: are passed through unless they contain '/' or '%'. There is no need
18956: to have a variable in both env_check and env_keep.
18957: [840c802721e4]
18958:
18959: 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
18960:
18961: * visudo.c:
18962: Remove an duplicate lock_file() call and add a comment.
18963: [5af9dcdf0eb6]
18964:
18965: * UPGRADE:
18966: Add sudo 1.6.9 upgrade note.
18967: [1585149f2914]
18968:
18969: 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
18970:
18971: * interfaces.c:
18972: Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
18973: small. From Klaus Wagner.
18974: [d6899fc44f77]
18975:
18976: * logging.c, sudo.h:
18977: Redo the long syslog line splitting based on a patch from Eygene
18978: Ryabinkin. Include memrchr() for systems without it.
18979: [66a50e8d553a]
18980:
18981: * memrchr.c:
18982: Redo the long syslog line splitting based on a patch from Eygene
18983: Ryabinkin. Include memrchr() for systems without it.
18984: [2f6702b7d41b]
18985:
18986: * Makefile.in, config.h.in, configure, configure.in:
18987: Redo the long syslog line splitting based on a patch from Eygene
18988: Ryabinkin. Include memrchr() for systems without it.
18989: [407a46190921]
18990:
18991: * configure.in:
18992: Since we need to be able to convert timespec to timeval for utimes()
18993: the last 3 digits in the tv_nsec are not significant. This makes the
18994: sudoedit file date comparison work again.
18995: [9d0258849fa9]
18996:
18997: 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
18998:
18999: * aclocal.m4, configure, configure.in:
19000: Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
19001: This deals with exclusive authentication methods in a simple way.
19002: [7d70072c0f35]
19003:
19004: 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
19005:
19006: * LICENSE:
19007: mkstemp.c is BSD code too.
19008: [29e236d98162]
19009:
19010: * sudo.pod, sudoers.pod, visudo.pod:
19011: No commercial support for now.
19012: [7c76b3e192dd]
19013:
19014: 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
19015:
19016: * sudo.c:
19017: cleanenv() is no more.
19018: [518080514408]
19019:
19020: 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
19021:
19022: * ChangeLog:
19023: Display branch info in Changelog
19024: [44e3b27427c7]
19025:
19026: * utimes.c:
19027: Include config.h early so we have it for TIME_WITH_SYS_TIME
19028: [4bf1a00d0703]
19029:
19030: * ChangeLog:
19031: Fix Changelog generation and update.
19032: [6e960dbcbece]
19033:
19034: 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
19035:
19036: * closefrom.c:
19037: Use /proc/self/fd instead of /proc/$$/fd
19038:
19039: Move old-style fd closing into closefrom_fallback() and call that if
19040: /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
19041: [faa7e4810758]
19042:
19043: * auth/kerb5.c, config.h.in, configure.in:
19044: o use krb5_verify_user() if available instead of doing it by hand o
19045: use krb5_init_secure_context() if we have it o pass an encryption
19046: type of 0 to krb5_kt_read_service_key() instead of
19047: ENCTYPE_DES_CBC_MD5 to let kerberos choose.
19048: [df7acf72bd7c]
19049:
19050: * env.c:
19051: Check TERM and COLORTERM for '%' and '/' characters. From Debian.
19052: [f92d05197e40]
19053:
19054: * configure.in:
19055: Fix closefrom() substitution in the Makefile
19056: [b642b13fcc5c]
19057:
19058: * TROUBLESHOOTING:
19059: Mention alternate sudo pronunciation.
19060: [7c71dc73409f]
19061:
19062: 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
19063:
19064: * env.c:
19065: Remove KRB5_KTNAME from environment. Allow COLORTERM.
19066: [70f35a79f780]
19067:
19068: * auth/kerb5.c:
19069: If we cannot get a valid service key using the default keytab it is
19070: a fatal error. Fixes a bug where sudo could be tricked into
19071: allowing access when it should not by a fake KDC. From Thor Lancelot
19072: Simon.
19073: [a3ae6a47cb23]
19074:
19075: 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
19076:
19077: * aclocal.m4, configure, configure.in:
19078: Update long long checks to use AC_CHECK_TYPES and to cache values.
19079: [047318eaaeb2]
19080:
19081: * aclocal.m4, configure.in:
19082: Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
19083: use AC_REPLACE_FNMATCH since that assumes replacing with GNU
19084: fnmatch.
19085: [80513a1003ea]
19086:
19087: 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
19088:
19089: * configure, configure.in:
19090: Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
19091: need it for visudo now too.
19092: [50837c7c2b5e]
19093:
19094: 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
19095:
19096: * sudoers.pod:
19097: Attempt to clarify the bit talking about network numbers w/o
19098: netmasks.
19099: [211e68c1d034]
19100:
19101: * sudo.pod:
19102: Clarify timestamp dir ownership sentence.
19103: [9178f132c7f7]
19104:
19105: 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
19106:
19107: * auth/pam.c:
19108: Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
19109: Dmitry V. Levin.
19110: [81fce91667bc]
19111:
19112: 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
19113:
19114: * sudo.c:
19115: -i is also one of the mutually exclusive options to list it in the
19116: warning message. Noted by Chris Pepper.
19117: [7da73fb248e9]
19118:
19119: 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
19120:
19121: * visudo.pod:
19122: The sudoers variable is env_editor, not enveditor. From Jean-
19123: Francois Saucier.
19124: [2a86ec09a6db]
19125:
19126: 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
19127:
19128: * redblack.c:
19129: I tracked down the original author so credit him and include his
19130: license info.
19131: [3733553a1bba]
19132:
19133: 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
19134:
19135: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
19136: sudoers.pod:
19137: Fix typos; from Jason McIntyre.
19138: [1ee4ce2512f2]
19139:
19140: * logging.c:
19141: Restore signal mask before calling reapchild(). Fixes a possible
19142: race condition that could prevent sudo from properly waiting for the
19143: child.
19144: [9ee4192385dc]
19145:
19146: 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
19147:
19148: * pwutil.c:
19149: Don't declare pw_free() if we are not going to use it.
19150: [adb79a4289ca]
19151:
19152: * env.c:
19153: Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
19154: LDR_PRELOAD64. The 64-bit version is not currently supported.
19155: Remove zero_env() prototype as it no longer exists.
19156: [b4fe65027fb6]
19157:
19158: 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
19159:
19160: * logging.c:
19161: Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
19162: [78002ad90f7b]
19163:
19164: 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
19165:
19166: * auth/pam.c:
19167: If the user enters ^C at the password prompt, abort instead of
19168: trying to authenticate with an empty password (which causes an
19169: annoying delay).
19170: [da3f27b747c7]
19171:
19172: 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
19173:
19174: * closefrom.c, config.h.in, configure, configure.in:
19175: Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
19176: Darren Tucker.
19177: [0331b7780759]
19178:
19179: * pwutil.c:
19180: pw_free() is only used by sudo_freepwcache() so ifdef it out too.
19181: [0014c0d9eeba]
19182:
19183: 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
19184:
19185: * config.guess, config.sub:
19186: Update to latest versions from cvs.savannah.gnu.org
19187: [aa0143101c20]
19188:
19189: 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
19190:
19191: * pwutil.c, sudo_edit.c:
19192: Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
19193: we can close the passwd/group files early.
19194: [559074bd7eb7]
19195:
19196: * config.h.in, configure, configure.in, set_perms.c:
19197: Add seteuid() flavor of set_perms() for systems without setreuid()
19198: or setresuid() that have a working seteuid(). Tested on Darwin.
19199: [508d8da99189]
19200:
19201: 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
19202:
19203: * mon_systrace.c:
19204: systrace_read() returns ssize_t
19205: [9f97d1d1a59d]
19206:
19207: * configure, configure.in:
19208: Fix typo, -lldap vs. -ldap; from Tim Knox.
19209: [a8cc43c3bb2a]
19210:
19211: 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
19212:
19213: * HISTORY:
19214: Fix typo; Matt Ackeret
19215: [86964ee3dfbd]
19216:
19217: 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
19218:
19219: * sudo.c:
19220: Print sudoers path in -V mode for root.
19221: [dc43f2d75bd9]
19222:
19223: 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
19224:
19225: * ldap.c:
19226: Do a sub tree search instead of a base search (one level in the tree
19227: only) for sudo right objects. This allows system administrators to
19228: categorize the rights in a tree to make them easier to manage.
19229: [6d2d9abf996e]
19230:
19231: 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
19232:
19233: * sudo.pod:
19234: fix typo
19235: [1473413bcbda]
19236:
19237: 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
19238:
19239: * ldap.c:
19240: Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
19241: bind_timelimit support; adapted from gentoo.
19242: [afc816093026]
19243:
19244: 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
19245:
19246: * ldap.c:
19247: Support comments that start in the middle of a line
19248: [c25df6ee3db8]
19249:
19250: * configure, configure.in:
19251: Define LDAP_DEPRECATED until we start using ldap_get_values_len()
19252: [ee249bfe230a]
19253:
19254: 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
19255:
19256: * closefrom.c:
19257: Silence gcc -Wsign-compare; djm@openbsd.org
19258: [28769ce6418d]
19259:
19260: * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
19261: cleanup() now takes an int as an arg so it can be used as a signal
19262: handler too.
19263: [2bb0df34d09c]
19264:
19265: * sudo.c:
19266: Make a copy of the shell field in the passwd struct for NewArgv to
19267: avoid a use after free situation after sudo_endpwent() is called.
19268: [5dcc9ffd362e]
19269:
19270: 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
19271:
19272: * config.h.in, configure, configure.in:
19273: Add mkstemp() for those poor souls without it.
19274: [5fdd02e863e0]
19275:
19276: * mkstemp.c:
19277: Add mkstemp() for those poor souls without it.
19278: [c99401207860]
19279:
19280: * Makefile.in:
19281: Add mkstemp() for those poor souls without it.
19282: [9c1cf2678f24]
19283:
19284: 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
19285:
19286: * env.c:
19287: Add PERL5DB to list of environment variables to remove.
19288: [7375c27ecf75]
19289:
19290: 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
19291:
19292: * mon_systrace.c, mon_systrace.h:
19293: Instead of calling the check function twice with a state cookie use
19294: separate check/log functions.
19295:
19296: Check more ioctl() calls for failure.
19297:
19298: systrace_{read,write} now return the number of bytes read/written or
19299: -1 on error.
19300: [3dc8946d90e9]
19301:
19302: * env.c:
19303: Add more environment variables to remove; from gentoo linux Add some
19304: comments about what bad env variables go to what (more to do)
19305: [6918110a6b82]
19306:
19307: 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
19308:
19309: * sudo.c, sudo_edit.c:
19310: Move sudo_end{gr,pw}ent() until just before the exec since they free
19311: up our cached copy of the passwd structs, including sudo_user and
19312: sudo_runas. Fixes a use-after-free bug.
19313: [54de3778bad0]
19314:
19315: * visudo.c:
19316: Close all fd's before executing editor.
19317: [4fcc05e1bec8]
19318:
19319: * sudo.c:
19320: Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
19321: [ef0e8ffa5c9f]
19322:
19323: * check.c:
19324: Fix fd leak when lecture file option is enabled. From Jerry Brown
19325: [ce97f9207cd8]
19326:
19327: 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
19328:
19329: * env.c:
19330: Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
19331: environment variables to remove. From Charles Morris
19332: [c96e1367d1c1]
19333:
19334: 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
19335:
19336: * env.c:
19337: add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
19338: [72a6a1571226]
19339:
19340: 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
19341:
19342: * env.c:
19343: add PS4 and SHELLOPTS to initial_badenv_table for bash
19344: [89dfb3f318f3]
19345:
19346: 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
19347:
19348: * sudoers.pod:
19349: Fix typo; Toby Peterson
19350: [b7a3222b23f4]
19351:
19352: 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
19353:
19354: * tsgetgrpw.c:
19355: Make return buffers static so they don't get clobbered
19356: [13323a39b9f5]
19357:
19358: 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
19359:
19360: * auth/securid5.c:
19361: Fix securid5 authentication, was not checking for ACM_OK. Also add
19362: default cases for the two switch()es. Problem noted by ccon at
19363: worldbank
19364: [14091e418333]
19365:
19366: 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
19367:
19368: * ldap.c:
19369: Remove ncat() in favor of just counting bytes and pre-allocating
19370: what is needed.
19371: [25b8712adb61]
19372:
19373: 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
19374:
19375: * ldap.c:
19376: Fix up some comments Add missing fclose() for the rootbinddn case
19377: [ae95c8a89711]
19378:
19379: * ldap.c:
19380: align struct ldap_config
19381: [35d0d64c76f8]
19382:
19383: * ldap.c:
19384: use LINE_MAX for max conf file line size
19385: [da116cb8853d]
19386:
19387: * pathnames.h.in:
19388: add _PATH_LDAP_SECRET
19389: [128b04ecfab7]
19390:
19391: * README.LDAP:
19392: Mention rootbinddn Give example ou=SUDOers container
19393: [852edc69bd1c]
19394:
19395: 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
19396:
19397: * INSTALL, configure, configure.in, ldap.c:
19398: Support rootbinddn in ldap.conf
19399: [1615c91522a1]
19400:
19401: * env.c, sudo.pod, sudoers.pod:
19402: Preserve DISPLAY environment variable by default.
19403: [05f503d5f438]
19404:
19405: * acsite.m4, configure:
19406: set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
19407: [18a04dea8d05]
19408:
19409: * acsite.m4, configure:
19410: set need_version=no for all cases; this is safe for LD_PRELOAD
19411: [b542560e1a73]
19412:
19413: * aclocal.m4:
19414: typo
19415: [c040df0fcd5a]
19416:
19417: * configure, configure.in:
19418: Add dragonfly
19419: [f13794618636]
19420:
19421: * auth/pam.c:
19422: Fix call to pam_end() when pam_open_session() fails.
19423: [0be47cdfdef1]
19424:
19425: * configure:
19426: regen
19427: [7f5c13b4b800]
19428:
19429: * acsite.m4:
19430: rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
19431: ltsugar.m4 ltversion.m4
19432: [a7ba9fd1a2ab]
19433:
19434: * config.guess, config.sub, ltmain.sh:
19435: merge in local changes: config.guess: o better openbsd support
19436: config.sub: o hiuxmpp support ltmain.sh o remove requirement that
19437: libs must begin with "lib" o don't print a bunch of crap about
19438: library installs o don't run ldconfig
19439: [f4149f2c720f]
19440:
19441: * config.guess, config.sub, ltmain.sh:
19442: libtool 1.9f
19443: [82a534e7121f]
19444:
19445: * configure.in:
19446: Update with autoupdate and make minor changes for libtool 1.9f
19447: [11b5ae5c1428]
19448:
19449: 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
19450:
19451: * parse.c:
19452: don't call sudo_ldap_display_cmnd if ldap not setup
19453: [8bcf6c094ffe]
19454:
19455: * sudo_edit.c, visudo.c:
19456: Move declatation of struct timespec to its own include files for
19457: systems without it since it needs time_t defined.
19458: [b95c333299a0]
19459:
19460: * gettime.c:
19461: Move declatation of struct timespec to its own include files for
19462: systems without it since it needs time_t defined.
19463: [021b4569cc0c]
19464:
19465: * fileops.c:
19466: Move declatation of struct timespec to its own include files for
19467: systems without it since it needs time_t defined.
19468: [dd8573b2ee7d]
19469:
19470: * emul/timespec.h:
19471: Move declatation of struct timespec to its own include files for
19472: systems without it since it needs time_t defined.
19473: [f95137771564]
19474:
19475: * check.c, compat.h:
19476: Move declatation of struct timespec to its own include files for
19477: systems without it since it needs time_t defined.
19478: [2ef2ace8fe85]
19479:
19480: * ldap.c:
19481: Don't set safe_cmnd for the "sudo ALL" case.
19482: [ad7fa9e07da0]
19483:
19484: 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
19485:
19486: * auth/pam.c:
19487: Call pam_open_session() and pam_close_session() to give pam_limits a
19488: chance to run. Idea from Karel Zak.
19489: [fed46d471350]
19490:
19491: 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
19492:
19493: * check.c, sudo.c:
19494: Add explicit cast from mode_t -> u_int in printf to silence warnings
19495: on Solaris
19496: [17bb961fe22d]
19497:
19498: * parse.c:
19499: include grp.h to silence a warning on Solaris
19500: [14386fbab640]
19501:
19502: 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
19503:
19504: * parse.c:
19505: Fix printing of += and -= defaults.
19506: [a667604c56cd]
19507:
19508: 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
19509:
19510: * mon_systrace.c:
19511: Sanity check number of syscall args with argsize. Not really needed
19512: but a little paranoia never hurts.
19513: [6bb455a2c2d6]
19514:
19515: * mon_systrace.c, mon_systrace.h:
19516: Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
19517: for systrace lengths (since it uses int)
19518: [3cafccffcffd]
19519:
19520: 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
19521:
19522: * mon_systrace.c:
19523: Add some memsets for paranoia Fix namespace collsion w/ error Check
19524: rval of decode_args() and update_env() Remove improper setting of
19525: validated variable
19526: [3d385158354d]
19527:
19528: 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
19529:
19530: * parse.c, sudo.c, sudo.h:
19531: In -l mode, only check local sudoers file if def_ignore_sudoers is
19532: not set and call LDAP versions from display_privs() and
19533: display_cmnd() instead of directly from main(). Because of this we
19534: need to defer closing the ldap connection until after -l processing
19535: has ocurred and we must pass in the ldap pointer to display_privs()
19536: and display_cmnd().
19537: [1dfc2e8c9f2b]
19538:
19539: * ldap.c:
19540: Reorganize LDAP code to better match normal sudoers parsing.
19541: Instead of storing strings for later printing in -l mode we do
19542: another query since the authenticating user and the user being
19543: listed may not be the same (the new -U flag). Also add support for
19544: "sudo -l command".
19545:
19546: There is still a fair bit if duplicated code that can probably be
19547: refactored.
19548: [e9568f19bde5]
19549:
19550: 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
19551:
19552: * ldap.c:
19553: Replace pass variable with do_netgr for better readability.
19554: [1bba841b6e79]
19555:
19556: * ldap.c:
19557: use DPRINTF macro
19558: [02b159b66bb5]
19559:
19560: * ldap.c:
19561: estrdup, not strdup
19562: [22cdee7973c1]
19563:
19564: 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
19565:
19566: * parse.c:
19567: Add macro to test if the tag changed to improve readability.
19568: [4e11b4819556]
19569:
19570: * parse.c:
19571: Avoid printing defaults header if there are no defaults to print...
19572: [41a28627df03]
19573:
19574: * glob.c:
19575: Fix a warning on systems without strlcpy().
19576: [6814e0f0e4f4]
19577:
19578: * pwutil.c:
19579: Use macros where possible for sudo_grdup() like sudo_pwdup().
19580: [30f201ff35cd]
19581:
19582: 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
19583:
19584: * utimes.c:
19585: It is possible for tv_usec to hold >= 1000000 usecs so add in
19586: tv_usec / 1000000.
19587: [794ac4d53a65]
19588:
19589: 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
19590:
19591: * auth/kerb5.c:
19592: The component in krb5_principal_get_comp_string() should be 1, not 0
19593: for Heimdal. From Alex Plotnick.
19594: [fefa351c5044]
19595:
19596: 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
19597:
19598: * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
19599: interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
19600: redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
19601: Add efree() for consistency with emalloc() et al. Allows us to rely
19602: on C89 behavior (free(NULL) is valid) even on K&R.
19603: [7876bb80d87c]
19604:
19605: * parse.c, sudo.c:
19606: Move initgroups() for -U option into display_privs() so group
19607: matching in sudoers works correctly.
19608: [b074428ad2ca]
19609:
19610: 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
19611:
19612: * ldap.c:
19613: Removed duplicate call to ldap_unbind_s introduced along with
19614: sudo_ldap_close.
19615: [19acc1c20f7c]
19616:
19617: * parse.c:
19618: Add missing space in Defaults printing
19619: [95d2935bf6d4]
19620:
19621: 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
19622:
19623: * pwutil.c:
19624: Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
19625: and string copies.
19626: [6b6b241495e5]
19627:
19628: 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
19629:
19630: * pwutil.c:
19631: Zero old pw_passwd before replacing with version from shadow file.
19632: [3251b349dfe1]
19633:
19634: * configure, configure.in:
19635: Only attempt shadow password detection if PAM is not being used Add
19636: shadow_* variables to make shadow password detection more generic.
19637: [d498a3423ac9]
19638:
19639: * configure.in:
19640: Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
19641: [04d55bbd5e35]
19642:
19643: 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
19644:
19645: * sudoers.pod:
19646: use a non-breaking space to avoid a double space after e.g.
19647: [11cdb54bdf7b]
19648:
19649: * sudo.pod:
19650: commna, not colon after e.g.
19651: [8d5875ff72e0]
19652:
19653: 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
19654:
19655: * sudo_noexec.c:
19656: Add __ variants of the exec functions. GNU libc at least uses
19657: __execve() internally.
19658: [d1880473d790]
19659:
19660: * indent.pro:
19661: Match reality a bit more.
19662: [633e3fa875a7]
19663:
19664: * pwutil.c:
19665: Missed piece from rev. 1.6, fix sudo_getpwnam() too.
19666: [128f7b21c2ee]
19667:
19668: * pwutil.c:
19669: Store shadow password after making a local copy of struct passwd in
19670: case normal and shadow routines use the same internal buffer in
19671: libc.
19672: [f806052a6ffc]
19673:
19674: 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
19675:
19676: * alloc.c, logging.c:
19677: Make varargs usage consistent with the rest of the code.
19678: [3d45affc9851]
19679:
19680: 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
19681:
19682: * sudo_noexec.c:
19683: Wrap more of the exec family since on Linux the others do not appear
19684: to go through the normal execve() path.
19685: [8167769b4e19]
19686:
19687: * visudo.c:
19688: make print_unused static like proto says
19689: [ecf10e1bae55]
19690:
19691: * glob.c:
19692: silence a warning on K&R systems
19693: [2e00425f1a5c]
19694:
19695: * alias.c, error.c:
19696: make this build in K&R land
19697: [156f65f8525a]
19698:
19699: * parse.c:
19700: make this build in K&R land
19701: [6fc9276889cb]
19702:
19703: 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
19704:
19705: * toke.c:
19706: regen
19707: [3b349748cd21]
19708:
19709: 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
19710:
19711: * ldap.c:
19712: return(foo) not return foo optimize _atobool() slightly
19713: [11d09d154ed5]
19714:
19715: * ldap.c:
19716: Use TRUE/FALSE
19717: [53999320d98f]
19718:
19719: * ldap.c:
19720: Reformat to match the rest of sudo's code.
19721: [1bd0f2afa0e7]
19722:
19723: * sudo.pod:
19724: I am the primary author
19725: [5d311ecd85c6]
19726:
19727: 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
19728:
19729: * Makefile.in, README, RUNSON:
19730: The RUNSON file is toast--it confused too many people and really
19731: isn't needed in a configure-oriented world.
19732: [96a6ef7bbc08]
19733:
19734: * INSTALL:
19735: alternate -> alternative
19736: [b65015c5d0a2]
19737:
19738: * tgetpass.c:
19739: Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
19740: TCSAFLUSH.
19741: [c66b4763ffdc]
19742:
19743: * toke.l:
19744: Allow leading blanks before Defaults and Foo_Alias definitions
19745: [2add513d9277]
19746:
19747: * Makefile.in:
19748: fix rules to build toke.o and gram.o in devel mode
19749: [96cbb414ebd3]
19750:
19751: 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
19752:
19753: * sudoers.pod:
19754: env_keep overrides set_logname
19755: [401877193a15]
19756:
19757: * env.c:
19758: Fix disabling set_logname and make env_keep override set_logname.
19759: [0906e7a5ed93]
19760:
19761: * compat.h, config.h.in, configure, configure.in:
19762: No longer need memmove()
19763: [43bdb6efe3f2]
19764:
19765: * env.c, sudo.c:
19766: Just clean the environment once. This assumes that any further
19767: setenv/putenv will be able to handle the fact that we replaced
19768: environ with our own malloc'd copy but all the implementations I've
19769: checked do.
19770: [11658fe92ba2]
19771:
19772: 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
19773:
19774: * env.c, sudo.c:
19775: In -i mode, base the value of insert_env()'s dupcheck flag on
19776: DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
19777: [8365b0bd0c71]
19778:
19779: 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
19780:
19781: * env.c, sudo.c:
19782: Move setting of user_path, user_shell, user_prompt and prev_user
19783: into init_vars() since user_shell at least is needed there.
19784: [37e22dce66e9]
19785:
19786: 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
19787:
19788: * Makefile.in:
19789: fix devel builds
19790: [9fbb15ef164c]
19791:
19792: * sudo.c:
19793: Fix some printf format mismatches on error.
19794: [ffc1c3f11740]
19795:
19796: * check.c:
19797: Fix some printf format mismatches on error.
19798: [7b3b508adf50]
19799:
19800: * configure, gram.c, toke.c:
19801: regen
19802: [aa76f9d8b02a]
19803:
19804: * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
19805: auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
19806: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
19807: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
19808: auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
19809: closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
19810: emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
19811: getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
19812: interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
19813: parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
19814: snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
19815: sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
19816: testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
19817: visudo.pod, zero_bytes.c:
19818: Update copyright years.
19819: [0610c3654739]
19820:
19821: * Makefile.binary.in:
19822: Update copyright years.
19823: [d78ffc9f2e2b]
19824:
19825: * LICENSE:
19826: Update copyright years.
19827: [f60473bca4b1]
19828:
19829: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
19830: version 1.7
19831: [aa977a544ca1]
19832:
19833: * WHATSNEW:
19834: What's new in sudo 1.7, based on the 1.7 CHANGES entries.
19835: [ecfcf7269c14]
19836:
19837: 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
19838:
19839: * compat.h, logging.h, sudo.h:
19840: Add __printflike and use it with gcc to warn about printf-like
19841: format mismatches
19842: [b192ad4a0548]
19843:
19844: 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
19845:
19846: * CHANGES, ChangeLog:
19847: Replaced CHANGES file with ChangeLog generated from cvs logs
19848: [d9ace9dab98f]
19849:
19850: * set_perms.c:
19851: Use warning/error instead of perror/fatal.
19852: [e33259df7738]
19853:
19854: * config.guess:
19855: Update OpenBSD section
19856: [9d2c23de6801]
19857:
19858: * UPGRADE:
19859: Add upgrading noted for 1.7
19860: [1fb6b6d6df07]
19861:
19862: * env.c, sudo.c, sudoers.pod:
19863: Instead of zeroing out the environment, just prune out entries based
19864: on the env_delete and env_check lists. Base building up the new
19865: environment on the current environment and the variables we removed
19866: initially.
19867: [fc192df8fd15]
19868:
19869: * config.h.in, configure, configure.in, sudo.c:
19870: Set locale to "C" if locales are supported, just to be safe.
19871: [91fbaa98f02e]
19872:
19873: * toke.c, toke.l:
19874: Cast?argument to ctype functions to unsigned char.
19875: [e096b4d65796]
19876:
19877: 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
19878:
19879: * env.c:
19880: correct value for DID_USER
19881: [b5b05d36ec15]
19882:
19883: * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
19884: #include <compat.h> not "compat.h"
19885: [7a0ad9a0ccd7]
19886:
19887: * defaults.c:
19888: Reset the environment by default.
19889: [4ecc6423e0f0]
19890:
19891: * sudo.c:
19892: Alloc an extra slot in NewArgv. Removes the need to malloc an new
19893: vector if execve() fails.
19894: [83dfb6f584a7]
19895:
19896: 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
19897:
19898: * INSTALL, config.h.in, configure, configure.in, sudo.c:
19899: Use execve(2) and wrap the command in sh if we get ENOEXEC.
19900: [c0c6af4e2a21]
19901:
19902: 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
19903:
19904: * sudo_noexec.c:
19905: Only include time.h on systems that lack struct timespec which gets
19906: defind in compat.h (using time_t).
19907: [e373e518b4cb]
19908:
19909: * sudo_noexec.c:
19910: Include time.h for time_t in compat.h for systems w/o struct
19911: timespec.
19912: [a34b5637e458]
19913:
19914: * compat.h, config.h.in, configure, configure.in:
19915: use bcopy on systems w/o memmove
19916: [f835eafd78c6]
19917:
19918: * compat.h:
19919: __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
19920: use to gcc >= 2.8.
19921: [1cb9a4e58566]
19922:
19923: * Makefile.in:
19924: Add explicit rule to build sudo_noexec.lo
19925: [df1dfcf8dd77]
19926:
19927: 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
19928:
19929: * INSTALL.configure, Makefile.in:
19930: No longer depend on VPATH; pointed out a bunch of missed
19931: dependencies.
19932: [601a45d4af6b]
19933:
19934: * TROUBLESHOOTING:
19935: Help for PAM when account section is missing
19936: [9b8221256756]
19937:
19938: * auth/pam.c:
19939: Give user a clue when there is a missing "account" section in the
19940: PAM config.
19941: [2529625c0495]
19942:
19943: * auth/pam.c:
19944: Better error handling.
19945: [518c9bda23d8]
19946:
19947: * config.h.in, configure, configure.in:
19948: Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
19949: possible. Silences a warning about isblank() on linux.
19950: [19c94d7ecdc8]
19951:
19952: * auth/pam.c:
19953: Fix typo (missing comma) that caused an incorrect number of args to
19954: be passed to log_error().
19955: [0099dfec560f]
19956:
19957: 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
19958:
19959: * pwutil.c:
19960: Don't try to destroy a tree we didn't create.
19961: [d43c4fe03aa4]
19962:
19963: 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
19964:
19965: * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
19966: auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
19967: auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
19968: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
19969: compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
19970: fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
19971: goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
19972: match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
19973: sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
19974: strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
19975: tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
19976: Add __unused to rcsids
19977: [ad6b4ac45705]
19978:
19979: 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
19980:
19981: * configure, configure.in:
19982: Fix error message when mixing invalid auth types
19983: [68069b3ff5bc]
19984:
19985: * INSTALL:
19986: PAM, AIX auth, BSD auth and login_cap are now on by default if the
19987: OS supports them.
19988: [4e44e9098cf0]
19989:
19990: * auth/sudo_auth.h, config.h.in:
19991: s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
19992: [2d569b43b23e]
19993:
19994: * configure.in:
19995: Better checking for conflicting authentication methods Display the
19996: authentication methods used at the end of configure Rename --with-
19997: authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
19998: --with-pam, --with-logincap by default on systems that support them
19999: unless disabled. Add OSMAJOR variable that replaces old OSREV; now
20000: OSREV has full version number
20001: [a21115b6fe9f]
20002:
20003: 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
20004:
20005: * def_data.c, def_data.in, sudo.c, sudoers.pod:
20006: s/-O/-C/
20007: [ee73f1b81923]
20008:
20009: 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
20010:
20011: * configure.in:
20012: Replace: test -n "$FOO" || FOO="bar"
20013:
20014: With: : ${FOO='bar'}
20015: [37552d9054fc]
20016:
20017: 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
20018:
20019: * pwutil.c, testsudoers.c, tsgetgrpw.c:
20020: Use function pointers to only call private passwd/group routines
20021: when using a nonstandard passwd/group file.
20022: [215908681dfb]
20023:
20024: 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
20025:
20026: * CHANGES:
20027: sync
20028: [2e55c03f5790]
20029:
20030: * tsgetgrpw.c:
20031: Can't use strtok() since it doesn't handle empty fields so add
20032: getpwent()/getgrent() functions and call those.
20033: [bdaa5b0db70e]
20034:
20035: 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
20036:
20037: * Makefile.in:
20038: Fix dummied out toke.c and gram.c dependencies.
20039: [4b909c8b2ebe]
20040:
20041: * Makefile.in:
20042: Rename PARSESRCS -> GENERATED since it is only used in the clean
20043: target Add devdir variable and use it to specify the path to parser
20044: sources
20045: [f27b3f41ca23]
20046:
20047: * configure:
20048: regen
20049: [22c6435dbd46]
20050:
20051: * configure.in:
20052: Add a devdir variables that defaults to $(srcdir) and is set to . if
20053: --devel was specified. Allows for proper dependecies building the
20054: parser.
20055: [a36d694c6d21]
20056:
20057: * testsudoers.c:
20058: Add support for custom passwd/group files.
20059: [296549ff4b87]
20060:
20061: * Makefile.in:
20062: Build private copy of pwutil.o for testsudoers with MYPW defined so
20063: it uses our own passwd/group routines.
20064: [bafa54ec78ca]
20065:
20066: * visudo.c:
20067: Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
20068: stubs instead. We can now just use the caching sudo_*{pw,gr}*
20069: functions in pwutil.c Add comment about wanting to call
20070: sudo_endpwent/sudo_endgrent in cleanup()
20071: [7e59d6b5510d]
20072:
20073: * tsgetgrpw.c:
20074: Remove caching; we will just use what is in pwutil.c Use global
20075: buffers for passwd/group structs Rename functions from sudo_* to
20076: my_*
20077: [8c1e068f574c]
20078:
20079: * logging.c, sudo.c:
20080: g/c pwcache_init/pwcache_destroy
20081: [60a24909b947]
20082:
20083: * sudo.h:
20084: Undo last commit and add sudo_setspent and sudo_endspent instead.
20085: [bac80db08296]
20086:
20087: * getspwuid.c, pwutil.c:
20088: Move all but the shadow stuff from getspwuid.c to pwutil.c and
20089: pwcache_get and pwcache_put as they are no longer needed. Also add
20090: preprocessor magic to use private versions of the passwd and group
20091: routines if MYPW is defined (for use by testsudoers).
20092: [a16b8678a426]
20093:
20094: * tsgetgrpw.c:
20095: zero out struct passwd/group before filling it in so if there are
20096: fields we don't handle they end up as 0.
20097: [274cb6a93301]
20098:
20099: * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
20100: Adapt to pwutil.c
20101: [43ebd04c8b82]
20102:
20103: * Makefile.in:
20104: Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
20105: readability.
20106: [7f88c6061e2d]
20107:
20108: * tsgetgrpw.c:
20109: Passwd and group lookup routines for testsudoers that support
20110: alternate passwd and group files.
20111: [d7803101d34e]
20112:
20113: * getspwuid.c, pwutil.c:
20114: Split off pw/gr cache and dup code into its own file. This allows
20115: visudo and testsudoers to use the pw/gr cache too.
20116: [ef333d3ffedf]
20117:
20118: 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
20119:
20120: * parse.c:
20121: Print Defaults info in "sudo -l" output and wrap lines based on the
20122: terminal width.
20123: [e559eae4250e]
20124:
20125: 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
20126:
20127: * match.c, testsudoers.c, visudo.c:
20128: Only check group vector in usergr_matches() if we are matching the
20129: invoking or list user. Always check the group members, even if
20130: there was a group vector.
20131: [d0c7ceb2a041]
20132:
20133: 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
20134:
20135: * LICENSE, Makefile.in, fnmatch.3:
20136: No longer bundle fnmatch.3
20137: [72db4a4ff4e1]
20138:
20139: * CHANGES, TODO:
20140: checkpoint
20141: [e92781bfd99c]
20142:
20143: 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
20144:
20145: * sudo.c:
20146: sort usage
20147: [15e3b876ec2c]
20148:
20149: * sudo.pod:
20150: Sort command line options
20151: [c1fa56584bc4]
20152:
20153: * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
20154: sudo.pod, sudoers.pod:
20155: Add closefrom sudoers option to start closing at a point other than
20156: 3. Add closefrom_override sudoers option and -C sudo flag to allow
20157: the user to specify a different closefrom starting point.
20158: [370652b099d1]
20159:
20160: * pathnames.h.in:
20161: Add _PATH_DEVNULL for those without it.
20162: [0c4c3e0ceb8b]
20163:
20164: * LICENSE:
20165: no more UCB strcasecmp
20166: [397a6298e07f]
20167:
20168: * strcasecmp.c:
20169: replace BSD licensed one with version derived from pdksh
20170: [d7cfda8c57a2]
20171:
20172: 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
20173:
20174: * sudo.c:
20175: Fix last commit.
20176: [7afb9a180532]
20177:
20178: * sudo.c:
20179: Make sure stdin, stdout and stderr are open and dup them to
20180: /dev/null if not.
20181: [590f387068bd]
20182:
20183: 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
20184:
20185: * ldap.c, mon_systrace.c, sudo.c, sudo.h:
20186: add sudo_ldap_close
20187: [4273a36765a7]
20188:
20189: * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
20190: Use TIME_WITH_SYS_TIME
20191: [c32b59bf15fb]
20192:
20193: * config.h.in, configure, configure.in:
20194: Add TIME_WITH_SYS_TIME_H
20195: [57cb146f451d]
20196:
20197: 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
20198:
20199: * env.c:
20200: Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
20201: unconditionally on darwin. From Toby Peterson.
20202: [d69959681c87]
20203:
20204: * getspwuid.c:
20205: Check rbinsert() return value. In the case of faked up entries
20206: there is usually a negative response cached that we need to
20207: overwrite.
20208:
20209: In pwfree() don't try to zero out a NULL pw_passwd pointer.
20210: [00b32d1a48c1]
20211:
20212: * mon_systrace.c:
20213: Use the double fork trick to avoid the monitor process being waited
20214: for by the main program run through sudo.
20215: [e0ce556712ff]
20216:
20217: 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
20218:
20219: * sudo.c:
20220: Call initgroups() in -U mode so group matches work normally.
20221: [2235bea15283]
20222:
20223: * def_data.h, mkdefaults:
20224: Don't print a trailing comma for the last entry in enum def_tupple
20225: [c43a96bb31df]
20226:
20227: 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
20228:
20229: * sudoers.cat, sudoers.man.in, sudoers.pod:
20230: Mention values when lecture, listpw and verifypw are used in boolean
20231: context.
20232: [a0b5c0abaccf]
20233:
20234: * def_data.c, def_data.in:
20235: verifypw when used in a boolean TRUE context should be "all", not
20236: "any".
20237: [2eb076ddd5e2]
20238:
20239: 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
20240:
20241: * def_data.in, defaults.c:
20242: Allow tuples that can be used as booleans to be used as boolean
20243: TRUE. In this case the 2nd possible value of the tuple is used for
20244: TRUE.
20245: [bd99aa77e88b]
20246:
20247: 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
20248:
20249: * configure, configure.in:
20250: Correct the test for 2-parameter timespecsub
20251: [d41c9cb26b97]
20252:
20253: * sudo.h:
20254: Add strub struct definitions for passwd, timeval and timespec
20255: [c4ce5c43d8c5]
20256:
20257: * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
20258: Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
20259: and fix a typo in the gettimeofday check.
20260: [8ac9893057ce]
20261:
20262: 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
20263:
20264: * match.c, testsudoers.c:
20265: Deal with user_stat being NULL as it is for visudo and testsudoers.
20266: [3605a6ff64d0]
20267:
20268: * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
20269: Add -U option to use in conjunction with -l instead of -u. Add
20270: support for "sudo -l command" to test a specific command.
20271: [99638789d415]
20272:
20273: * gram.c, gram.y, sudo.c:
20274: Set safe_cmnd after sudoers_lookup() if it has not been set.
20275: Previously it was set by sudo "ALL" in the parser but at that point
20276: the fully-qualified pathname has not yet been found.
20277: [ac30d98f8225]
20278:
20279: 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
20280:
20281: * parse.c, testsudoers.c:
20282: Correctly handle multiple privileges per userspec and runas
20283: inheritence.
20284: [a98a965181af]
20285:
20286: 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
20287:
20288: * defaults.c:
20289: Zero out sd_un for each entry in sudo_defs_table in init_defaults.
20290: [031d3cd4a848]
20291:
20292: 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
20293:
20294: * toke.c, toke.l:
20295: make per-command defaults work with sudoedit
20296: [e56fe33db916]
20297:
20298: * ldap.c, parse.c, sudo.c, sudo.h:
20299: Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
20300: Instead, we just set the approriate defaults variable.
20301: [756eeecc1d86]
20302:
20303: * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
20304: Document per-command Defaults.
20305: [92a0f84b91c1]
20306:
20307: * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
20308: sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
20309: Add support for command-specific Defaults entries. E.g.
20310: Defaults!/usr/bin/vi noexec
20311: [be3d52bf01cf]
20312:
20313: * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
20314: Change an occurence of user_matches() -> runas_matches() missed
20315: previously runas_matches(), host_matches() and cmnd_matches() only
20316: really need to pass in a list of members. user_matches() still
20317: needs to pass in a passwd struct because of "sudo -l"
20318: [833b22fc6fa0]
20319:
20320: * parse.c:
20321: Check def_authenticate, def_noexec and def_monitor when setting
20322: return flags. XXX May be better to just set the defaults directly
20323: and get rid of those flags.
20324: [b6db22b59d69]
20325:
20326: * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
20327: auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
20328: auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
20329: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
20330: defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
20331: getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
20332: gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
20333: mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
20334: strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
20335: sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
20336: visudo.c, zero_bytes.c:
20337: Use: #include <config.h> Not: #include "config.h" That way we get
20338: the correct config.h when build dir != src dir
20339: [97e5670a442b]
20340:
20341: * Makefile.in:
20342: Back out part of rev 1.263; fix -I order
20343: [197ea01cad5d]
20344:
20345: * toke.c, toke.l:
20346: More robust parsing if #include; could be much better still.
20347: [31bc3cd8f045]
20348:
20349: * sudo_edit.c, visudo.c:
20350: Make arg splitting in visudo and sudoedit consistent.
20351: [7bc74485f246]
20352:
20353: * Makefile.in, alias.c, gram.c, gram.y, parse.h:
20354: Split alias routines out into their own file.
20355: [d90f633cf9ae]
20356:
20357: * error.h:
20358: __attribute__ is already defined in compat.h
20359: [676ed3fe9203]
20360:
20361: * visudo.c:
20362: quit() should not be __noreturn__ as it is non-void on some
20363: platforms.
20364: [e528c2b6ba10]
20365:
20366: * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
20367: Add local error/warning functions like err/warn but that call an
20368: additional cleanup routine in the error case. This means we no
20369: longer need to compile a special version of alloc.o for visudo.
20370: [e78e8aae882e]
20371:
20372: * parse.h:
20373: Clarify comments about the data structures
20374: [ae894e266701]
20375:
20376: 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
20377:
20378: * visudo.c:
20379: Add support for VISUAL and EDITOR containing command line args. If
20380: env_editor is not set any args in VISUAL and EDITOR are ignored.
20381: Arguments are also now supported in def_editor.
20382: [ff7303b8e298]
20383:
20384: 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
20385:
20386: * parse.h:
20387: alias_matches() is no more
20388: [b59825e28084]
20389:
20390: * CHANGES, TODO:
20391: sync
20392: [2b8f5f63c1de]
20393:
20394: * Makefile.in:
20395: When regenerating the parser, don't replace gram.h unless it has
20396: changed.
20397: [819949668018]
20398:
20399: * Makefile.in:
20400: remove Makefile.binary for distclean
20401: [351eec8d00b2]
20402:
20403: * env.c:
20404: Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
20405: sure we can't overflow new_env.
20406: [3284d17b9c6d]
20407:
20408: * sudo_edit.c:
20409: paranoia when stripping trailing slashes from tempdir.
20410: [012f1aa2b81f]
20411:
20412: * sudo.c:
20413: Set user_ngroups to 0 if getgroups() returns an error.
20414: [c46d43e9449a]
20415:
20416: 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
20417:
20418: * config.h.in, configure, configure.in, sudo.c:
20419: Add configure check for getgroups()
20420: [5d8a214e2cef]
20421:
20422: * ldap.c:
20423: Use supplementary group vector in struct sudo_user.
20424: [3d0c463c034d]
20425:
20426: * match.c:
20427: Only do string comparisons on the group members if there is no
20428: supplemental group list.
20429: [be1c8362f7ef]
20430:
20431: * CHANGES, TODO:
20432: sync
20433: [db188bc5b975]
20434:
20435: * sudo_edit.c:
20436: On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
20437: chop off any trailing slashes we see and add an explicit one.
20438: [e1b477dafee1]
20439:
20440: * match.c:
20441: remove bogus XXX comment
20442: [8aecb8a28d40]
20443:
20444: * match.c:
20445: Get rid of alias_matches and correctly fall through to the non-alias
20446: cases when there is no alias with the specified name.
20447: [2cd555246f09]
20448:
20449: * getspwuid.c:
20450: Cache non-existent passwd/group entries too.
20451: [8de9a467d271]
20452:
20453: * gram.c:
20454: regen
20455: [9ece18c58f36]
20456:
20457: * getspwuid.c:
20458: fix typo
20459: [9a7ae371eac1]
20460:
20461: * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
20462: mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
20463: Implement group caching and use the passwd and group caches
20464: throughout.
20465: [f1d8c5015169]
20466:
20467: 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
20468:
20469: * match.c:
20470: Properly negate the return value of alias_matches() when
20471: appropriate.
20472: [ce59c4ce77ad]
20473:
20474: * match.c:
20475: Make hostname_matches() return TRUE for a match, else FALSE like the
20476: caller expects.
20477: [1dc03902d3a2]
20478:
20479: * Makefile.in:
20480: Add missing dependencies on gram.h
20481: [4f94bbb1d50c]
20482:
20483: * match.c:
20484: Use runas_matches in alias_matches() now that we have it.
20485: [284d22e91178]
20486:
20487: * parse.c, parse.h:
20488: Expand aliases in "sudo -l" mode
20489: [f67a38b79c44]
20490:
20491: * gram.y, match.c:
20492: Use ALIAS for the member type when storing an alias instead of
20493: HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
20494: more generic type. Expand runas_matches instead of calling
20495: user_matches() inside of it since user_matches() looks up
20496: USERALIASes, not RUNASALIASes.
20497: [52004d75232b]
20498:
20499: * CHANGES, getspwuid.c:
20500: Paranoia; zero out pw_passwd before freeing passwd entry.
20501: [bd1b22638f00]
20502:
20503: * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
20504: configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
20505: error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
20506: sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
20507: Add local error/warning functions like err/warn but that call an
20508: additional cleanup routine in the error case. This means we no
20509: longer need to compile a special version of alloc.o for visudo.
20510: [25000b676cfe]
20511:
20512: * match.c:
20513: Use userpw_matches() to compare usernames, not strcmp(), since the
20514: latter checks for "#uid".
20515: [fcbe4b859f66]
20516:
20517: * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
20518: Cache passwd db entries in 2 reb-black trees; one indexed by uid,
20519: the other by user name. The data returned from the cache should be
20520: considered read-only and is destroyed by sudo_endpwent().
20521: [ee2418ff3f86]
20522:
20523: * match.c:
20524: add cast to uid_t
20525: [eb6415302d84]
20526:
20527: * gram.y:
20528: missing free in alias_destroy
20529: [572ecb680ad8]
20530:
20531: * redblack.c:
20532: Can't use rbapply() for rbdestroy since the destructor is passed a
20533: data pointer, not a node pointer.
20534: [11ce713830c0]
20535:
20536: * getspwuid.c, logging.c, sudo.c, sudo.h:
20537: Create and use private versions of setpwent() and endpwent() that
20538: set/end the shadow password file too.
20539: [616bc76d23bf]
20540:
20541: * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
20542: Store aliases in a red-black tree.
20543: [ce017d540416]
20544:
20545: * Makefile.in, redblack.c, redblack.h:
20546: red-black tree implementation
20547: [cd5586e8f48b]
20548:
20549: * visudo.c:
20550: Edit all sudoers file if there were unused or undefined aliases and
20551: we are in strict mode.
20552: [b6d5f5bb7262]
20553:
20554: 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
20555:
20556: * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
20557: find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
20558: Bring back the "secure_path" Defaults option now that Defaults take
20559: effect before the path is searched.
20560: [2e52c0e27606]
20561:
20562: 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
20563:
20564: * logging.c, parse.c:
20565: A user can always list their own entries, even with -u. Better error
20566: message when failing to list another user's entries.
20567: [e2e24deb0071]
20568:
20569: * parse.c, sudo.c, sudo.h:
20570: The syntax to list another user's entries is now "-u otheruser -l".
20571: Only root or users with sudo "ALL" may list other user's entries.
20572: [3c0657e8f5fe]
20573:
20574: * sudo.cat, sudo.man.in, sudo.pod:
20575: Update env variable info in SECURITY NOTES
20576: [299716071024]
20577:
20578: * env.c:
20579: strip CDPATH too
20580: [9b97643b26f9]
20581:
20582: * env.c:
20583: strip exported bash functions from the environment.
20584: [9e5090c8284f]
20585:
20586: 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
20587:
20588: * sudo.c:
20589: Only reset sudo_user.pw based on SUDO_USER environment variables for
20590: real commands and sudoedit. This avoids a confusing message when a
20591: user tries "sudo -l" or "sudo -v" and is denied.
20592: [3ea6d0053274]
20593:
20594: * gram.c, gram.y, parse.h:
20595: Extend LIST_APPEND to deal with appending lists too
20596: [d963e42f622f]
20597:
20598: 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
20599:
20600: * logging.c:
20601: Convert some bitwise AND to ISSET
20602: [130dc40d268e]
20603:
20604: * lex.yy.c, toke.c:
20605: toke.c replaces lex.yy.c
20606: [048858df79e7]
20607:
20608: * CHANGES, TODO:
20609: sync
20610: [d19e7abf251c]
20611:
20612: * BUGS:
20613: new parser fixes most of the outstanding bugs
20614: [0891f66e3758]
20615:
20616: * configure:
20617: regen
20618: [1a3358cc7283]
20619:
20620: * visudo.c:
20621: Rework for the new parser. Now checks for unused aliases in sudoers.
20622: [ad462ede3094]
20623:
20624: * testsudoers.c:
20625: Rewrite for the new parser. Now supports a -d flag (dump) and adds
20626: a -h flag (host). It now defaults to the local hostname unless
20627: otherwise specified.
20628: [1b69685cc601]
20629:
20630: * sudo.h:
20631: Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
20632: [2e4fb3abfef0]
20633:
20634: * sudo.c:
20635: Update for new parse. We now call find_path() *after* we have
20636: updated the global defaults based on sudoers. Also adds support for
20637: listing other user's privs if you are root.
20638: [cf3db9fc3024]
20639:
20640: * mon_systrace.c:
20641: Working LDAP support; also remove a now-unneeded rewind().
20642: [649ecf1baf6b]
20643:
20644: * logging.c, logging.h:
20645: Add NO_STDERR flag.
20646: [6cb935af94e0]
20647:
20648: * ldap.c:
20649: Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
20650: udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
20651: connecto to LDAP, apply the default options, find the command in the
20652: user's path, and then check whether the user is allowed to run it.
20653: The important thing here is that the default runas user may be
20654: specified as a default option and that needs to be set before we
20655: search for the command.
20656: [fc0426abc6f1]
20657:
20658: * ldap.c:
20659: Add casts to unsigned char for isspace() to quiet a gcc warning.
20660: [e5358e3df439]
20661:
20662: * defaults.h:
20663: Add prototype for update_defaults()
20664: [564dac3db74e]
20665:
20666: * defaults.c:
20667: Don't warn about line numbers now that we operate on a set of data
20668: structures (or LDAP) and not a file.
20669: [bcd9ffb9b67c]
20670:
20671: * config.h.in:
20672: No long use lsearch()
20673: [9d048c587319]
20674:
20675: * Makefile.in:
20676: Update for new and changed file names.
20677: [6f424a7c4515]
20678:
20679: * LICENSE:
20680: no more BSD lsearch.c
20681: [463a96d89026]
20682:
20683: * match.c:
20684: foo_matches() routines now live in match.c Added user_matches(),
20685: runas_matches(), host_matches(), cmnd_matches() and alias_matches()
20686: that operate on the parsed sudoers file.
20687: [b14da8a0567e]
20688:
20689: * parse.lex, toke.l:
20690: Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
20691: WORD no longer needs to exclude '@' kill yywrap()
20692: [a922294eb7b7]
20693:
20694: * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
20695: sudo.tab.h:
20696: Rewritten parser that converts sudoers into a set of data
20697: structures. This eliminates ordering issues and makes it possible to
20698: apply sudoers Defaults entries before searching for the command.
20699: [30d2ec4d203c]
20700:
20701: * configure.in, emul/search.h, lsearch.c:
20702: We won't be using lsearch() any longer.
20703: [29c4d54bfac0]
20704:
20705: * ldap.c:
20706: sudo should not send mail if someone who runs 'sudo -l' has no
20707: entry.
20708: [6fc27a69fd9c]
20709:
20710: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
20711: visudo.man.in:
20712: regen
20713: [8166347917f3]
20714:
20715: * visudo.pod:
20716: Update warnings to match new visudo
20717: [004c0766798f]
20718:
20719: * sudoers.pod:
20720: The new parser doesn't have the old ordering constraints.
20721: [ffd43bd08661]
20722:
20723: * sudo.pod:
20724: Document that -l now takes an optional username argument
20725: [278f9557de8b]
20726:
20727: 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
20728:
20729: * RUNSON:
20730: AIX 5.2.0.0 works
20731: [523acd29d858]
20732:
20733: * ldap.c:
20734: If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
20735: a compilation problem with Solaris 9's native LDAP.
20736:
20737: Set FLAG_MONITOR when needed.
20738: [35824ade672d]
20739:
20740: 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
20741:
20742: * mon_systrace.c:
20743: Call sudo_goodpath() *after* changing the cwd to match the traced
20744: process. Fixes relative paths.
20745: [12ee111d0ad7]
20746:
20747: 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
20748:
20749: * testsudoers.c:
20750: Kill set_perms() stub--it is no longer needed.
20751: [116ed702935d]
20752:
20753: 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
20754:
20755: * sudoers.cat, sudoers.man.in, sudoers.pod:
20756: stay_setuid now requires set_reuid() or setresuid()
20757: [8511f67e25d5]
20758:
20759: * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
20760: configure.in, set_perms.c, sudo.c, sudo.h:
20761: Kill use of POSIX saved uids; they aren't worth bothering with.
20762: [b3b1f19f18c1]
20763:
20764: 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
20765:
20766: * glob.c:
20767: remove call to issetugid()
20768: [63f2e492c08f]
20769:
20770: * sudoers.cat, sudoers.man.in, sudoers.pod:
20771: Remove warning about wildcards. Now that we use glob() the bug is
20772: fixed.
20773: [b15729d32266]
20774:
20775: * parse.c:
20776: Use glob(3) instead of fnmatch(3) for matching pathnames and stat
20777: each result that matches the basename of the user's command. This
20778: makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
20779: /usr/bin/blah. Fixes bug #143.
20780: [e31eb6310340]
20781:
20782: * config.h.in, configure, configure.in:
20783: Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
20784: GLOB_BRACE)
20785: [677ed6661e17]
20786:
20787: * config.h.in, configure, configure.in:
20788: Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
20789: [aaa2329dd266]
20790:
20791: * LICENSE:
20792: reference glob
20793: [bedc9a923423]
20794:
20795: * glob.c:
20796: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
20797: removed.
20798: [81799451473c]
20799:
20800: * emul/glob.h:
20801: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
20802: removed.
20803: [0335cf31fb1e]
20804:
20805: 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
20806:
20807: * mon_systrace.c:
20808: Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
20809: means we are out of space in the stack gap...
20810: [5b02b702021e]
20811:
20812: * CHANGES:
20813: sync
20814: [be3826273e56]
20815:
20816: * mon_systrace.c:
20817: Take a stab at ldap sudoers support here.
20818: [9d023695b0de]
20819:
20820: * mon_systrace.c, mon_systrace.h:
20821: Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
20822: doesn't cause reboot to inadvertanly kill itself.
20823: [d4aab2365610]
20824:
20825: * mon_systrace.c:
20826: put "monitor" in the proctitle, not "systrace"
20827: [9a9025767d86]
20828:
20829: * mon_systrace.c:
20830: When modifying the environment, don't replace envp when we can get
20831: away with just rewriting pointers in the traced process.
20832: [c03622f7a2e2]
20833:
20834: * mon_systrace.c, mon_systrace.h:
20835: Add environment updating via STRIOCINJECT (if available).
20836: [037291016870]
20837:
20838: * sudoers.cat, sudoers.man.in:
20839: regen
20840: [869acc511046]
20841:
20842: 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
20843:
20844: * lex.yy.c:
20845: regen
20846: [4e61a9bd3c97]
20847:
20848: * parse.lex:
20849: Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
20850: [b70d7bd6e147]
20851:
20852: * mon_systrace.c:
20853: Include file is now mon_systrace.h
20854: [ead4e36d92ae]
20855:
20856: * Makefile.in, configure, configure.in, def_data.c, def_data.h,
20857: def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
20858: sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
20859: No longer call it tracing, it is now "monitoring" which should be
20860: more a obvious name to non-hackers.
20861: [aa811ded0789]
20862:
20863: 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
20864:
20865: * mon_systrace.c, mon_systrace.h:
20866: Fix some XXX
20867: [a271072dacc6]
20868:
20869: * mon_systrace.c, mon_systrace.h:
20870: No need to include syscall.h, use 1024 as the max # of entries (the
20871: max that systrace(4) allows).
20872:
20873: Only need to use SYSTR_POLICY_ASSIGN once
20874:
20875: Change check_syscall() -> find_handler() and have it return the
20876: handler instead of just running it. We need this since handler now
20877: have two parts: one part that generates and answer and another that
20878: gets called after the answer is accepted (to do logging).
20879:
20880: Add some missing check_exec for emul execv
20881: [a89d243f0525]
20882:
20883: * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
20884: Add $Sudo$ tags.
20885: [6f3fedb0daba]
20886:
20887: * config.h.in:
20888: Add missing HAVE_LINUX_SYSTRACE_H
20889: [ff75ab7bfc53]
20890:
20891: * Makefile.in:
20892: add trace_systrace.o dependency
20893: [88a408668ab2]
20894:
20895: 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
20896:
20897: * configure, configure.in:
20898: Also look for systrace.h in /usr/include/linux
20899: [98b98b436cf3]
20900:
20901: * mon_systrace.c, mon_systrace.h:
20902: Move all struct defs and prototypes into trace_systrace.h and mark
20903: all but systace_attach() static.
20904: [85511253b570]
20905:
20906: * mon_systrace.c, mon_systrace.h:
20907: Add support for tracing emulations. At the moment, all emulations
20908: are compiled in. It might make sense to #ifdef them in the future,
20909: though this impeeds readability.
20910: [87bb50abf277]
20911:
20912: * Makefile.in, configure, configure.in:
20913: rename systrace.c -> trace_systrace.c
20914: [31cfa4407d93]
20915:
20916: * parse.yacc, sudo.tab.c:
20917: Allow this to build with a K&R compiler again
20918: [32876af5bb98]
20919:
20920: * TODO:
20921: sync
20922: [46865bd70f7c]
20923:
20924: * compat.h, sudo.c, visudo.c:
20925: Use __attribute__((__noreturn__))
20926: [65bbad71fe89]
20927:
20928: * visudo.c:
20929: Exit() takes a negative value to indicate it was not called via
20930: signal.
20931: [b93032ed7b60]
20932:
20933: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
20934: visudo.man.in:
20935: regen
20936: [45bcf4661558]
20937:
20938: * Makefile.in, visudo.c:
20939: Define Err() and Errx() that are like err() and errx() but call
20940: Exit() instead of exit(). Build private copy of alloc.o for visudo
20941: that calls Err() and Errx().
20942: [c6d02bf42edd]
20943:
20944: 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
20945:
20946: * lex.yy.c, sudo.tab.c:
20947: regen
20948: [39de7e7c59da]
20949:
20950: * CHANGES:
20951: sync
20952: [ba481d9ed1aa]
20953:
20954: * visudo.c:
20955: Overhaul visudo for editing multiple files: o visudo has been
20956: broken out into functions (more work needed here) o each file is
20957: now edited before sudoers is re-parsed o if a #include line is
20958: added that file will be edited too
20959:
20960: TODO: o cleanup temp files when exiting via err() or errx() o
20961: continue breaking things out into separate functions
20962: [80c35cf534eb]
20963:
20964: * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
20965: Add keepopen arg to open_sudoers that open_sudoers can use to
20966: indicate to the caller that the fd should not be closed when it is
20967: done with it. To be used by visudo to keep locked fds from being
20968: closed prematurely (and thus losing the lock).
20969: [f330fe632470]
20970:
20971: * parse.yacc, sudo.c:
20972: Add errorfile global that contains the name of the file that caused
20973: the error.
20974: [98079c7a37ed]
20975:
20976: * parse.lex:
20977: return COMMENT to yacc grammar for a #include line
20978: [2024a8de4fa8]
20979:
20980: * parse.lex:
20981: Remove us of unput() in favor of yyless() which is cheaper.
20982: [c61291902beb]
20983:
20984: * parse.yacc:
20985: Allow an empty sudoers file.
20986: [62fb111db2e7]
20987:
20988: 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
20989:
20990: * mon_systrace.c:
20991: Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
20992: [9e15869ef597]
20993:
20994: * lex.yy.c, sudo.tab.c:
20995: regen
20996: [c29bdd43bfad]
20997:
20998: * visudo.c:
20999: Do signal setup before calling edit_sudoers(). Don't shadow the
21000: "quiet" global.
21001: [74252efd09ff]
21002:
21003: * visudo.c:
21004: If a sudoers file includes other files, edit those too. Does not yes
21005: deal with creating the new includes files itself.
21006: [06af7b9c173f]
21007:
21008: * testsudoers.c:
21009: init_parser now takes a path
21010: [b5ee186eb192]
21011:
21012: * parse.c, parse.h, parse.lex, parse.yacc:
21013: More scaffolding for dealing with multiple sudoers files: o
21014: init_parser() now takes a path used to populate the sudoers global
21015: o the sudoers global is used to print the correct file in yyerror()
21016: o when switching to a new sudoers file, perserve old file name and
21017: line number
21018: [d9be4970b8bd]
21019:
21020: * Makefile.in, pathnames.h.in:
21021: Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
21022: multiple sudoers files.
21023: [6ccc4e921c43]
21024:
21025: * parse.c, sudo.c:
21026: Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
21027: we start at the right file position when reading include files.
21028: [91fcb961e7a4]
21029:
21030: * sudoers.pod:
21031: document #include
21032: [fbb92a25a726]
21033:
21034: * lex.yy.c:
21035: regen
21036: [50cd7a4c9dff]
21037:
21038: * parse.lex:
21039: Add max depth of 128 for the include stack to avoid loops.
21040:
21041: Since yyerror() doesn't stop parsing, pass return values back to
21042: yylex and call yyterminate() on error.
21043: [e79dbffb729d]
21044:
21045: 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
21046:
21047: * sudoers.pod:
21048: document tracing
21049: [165a467eadd8]
21050:
21051: * sudo.pod:
21052: Mention PREVENTING SHELL ESCAPES section of sudoers man page
21053: [3217ccecd834]
21054:
21055: * lex.yy.c, sudo.tab.c:
21056: regen
21057: [fbd58d1d3a76]
21058:
21059: * parse.lex:
21060: Add support for #include in sudoers (visudo support TBD)
21061: [a78015ca81af]
21062:
21063: * parse.yacc:
21064: make yyerror()'s argument const
21065: [7d8e168c019a]
21066:
21067: * testsudoers.c, visudo.c:
21068: Add open_sudoers() stubs.
21069: [087466787198]
21070:
21071: * sudo.c, sudo.h:
21072: Rename check_sudoers() open_sudoers() and make it return a FILE *
21073: [142fc511fc65]
21074:
21075: 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
21076:
21077: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
21078: version.h:
21079: Crank version
21080: [1adc3f839480]
21081:
21082: * Makefile.in, sudo.psf:
21083: Better HP-UX depot construction
21084: [2d952b000e63]
21085:
21086: 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
21087:
21088: * mon_systrace.c:
21089: o Made children global so check_exec() can lookup a child. o
21090: Replaced uid in struct childinfo with struct passwd * (for runas) o
21091: new_child() now takes a parent pid so the runas info can be
21092: inherited o Added find_child() to lookup a child by its pid o
21093: update_child() now fills in a struct passwd o Converted the big
21094: if/else mess in set_policy to a switch o Syscalls that change uid
21095: are now "ask" so we get SYSTR_MSG_UGID events
21096: [29b9ea3f09a3]
21097:
21098: * getspwuid.c:
21099: Add flag to sudo_pwdup that indicates whether or not to lookup the
21100: shadow password. Will be used to a struct passwd that has the
21101: shadow password already filled in.
21102: [e19d43dd7238]
21103:
21104: * mon_systrace.c:
21105: add missing increment of addr in read_string()
21106: [f9eb0f060cb6]
21107:
21108: * mon_systrace.c:
21109: Remove bogus call to update_child() and some cosmetic fixes
21110: [701ab0b97fef]
21111:
21112: * mon_systrace.c:
21113: Don't leak /dev/systrace fd to tracee Make initialized global for
21114: simplicity If STRIOCATTACH returns EBUSY we are already being traced
21115: Check for user_args == NULL in setproctitle() call Add missing calls
21116: to STRIOCANSWER
21117: [1956edf9bc3a]
21118:
21119: * sudo.c:
21120: g/c sudo_pwdup proto
21121: [b7c4d6249ecb]
21122:
21123: * Makefile.in, sudo.psf:
21124: Add target for building a depot file
21125: [357019efd99b]
21126:
21127: * mon_systrace.c:
21128: trim includes
21129: [501534428471]
21130:
21131: 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
21132:
21133: * lex.yy.c, sudo.tab.c, sudo.tab.h:
21134: regen
21135: [52fd250c6986]
21136:
21137: * INSTALL:
21138: document --with-systrace
21139: [79623927c94e]
21140:
21141: * config.h.in, configure, configure.in:
21142: Add check for setproctitle
21143: [1730cf1c26ed]
21144:
21145: * mon_systrace.c:
21146: pass struct str_msg_ask in to syscall checker so it can set the
21147: error code
21148: [1703fd2fdef6]
21149:
21150: * mon_systrace.c:
21151: systrace(4) support for sudo. On systems with the systrace(4)
21152: kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
21153: intercept exec calls and check the exec args against the sudoers
21154: file. In other words, sudo can now control subcommands and shell
21155: escapes.
21156: [928c9217c386]
21157:
21158: * sudo.c, sudo.h:
21159: Call systrace_attach() if FLAG_TRACE is set.
21160: [014ba9402fa5]
21161:
21162: * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
21163: Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
21164: [a99904db5e56]
21165:
21166: * parse.c, sudo.c:
21167: Don't close sudoers_fp, keep it open and set close on exec flag
21168: instead.
21169: [43a9fec60bee]
21170:
21171: * def_data.c, def_data.h, def_data.in:
21172: Add trace option
21173: [5b643b86730a]
21174:
21175: * Makefile.in:
21176: Add systrace
21177: [47a0519c427c]
21178:
21179: * INSTALL:
21180: SunOS /bin/sh blows up with configure
21181: [005a23cc5615]
21182:
21183: * configure, configure.in:
21184: Include sys/param.h before systrace.h
21185: [9345bc8efecf]
21186:
21187: * configure:
21188: regen
21189: [a8f53fcbb254]
21190:
21191: * pathnames.h.in:
21192: _PATH_DEV_SYSTRACE
21193: [d2ad1e492a00]
21194:
21195: * configure.in:
21196: line up options in --help
21197: [fa51f2821d09]
21198:
21199: * config.h.in, configure.in:
21200: Add --with-systrace
21201: [a264d54bc413]
21202:
21203: 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
21204:
21205: * configure:
21206: regen
21207: [a4dad0bcc523]
21208:
21209: * aclocal.m4, configure.in:
21210: make this work with autoconf-2.59
21211: [c4a92b6a684a]
21212:
21213: 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
21214:
21215: * sudo_edit.c:
21216: Simplify logic around open & stat of files and do sanity on edited
21217: file even if we lack fstat (still racable but worth doing).
21218: [adda65ade70c]
21219:
21220: 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
21221:
21222: * HISTORY:
21223: Add support url
21224: [bf6590fbde9f]
21225:
21226: * Makefile.in:
21227: versino 1.6.8p1
21228: [b84ebfaf1552] [SUDO_1_6_8p1]
21229:
21230: * CHANGES:
21231: more changes for 1.6.8p1
21232: [e23a9c0393b6]
21233:
21234: * version.h:
21235: 1.6.8p1
21236: [872f14504b5f]
21237:
21238: * CHANGES, sudo_edit.c:
21239: Add sanity check so we don't try to edit something other than a
21240: regular file.
21241: [350134ec6d4e]
21242:
21243: 2004-09-15 Aaron Spangler <aaron777@gmail.com>
21244:
21245: * CHANGES:
21246: sync
21247: [3091ca9eae00]
21248:
21249: * INSTALL:
21250: document --with-ldap-conf-file
21251: [0e2cd6b896f1]
21252:
21253: 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
21254:
21255: * CHANGES, ins_csops.h:
21256: political correctness strikes again
21257: [428e8bc77f55]
21258:
21259: * RUNSON:
21260: sync
21261: [27f44bd423dc]
21262:
21263: 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
21264:
21265: * Makefile.binary.in, Makefile.in:
21266: Install sudoedit man link
21267: [19a55234fc1f]
21268:
21269: * INSTALL:
21270: Update PAM note and mention where HP-UX users can download gcc
21271: binaries.
21272: [d37cdbbabfd4]
21273:
21274: * Makefile.in:
21275: libtool wants to install stuff from .libs so fake one up for binary
21276: installations.
21277: [a681bc6fcfba]
21278:
21279: * Makefile.binary.in:
21280: rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
21281: [3e0c4b3372cc]
21282:
21283: * Makefile.in:
21284: Deal with "uname -m" having slashes in it rm -f old sudoedit link
21285: instead of using ln -f
21286: [cff33fb97e5b]
21287:
21288: * Makefile.binary, Makefile.binary.in:
21289: Makefile.binary -> Makefile.binary.in for config.status substitution
21290: Add support for installing noexec bits
21291: [37d8bb3483c6]
21292:
21293: * Makefile.in:
21294: Copy noexec bits into binary dists too No longer use my old arch
21295: script for making binary dists
21296: [e7058bab9e33]
21297:
21298: * Makefile.binary:
21299: Install sudoedit link.
21300: [417d1e101711]
21301:
21302: 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
21303:
21304: * emul/utime.h:
21305: avoid __P so there is no need for compat.h to be included
21306: [6d8d1f1abf7d]
21307:
21308: * utimes.c:
21309: Don't use HAVE_UTIME_H before including config.h.
21310: [013b7bb61181]
21311:
21312: 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
21313:
21314: * compat.h:
21315: Fix Solatis futimes macro
21316: [d4eda2ca0d29]
21317:
21318: 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
21319:
21320: * sudo_edit.c:
21321: Rename ots -> omtim for improved readability.
21322: [127ca5bb297c]
21323:
21324: 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
21325:
21326: * sudo_edit.c:
21327: Redo changes in revision 1.7. Don't really need to keep the temp
21328: file open; re-opening it with the invoking user's euid is
21329: sufficient.
21330: [55a883165a95]
21331:
21332: * CHANGES:
21333: sync
21334: [9015b291170d]
21335:
21336: * sudo.cat, sudo.man.in:
21337: regen
21338: [c0313f6ed783]
21339:
21340: * sudo.pod:
21341: back out revision 1.70; it is no long applicable
21342: [b641d503aff6]
21343:
21344: * env.c:
21345: Let the loader initialize nep
21346: [bec192139b02]
21347:
21348: * config.h.in, configure, configure.in:
21349: Removed unneed check for fchown Add check for gettimeofday Move
21350: autoheader template stuff into separate AH_TEMPLATE lines
21351: [bfc0edbd43f2]
21352:
21353: * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
21354: Use timespec throughout.
21355: [1a178a23b69b]
21356:
21357: * Makefile.in:
21358: gettime.[co]
21359: [6aeb48a7ab7f]
21360:
21361: * gettime.c:
21362: function to return the current time in a struct timespec
21363: [bf8eb12cb63f]
21364:
21365: * utimes.c:
21366: Not a darpa-sponsored file.
21367: [121ce5e2036c]
21368:
21369: 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
21370:
21371: * compat.h, config.h.in, configure, configure.in:
21372: Add a check for struct timespec and provide it for those without.
21373: [42124055030d]
21374:
21375: * config.h.in, configure, configure.in, sudo_edit.c:
21376: Add checks for st_mtim and st_mtimespec and add macros for pulling
21377: the mtime sec and nsec out of struct stat. These are used in
21378: sudo_edit() to better tell whether or not the file has changed.
21379: [23debfbb3fab]
21380:
21381: * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
21382: Add an extra param to touch() for nsec
21383: [56f7a4ba8ddb]
21384:
21385: * sudo_edit.c:
21386: Call mkstemp() as the in invoking user so we don't have to chown the
21387: file later. Only touch() the temp file if we can do it via the file
21388: descriptor. Don't check for modification of the temp file if we lack
21389: fstat(). Catch errors read()ing the temp file.
21390: [665f52c70836]
21391:
21392: * fileops.c:
21393: If path is NULL and fd == -1 return -1.
21394: [757a518a824c]
21395:
21396: * sudo_edit.c:
21397: closefrom() is overkill, the only extra fds are the ones we opened
21398: so just close those in the child.
21399: [f361c9d2a1f4]
21400:
21401: * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
21402: configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
21403: visudo.c:
21404: Use utimes() and futimes() instead of utime() in touch(), emulating
21405: as needed. Not all systems are able to support setting the times of
21406: an fd so touch() takes both an fd and a file name as arguments.
21407: [3d9276f29717]
21408:
21409: 2004-09-07 Aaron Spangler <aaron777@gmail.com>
21410:
21411: * env.c:
21412: Rare SEGV
21413: [8995f828782d]
21414:
21415: 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
21416:
21417: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
21418: visudo.man.in:
21419: regen
21420: [b8e9406711c5]
21421:
21422: * sudo.pod, sudoers.pod, visudo.pod:
21423: Add SUPPORT section and re-order some of the sections to match the
21424: order we use in OpenBSD.
21425: [fa37bd917e2c]
21426:
21427: 2004-09-06 Aaron Spangler <aaron777@gmail.com>
21428:
21429: * env.c:
21430: Openldap ~/.ldaprc fix
21431: [1a37afe6850f]
21432:
21433: 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
21434:
21435: * sudo.pod:
21436: Talk about how the editor must write its changes to the original
21437: file and not just use rename(2).
21438: [c55ed91c5ee9]
21439:
21440: * CHANGES:
21441: sync
21442: [62af26bd37a2]
21443:
21444: * sudo_edit.c:
21445: Keep the temp file open instead of re-opening after the editor has
21446: exited.
21447: [de41eeb6dcf2]
21448:
21449: * sample.pam:
21450: Update for current redhat/fedora core.
21451: [8cf083077333]
21452:
21453: 2004-09-03 Aaron Spangler <aaron777@gmail.com>
21454:
21455: * README.LDAP:
21456: tls_ examples
21457: [ba783d88a034]
21458:
21459: 2004-09-02 Aaron Spangler <aaron777@gmail.com>
21460:
21461: * ldap.c:
21462: config tls_* options
21463: [0b0e0797b3b9]
21464:
21465: 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
21466:
21467: * configure, configure.in:
21468: No need for -lcrypt when using pam.
21469: [41fff3a53e68]
21470:
21471: 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
21472:
21473: * configure:
21474: regen
21475: [75820aecce2c]
21476:
21477: 2004-08-27 Aaron Spangler <aaron777@gmail.com>
21478:
21479: * configure.in, ldap.c, pathnames.h.in:
21480: Allow --with-ldap-conf-file option to override LDAP_CONF
21481: [c9909bc484a5]
21482:
21483: * ldap.c:
21484: cleanup debug message
21485: [1f6ca4824d8d]
21486:
21487: 2004-08-26 Aaron Spangler <aaron777@gmail.com>
21488:
21489: * README.LDAP:
21490: more config info
21491: [f2e7147fd507]
21492:
21493: 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
21494:
21495: * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
21496: Add cmnd_base to struct sudo_user and set it in init_vars(). Add
21497: cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
21498: longer use gross statics in command_matches(). Also rename some
21499: variables for improved clarity.
21500: [7169a6c7bea4]
21501:
21502: 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
21503:
21504: * INSTALL:
21505: document HP's crippled compiler deficiency.
21506: [c405ea5a8d4c]
21507:
21508: * INSTALL:
21509: Fix some thinkos in --with-editor and --with-env-editor
21510: descriptions. Noticed by Norihiko Murase.
21511: [dd781de1c985]
21512:
21513: * configure, configure.in:
21514: --with-noexec takes an optional PATH argument.
21515: [8f6ab77f22cc]
21516:
21517: * INSTALL:
21518: document --with-noexec
21519: [50cb1fc627ce]
21520:
21521: 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
21522:
21523: * RUNSON, TODO:
21524: sync
21525: [f2503bd13373] [SUDO_1_6_8]
21526:
21527: * sudo_edit.c:
21528: Better warning message when sudoedit is unable to write to the
21529: destination file.
21530: [f78c18f2ffa8]
21531:
21532: * sudo.cat, sudo.man.in:
21533: regen
21534: [7e2bf63d6d9a]
21535:
21536: * sudo.pod:
21537: Don't italicize the string "sudoedit"
21538: [c691643bd269]
21539:
21540: 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
21541:
21542: * HISTORY:
21543: Mention GratiSoft.
21544: [dc53de581b2d]
21545:
21546: 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
21547:
21548: * sudo.tab.c:
21549: regen
21550: [8ae0484dfc38]
21551:
21552: * parse.yacc:
21553: Reset used_runas to FALSE when re-intializing the parser.
21554: [b7403f353a02]
21555:
21556: 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
21557:
21558: * config.guess:
21559: Correct OpenBSD mips support
21560: [314fc7afc165]
21561:
21562: * config.guess:
21563: Add OpenBSD/mips
21564: [ac87d0a773ef]
21565:
21566: 2004-08-07 Aaron Spangler <aaron777@gmail.com>
21567:
21568: * README.LDAP:
21569: More behavior notes
21570: [13be1d212b47]
21571:
21572: * README.LDAP:
21573: Updates on current behavior
21574: [d498a8866d6f]
21575:
21576: 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
21577:
21578: * sudoers.pod:
21579: =back does not take an indentlevel (makes no difference to formatted
21580: files).
21581: [9c8523bb382a]
21582:
21583: * sudo.pod:
21584: =back does not take an indentlevel (makes no difference to formatted
21585: files).
21586: [e5f479e24fa8]
21587:
21588: * CHANGES:
21589: new
21590: [2dbd9aba8b33]
21591:
21592: * sudo.c:
21593: Consistency. Use same error for bad -u #uid when targetpw is set as
21594: we do when a bad -u username is specified.
21595: [922961c4a9d6]
21596:
21597: * TODO:
21598: Add checksum idea from Steve Mancini
21599: [e6ece1b766ba]
21600:
21601: * sudoers.cat, sudoers.man.in:
21602: regen
21603: [370d2317829f]
21604:
21605: * sudo.cat, sudo.man.in:
21606: regen
21607: [f93d41fc38b1]
21608:
21609: * sudo.pod, sudoers.pod:
21610: Document the restriction on uids specified via -u when targetpw is
21611: set.
21612: [878fedb455db]
21613:
21614: * sudo.c:
21615: Error out when targetpw is enabled and sudo is run with -u #uid but
21616: #uid does not exist in the passwd database. We can't do target
21617: authentication when the target is not in passwd!
21618: [27c5888c86eb]
21619:
21620: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
21621: regen
21622: [ceb65711050c]
21623:
21624: * TODO:
21625: Some more todo for the next release.
21626: [7b7417be7601]
21627:
21628: * INSTALL:
21629: Make it clear that PAM should be used for DCE support when possible.
21630: [7502029fd385]
21631:
21632: * sudoers.pod:
21633: o Document problems with wildcards and relative paths. o Make the
21634: order requirements more prominent. o Change a "set" to "reset" for
21635: clarity.
21636: [bacdd181b33f]
21637:
21638: 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
21639:
21640: * sudo.pod:
21641: Mention --with-secure-path, not SECURE_PATH.
21642: [41283ddde5e1]
21643:
21644: 2004-08-03 Aaron Spangler <aaron777@gmail.com>
21645:
21646: * ldap.c:
21647: reflect changes to parse.c
21648: [8880fe9b724d]
21649:
21650: 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
21651:
21652: * sudo.tab.c:
21653: regen
21654: [a57658ca9177]
21655:
21656: * parse.c, parse.h, testsudoers.c, visudo.c:
21657: Don't pass user_cmnd and user_args to command_matches(), just use
21658: the globals there. Since we keep state with statics anyway it is
21659: misleading to pretend that passing in different cmnd and cmnd_args
21660: will work.
21661: [0a2544991fd6]
21662:
21663: * parse.yacc:
21664: Don't pass user_cmnd and user_args to command_matches(), just use
21665: the globals there. Since we keep state with statics anyway it is
21666: misleading to pretend that passing in different cmnd and cmnd_args
21667: will work.
21668: [a4910bf6032b]
21669:
21670: * parse.c:
21671: Fix a bug introduced in rev. 1.149. When checking for pseudo-
21672: commands check for a '/' anywhere in cmnd, not just the first
21673: character.
21674: [ce98142f03ca]
21675:
21676: 2004-07-31 Aaron Spangler <aaron777@gmail.com>
21677:
21678: * sudo.man.in, sudo.pod:
21679: Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
21680: [a91800e094b1]
21681:
21682: * sudoers.man.in, sudoers.pod:
21683: Add ignore_local_sudoers
21684: [741ddcbf7083]
21685:
21686: * README.LDAP:
21687: Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
21688: janth@moldung.no
21689: [742c02e07cd9]
21690:
21691: 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
21692:
21693: * CHANGES:
21694: typo
21695: [e7cdefbd7a9a]
21696:
21697: 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
21698:
21699: * CHANGES:
21700: sync
21701: [734dafc4a85e]
21702:
21703: * parse.c:
21704: Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
21705: PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
21706: [151b7f593568]
21707:
21708: 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
21709:
21710: * CHANGES:
21711: PAM change
21712: [d8fb6d6a22d0]
21713:
21714: 2004-07-08 Aaron Spangler <aaron777@gmail.com>
21715:
21716: * ldap.c:
21717: Better debugging of ALL command
21718: [9db3e84029dc]
21719:
21720: 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
21721:
21722: * parse.c:
21723: When matching for "sudoedit" in sudoers check both the command the
21724: user typed *and* the command that is listed in the sudoers entry.
21725: [f36ca1f94095]
21726:
21727: 2004-07-04 Aaron Spangler <aaron777@gmail.com>
21728:
21729: * ldap.c:
21730: Added !command feature
21731: [ed539574611b]
21732:
21733: 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
21734:
21735: * auth/pam.c:
21736: Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
21737: [2be8e0e8813a]
21738:
21739: 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
21740:
21741: * LICENSE:
21742: License is ISC-style, not BSD-style
21743: [ac0589e1dd5d]
21744:
21745: * CHANGES:
21746: sync
21747: [16058a30f404]
21748:
21749: 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
21750:
21751: * sudo.cat, sudo.man.in:
21752: regen
21753: [8820eb9c809b]
21754:
21755: * sudo.pod:
21756: o Update some out of date bits to reality o Change the shell promt
21757: in examples to bourne-shell style o Clarify some details o Add a
21758: CAVEAT about "sudo cd /foo"
21759: [b0af373214b6]
21760:
21761: * check.c:
21762: Don't ask for a password if invoking user == target user.
21763: [dd5c96141132]
21764:
21765: * sudo.c:
21766: typo in comment
21767: [278d20f9b249]
21768:
21769: 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
21770:
21771: * sudoers.cat, sudoers.man.in:
21772: regen
21773: [9036c6f39eff]
21774:
21775: * sudoers.pod:
21776: Expand on NOEXEC a little.
21777: [9a13756aebe4]
21778:
21779: * TODO:
21780: sync
21781: [8d2c1af48de8]
21782:
21783: * visudo.cat, visudo.man.in:
21784: regen
21785: [3921f01607c8]
21786:
21787: * sudo.tab.c:
21788: regen
21789: [9338c3d68250]
21790:
21791: * visudo.pod:
21792: Add a check in visudo for runas_default being set after it has
21793: already been used.
21794: [6700358d7ad8]
21795:
21796: * CHANGES, parse.yacc, visudo.c:
21797: Add a check in visudo for runas_default being set after it has
21798: already been used.
21799: [803560986a8a]
21800:
21801: * sudo.tab.c:
21802: regen
21803: [b60636e2cf63]
21804:
21805: * parse.yacc:
21806: Add a MATCHED macro for testing whether foo_matches has been set to
21807: TRUE or FALSE. This is more readable than checking for >=0 or < 0.
21808: Doesn't change the actual code generated.
21809: [f376da8ccdc8]
21810:
21811: 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
21812:
21813: * sudoers.cat:
21814: regen
21815: [6cceb6d6c9bd]
21816:
21817: * sudoers.man.in:
21818: regen
21819: [5acd12b730b3]
21820:
21821: * sudoers.pod:
21822: Correct description of where Defaults specs should go.
21823: [6b11ff53d7ad]
21824:
21825: * sudoers:
21826: Correct description of where Defaults specs should go.
21827: [868db857630d]
21828:
21829: * testsudoers.c, visudo.c:
21830: update (c) year
21831: [272c8a53604c]
21832:
21833: * logging.h:
21834: update (c) year
21835: [3cec76d400ce]
21836:
21837: * ldap.c:
21838: update (c) year
21839: [f264632488a0]
21840:
21841: * find_path.c:
21842: update (c) year
21843: [40c227af9227]
21844:
21845: * auth/pam.c:
21846: update (c) year
21847: [87149e0eed50]
21848:
21849: * auth/bsdauth.c, auth/kerb5.c:
21850: update (c) year
21851: [d72eb434c068]
21852:
21853: 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
21854:
21855: * sudo.tab.c:
21856: regen
21857: [83408d9e9d2e]
21858:
21859: * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
21860: Remove trailing spaces, no actual code changes.
21861: [4c3bf2819293]
21862:
21863: * tgetpass.c:
21864: Remove trailing spaces, no actual code changes.
21865: [96f6e0a24c26]
21866:
21867: * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
21868: Remove trailing spaces, no actual code changes.
21869: [c7075d1cbed5]
21870:
21871: * getcwd.c:
21872: Remove trailing spaces, no actual code changes.
21873: [776cc0374547]
21874:
21875: * find_path.c:
21876: Remove trailing spaces, no actual code changes.
21877: [7ed7099f3c71]
21878:
21879: * compat.h, defaults.c, env.c:
21880: Remove trailing spaces, no actual code changes.
21881: [893e83c33795]
21882:
21883: * check.c:
21884: Remove trailing spaces, no actual code changes.
21885: [f77750f8803b]
21886:
21887: * sudo.tab.c:
21888: regen
21889: [62e0ed883b31]
21890:
21891: * parse.yacc:
21892: Fix a >=0 that should be <0 that was improperly converted when
21893: UNSPEC was added.
21894: [ad1531a55a49]
21895:
21896: * parse.yacc:
21897: Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
21898: NOMATCH when resetting it.
21899: [ae017a12870a]
21900:
21901: * parse.yacc:
21902: Fix pastos introduced in SETNMATCH addition.
21903: [6ea1c9d80681]
21904:
21905: 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
21906:
21907: * README.LDAP:
21908: Update for configure changes
21909: [637a635da287]
21910:
21911: * sudo.tab.c:
21912: regen
21913: [4753c2788713]
21914:
21915: * sudo.h:
21916: Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
21917: these in parse.yacc. Also in parse.yacc initialize the *_matches
21918: vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
21919: when setting *_matches to a value that may be
21920: NOMATCH/UNSPEC/TRUE/FALSE.
21921: [2ba622e15a4d]
21922:
21923: * parse.yacc:
21924: Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
21925: these in parse.yacc. Also in parse.yacc initialize the *_matches
21926: vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
21927: when setting *_matches to a value that may be
21928: NOMATCH/UNSPEC/TRUE/FALSE.
21929: [746b519e41a6]
21930:
21931: * parse.yacc:
21932: Initialize runas to -2, not -1 since we need to be able to
21933: distinguish between the initialized value and the value of a non-
21934: match when passing along the runas value to multiple commands.
21935:
21936: The result of this is that an unmatched runas is now set to -1, not
21937: 0. This is required now that parse.c treats a FALSE value for runas
21938: as being explicitly denied.
21939: [7791ed3621f6]
21940:
21941: 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
21942:
21943: * sudo.c, visudo.c:
21944: Error out if argc < 1.
21945: [ce6b2a9eda3c]
21946:
21947: * getprogname.c:
21948: Error out if argc < 1.
21949: [c566cce8dc78]
21950:
21951: * configure, configure.in:
21952: Add tests for what libs we need to link with for ldap and for
21953: whether or not lber.h needs to be explicitly included.
21954: [b2e9729cc4e7]
21955:
21956: 2004-06-03 Aaron Spangler <aaron777@gmail.com>
21957:
21958: * ldap.c:
21959: Solaris native LDAP build fix
21960: [39929e40eb11]
21961:
21962: 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
21963:
21964: * ldap.c:
21965: Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
21966: unset variable.
21967: [6a4c20a66f98]
21968:
21969: * sudo.h:
21970: Add prototype for sudo_ldap_list_matches
21971: [443b007a8dab]
21972:
21973: * configure, configure.in:
21974: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
21975: version too. Added check for dd_fd in `DIR' if no dirfd is found;
21976: this is now used to confitionally define the dirfd macro in
21977: compat.h.
21978: [567656978f7e]
21979:
21980: * config.h.in:
21981: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
21982: version too. Added check for dd_fd in `DIR' if no dirfd is found;
21983: this is now used to confitionally define the dirfd macro in
21984: compat.h.
21985: [34eace4faec8]
21986:
21987: * compat.h:
21988: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
21989: version too. Added check for dd_fd in `DIR' if no dirfd is found;
21990: this is now used to confitionally define the dirfd macro in
21991: compat.h.
21992: [8d50ff1bbf2a]
21993:
21994: * closefrom.c:
21995: Only check /proc/$$/fd if we have the dirfd function/macro.
21996: [15e3ccce7553]
21997:
21998: * compat.h, config.h.in, configure, configure.in:
21999: Add a check for a dirfd() function (like Linux) and add a dirfd
22000: macro in compat.h if there is no dirfd() function or macro.
22001: [1e95756edb50]
22002:
22003: * closefrom.c, getcwd.c:
22004: dirfd() is now defined in compat.h as needed.
22005: [bb1d79271188]
22006:
22007: * CHANGES:
22008: Clarify closefrom() note.
22009: [f4e4a5508dda]
22010:
22011: * parse.c:
22012: When checking for a command in the directory, only copy the base dir
22013: once.
22014: [7a3276808b87]
22015:
22016: * closefrom.c:
22017: If there is a /proc/$$/fd directory, behave like the Solaris
22018: closefrom() and only close the descriptors listed therein.
22019: [19de23779e84]
22020:
22021: * alloc.c:
22022: compat.h guarantees INT_MAX is defined.
22023: [1bf0c79d4606]
22024:
22025: * compat.h:
22026: Add definitions of OPEN_MAX and INT_MAX for those without it and
22027: remove definition of RLIM_INFINITY (now unused).
22028: [f827d1ebf96e]
22029:
22030: * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
22031: sudo.c, sudo.h, visudo.c:
22032: Use PATH_MAX, not MAXPATHLEN since the former is standardized.
22033: [59788f211c24]
22034:
22035: 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
22036:
22037: * CHANGES:
22038: sync
22039: [d32fa124f1ad]
22040:
22041: * RUNSON:
22042: Add some entries that were mailed in a while ago
22043: [ff8d5bfec54e]
22044:
22045: * closefrom.c:
22046: o sysconf returns a long, not an int. o check for negative return
22047: value from sysconf/getdtablesize and use OPEN_MAX in this case. o
22048: define OPEN_MAX to 256 for those without it (a fair guess...)
22049: [ccf81ae6deb2]
22050:
22051: 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
22052:
22053: * UPGRADE:
22054: Mention change in parse order for RunAs entries.
22055: [dc73b0bca617]
22056:
22057: * configure:
22058: regen
22059: [07cce8e0534e]
22060:
22061: 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
22062:
22063: * INSTALL, README.LDAP, config.h.in, configure.in:
22064: o --with-ldap now takes an optional dir as a parameter o added
22065: check for ldap_initialize() and start_tls_s()
22066: [2b846c7974c6]
22067:
22068: * README.LDAP:
22069: Fix some typos, word choice and formatting issues.
22070: [00dc8ca84b10]
22071:
22072: 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
22073:
22074: * tgetpass.c:
22075: Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
22076: read/write as it is simpler.
22077: [30f5446ee8b0]
22078:
22079: * configure, configure.in:
22080: Remove hack overriding cross-compiler check. It should no longer be
22081: needed.
22082: [22a6cbd88608]
22083:
22084: * compat.h:
22085: Remove select() compat bits since we no longer use select().
22086: [d7bbf7cd36f5]
22087:
22088: * CHANGES, tgetpass.c:
22089: Use alarm() instead of select() for the timeout for systems that
22090: don't fully/properly implement select().
22091: [d7cc60f15800]
22092:
22093: 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
22094:
22095: * CHANGES:
22096: synbc
22097: [132a39788e07]
22098:
22099: * RUNSON:
22100: update
22101: [61ef508380c6]
22102:
22103: * set_perms.c:
22104: Deal with systems that have no way of setting the effective uid such
22105: as nsr-tandem-nsk.
22106: [306e00e9b5a4]
22107:
22108: * configure, configure.in:
22109: Define NO_SAVED_IDS if we don't find seteuid()
22110: [8588f18345cf]
22111:
22112: * config.h.in, configure, configure.in:
22113: Add back check for setreuid() since NSK doesn't have it.
22114: [43127bd703d1]
22115:
22116: * sudoers.cat, sudoers.man.in:
22117: regen
22118: [af4f4b20e422]
22119:
22120: * CHANGES:
22121: sync
22122: [29ca3b699c24]
22123:
22124: * BUGS:
22125: sync
22126: [3593f17f72ed]
22127:
22128: * parse.c:
22129: In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
22130: explicitly denied and the command matched. This fixes a long-
22131: standing bug and makes: foo machine = (ALL) /usr/bin/blah
22132: foo machine = (!bar) /usr/bin/blah
22133:
22134: equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
22135: [2f5ee244985a]
22136:
22137: * sudoers.pod:
22138: Clarify mail_noperm
22139: [3238b2d41989]
22140:
22141: 2004-05-20 Aaron Spangler <aaron777@gmail.com>
22142:
22143: * Makefile.in:
22144: Missing DESTDIR in make install for sudo_noexec.la
22145: [91431e821525]
22146:
22147: 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
22148:
22149: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
22150: visudo.man.in:
22151: regen
22152: [cdfde0dcb556]
22153:
22154: * TODO:
22155: sync
22156: [4799b7d8b62c]
22157:
22158: * sudoers.pod:
22159: Remove fastboot/fasthalt (who still remembers these?) and add a
22160: minimal sudoedit example.
22161: [19d299f233cd]
22162:
22163: * sample.sudoers:
22164: Remove fastboot/fasthalt (who still remembers these?) and add a
22165: minimal sudoedit example.
22166: [b1bca73d6250]
22167:
22168: * UPGRADE, sudo.c, visudo.c:
22169: filesystem -> file system
22170: [1e1afaf30469]
22171:
22172: * TROUBLESHOOTING:
22173: filesystem -> file system
22174: [39fb594e9338]
22175:
22176: * CHANGES, INSTALL:
22177: filesystem -> file system
22178: [85948b608ffe]
22179:
22180: * sudo.pod, sudoers.pod:
22181: Fix some minor typos and formatting goofs
22182: [e94d243a0b90]
22183:
22184: * lex.yy.c:
22185: regen
22186: [2eed0ab1f4c4]
22187:
22188: * visudo.pod:
22189: remove my email addr
22190: [b63262c0389b]
22191:
22192: * sudo.pod, sudoers.pod, visudo.pod:
22193: Use @mansectform@ and @mansectsu@ everywhere Make man page
22194: references links with L<>
22195: [f459f4b9ddb9]
22196:
22197: * parse.lex:
22198: Accept quoted globbing characters and pass them verbatim for
22199: fnmatch()
22200: [8248b86e9380]
22201:
22202: * UPGRADE:
22203: Document that /tmp/.odus is gone.
22204: [3667b66af5bb]
22205:
22206: * pathnames.h.in:
22207: No longer use /tmp/.odus as a possible timestamp dir unless
22208: specifically configured to do so. Instead, if no /var/run exists,
22209: use /var/adm/sudo or /usr/adm/sudo.
22210: [48d94c9f9ad4]
22211:
22212: * configure:
22213: No longer use /tmp/.odus as a possible timestamp dir unless
22214: specifically configured to do so. Instead, if no /var/run exists,
22215: use /var/adm/sudo or /usr/adm/sudo.
22216: [058d7b8cf07b]
22217:
22218: * aclocal.m4:
22219: No longer use /tmp/.odus as a possible timestamp dir unless
22220: specifically configured to do so. Instead, if no /var/run exists,
22221: use /var/adm/sudo or /usr/adm/sudo.
22222: [cf52c4c2803f]
22223:
22224: * CHANGES:
22225: No longer use /tmp/.odus as a possible timestamp dir unless
22226: specifically configured to do so. Instead, if no /var/run exists,
22227: use /var/adm/sudo or /usr/adm/sudo.
22228: [6058c4cefcec]
22229:
22230: * set_perms.c, sudo.c, tgetpass.c, visudo.c:
22231: Preliminary changes to support nsr-tandem-nsk. Based on patches
22232: from Tom Bates.
22233: [2e5f81834383]
22234:
22235: * logging.c:
22236: Preliminary changes to support nsr-tandem-nsk. Based on patches
22237: from Tom Bates.
22238: [934bbe6872b6]
22239:
22240: * check.c, compat.h:
22241: Preliminary changes to support nsr-tandem-nsk. Based on patches
22242: from Tom Bates.
22243: [390b698b5924]
22244:
22245: 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
22246:
22247: * CHANGES:
22248: There was no 1.6.7p6.
22249: [8013d2e6b062]
22250:
22251: * BUGS, CHANGES:
22252: sync
22253: [c38b41f32857]
22254:
22255: * Makefile.in:
22256: add missing files to DISTFILES
22257: [e6a80ad03039]
22258:
22259: * sudo.cat, sudoers.cat, visudo.cat:
22260: regen
22261: [027bc9746dd5]
22262:
22263: * sudoers.man.in:
22264: regen
22265: [f5e85ef686cf]
22266:
22267: * Makefile.in:
22268: Fix some line wrap and update (c) year
22269: [bad1f46aa1ca]
22270:
22271: 2004-04-28 Aaron Spangler <aaron777@gmail.com>
22272:
22273: * README.LDAP:
22274: Build Note
22275: [7a061248249b]
22276:
22277: 2004-04-07 Aaron Spangler <aaron777@gmail.com>
22278:
22279: * Makefile.in:
22280: Fix install-dirs
22281: [be0726dd92e7]
22282:
22283: 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
22284:
22285: * sudo.tab.c:
22286: regen
22287: [3f4f0d1ab8b9]
22288:
22289: * visudo.c:
22290: In Exit() when used as a signal handler, emsg is a pointer so
22291: sizeof() is wrong so make it a #define instead. Also avoid using a
22292: negative exit value. Found by Aaron Campbell
22293: [78716a3a3fdc]
22294:
22295: 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
22296:
22297: * sudoers.pod:
22298: Remove bogus sentence about uids in a User_List. Document usernames
22299: vs. uid parsing in a Runas_List.
22300: [7ca510b5031c]
22301:
22302: * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
22303: If the user specified a uid with the -u flag and the uid exists in
22304: the passwd file, set runas_user to the name, not the uid.
22305:
22306: When comparing usernames in sudoers, if a name is really a uid
22307: (starts with '#') compare it numerically to pw_uid.
22308: [8d6935d04673]
22309:
22310: 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
22311:
22312: * auth/kerb5.c:
22313: krb5_mcc_ops should be const; Johnny C. Lam
22314: [aa8c753e426e]
22315:
22316: 2004-02-28 Aaron Spangler <aaron777@gmail.com>
22317:
22318: * CHANGES, config.h.in, ldap.c:
22319: Added start_tls support
22320: [7ef864c15b69]
22321:
22322: 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
22323:
22324: * Makefile.in:
22325: Clean up libtool stuff for 'make distclean' and add def_data.c,
22326: def_data.h to PARSESRCS.
22327: [bf9bb6bb06ab]
22328:
22329: 2004-02-14 Aaron Spangler <aaron777@gmail.com>
22330:
22331: * strlcat.c, strlcpy.c:
22332: Un-Fix last license munge
22333: [42654b77ac71]
22334:
22335: 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
22336:
22337: * configure:
22338: regen
22339: [e4de6b23a4dc]
22340:
22341: * CHANGES, RUNSON, TODO:
22342: checkpoint
22343: [94e1ace84d5c]
22344:
22345: * lex.yy.c, sudo.tab.c:
22346: regen
22347: [8ce784505643]
22348:
22349: * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
22350: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
22351: emul/search.h, emul/utime.h:
22352: More to a less restrictive, ISC-style license.
22353: [a31b20e48003]
22354:
22355: * auth/kerb5.c, auth/pam.c:
22356: More to a less restrictive, ISC-style license.
22357: [e41f92b41216]
22358:
22359: * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
22360: More to a less restrictive, ISC-style license.
22361: [87534c164a52]
22362:
22363: * auth/bsdauth.c:
22364: More to a less restrictive, ISC-style license.
22365: [e21be6594b58]
22366:
22367: * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
22368: More to a less restrictive, ISC-style license.
22369: [6d234be91c5e]
22370:
22371: * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
22372: visudo.man.in, visudo.pod:
22373: More to a less restrictive, ISC-style license.
22374: [b02aea324fd6]
22375:
22376: * sudo_noexec.c:
22377: More to a less restrictive, ISC-style license.
22378: [a6da7631e0b2]
22379:
22380: * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
22381: sudo_edit.c:
22382: More to a less restrictive, ISC-style license.
22383: [71cdcc241e94]
22384:
22385: * sigaction.c, strerror.c:
22386: More to a less restrictive, ISC-style license.
22387: [4bccdedca58a]
22388:
22389: * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
22390: set_perms.c:
22391: More to a less restrictive, ISC-style license.
22392: [64d772d70ab3]
22393:
22394: * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
22395: ins_goons.h, insults.h, interfaces.c, interfaces.h:
22396: More to a less restrictive, ISC-style license.
22397: [520381c60a54]
22398:
22399: * find_path.c, getprogname.c:
22400: More to a less restrictive, ISC-style license.
22401: [f605d5eab6f1]
22402:
22403: * fileops.c:
22404: More to a less restrictive, ISC-style license.
22405: [4129a8b38a67]
22406:
22407: * env.c:
22408: More to a less restrictive, ISC-style license.
22409: [d5bd859757de]
22410:
22411: * defaults.h:
22412: More to a less restrictive, ISC-style license.
22413: [008f5d5743f5]
22414:
22415: * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
22416: defaults.c:
22417: More to a less restrictive, ISC-style license.
22418: [d8d7bfc8a18b]
22419:
22420: * utime.c, version.h:
22421: More to a less restrictive, ISC-style license.
22422: [e2e038ad8209]
22423:
22424: * parse.lex, parse.yacc:
22425: More to a less restrictive, ISC-style license.
22426: [2f5942e847a1]
22427:
22428: * Makefile.binary:
22429: More to a less restrictive, ISC-style license.
22430: [1ed561734535]
22431:
22432: 2004-02-13 Aaron Spangler <aaron777@gmail.com>
22433:
22434: * sudoers2ldif:
22435: Merged in LDAP Support
22436: [3994c4d05947]
22437:
22438: * ldap.c, sudo.c, sudo.h:
22439: Merged in LDAP Support
22440: [547eaa346fcc]
22441:
22442: * def_data.c, def_data.h, def_data.in:
22443: Merged in LDAP Support
22444: [8fb255280e42]
22445:
22446: * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
22447: Merged in LDAP Support
22448: [1038092a161e]
22449:
22450: 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
22451:
22452: * sudo.h, sudo_noexec.c:
22453: Only do "extern int errno" if errno is not a macro.
22454: [b2e02a08be8b]
22455:
22456: 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
22457:
22458: * set_perms.c:
22459: setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
22460: euid first, then just call setuid(0) to set the real uid too.
22461: [f08546e2e0ee]
22462:
22463: * set_perms.c:
22464: Use setresuid() and setreuid() for PERM_RUNAS when appropriate
22465: instead of seteuid() which may not exist.
22466: [ba508581befb]
22467:
22468: 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
22469:
22470: * LICENSE:
22471: 2004
22472: [37425513a342]
22473:
22474: * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
22475: Add --with-pc-insults configure option
22476: [7daa5294c17b]
22477:
22478: * visudo.man.in:
22479: Prefer VISUAL over EDITOR like old vipw did.
22480: [996252a4ab65]
22481:
22482: 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
22483:
22484: * sudo.man.in, sudoers.man.in:
22485: regen
22486: [a247f1c52eb9]
22487:
22488: * sudoers.pod:
22489: Add a note that noexec is not a cure-all.
22490: [9e7fc535367d]
22491:
22492: * sudoers.pod:
22493: Mention that disabling "root_sudo" is pretty pointless.
22494: [f38a415afba0]
22495:
22496: * configure, configure.in:
22497: Substitute for root_sudo in sudoers.pod
22498: [ce483cfc86be]
22499:
22500: * sudo.pod:
22501: Add sudoedit to the NAME section
22502: [51bc453ec2f6]
22503:
22504: * sudoers.pod:
22505: Document that fact that setting ignore_dot in sudoers has no effect
22506: due to the fact that find_path() is called *before* sudoers is read.
22507: [6808df7e417c]
22508:
22509: 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
22510:
22511: * sudo_edit.c:
22512: Do not require _PATH_USRTMP to be set.
22513: [546f3270dd10]
22514:
22515: * BUGS, CHANGES, TODO:
22516: sync
22517: [4205ddeab781]
22518:
22519: * sudo.man.in:
22520: regen
22521: [e2143690a88a]
22522:
22523: * sudo.pod:
22524: Clarify that when sudo is run by root with the SUDO_USER variable
22525: set, the sudoers lookup happens for root and not the SUDO_USER user.
22526: [47207bec1bdf]
22527:
22528: 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
22529:
22530: * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
22531: set_perms.c, sigaction.c, sudo.c, tgetpass.c:
22532: Use the SET, CLR and ISSET macros.
22533: [a8b0d7f1e8fd]
22534:
22535: * fnmatch.c:
22536: Use the SET, CLR and ISSET macros.
22537: [1afbcba22ba6]
22538:
22539: * defaults.c, env.c:
22540: Use the SET, CLR and ISSET macros.
22541: [2f39431e0a49]
22542:
22543: * interfaces.h:
22544: MAIN was replaced with _SUDO_MAIN some time ago.
22545: [ea1b38f2ac9d]
22546:
22547: * sudo.c:
22548: Don't look at prev_user until after we've parsed sudoers and done
22549: the password check. That way, if sudo/sudoedit is run from a root
22550: process that was invoked by sudo, we check sudoers for root, not the
22551: previous user. This makes sudoedit much more useful and means that
22552: for the sudo case, we get correct logging on who actually ran the
22553: command.
22554: [431dfbf20552]
22555:
22556: 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
22557:
22558: * sudo_edit.c:
22559: Add a comment describing why we need to be notified about our child
22560: stopping.
22561: [0bec3ce4b49d]
22562:
22563: 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
22564:
22565: * def_data.c, def_data.in:
22566: Update the noexec variable descriptions
22567: [9cb7f1aa0e57]
22568:
22569: * sudoers.man.in, sudoers.pod:
22570: noexec now replaces more than just execve()
22571: [23cbdc0ee95c]
22572:
22573: * sudo_noexec.c:
22574: Alas, all the world does not go through execve(2). Many systems
22575: still have an execv(2) system call, Linux 2.6 provides fexecve(2)
22576: and it is not uncommon for libc to have underscore ('_') versions of
22577: the functions to be used internally by the library. Instead of
22578: stubbing all these out by hand, define a macro and let it do the
22579: work. Extra exec functions pointed out by Reznic Valery.
22580: [9fa0cd871b0c]
22581:
22582: * sudo.c, sudo_edit.c:
22583: Fix suspending the editor in -e mode. Because we do a fork() first
22584: we need to be notified when the child has been stopped and then send
22585: that same signal to ourself so the shell can do its job control
22586: thing.
22587: [773165eb6057]
22588:
22589: * visudo.c:
22590: Use WIFEXITED and WEXITSTATUS macros. If there are systems out
22591: there that want to run sudo that still don't support these we can
22592: try to deal with that later.
22593: [6af68e4aff60]
22594:
22595: * lex.yy.c:
22596: regen
22597: [403435317d5d]
22598:
22599: * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
22600: Document sudo -e / sudoedit
22601: [a80f6ea910af]
22602:
22603: * configure, configure.in:
22604: fix typo
22605: [5020fcdc27f4]
22606:
22607: * config.h.in, configure.in:
22608: Add SET/CLR/ISSET
22609: [03ff57286e7e]
22610:
22611: 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
22612:
22613: * sudo.c:
22614: Allow non-exclusive flags when invoked as sudoedit. Pretty print the
22615: long usage() line to not wrap (assumes 80 char display)
22616: [3941fa4004bb]
22617:
22618: * Makefile.in, sudo.c:
22619: If sudo is invoked as "sudoedit" the -e flag is implied and no other
22620: flags are permitted.
22621: [929670b01293]
22622:
22623: * sudo.h:
22624: Add a new flag, -e, that makes it possible to give users the ability
22625: to edit files with the editor of their choice as the invoking user,
22626: not the runas user. Temporary files are used for the actual edit
22627: and the temp file is copied over the original after the editor is
22628: done.
22629: [c4051414c1f4]
22630:
22631: * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
22632: Add a new flag, -e, that makes it possible to give users the ability
22633: to edit files with the editor of their choice as the invoking user,
22634: not the runas user. Temporary files are used for the actual edit
22635: and the temp file is copied over the original after the editor is
22636: done.
22637: [37ac05c8ac3c]
22638:
22639: * env.c, sudo.c:
22640: If real uid == 0 and the SUDO_USER environment variables is set, use
22641: that to determine the invoking user's true identity. That way the
22642: proper info gets logged by someone who has done "sudo su" but still
22643: uses sudo to as root. We can't do this for non-root users since
22644: that would open up a security hole, though perhaps it would be
22645: acceptable to use getlogin(2) on OSes where this a system call (and
22646: doesn't just look in the utmp file).
22647: [c2f9198708a1]
22648:
22649: * pathnames.h.in:
22650: Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
22651: [7d9e5768df93]
22652:
22653: * config.h.in, configure, configure.in:
22654: Add check for fchown(2)
22655: [a85df18798ed]
22656:
22657: 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
22658:
22659: * sudo.c:
22660: Back out portions of the -i commit that set NewArgv[0] in
22661: set_runaspw. It is far to late to set NewArgv[0] there and will have
22662: no effect anyway as cmnd and safe_cmnd have already been set.
22663: [c2d343430c1c]
22664:
22665: * visudo.c, visudo.pod:
22666: Prefer VISUAL over EDITOR like old vipw did.
22667: [ae32f477cea3]
22668:
22669: 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
22670:
22671: * env.c, sudo.c:
22672: In -i mode always set new environment based on the runas user's
22673: passwd entry.
22674: [fa653b7887a8]
22675:
22676: 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
22677:
22678: * sudo.man.in, sudo.pod:
22679: Document the new -i flag and sync SYNOPSIS section with usage() in
22680: sudo.c. Also sort the flags in the OPTIONS section.
22681: [6aabc0ffc47e]
22682:
22683: * sudo.c, sudo.h:
22684: o Add -i that acts similar to "su -", based on patches from David J.
22685: MacKenzie o Sort the flags in the usage message
22686: [c0fe7d6beffd]
22687:
22688: * sudoers.man.in, sudoers.pod:
22689: Add a missing @runas_default@ substitution.
22690: [60516fe2d090]
22691:
22692: 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
22693:
22694: * sudo.c:
22695: Change euid to runas user before calling find_path().
22696: Unfortunately, though runas_user can be modified in sudoers we
22697: haven't parsed sudoers yet.
22698: [f469fdf2e313]
22699:
22700: * sudoers.man.in, sudoers.pod:
22701: Add missing defintion of Parameter_List and use single pipes in the
22702: Defaults EBNF definition.
22703: [f7bed6e909bf]
22704:
22705: * sudo.c:
22706: Fix a bug when set_runaspw() is used as a callback. We don't want
22707: to reset the contents of runas_pw if the user specified a user via
22708: the -u flag.
22709:
22710: Avoid unnecessary passwd lookups in set_authpw(). In most cases we
22711: already have the info in runas_pw.
22712: [efc35623ba09]
22713:
22714: 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
22715:
22716: * check.c:
22717: Add Stan Lee / Uncle Ben quote to the lecture from RedHat
22718: [ebd5a76ccd7e]
22719:
22720: * sudo.h:
22721: Update sudo_getepw() proto and add one for set_runaspw()
22722: [6ed65795c17f]
22723:
22724: * parse.c:
22725: If we can't stat the command as root, try as the runas user instead.
22726: [ae713fca0e15]
22727:
22728: * testsudoers.c, visudo.c:
22729: Add stub set_runaspw() function
22730: [42aa37050053]
22731:
22732: * sudo.c:
22733: Add set_runaspw() function to fill in runas_pw. This will be used
22734: as a callback to update runas_pw when the runas user changes.
22735: [e570aa0088d0]
22736:
22737: * env.c, sudo.c:
22738: PERM_RUNAS -> PERM_FULL_RUNAS
22739: [51eec6f9e89a]
22740:
22741: * set_perms.c, sudo.h:
22742: Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
22743: changes the euid.
22744: [877c6fe4d12c]
22745:
22746: * getspwuid.c:
22747: Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
22748: one chunk for easy free()ing. Also change it from static to extern.
22749: [ab503260a7ec]
22750:
22751: * defaults.c, defaults.h:
22752: Add callback support
22753: [a61c4ca983fb]
22754:
22755: * mkdefaults:
22756: Add a callback field and use it for runas_default
22757: [96b69c27df5e]
22758:
22759: * def_data.c, def_data.in:
22760: Add a callback field and use it for runas_default
22761: [d3e9f06872b8]
22762:
22763: 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
22764:
22765: * auth/fwtk.c:
22766: Add support for chalnecho and display server responses used by fwtk
22767: >= 2.0
22768: [b1870f7aaf0d]
22769:
22770: 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
22771:
22772: * sudoers.man.in, sudoers.pod:
22773: ld.so is ld.so.1 on solaris
22774: [2bf9a123fa4c]
22775:
22776: * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
22777: Use closefrom() instead of doing the equivalent inline.
22778: [7e3ef6072884]
22779:
22780: * closefrom.c:
22781: closefrom(3) for systems w/o it
22782: [35caf58bb636]
22783:
22784: 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
22785:
22786: * sudoers.man.in:
22787: Update from .pod file.
22788: [d4c94fc0e0c9]
22789:
22790: * configure, configure.in:
22791: Substitute noexec_file for the sudoers man page
22792: [203d3376a551]
22793:
22794: * sudo.man.in, sudo.pod:
22795: Mention noexec
22796: [014375ddbb06]
22797:
22798: * sudoers.man.in, sudoers.pod:
22799: Document noexec
22800: [49a65d06201f]
22801:
22802: * auth/pam.c, config.h.in, configure.in:
22803: Move PAM_CONST macro definition from config.h to pam.c where it
22804: belongs. We can't have this in config.h since that gets included too
22805: early.
22806: [e64748071637]
22807:
22808: * auth/pam.c, config.h.in, configure, configure.in:
22809: Some PAM implementations put their headers in /usr/include/pam
22810: instead of /usr/include/security.
22811: [8cc749e9575c]
22812:
22813: * configure.in:
22814: I missed changing the EXEC macro -> EXECV here when I changed this
22815: in config.h.in and sudo.c a while ago.
22816: [6f5afac7789f]
22817:
22818: * acsite.m4:
22819: OpenBSD vax/m88k/hppa don't do shared libs
22820: [e4901d958bb7]
22821:
22822: * configure, configure.in:
22823: o merge the hpux case entries into a single entry w/ its own sub-
22824: case statement. o HP-UX >= 11 support getspnam(), use it in
22825: preference to getprpwuid()
22826: [0caad428894e]
22827:
22828: * configure, configure.in:
22829: eval $shrext so that it expands nicely on MacOS X
22830: [40419343eef8]
22831:
22832: * Makefile.in:
22833: Don't lie about making a module, it does the wrong thing on mach
22834: [7629b28f5688]
22835:
22836: * ltmain.sh:
22837: Remove requirement that libs must begin with "lib". They don't when
22838: we point directly at the lib using LD_PRELOAD or its equivalent.
22839: [d66f3de6ec85]
22840:
22841: * acsite.m4:
22842: Disable support for c++, f77 and java. We don't need it, it takes a
22843: lot of time, and it hosed our check for shared lib support.
22844: [4f5749c52ce4]
22845:
22846: * configure:
22847: regen
22848: [160865e9d15f]
22849:
22850: * configure.in:
22851: Call AC_ENABLE_SHARED and check the status of enable_shared to know
22852: when shared libs are available.
22853: [42504c1668fc]
22854:
22855: * acsite.m4:
22856: Duh, OpenBSD suports shared libs too
22857: [8e3cd9417475]
22858:
22859: * config.h.in, configure.in:
22860: Only OpenPAM and Linux PAM use const qualifiers.
22861: [b2f76476e866]
22862:
22863: * configure, configure.in:
22864: o No need to check for sed, libtool config does that for us o move
22865: check for --with-noexec until after libtool magic is run so we can
22866: use $can_build_shared and $shrext
22867: [668c656e89cc]
22868:
22869: * ltmain.sh:
22870: Don't print a bunch of crap about library installs since we are not
22871: really installing a library.
22872: [83fbcad29fe4]
22873:
22874: * env.c:
22875: Make format_env() varargs Add noexec support for Darwin, MacOS X,
22876: Irix, and Tru64
22877: [468885d75d10]
22878:
22879: * acsite.m4, ltconfig, ltmain.sh:
22880: Update to libtool 1.5 with local changes: o no ldconfig in the
22881: finish step o assume no libprefix or version is needed
22882: [4961cffc3797]
22883:
22884: * sudo_noexec.c:
22885: Fix compilation under K&R
22886: [8b309bf0b1b2]
22887:
22888: 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
22889:
22890: * CHANGES:
22891: checkpoint
22892: [3c368badab32]
22893:
22894: * sudo_noexec.c:
22895: stub execve() that just returns EACCES; used for noexec
22896: functionality
22897: [1297acae283a]
22898:
22899: * sudo.tab.h:
22900: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
22901: generated code.
22902: [dcab78c49273]
22903:
22904: * sudo.tab.c:
22905: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
22906: generated code.
22907: [0a61c735eabe]
22908:
22909: 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
22910:
22911: * def_data.c, def_data.h, def_data.in:
22912: Move the environment defaults to the end and shorten a few of the
22913: descriptions.
22914: [66787b9c612c]
22915:
22916: * configure, configure.in:
22917: no shared libs on ultris or convexos
22918: [2c5f3c456e32]
22919:
22920: * Makefile.in, configure, configure.in:
22921: Build sudo_noexec shared object using libtool; could use some
22922: cleanup.
22923: [373f483555dd]
22924:
22925: * acsite.m4, ltconfig, ltmain.sh:
22926: libtool scaffolding
22927: [c903a42e3d90]
22928:
22929: * parse.yacc, sudo.tab.c:
22930: Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
22931: important.
22932: [c6e8a34639a4]
22933:
22934: * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
22935: parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
22936: update copyright year
22937: [a16372ae1711]
22938:
22939: * configure, configure.in, defaults.c, env.c, pathnames.h.in:
22940: Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
22941: option. The default value of noexec_file is set to this.
22942: [7d88e1d3c494]
22943:
22944: * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
22945: parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
22946: sudo.tab.h:
22947: Add support for preloading a shared object containing a dummy
22948: execve() function that just sets error and returns -1. This adds a
22949: "noexec_file" option to load the filename as well as a "noexec" flag
22950: to enable it unconditionally. There is also a NOEXEC tag that can
22951: be attached to specific commands and an EXEC tag to disable it.
22952: [c8b6712feb91]
22953:
22954: * mkdefaults:
22955: add missing newline to usage statement
22956: [e84746618362]
22957:
22958: * config.h.in, sudo.c:
22959: Rename EXEC macro -> EXECV
22960: [ddaa0c027299]
22961:
22962: * logging.c:
22963: Don't truncate usernames to 8 characters in the log message.
22964: [f62a20f27075]
22965:
22966: * check.c, sudoers.man.in, sudoers.pod:
22967: Update copyright year
22968: [ca9964054085]
22969:
22970: * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
22971: sudoers.pod:
22972: Add a new option, lecture_file, that can be used to point to a
22973: custom sudo lecture.
22974: [940133231216]
22975:
22976: 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
22977:
22978: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
22979: auth/sudo_auth.c:
22980: Add a zero_bytes() function to do the equivalent of bzero in such a
22981: way that will heopfully not be optimized away by sneaky compilers.
22982: [161b6d74bfb4]
22983:
22984: * zero_bytes.c:
22985: Add a zero_bytes() function to do the equivalent of bzero in such a
22986: way that will heopfully not be optimized away by sneaky compilers.
22987: [d035abf0af94]
22988:
22989: * Makefile.in, sudo.h:
22990: Add a zero_bytes() function to do the equivalent of bzero in such a
22991: way that will heopfully not be optimized away by sneaky compilers.
22992: [ff136de3e255]
22993:
22994: * err.c:
22995: Use #ifdef __STDC__, not #if __STDC__.
22996: [6889dd6bc51a]
22997:
22998: 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
22999:
23000: * mkdefaults:
23001: Always put at least one space between the def_* macro name and its
23002: definition.
23003: [6b3ad0e6619a]
23004:
23005: * configure, configure.in:
23006: Adjust code for --without-lecture to match new values.
23007: [062aa788a6b9]
23008:
23009: * visudo.man.in:
23010: regen after pasto fix
23011: [3deec16906c0]
23012:
23013: * sudoers.man.in, sudoers.pod:
23014: Document that "lecture" has changed from a flag to a tuple.
23015: [e2c03062b533]
23016:
23017: * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
23018: defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
23019: Add support for tuples in def_data.in; these are implemented as an
23020: enum type. Currently there is only a single tuple enum but in the
23021: future we may have one tuple enum per T_TUPLE entry in def_data.in.
23022: Currently listpw, verifypw and lecture are tuples. This avoids the
23023: need to have two entries (one ival, one str) for pwflags and syslog
23024: values.
23025:
23026: lecture is now a tuple with the following values: never, once,
23027: always
23028:
23029: We no longer use both an int and string entry for syslog facilities
23030: and priorities. Instead, there are logfac2str() and logpri2str()
23031: functions that get used when we need to print the string values.
23032: [5293f946c836]
23033:
23034: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
23035: auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
23036: check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
23037: logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
23038: sudo.tab.c, visudo.c:
23039: Create def_* macros for each defaults value so we no longer need the
23040: def_{flag,ival,str,list,mode} macros (which have been removed). This
23041: is a step toward more flexible data types in def_data.in.
23042: [009c02934106]
23043:
23044: * TODO:
23045: checkpoint
23046: [0a99a4bb5d15]
23047:
23048: 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
23049:
23050: * sudo.c:
23051: If we are in -k/-K mode, just spew to stderr. It is not unusual for
23052: users to place "sudo -k" in a .logout file which can cause sudo to
23053: be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
23054: Previously, this would result in useless mail and logging.
23055: [d282e7ed63af]
23056:
23057: 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
23058:
23059: * visudo.pod:
23060: fix pasto in VISUAL description
23061: [1c6a6148b5f9]
23062:
23063: 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
23064:
23065: * configure:
23066: regen
23067: [f44312c63799]
23068:
23069: * CHANGES:
23070: checkpoint
23071: [0c42e38f78d5]
23072:
23073: * TROUBLESHOOTING:
23074: Some OSes (like Solaris) allow export w/ nosuid too
23075: [973ce85ffa12]
23076:
23077: 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
23078:
23079: * compat.h:
23080: We don't use FD_ZERO anymore so just define FD_SET (if not already
23081: there).
23082: [d1c8c11905cd]
23083:
23084: 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
23085:
23086: * auth/pam.c:
23087: Fix a core dump on Solaris by preserving the pam_handle_t we used
23088: during authentication for pam_prep_user(). If we didn't
23089: authenticate (ie: ticket still valid), we call pam_init() from
23090: pam_prep_user(). This is something of a hack; it may be better to
23091: change the auth API and add an auth_final() function that acts like
23092: pam_prep_user().
23093: [f787de49b175]
23094:
23095: 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
23096:
23097: * set_perms.c:
23098: Add explicit declaration of printerr variable in function header
23099: (was defaulting to int which is OK but oh so K&R :-). From Theo.
23100: [492c2358783f]
23101:
23102: 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
23103:
23104: * config.h.in, configure.in:
23105: s/HAVE_STOW/USE_STOW/
23106: [4b99e1824ece]
23107:
23108: * logging.c:
23109: Also exit waitpid() loop when pid == 0. Fixes a problem where the
23110: sudo process would spin eating up CPU until sendmail finished when
23111: it has to send mail.
23112: [ec3d5792b9b4]
23113:
23114: 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
23115:
23116: * fnmatch.c:
23117: Remove advertising clause, UCB has disavowed it
23118: [43a26bbd6628]
23119:
23120: * fnmatch.3:
23121: Remove advertising clause, UCB has disavowed it
23122: [3ff24291bcfa]
23123:
23124: 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
23125:
23126: * parse.c:
23127: Don't assume that getgrnam() calls don't modify contents of struct
23128: passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
23129: Based on a patch from Kirk Webb.
23130: [5574c68f60f3]
23131:
23132: 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
23133:
23134: * configure.in:
23135: missing ;;
23136: [22378f2a9d31]
23137:
23138: * configure.in:
23139: darwin has a broken setreuid() in at least some versions
23140: [d572aed930d2]
23141:
23142: * env.c:
23143: Fix an off by one error when reallocating the environment; Kevin Pye
23144: [3d98e7cf097a]
23145:
23146: 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
23147:
23148: * sudoers.pod:
23149: Fix User_Spec definition; SEKINE Tatsuo
23150: [49b0da65e090]
23151:
23152: 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
23153:
23154: * HISTORY:
23155: More info on the early days from Coggs.
23156: [9381ca10b06b]
23157:
23158: 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
23159:
23160: * auth/kerb5.c:
23161: remove errant semicolon that prevented compilation under heimdal
23162: [d2f2bb73a598]
23163:
23164: 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
23165:
23166: * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
23167: add DARPA credit on affected files
23168: [7020785ee50d]
23169:
23170: * sudoers.pod:
23171: add DARPA credit on affected files
23172: [83b46318750b]
23173:
23174: * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
23175: sudoers.man.in:
23176: add DARPA credit on affected files
23177: [d8adf1c2ba22]
23178:
23179: * set_perms.c:
23180: add DARPA credit on affected files
23181: [3d79fdabb582]
23182:
23183: * pathnames.h.in:
23184: add DARPA credit on affected files
23185: [e334cdda422f]
23186:
23187: * logging.c, parse.c:
23188: add DARPA credit on affected files
23189: [8f75f822755b]
23190:
23191: * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
23192: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
23193: find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
23194: interfaces.h:
23195: add DARPA credit on affected files
23196: [da66e28fb3f5]
23197:
23198: * auth/kerb5.c, auth/pam.c:
23199: add DARPA credit on affected files
23200: [15da3021b49c]
23201:
23202: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
23203: auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
23204: version.h:
23205: add DARPA credit on affected files
23206: [868d54cbddea]
23207:
23208: * env.c:
23209: add DARPA credit on affected files
23210: [90239f51ef0a]
23211:
23212: * defaults.c, defaults.h:
23213: add DARPA credit on affected files
23214: [6a64205fd1eb]
23215:
23216: * compat.h:
23217: add DARPA credit on affected files
23218: [316a735783c4]
23219:
23220: * Makefile.in, alloc.c, check.c:
23221: add DARPA credit on affected files
23222: [cd939e05c810]
23223:
23224: * LICENSE:
23225: slightly different wording for the darpa credit
23226: [e468909c4a21]
23227:
23228: 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
23229:
23230: * LICENSE:
23231: Add DARPA credit
23232: [8eb20e2cd63e]
23233:
23234: 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
23235:
23236: * auth/kerb5.c:
23237: Use krb5_princ_component() instead of krb5_princ_realm() for MIT
23238: Kerberos like we did before I messed things up ;-)
23239:
23240: Use krb5_principal_get_comp_string() to do the same thing w/
23241: Heimdal. I'm not sure if the component should be 0 or 1 in this
23242: case.
23243:
23244: #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
23245: older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
23246: should be a configure check for this I guess.
23247: [74919a3933fe]
23248:
23249: 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
23250:
23251: * sample.sudoers:
23252: builtin -> built-in; Jason McIntyre
23253: [027f2187923e]
23254:
23255: * TROUBLESHOOTING, config.h.in, configure, configure.in:
23256: builtin -> built-in; Jason McIntyre
23257: [70b81ac48943]
23258:
23259: * sudoers.pod:
23260: built in -> built-in; Jason McIntyre
23261: [da658ef5138d]
23262:
23263: 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
23264:
23265: * CHANGES:
23266: checkpoint for 1.6.7p3
23267: [da85f989fadf]
23268:
23269: * HISTORY:
23270: Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
23271: Amazingly, sudo source from 1985 is available via groups.google.com
23272: [39e0fc85b89f]
23273:
23274: * sudo.c:
23275: Don't change rl.rlim_max for RLIMIT_CORE. We need only set
23276: rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
23277: RLIMIT_CORE restoration on some OSes.
23278: [7e2c1a7adfd8]
23279:
23280: 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
23281:
23282: * auth/kerb5.c:
23283: Make this compile on Heimdal and MIT Kerberos 5
23284: [44c07d615868]
23285:
23286: * config.h.in, configure, configure.in:
23287: Check for heimdal even if we found krb5-config and define
23288: HAVE_HEIMDAL.
23289: [aba0126f0059]
23290:
23291: * auth/kerb5.c:
23292: Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
23293: no longer defined by MIT kerb5 (though it used to be and indeed
23294: remains so in Heimdal).
23295: [e5a6c64d7cd5]
23296:
23297: 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
23298:
23299: * mkinstalldirs:
23300: Remove newer stuff that passes multiple (possibly duplicate)
23301: directories to "mkdir -p" since that seems to break on Tru64 Unix at
23302: least. This basically brings back what shipped with sudo 1.6.6.
23303: [f2a1abd872b3]
23304:
23305: 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
23306:
23307: * auth/kerb5.c:
23308: Correct number of args to krb5_principal_get_realm() and fix an
23309: unclosed comment that hid the bug.
23310: [0b37f8ce7824]
23311:
23312: * configure:
23313: regen
23314: [1876cb840fe0]
23315:
23316: * configure.in:
23317: ++version
23318: [480aff7c048e]
23319:
23320: * README:
23321: ++version
23322: [488e0bbff613]
23323:
23324: * Makefile.in:
23325: ++version
23326: [97ef63cedc38]
23327:
23328: * INSTALL.binary:
23329: ++version
23330: [a506204e77d0]
23331:
23332: * INSTALL:
23333: ++version
23334: [555aeba5c2bf]
23335:
23336: * CHANGES, version.h:
23337: ++version
23338: [f66985a64063]
23339:
23340: * BUGS:
23341: ++version
23342: [ea3573432412]
23343:
23344: * configure.in:
23345: use krb5-config to determine Kerberos V details if it exists
23346: [7b46bbdaf774]
23347:
23348: * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
23349: auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
23350: find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
23351: testsudoers.c, visudo.c:
23352: Use warn/err and getprogname() throughout. The main exception is
23353: openlog(). Since the admin may be filtering logs based on the
23354: program name in the log files, hard code this to "sudo".
23355: [9f180d015cfa]
23356:
23357: * Makefile.in:
23358: Add getprogname.c and err.c
23359: [d411c54a07dc]
23360:
23361: * configure:
23362: regen
23363: [6d585d391acc]
23364:
23365: * config.h.in, configure.in:
23366: Add checks for getprognam(), __progname and err.h
23367: [bcbccf61d34a]
23368:
23369: * emul/err.h:
23370: For systems withour err/warn functions.
23371: [1b33118884d9]
23372:
23373: * err.c:
23374: For systems withour err/warn functions.
23375: [26721f6b041f]
23376:
23377: * getprogname.c:
23378: For systems neither getprogname() nor __progname; uses Argv[0].
23379: [841cf42af1eb]
23380:
23381: 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
23382:
23383: * CHANGES:
23384: checkpoint for 1.6.7p1
23385: [5bfdaf441dce]
23386:
23387: * sudo.c, testsudoers.c:
23388: fix strlcpy() rval check (innocuous)
23389: [e05ac7e0d1f3]
23390:
23391: * check.c:
23392: oflow detection in expand_prompt() was faulty (false positives). The
23393: count was based on strlcat() return value which includes the length
23394: of the entire string.
23395: [086c5a0acb25]
23396:
23397: 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
23398:
23399: * RUNSON, TODO:
23400: checkpoint for the sudo 1.6.7 release
23401: [096bab4da29a] [SUDO_1_6_7]
23402:
23403: * CHANGES:
23404: checkpoint for the sudo 1.6.7 release
23405: [87322187ed78]
23406:
23407: 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
23408:
23409: * logging.c:
23410: g/c unused variable
23411: [c57cd4a17765]
23412:
23413: * configure:
23414: regen
23415: [e7c1f581dfac]
23416:
23417: * configure.in:
23418: use man sections 8 and 5 for csops
23419: [87de581bda88]
23420:
23421: 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
23422:
23423: * configure:
23424: regen
23425: [cb1433a9c7a1]
23426:
23427: * configure.in:
23428: Add -lskey or -lopie directly to SUDO_LIBS instead of having
23429: AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
23430: [ac5667978939]
23431:
23432: * configure:
23433: regen
23434: [638459118a2a]
23435:
23436: * configure.in:
23437: Add --with-blibpath for AIX. An alternate libpath may be specified
23438: or
23439: -blibpath support can be disabled. Also change conifgure such that
23440: -blibpath is not specified if no -L libpaths were added to
23441: SUDO_LDFLAGS.
23442: [c7d17b480cad]
23443:
23444: * aclocal.m4:
23445: Add --with-blibpath for AIX. An alternate libpath may be specified
23446: or
23447: -blibpath support can be disabled. Also change conifgure such that
23448: -blibpath is not specified if no -L libpaths were added to
23449: SUDO_LDFLAGS.
23450: [37022e991575]
23451:
23452: * INSTALL:
23453: Add --with-blibpath for AIX. An alternate libpath may be specified
23454: or
23455: -blibpath support can be disabled. Also change conifgure such that
23456: -blibpath is not specified if no -L libpaths were added to
23457: SUDO_LDFLAGS.
23458: [4b4bbe5bbe1b]
23459:
23460: * configure.in:
23461: add AIX blibpath support
23462: [16ba788bf086]
23463:
23464: * INSTALL, configure.in:
23465: --with-skey and --with-opie now take an option directory argument
23466: This obsoletes a --with-csops hack (/tools/cs/skey)
23467:
23468: Also remove the remaining direct uses of "echo"
23469: [5b4986a90c03]
23470:
23471: 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
23472:
23473: * configure.in:
23474: Detect KTH Kerberos IV and deal with it. Also make -lroken optional
23475: for KTH Kerberos IV and V.
23476: [119f97b48e18]
23477:
23478: * aclocal.m4:
23479: Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
23480: -R/path/to/dir if $with_rpath) to the specified variable.
23481: [e55e49d076ce]
23482:
23483: * INSTALL, configure.in:
23484: Add -R/path/to/libs for Solaris and SVR4. There is a new configure
23485: option, --with-rpath to control this behavior.
23486: [d4730c5399ab]
23487:
23488: * configure.in:
23489: for kerb4 put libdes after libkrb on the link line
23490: [5c566100eab6]
23491:
23492: * auth/kerb4.c:
23493: typo
23494: [6541b72b64a3]
23495:
23496: * configure.in:
23497: fix kerberos lib check when a path is specified
23498: [ae833a914c6f]
23499:
23500: * logging.c:
23501: Fix boolean thinko in SIGCHLD reaper and call reapchild after
23502: sending mail instead of doing a conditional sudo_waitpid.
23503: [86fa9a35df5a]
23504:
23505: 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
23506:
23507: * configure:
23508: regen
23509: [e6275cf528ba]
23510:
23511: * configure.in:
23512: replace =DIR with [=DIR] where sensible
23513: [c39a59173b38]
23514:
23515: * configure.in:
23516: o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
23517: detection based on openssh's configure.in
23518: [5b7a340912df]
23519:
23520: * INSTALL:
23521: --with-kerb4 and --with-kerb5 now take an optional argument.
23522: [71ed87fc9c64]
23523:
23524: 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
23525:
23526: * auth/securid.c:
23527: Kill remaining strcpy(), the programmer's guide says username is 32
23528: bytes.
23529: [bdba70fcd08d]
23530:
23531: * auth/kerb4.c:
23532: trat uid_t as unsigned long for printf and use snprintf, not sprintf
23533: [8072f5f8966d]
23534:
23535: * auth/rfc1938.c:
23536: use snprintf
23537: [fc0c70c665fe]
23538:
23539: 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
23540:
23541: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
23542: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
23543: auth/rfc1938.c, auth/sudo_auth.c:
23544: update copyright year
23545: [b0a10ccb1d0e]
23546:
23547: * sudo.man.in, sudoers.man.in, visudo.man.in:
23548: update copyright year
23549: [8fce0034eb51]
23550:
23551: * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
23552: configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
23553: parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
23554: sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
23555: update copyright year
23556: [d541e75fe520]
23557:
23558: * check.c, env.c, sudo.c:
23559: Cast [ug]ids to unsigned long and printf with %lu
23560: [2ede64d3592b]
23561:
23562: * configure:
23563: regen
23564: [c7c3245bdf3e]
23565:
23566: * configure.in:
23567: correct error messages for --with-sudoers-{mode,uid,gid}
23568: [77fc15b1c9db]
23569:
23570: * alloc.c:
23571: make the malloc(0) error specific to each function to aid tracking
23572: down bugs.
23573: [a58c34374b4b]
23574:
23575: * alloc.c:
23576: deal with platforms where size_t is signed and there is no SIZE_MAX
23577: or SIZE_T_MAX
23578: [7192abb4ab4e]
23579:
23580: * auth/kerb5.c:
23581: Make this compile w/ Heimdal and fix some gcc warnings.
23582: [f52f026f31c2]
23583:
23584: * sudo.c:
23585: Use stat_sudoers macro so --with-stow can work
23586: [c3674735c139]
23587:
23588: * INSTALL, config.h.in, configure, configure.in:
23589: Add support for --with-stow based on patches from Robert Uhl
23590: [b274cc1dd52c]
23591:
23592: * env.c:
23593: fix indentation
23594: [110d9f1721b1]
23595:
23596: * configure.in:
23597: back out rev 1.352
23598: [1eee91c83f11]
23599:
23600: * lex.yy.c:
23601: regen
23602: [72fba1c9590b]
23603:
23604: * parse.lex:
23605: use strlcpy, not strncpy
23606: [4faccbaeccef]
23607:
23608: * set_perms.c:
23609: Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
23610: [33bf0d18fdc1]
23611:
23612: * logging.c:
23613: use pid_t
23614: [3e0536993d2c]
23615:
23616: 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
23617:
23618: * strlcat.c, strlcpy.c:
23619: Make gcc shutup about unused rcsid
23620: [1669a0c74e9e]
23621:
23622: * interfaces.c:
23623: Move the n == 0 check for the non-getifaddrs cas
23624: [2460be061b2a]
23625:
23626: * auth/rfc1938.c:
23627: skeychallenge() on NetBSD take a size parameter
23628: [05acc2012801]
23629:
23630: * configure:
23631: regen
23632: [24bccf4749e8]
23633:
23634: * configure.in:
23635: put -ldl after -lpam, not before; fixes static linking on Linux
23636: [7f06b7b2b4d8]
23637:
23638: * interfaces.c:
23639: Avoid malloc(0) and fix the loop invariant for the getifaddrs()
23640: case.
23641: [239a55068646]
23642:
23643: * sudo.cat, sudoers.cat, visudo.cat:
23644: regen
23645: [4a2eed3981ca]
23646:
23647: * sudo.man.in, sudoers.man.in, visudo.man.in:
23648: regen
23649: [2c96ea2cf930]
23650:
23651: * Makefile.in:
23652: Preserve copyright notice from .pod file in .man.in file
23653: [519fbd09aebc]
23654:
23655: * visudo.pod:
23656: Add sudoers(5) to SEE ALSO
23657: [77ecfe3aedf1]
23658:
23659: 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
23660:
23661: * lex.yy.c:
23662: regen
23663: [6f5751ce0b74]
23664:
23665: * parse.lex:
23666: Don't assume libc can realloc() a NULL string. If malloc/realloc
23667: fails, make sure we just return; yyerror() is not terminal.
23668: [1b8618623708]
23669:
23670: * lex.yy.c:
23671: regen
23672: [5d31b46191c6]
23673:
23674: * parse.lex:
23675: simplify fill_args a little and use strlcpy for paranoia
23676: [0ea35a55542b]
23677:
23678: * sudo.tab.c:
23679: regen
23680: [5a8d508d708b]
23681:
23682: * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
23683: testsudoers.c:
23684: Use strlc{at,py} for paranoia's sake and exit on overflow. In all
23685: cases the strings were either pre-allocated to the correct size of
23686: length checks were done before the copy but a little paranoia can go
23687: a long way.
23688: [e73d28f1d14e]
23689:
23690: * sudo.h:
23691: Add strlc{at,py} protos
23692: [748ffc7fc7f4]
23693:
23694: * env.c, interfaces.c:
23695: Use erealloc3()
23696: [47f2cb46aba8]
23697:
23698: * configure:
23699: regen
23700: [e7e2fb79f935]
23701:
23702: * alloc.c:
23703: Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
23704: memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
23705: [7e0fa4d6fc1d]
23706:
23707: * sudo.c:
23708: snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
23709: configure.
23710: [09ea4d3959e9]
23711:
23712: * aclocal.m4:
23713: In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
23714: [31b4fdfdb8bf]
23715:
23716: 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
23717:
23718: * sudo.c:
23719: Use snprintf() for paranoia
23720: [a2659ceb46de]
23721:
23722: * parse.yacc:
23723: Use emalloc2 and erealloc3
23724: [90a069842401]
23725:
23726: * Makefile.in:
23727: strlc{at,py} for those w/o it
23728: [bac82dc916ee]
23729:
23730: * strlcat.c, strlcpy.c:
23731: stlc{at,py} for those w/o it.
23732: [ce7254f5db09]
23733:
23734: * config.h.in, configure, configure.in:
23735: Add stlc{at,py} for those w/o it.
23736: [00f08219657a]
23737:
23738: * alloc.c, sudo.h:
23739: Add erealloc3(), a realloc() version of emalloc2().
23740: [c96eaf08bbed]
23741:
23742: * interfaces.c, sudo.c:
23743: Use emalloc2() to allocate N things of a certain size.
23744: [1e0aba365555]
23745:
23746: * alloc.c, sudo.h:
23747: Add emalloc2() -- like calloc() but w/o the bzero and with
23748: error/oflow checking.
23749: [292150bc4153]
23750:
23751: * alloc.c:
23752: Error out on malloc(0); suggested by theo
23753: [995279e81326]
23754:
23755: 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
23756:
23757: * configure, configure.in:
23758: fix a typo; David Krause
23759: [f161213a17ab]
23760:
23761: 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
23762:
23763: * sudo.pod:
23764: fix typo
23765: [3ae5ad9a351a]
23766:
23767: 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
23768:
23769: * env.c:
23770: Remove DYLD_ from the environment for MacOS X; from bbraun
23771: [38caad5a3935]
23772:
23773: 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
23774:
23775: * config.h.in, configure.in:
23776: not not; Anil Madhavapeddy
23777: [d4f4f0bfc66b]
23778:
23779: 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
23780:
23781: * sudo.pod, sudoers.pod, visudo.pod:
23782: typos; jmc@openbsd.org
23783: [868c0f09bf9e]
23784:
23785: 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
23786:
23787: * parse.yacc:
23788: Add some missing ';' rule terminators that bison warns about.
23789: [535b0b8dcce5]
23790:
23791: * config.sub:
23792: fix typo I introduced in last merge
23793: [81db4e4f43fe]
23794:
23795: * configure:
23796: regenerate with autoconf 2.57
23797: [ca0c1e9564f8]
23798:
23799: * config.h.in:
23800: Add missing "$HOME"
23801: [209186197ad1]
23802:
23803: * configure.in:
23804: Add some more square backets to make autoconf 2.57 happy
23805: [b5639c14faf7]
23806:
23807: * config.sub, mkinstalldirs:
23808: Updates from autoconf-2.57
23809: [36be35eb331b]
23810:
23811: * config.guess:
23812: Updates from autoconf-2.57
23813: [ea0f8ca622af]
23814:
23815: 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
23816:
23817: * sudo.tab.h:
23818: regen
23819: [13a65a421567]
23820:
23821: * lex.yy.c, sudo.tab.c:
23822: regen
23823: [0b529db7cb6d]
23824:
23825: * parse.lex, parse.yacc, sudoers.pod:
23826: Add support for Defaults>RunasUser
23827: [20d726373175]
23828:
23829: 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
23830:
23831: * visudo.c:
23832: fclose() yyin after each yyparse() is done and use fopen() instead
23833: of using freopen().
23834: [587f8a2df857]
23835:
23836: * parse.lex:
23837: Better fix for sudoers files w/o a newline before EOF. It looks
23838: like the issue is that yyrestart() does not reset the start
23839: condition to INITIAL which is an issue since we parse sudoers
23840: multiple times.
23841: [920f8326968a]
23842:
23843: 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
23844:
23845: * parse.lex:
23846: Work around what appears to be a flex bug when dealing with files
23847: that lack a final newline before EOF. This adds a rule to match EOF
23848: in the non-initial states which resets the state to INITIAL and
23849: throws an error.
23850: [b94943bb1f81]
23851:
23852: * visudo.c:
23853: o The parser needs sudoers to end with a newline but some editors
23854: (emacs) may not add one. Check for a missing newline at EOF and
23855: add one if needed. o Set quiet flag during initial sudoers parse (to
23856: get options) o Move yyrestart() call and always use freopen() to
23857: open yyin after initial sudoers parse.
23858: [12d12f9b07aa]
23859:
23860: 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
23861:
23862: * set_perms.c:
23863: Fix pasto/thinko in setresgid()/setregid() usage. Want to set
23864: effective gid, not real gid, when reading sudoers.
23865: [c7d18b810fcd]
23866:
23867: * set_perms.c:
23868: don't compile set_perms_posix if we have setreuid or setresuid
23869: [b9cea7a81a29]
23870:
23871: 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
23872:
23873: * sudo.pod, sudoers.pod:
23874: document new prompt escapes
23875: [2f088076b640]
23876:
23877: * check.c:
23878: Add %U and %H escapes and redo prompt rewriting. "%%" now gets
23879: collapsed to "%" as was originally intended. This also gets rid of
23880: lastchar (does lookahead instead of lookback) which should simplify
23881: the logic slightly.
23882: [4b707b77b3c7]
23883:
23884: 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
23885:
23886: * tgetpass.c:
23887: Write the prompt *after* turning off echo to avoid some password
23888: characters being echoed on heavily-loaded machines with fast
23889: typists.
23890: [d38c57775915]
23891:
23892: * config.sub:
23893: Add support for mipseb; wiz@danbala.tuwien.ac.at
23894: [cfdac87ed5c8]
23895:
23896: * configure.in:
23897: Fix IRIX fallout from name changes in man dir/sect Makefile
23898: variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
23899: [9a7618755c23]
23900:
23901: * auth/pam.c:
23902: Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
23903: the global copy. Problem noted by Peter Pentchev.
23904: [d0a3e189cb06]
23905:
23906: 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
23907:
23908: * sudo.tab.c:
23909: regen
23910: [23b931359087]
23911:
23912: * parse.yacc:
23913: Add missing yyerror() calls; YYERROR does not seem to call this for
23914: us.
23915: [0be7aeb3ac57]
23916:
23917: 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
23918:
23919: * sudo.c:
23920: fix typo in comment; Pedro Bastos
23921: [d7406c460e99]
23922:
23923: 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
23924:
23925: * INSTALL:
23926: document --disable-setresuid
23927: [fbd03d03a027]
23928:
23929: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
23930: auth/sudo_auth.c:
23931: Sprinkle some volatile qualifiers to prevent over-enthusiastic
23932: optimizers from removing memset() calls.
23933: [5370ac0e6129]
23934:
23935: * logging.c, parse.yacc:
23936: minor sign fixes pointed out by gcc -Wsign-compare
23937: [db872438337f]
23938:
23939: * set_perms.c, sudo.c, sudo.h:
23940: Revamp set_perms. We now use a version based on setresuid() or
23941: setreuid() when possible since that allows us to support the
23942: stay_setuid option and we always know exactly what the semantics
23943: will be (various Linux kernels have broken POSIX saved uid support).
23944: [523bc212396c]
23945:
23946: * config.h.in, configure:
23947: regen from configure.in
23948: [351877ea2624]
23949:
23950: * configure.in:
23951: Add checks for setresuid() and a way to disable using it
23952: [a5b21653d169]
23953:
23954: * compat.h:
23955: No long need to emulate set*[ug]id() via setres[ug]id() or
23956: setre[ug]id(). The new set_perms stuff only uses things it knows are
23957: there.
23958: [47884bd5d1d9]
23959:
23960: * sudo.c:
23961: Before exec, restore state of signal handlers to be the same as when
23962: we were initialy invoked instead of just reseting to SIG_DFL. Fixes
23963: a problem when using sudo with nohup. Based on a patch from Paul
23964: Markham.
23965: [f8f5a1484faa]
23966:
23967: * sudo.c:
23968: o timestamp_uid should be uid_t, not int o clarify error message
23969: when sudo is run by root and no_root_sudo is set
23970: [19dda0734264]
23971:
23972: 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
23973:
23974: * README:
23975: update ftp link for bison
23976: [98bc191016e3]
23977:
23978: 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
23979:
23980: * set_perms.c:
23981: Error out if setusercontext() fails and the runas user is not root.
23982: [089f9ade4686]
23983:
23984: 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
23985:
23986: * auth/securid5.c:
23987: Fix rcsid
23988: [07e9e85dcc2f]
23989:
23990: * configure.in:
23991: Fix SecurID API test
23992: [5ec201f454a5]
23993:
23994: 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
23995:
23996: * env.c:
23997: typo in comment
23998: [9d385c9ac533]
23999:
24000: * configure.in:
24001: securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
24002: but I don't see a better way at the moment.
24003: [f89e55cbb313]
24004:
24005: * Makefile.in, auth/securid5.c:
24006: SecurID API version 5 support from Michael Stroucken
24007: [68500ac7e531]
24008:
24009: * configure.in:
24010: Add check for SecurID 5.0 API
24011: [1ee242e6de6b]
24012:
24013: 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
24014:
24015: * strerror.c:
24016: We actually do still need config.h to get the 'const' definition for
24017: K&R C.
24018: [d9c982032d85]
24019:
24020: 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
24021:
24022: * configure:
24023: regen with autoconf 2.5.3
24024: [c71fc086eef5]
24025:
24026: * configure.in:
24027: Don't set sysconfdir to '/etc' if the user has specified a --prefix.
24028: [d90da1efafd9]
24029:
24030: * configure.in:
24031: Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
24032: LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
24033: [dd67afefa90d]
24034:
24035: * env.c, sudo.c, sudo.h:
24036: No need for dump_badenv() now that dump_defaults() knows how to dump
24037: lists.
24038: [6bcda468501d]
24039:
24040: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
24041: version.h:
24042: ++version
24043: [44e3b8f95f0b]
24044:
24045: * sudoers.pod:
24046: document timestampowner
24047: [37ebd69e9dd1]
24048:
24049: * check.c:
24050: Don't call set_perms() when doing timestamp stuff unless
24051: timestamp_uid != 0.
24052: [63a63d41d18c]
24053:
24054: * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
24055: sudo.h, testsudoers.c:
24056: g/c second arg to set_perms--it is no longer used
24057: [7ac4ce50c612]
24058:
24059: 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
24060:
24061: * check.c, set_perms.c, sudo.c, sudo.h:
24062: Add support for non-root timestamp dirs. This allows the timestamp
24063: dir to be shared via NFS (though this is not recommended).
24064: [faa83dd2b7fb]
24065:
24066: * def_data.c, def_data.h, def_data.in:
24067: Add timestampowner, "Owner of the authentication timestamp dir"
24068: [d47640d4c86a]
24069:
24070: 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
24071:
24072: * env.c:
24073: Don't try to pre-compute the size of the new envp, just allocate
24074: space up front and realloc as needed. Changes to the new env
24075: pointer must all be made through insert_env() which now keeps track
24076: of spaced used and allocates as needed.
24077: [39bc934a9f2c]
24078:
24079: 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
24080:
24081: * configure:
24082: regen
24083: [0e12c09bb790]
24084:
24085: * configure.in:
24086: Fix two typo/pastos; from jrj@purdue.edu
24087: [b718a4bf1181]
24088:
24089: 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
24090:
24091: * INSTALL.binary, README:
24092: ++version
24093: [a1e33027278c] [SUDO_1_6_6]
24094:
24095: * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
24096: visudo.cat, visudo.man.in:
24097: regen
24098: [19eb2be283ef]
24099:
24100: * CHANGES, RUNSON, TODO:
24101: Sync with 1.6.6
24102: [2ff9a9087f63]
24103:
24104: * check.c:
24105: The the loop used to expand %h and %u, the lastchar variable was not
24106: being initialized. This means that if the last char in the prompt
24107: is '%' and the first char is 'h' or 'u' a extra copy of the host or
24108: user name would be copied, for which space had not been allocated.
24109: [b2e27197857d]
24110:
24111: 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
24112:
24113: * BUGS, INSTALL, Makefile.in, configure.in, version.h:
24114: crank version to 1.6.6
24115: [cfd08689e597]
24116:
24117: * auth/afs.c:
24118: #undef VOID to get rid of an AFS warning
24119: [b40760564dc1]
24120:
24121: * env.c:
24122: Use easprintf instead of emalloc + sprintf for some things.
24123: [e7bfe2e69a03]
24124:
24125: 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
24126:
24127: * lex.yy.c, sudo.tab.c:
24128: regen
24129: [35327104383d]
24130:
24131: * parse.c, parse.lex, parse.yacc, testsudoers.c:
24132: Remove Chris Jepeway's email address so people don't bug him ;-)
24133: [c03410747a69]
24134:
24135: 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
24136:
24137: * sudo.c:
24138: Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
24139: endgrent() at the same time.
24140: [28b6097d5d1a]
24141:
24142: 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
24143:
24144: * INSTALL:
24145: Make it clear which configure options take arguments.
24146: [38529e7efad0]
24147:
24148: 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
24149:
24150: * compat.h:
24151: HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
24152: RLIM_INFINITY, just pretend it is -1. This works because we only
24153: check for RLIM_INFINITY and do not set anything to that value.
24154: [53173d34e6eb]
24155:
24156: 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
24157:
24158: * auth/pam.c:
24159: Zero and free allocated memory when there is a conversation error.
24160: [e342133db579]
24161:
24162: * auth/bsdauth.c:
24163: Use sigaction() not signal()
24164: [126c2790561f]
24165:
24166: * INSTALL:
24167: Mention that some linux kernels have broken POSIX saved ID support
24168: [571ef1a893d3]
24169:
24170: * CHANGES:
24171: checkpoint for 1.6.5p2
24172: [9e9e456f7f43]
24173:
24174: * configure:
24175: regen
24176: [d53703a46708]
24177:
24178: * configure.in:
24179: Add --disable-setreuid flag
24180: [3b9f2679cb55]
24181:
24182: * INSTALL:
24183: Document new --disable-setreuid option and change description for
24184: --disable-saved-ids to match new error message.
24185: [14fd3e5f60a5]
24186:
24187: * set_perms.c:
24188: fatal() now takes an argument that determines whether or not to call
24189: perror().
24190: [d826b25e62ff]
24191:
24192: * TROUBLESHOOTING:
24193: Update for new error messages from set_perms()
24194: [78007c3f76a9]
24195:
24196: * PORTING:
24197: Update for new error messages from set_perms()
24198: [60c545a6bcff]
24199:
24200: 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
24201:
24202: * auth/pam.c:
24203: Make this compile w/o warnings
24204: [b90843a29af5]
24205:
24206: * auth/pam.c:
24207: Mention that we can't use pam_acct_mgmt()
24208: [1dfc5a6e0479]
24209:
24210: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
24211: The user's password was not zeroed after use when AIX
24212: authentication, BSD authentication, FWTK or PAM was in use.
24213: [b18fff30b1e7]
24214:
24215: 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
24216:
24217: * auth/pam.c:
24218: Avoid giving PAM a NULL password response, use the empty string
24219: instead. This avoids a log warning when the user hits ^C at the
24220: password prompt when PAM is in use.
24221: [c3315805e4e4]
24222:
24223: * auth/pam.c:
24224: Don't check the return value of pam_setcred(). In Linux-PAM 0.75
24225: pam_setcred() returns the last saved return code, not the return
24226: code for the setcred module. Because we haven't called
24227: pam_authenticate(), this is not set and so pam_setcred() returns
24228: PAM_PERM_DENIED.
24229: [73db145fa179]
24230:
24231: * Makefile.in:
24232: Don't need a '/' between $(DESTDIR) and a directory.
24233: [0901ca618176]
24234:
24235: * Makefile.binary:
24236: Don't need a '/' between $(DESTDIR) and a directory.
24237: [cd7eb6098b87]
24238:
24239: 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
24240:
24241: * configure:
24242: regen
24243: [41b12c039282]
24244:
24245: * configure.in:
24246: o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
24247: setreuid() o new NetBSD has a real setreuid() o add check for
24248: freeifaddrs() if getifaddrs() exists.
24249: [a82ee3b01733]
24250:
24251: * config.h.in, interfaces.c:
24252: Older BSDi releases lack freeifaddrs() so add a test for that and if
24253: it is not present just use free().
24254: [6270671ea9d5]
24255:
24256: 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
24257:
24258: * CHANGES, RUNSON:
24259: Checkpoint for 1.6.5p1
24260: [26134ecf9b36]
24261:
24262: * auth/passwd.c:
24263: Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
24264: to normal passwords, not AUTH_FATAL (which just causes an exit).
24265: [785e0f4bc0e2]
24266:
24267: * visudo.c:
24268: Don't use memory after it has been freed.
24269: [c60492739fdb]
24270:
24271: * auth/passwd.c:
24272: skeyaccess() wants a struct passwd * not a char *; Patch from
24273: Phillip E. Lobbes
24274: [65a1d3806fcd] [SUDO_1_6_5]
24275:
24276: * BUGS:
24277: ++version
24278: [b2e1825e692e]
24279:
24280: * CHANGES, RUNSON, TODO:
24281: checkpoint for sudo 1.6.5
24282: [d730945622e7]
24283:
24284: 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
24285:
24286: * configure:
24287: regen
24288: [49744c403ac9]
24289:
24290: * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
24291: version 1.6.5
24292: [ec30a5f7fc45]
24293:
24294: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
24295: visudo.man.in:
24296: sudo version 1.6.5
24297: [458a3bed535d]
24298:
24299: * logging.c:
24300: o when invoking the mailer as root use a hard-coded environment that
24301: doesn't include any info from the user's environment. Basically
24302: paranoia.
24303:
24304: o Add support for the NO_ROOT_MAILER compile-time option and run the
24305: mailer as the user and not root if NO_ROOT_MAILER is defined.
24306: [4df351ec92ce]
24307:
24308: * set_perms.c, sudo.h:
24309: Bring back PERM_FULL_USER
24310: [edb6039bb284]
24311:
24312: * configure:
24313: regen
24314: [3eb2943afa03]
24315:
24316: * version.h:
24317: version 1.6.5
24318: [044fc9a0c72b]
24319:
24320: * INSTALL, config.h.in, configure.in:
24321: Add --disable-root-mailer option to run the mailer as the user and
24322: not root.
24323: [e9f805397963]
24324:
24325: * CHANGES:
24326: checkpoint for 1.6.4p2
24327: [b58aae5aa98a]
24328:
24329: * PORTING:
24330: Mention the "seteuid(0): Operation not permitted" problem here too
24331: just for good measure.
24332: [90135b37a691]
24333:
24334: 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
24335:
24336: * env.c, getspwuid.c, sudo.c:
24337: The SHELL environment variable was preserved from the user's
24338: environment instead of being reset based on the passwd database when
24339: the "env_reset" option was used. Now it is reset as it should be.
24340: [300066ef3c71]
24341:
24342: * configure:
24343: regen
24344: [a47d779e6552]
24345:
24346: * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
24347: sudo.c:
24348: Add a configure option to turn off use of POSIX saved IDs
24349: [fb18cc8e94d0]
24350:
24351: * configure:
24352: regen
24353: [d4f2f20025b6]
24354:
24355: * configure.in:
24356: add --with-efence option
24357: [45c4f33a8e88]
24358:
24359: * sudo.c:
24360: Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
24361: "sudo -l" would not work if always_set_home was set.
24362: [c3a6de6c4800]
24363:
24364: * lex.yy.c:
24365: regen
24366: [417424452998]
24367:
24368: * parse.lex:
24369: Quoted commas were not being treated correctly in command line
24370: arguments.
24371: [753415541b37]
24372:
24373: * sudo.c:
24374: o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
24375: Otherwise, the set_home option has no effect.
24376:
24377: o Fix use of freed memory when the "fqdn" flag is set. This was
24378: introduced by the fix for the "segv when gethostbynam() fails" bug.
24379: Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
24380: there is no need to check the "fqdn" flag in set_fqdn() itself.
24381: [4b6a4245c04e]
24382:
24383: * env.c:
24384: Add 'continue' statements to optimize the switch statement. From
24385: Solar.
24386: [a82c76975ae5]
24387:
24388: 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
24389:
24390: * sudoers.cat, sudoers.man.in:
24391: Regen from new sudoers.pod
24392: [6ecc07b3d0e1] [SUDO_1_6_4]
24393:
24394: * sudoers.pod:
24395: Add caveat about stay_setuid flag
24396: [9d228a7bea1b]
24397:
24398: * sudo.c:
24399: If set_perms == set_perms_posix and the stay_setuid flag is not set,
24400: set all uids to 0 and use set_perms_fallback().
24401: [c4e54d1ec86f]
24402:
24403: * set_perms.c, sudo.h:
24404: Remove PERM_FULL_USER (which is no longer used) and add
24405: PERM_FULL_ROOT (used when exec'ing the mailer).
24406: [15406c522ea2]
24407:
24408: * logging.c:
24409: Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
24410: never want to run the mailer setuid.
24411: [2294853e0666]
24412:
24413: 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
24414:
24415: * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
24416: visudo.pod:
24417: Use sudo.ws instead of courtesan.com in URLs
24418: [55204002a308]
24419:
24420: * Makefile.binary, Makefile.in:
24421: Fix mansect substitution
24422: [b7b5cbc3aa91]
24423:
24424: * Makefile.in:
24425: Substitute man sections in Makefile.binary
24426: [040deb785e56]
24427:
24428: * Makefile.binary:
24429: Sync install targets with Makefile.in and substitute in man
24430: sections.
24431: [77882a275281]
24432:
24433: * INSTALL, INSTALL.binary:
24434: version is 1.6.4
24435: [0f87aabbcb70]
24436:
24437: * Makefile.in:
24438: Repair bindist target
24439: [8d43bfe7e2d1]
24440:
24441: * CHANGES:
24442: sync for 1.6.4
24443: [13ca3d4a0a72]
24444:
24445: 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
24446:
24447: * install-sh:
24448: Fix case where neither whoami nor id are found
24449: [424dd270bc47]
24450:
24451: 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
24452:
24453: * install-sh:
24454: If neither whoami nor id exists, just assume we are root.
24455: [2d2644e42c53]
24456:
24457: * alloc.c:
24458: Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
24459: on AIX which for some reason isn't pulling in the malloc prototype.
24460: [231440d2ee3b]
24461:
24462: 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
24463:
24464: * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
24465: (c) 2002
24466: [700e3b41a68e]
24467:
24468: * CHANGES:
24469: checkpoint
24470: [33e604bd8d5b]
24471:
24472: * sudo.c:
24473: Defer assigning new environment until right before the exec.
24474: [f13c49e75c1c]
24475:
24476: * parse.c:
24477: kill extra blank line
24478: [12ef22e9dae3]
24479:
24480: 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
24481:
24482: * configure:
24483: regen
24484: [a6cd2d788f74]
24485:
24486: * configure.in:
24487: Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
24488: compiler doesn't recognise -O2.
24489: [5234aa543692]
24490:
24491: * HISTORY:
24492: Clarify origins of Root Group sudo a bit based on info from
24493: billp@rootgroup.com
24494: [4deef01c4208]
24495:
24496: 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
24497:
24498: * LICENSE:
24499: 2002
24500: [6c8e089dbd1a]
24501:
24502: * CHANGES:
24503: checkpoint for 1.6.4rc1
24504: [3349eb87a49f]
24505:
24506: 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
24507:
24508: * config.h.in:
24509: now generated via autoheader
24510: [84657d303cb9]
24511:
24512: * configure:
24513: regen
24514: [207bfa6a13f6]
24515:
24516: * compat.h:
24517: Move in some stuff that was previously in config.h.
24518: [e576d8b6480f]
24519:
24520: * aclocal.m4, configure.in:
24521: Add info for autoheader.
24522: [0549cd5da27c]
24523:
24524: 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
24525:
24526: * Makefile.in:
24527: o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
24528: -g to facilitate non-root installs
24529: [619216038f56]
24530:
24531: * install-sh:
24532: Add -M option (like -m but only for root) If we can't find "whoami",
24533: use "id" w/ some sed.
24534: [b39121c8b792]
24535:
24536: * configure:
24537: regen
24538: [b39b93ff9804]
24539:
24540: * configure.in:
24541: allow user to always override mansectsu and mansectform
24542: [0fca5e63bd90]
24543:
24544: 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
24545:
24546: * mkinstalldirs:
24547: update from autoconf 2.52
24548: [07bd75a508c3]
24549:
24550: * config.guess, config.sub:
24551: Update from autoconf 2.52
24552: [857b90fe31b7]
24553:
24554: * configure:
24555: regen with autoconf 2.52
24556: [08e7d1ea2aeb]
24557:
24558: * configure.in:
24559: o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
24560: mode o Remove compiler-specific checks for HP-UX now that we use
24561: AC_PROG_CC_STDC
24562: [d433a70b6208]
24563:
24564: * RUNSON:
24565: Checkpoint
24566: [babf6d2235d1]
24567:
24568: * auth/pam.c:
24569: o Add pam_prep_user function to call pam_setcred() for the target
24570: user; on Linux this often sets resource limits. o When calling
24571: pam_end(), try to convert the auth->result to a PAM_FOO value.
24572: This is a hack--we really need to stash the last PAM_FOO value
24573: received and use that instead.
24574: [6ad6f340dd2a]
24575:
24576: * set_perms.c, sudo.h:
24577: o Add pam_prep_user function to call pam_setcred() for the target
24578: user; on Linux this often sets resource limits.
24579: [67795421ac82]
24580:
24581: * env.c:
24582: Fix off by one error in number of bytes allocated via malloc (does
24583: not affected any released version of sudo).
24584: [5f5915360111]
24585:
24586: 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
24587:
24588: * lex.yy.c:
24589: regen
24590: [8208c0277775]
24591:
24592: * parse.lex:
24593: Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
24594: requiring that they be quoted.
24595: [ae59bc8f68dd]
24596:
24597: * sudoers.cat, sudoers.man.in, sudoers.pod:
24598: Mention that no double quotes are needed when
24599: adding/deleting/assigning a single value to a list.
24600: [25efc940a1f0]
24601:
24602: * Makefile.in:
24603: Don't rely on mkdefaults being executable, call perl explicitly.
24604: [6edc97ba5f1d]
24605:
24606: * sudo.tab.c:
24607: regen
24608: [49130b2e7e4d]
24609:
24610: * parse.yacc:
24611: Remove some XXX that are no longer relevant.
24612: [d460ac0d3767]
24613:
24614: * defaults.c:
24615: o Roll our own loop instead of using strpbrk() for better
24616: grokability o When adding to a list we must malloc() and use
24617: memcpy(), not strdup() since we must only copy len bytes from str.
24618: [649bef08e1f0]
24619:
24620: 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
24621:
24622: * sudo.tab.c:
24623: regen
24624: [f0bbf2c38c0e]
24625:
24626: * parse.yacc:
24627: typo in comment
24628: [2563711ff593]
24629:
24630: 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
24631:
24632: * CHANGES:
24633: checkpoint
24634: [a6d8a29fb30e]
24635:
24636: * configure:
24637: regen
24638: [bdfcaaf3bd13]
24639:
24640: * configure.in:
24641: avoid the -g flag unless --with-devel was specified
24642: [a976707bef30]
24643:
24644: * Makefile.in:
24645: mkdefaults, def_data.in and sigaction.c were missing from the
24646: tarball
24647: [6917ffbaa412]
24648:
24649: * Makefile.in:
24650: def_data.c was missing
24651: [87c78b11453d]
24652:
24653: 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
24654:
24655: * env.c:
24656: Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
24657: allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
24658: [fc8698e6a45e]
24659:
24660: * TODO:
24661: Another TODO item
24662: [6f251d6cd466]
24663:
24664: * sudoers:
24665: Add comment for Default section so folks know where it should go.
24666: [7edba626f392]
24667:
24668: 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
24669:
24670: * tgetpass.c:
24671: Use TCSETAF, not TCSETA to set terminal in termio case
24672: [fbd172f6c5d3]
24673:
24674: * sudoers.cat, sudoers.man.in:
24675: regen from sudoers.pod
24676: [64edd2de816e]
24677:
24678: * sudoers.pod:
24679: o Typo, Runas_User_List should be Runas_List o a User_List can not
24680: contain a uid o mention that the Defaults section should come after
24681: Alias definitions but before the user specifications
24682: [54070ba2092b]
24683:
24684: 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
24685:
24686: * sudoers.cat, sudoers.man.in:
24687: regen
24688: [e62d1d97693c]
24689:
24690: * sudoers.pod:
24691: Fix listpw and verifypw sections, they were not being formatted
24692: properly.
24693: [123868c2f3e9]
24694:
24695: * sudoers.cat, sudoers.man.in:
24696: regen
24697: [f94841f8b374]
24698:
24699: * sudoers.pod:
24700: fix typos
24701: [f278f1c1184e]
24702:
24703: * configure:
24704: regen
24705: [d2270049ba9f]
24706:
24707: * config.h.in, configure.in:
24708: use AC_SYS_POSIX_TERMIOS instead of rolling our own
24709: [c1a13f1354b9]
24710:
24711: * README:
24712: Reference sudo.ws not courtesan.com
24713: [ca13be67ebd7]
24714:
24715: * PORTING:
24716: Add notes on shadow passwords
24717: [aa13863f2314]
24718:
24719: * BUGS:
24720: In list mode (sudo -l), characters escaped with a backslash are
24721: shown verbatim with the backslash.
24722: [1a75a2858be2]
24723:
24724: * sudoers:
24725: Add simple examples from OpenBSD (Marc Espie)
24726: [3ae9a9ae4125]
24727:
24728: * tgetpass.c:
24729: Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
24730: [f8817699ee10]
24731:
24732: * CHANGES:
24733: minor prettyification
24734: [f523587929b9]
24735:
24736: * CHANGES:
24737: Updated change log
24738: [39d9010ee7a8]
24739:
24740: * testsudoers.c:
24741: Fix CIDR handling here too.
24742: [c91db8344c32]
24743:
24744: * auth/pam.c:
24745: Apparently a NULL response is OK
24746: [83bae61078d9]
24747:
24748: * TODO:
24749: Checkpoint for upcoming beta release
24750: [efb95c09df2a]
24751:
24752: * TROUBLESHOOTING:
24753: Many people believe that adding a runas spec should obviate the need
24754: for the -u flag. It does not.
24755: [c698bad85b0e]
24756:
24757: * RUNSON:
24758: checkpoint update for upcoming 1.6.4 beta
24759: [009e465a0a45]
24760:
24761: * config.h.in:
24762: o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
24763: if HAVE_STRING_H is defined -- this is safe now
24764: [d27c035f4e14]
24765:
24766: * PORTING:
24767: Add signals section
24768: [2d24c13cb3c8]
24769:
24770: * configure:
24771: regen
24772: [2b80a939e2ed]
24773:
24774: * configure.in:
24775: Fix check for sigaction_t
24776: [6fa41c89ab20]
24777:
24778: * sudo.c:
24779: XXX - should call find_path() as runas user, not root. Can't do
24780: that until the parser changes though.
24781: [f0b4f85651bd]
24782:
24783: * sudo.c:
24784: If find_path() fails as root, try again as the invoking user (useful
24785: for NFS). Idea from Chip Capelik.
24786: [e03fa7872692]
24787:
24788: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
24789: Regenerate after pod file changes
24790: [48e4bd75ec21]
24791:
24792: * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
24793: sudo.pod, sudoers.pod:
24794: Add new sudoers option "preserve_groups". Previously sudo would not
24795: call initgroups() if the target user was root. Now it always calls
24796: initgroups() unless the -P command line option or the
24797: "preserve_groups" sudoers option is set. Idea from TJ Saunders.
24798: [4f730359f101]
24799:
24800: 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
24801:
24802: * compat.h, config.h.in:
24803: Use new HAVE_SIGACTION_T define
24804: [dfb25f3cae5b]
24805:
24806: * logging.c:
24807: Fix compilation on K&C
24808: [7355e3275e34]
24809:
24810: * configure:
24811: regen
24812: [a710584f92f0]
24813:
24814: * configure.in:
24815: Add check for sigaction_t -- IRIX already defines this so don't
24816: redefine it.
24817: [df9c5737f6da]
24818:
24819: * snprintf.c:
24820: fix typo
24821: [3d782b8134c8]
24822:
24823: * interfaces.c:
24824: need stdlib.h here too
24825: [c789d8973ab2]
24826:
24827: * configure:
24828: regen
24829: [44822856bf46]
24830:
24831: * configure.in:
24832: Remove redundant checks for string.h, strings.h and unistd.h
24833: [933c94f8bbf4]
24834:
24835: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
24836: visudo.man.in:
24837: Regen from pod files
24838: [ad18c590f638]
24839:
24840: * BUGS:
24841: Update for 1.6.4
24842: [26bc88b69d22]
24843:
24844: * configure, lex.yy.c, sudo.tab.c:
24845: regen
24846: [bef89fd6fa2d]
24847:
24848: * strerror.c:
24849: Return EINVAL if errnum > sys_nerr
24850: [0512374e6661]
24851:
24852: * auth/sudo_auth.h:
24853: o Update copyright year
24854: [a877016db6e2]
24855:
24856: * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
24857: config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
24858: sudo.pod:
24859: o Update copyright year
24860: [e15a1b39039f]
24861:
24862: * configure.in:
24863: o Don't define STDC_HEADERS unconditionally for IRIX o Update
24864: copyright year
24865: [82a8cb819e07]
24866:
24867: * README:
24868: update version
24869: [d82e523a16b4]
24870:
24871: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
24872: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
24873: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
24874: auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
24875: set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
24876: visudo.c:
24877: o Reorder some headers and use STDC_HEADERS define properly o Update
24878: copyright year
24879: [fe39f76b3795]
24880:
24881: * lsearch.c:
24882: o Reorder some headers and use STDC_HEADERS define properly o Update
24883: copyright year
24884: [764ba3d4fa13]
24885:
24886: * getspwuid.c, goodpath.c, interfaces.c:
24887: o Reorder some headers and use STDC_HEADERS define properly o Update
24888: copyright year
24889: [fb46d46140d4]
24890:
24891: * getcwd.c:
24892: o Reorder some headers and use STDC_HEADERS define properly o Update
24893: copyright year
24894: [b199d70ac7ab]
24895:
24896: * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
24897: fnmatch.c:
24898: o Reorder some headers and use STDC_HEADERS define properly o Update
24899: copyright year
24900: [dab8f192a3ed]
24901:
24902: * configure:
24903: regen
24904: [156658f25cea]
24905:
24906: * tgetpass.c:
24907: flags set in signal handlers should be volatile sig_atomic_t
24908: [c22931a5535e]
24909:
24910: * config.h.in, configure.in:
24911: Add checks for volatile and sig_atomic_t
24912: [b03b3341381d]
24913:
24914: * configure, lex.yy.c:
24915: regen
24916: [ed9daba88217]
24917:
24918: * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
24919: sudo.c, sudoers.pod:
24920: Remove "secure_path" Defaults option since it cannot work with the
24921: existing parser.
24922: [c9e54a0f5971]
24923:
24924: * find_path.c, sudo.c:
24925: Unset "secure_path" if user_is_exempt()
24926: [fb7544565ae8]
24927:
24928: * env.c, pathnames.h.in:
24929: o Remove assumption that PATH and TERM are not listed in env_keep o
24930: If no PATH is in the environment use a default value o If TERM is
24931: not set in the non-reset case also give it a default value.
24932: [c987eb7df268]
24933:
24934: * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
24935: _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
24936: systems that define in paths.h
24937: [51865b0cdebf]
24938:
24939: * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
24940: Add support for skeyaccess(3) if it is present in libskey.
24941: [8add77c7d3e7]
24942:
24943: 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
24944:
24945: * sudo.c:
24946: Only need to do 'lc = login_getclass(NULL)' if lc == NULL
24947: [5a3d3cbf2c6d]
24948:
24949: * parse.lex:
24950: '\\' is a perfectly legal character to have in a command line
24951: argument.
24952: [c15a466ef00e]
24953:
24954: * sudo.c:
24955: o Defer call to set_fqdn() until it is safe to use log_error() o
24956: Don't print errno string value if gethostbyname fails, it is not
24957: relevant
24958: [c0c6bcf08bcb]
24959:
24960: * parse.c:
24961: Fix CIDR -> in_addr_t conversion.
24962: [2f307ebeb63f]
24963:
24964: 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
24965:
24966: * sudoers.pod:
24967: Remove an extra "User_List" in the User_Spec definition From
24968: ybertrand AT snoopymail.com
24969: [97bde59ea280]
24970:
24971: * parse.c:
24972: Make 'listpw=never' work for users who are not explicitly mentioned
24973: in sudoers.
24974: [258f0f30a428]
24975:
24976: * sudoers.pod:
24977: Remove gratuitous '=' in EBNF grammar; era AT iki.fi
24978: [4b0f03872ee1]
24979:
24980: * sudoers.pod:
24981: Document new list Defaults type and convert env_keep and env_delete
24982: to lists. Document new env_check option.
24983: [a07f1f079fe3]
24984:
24985: * lex.yy.c, sudo.tab.c, sudo.tab.h:
24986: regen parser
24987: [e39ac6c6581b]
24988:
24989: * parse.lex:
24990: Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
24991: to #[0-9-]+.
24992: [69c5388908f3]
24993:
24994: * configure:
24995: regen
24996: [0f1877b88cb3]
24997:
24998: * aclocal.m4:
24999: Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
25000: [6545503ae361]
25001:
25002: * config.h.in, configure.in:
25003: Add check for skeyaccess(3)
25004: [6caf69fe6359]
25005:
25006: * visudo.pod:
25007: Document new -c, -f, and -q options
25008: [13d0203c21d3]
25009:
25010: * visudo.c:
25011: o Add -f option (alternate sudoers file) o Convert to use getopt(3)
25012: [4c2b664d617d]
25013:
25014: * configure:
25015: regen
25016: [6d5bd932e7b5]
25017:
25018: * aclocal.m4, config.h.in, configure.in:
25019: Add check for isblank and a replacement macro if it doesn't exist.
25020: [b524f5e4f953]
25021:
25022: 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
25023:
25024: * visudo.c:
25025: In check-only mode, don't create sudoers if it does not already
25026: exist.
25027: [c748a2d5acad]
25028:
25029: * parse.yacc:
25030: o Add a new token, DEFVAR, to indicate a Defaults variable name o
25031: Add support for "+=" and "-=" list operators o replace some 1 and 0
25032: with TRUE and FALSE for greater legibility.
25033: [554cb174b37e]
25034:
25035: * parse.lex:
25036: o Use exclusive start conditions to remove some ambiguity in the
25037: lexer. Also reorder some things for clarity. o Add support for
25038: "+=" and "-=" list operators. o Use the new DEFVAR token to denote
25039: a Defaults variable name.
25040: [3a2cf8323e26]
25041:
25042: * sudo.h:
25043: Prototype init_envtables()
25044: [b74916469dab]
25045:
25046: * env.c:
25047: o Convert environment handling to use lists instead of strings.
25048: This greatly simplifies routines that need to do "foreach" type
25049: operations. o Add new init_envtables() function to set env_check
25050: and env_delete defaults based on initial_badenv_table and
25051: initial_checkenv_table (formerly sudo_badenv_table).
25052: [0a8b404658b6]
25053:
25054: * defaults.c, defaults.h:
25055: o Add a new LIST type and functions to manipulate it. o This is for
25056: use with environment handling variables. o Call new
25057: init_envtables() routine inside init_defaults() to initialize the
25058: environment lists.
25059: [ae73e64f0902]
25060:
25061: * def_data.c, def_data.h, def_data.in:
25062: Convert environment options to use the new LIST type and add a new
25063: one, env_check that only deletes if the sanity check fails.
25064: [3019503936de]
25065:
25066: * testsudoers.c:
25067: Add dummy version of init_envtables()
25068: [9d9e3ee609d9]
25069:
25070: * parse.yacc:
25071: honor quiet mode
25072: [8330fba6167c]
25073:
25074: * visudo.c:
25075: Add check-only mode
25076: [dab411bc8c35]
25077:
25078: * mkdefaults:
25079: Fix generation of entries with NULL descriptions.
25080: [ea75b9fed02e]
25081:
25082: 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
25083:
25084: * tgetpass.c:
25085: Use sigaction_t and quiet a gcc warning.
25086: [6f67d719c452]
25087:
25088: * sudo.c:
25089: Must reset signal handlers before we exec
25090: [300418120e1a]
25091:
25092: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
25093: auth/sudo_auth.c:
25094: Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
25095: version needs testing. Set SIGTSTP to SIG_DFL during password entry
25096: so user can suspend us.
25097: [00304aa58747]
25098:
25099: * tgetpass.c:
25100: Add support for interrupting/suspending tgetpass via keyboard input.
25101: If you suspend sudo from the password prompt and resume it will re-
25102: prompt you.
25103: [4af2b5101d32]
25104:
25105: * sudo.c:
25106: Don't block keyboard interrupt signals, just set them to SIG_IGN.
25107: [d46d7f67ef6b]
25108:
25109: 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
25110:
25111: * config.h.in:
25112: add back HAVE_SIGACTION
25113: [c9c7702c603e]
25114:
25115: * configure:
25116: regen
25117: [09fe669d337f]
25118:
25119: * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
25120: Kill POSIX_SIGNALS define and old signal support now that we emulate
25121: POSIX ones Also be sure to correctly initialize struct sigaction.
25122: [4bc2a6dbb2be]
25123:
25124: * strerror.c:
25125: Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
25126: [1ad64a19f328]
25127:
25128: * compat.h:
25129: Add scaffolding for POSIX signal emulation
25130: [945861d4c93b]
25131:
25132: * sigaction.c:
25133: o Add missing ';' so this compiles o Can't use NULL since we don't
25134: include stdio.h
25135: [04d0cac7438f]
25136:
25137: * sigaction.c:
25138: Emulate sigaction() using sigvec()
25139: [d0b54a989875]
25140:
25141: 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
25142:
25143: * sudoers.pod:
25144: Document new behavior of negative values of timestamp_timeout Fix a
25145: typo
25146: [4c0716570d01]
25147:
25148: * sudo.pod:
25149: Add security note about command not being logged after 'sudo su' and
25150: friends.
25151: [43294851a33c]
25152:
25153: * sudo.pod:
25154: Mention that -V prints default values when run as root, including
25155: the list of environment variables to clear.
25156: [d9e5e550a8c3]
25157:
25158: * Makefile.in:
25159: Run pod2man with --quotes=none to avoid stupid quoting of C<>
25160: entries.
25161: [997b23c35dbe]
25162:
25163: 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
25164:
25165: * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
25166: Add mail_badpass option Also modify mail_always behavior to also
25167: send mail when the password is wrong
25168: [838d40ccafce]
25169:
25170: * env.c, sudo.c, sudo.h:
25171: Dump default bad env table when 'sudo -V' is run by root.
25172: [f67f1b8048b0]
25173:
25174: * sudoers.pod:
25175: document env_delete
25176: [d74f893663a2]
25177:
25178: * env.c:
25179: Add support for '*' in env_keep when not resetting the environment
25180: (ie: the normal case).
25181: [fd4fb62ea8fd]
25182:
25183: * env.c:
25184: Add env_delete variable that lets the user replace/add to the
25185: bad_env_table. Allow '*' wildcard in env_keep entries.
25186: [aa728bc35e29]
25187:
25188: 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
25189:
25190: * mkinstalldirs:
25191: Force umask to 022 to guarantee sane directory permissions.
25192: [9ab3cfe70569]
25193:
25194: 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
25195:
25196: * Makefile.in:
25197: add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
25198: [671010465e6f]
25199:
25200: * mkdefaults:
25201: fix breakage in last commit
25202: [8318f8851e56]
25203:
25204: * Makefile.in:
25205: acsite.m4 -> aclocal.m4
25206: [30c146873a01]
25207:
25208: * check.c:
25209: fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
25210: [4dc8b39954da]
25211:
25212: * def_data.c:
25213: regenerated from def_data.in
25214: [915ea16ce1eb]
25215:
25216: * check.c, defaults.c, defaults.h:
25217: Add new T_UINT type that most things use instead of T_INT If
25218: timestamp_timeout is < 0 then treat the ticket as never expiring (to
25219: be expired manually by the user).
25220: [3a3a636a2a5d]
25221:
25222: * def_data.in:
25223: change most T_INT -> T_UINT
25224: [a2228d2457af]
25225:
25226: * mkdefaults:
25227: fix warning when no args
25228: [ca70a5394af5]
25229:
25230: * visudo.c:
25231: Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
25232: we are a signal handler. We no longer print the signal number but
25233: the user can just check the exit value for that.
25234: [dc424f631fef]
25235:
25236: 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
25237:
25238: * logging.c:
25239: when setting up pipes in child process check for case where stdin ==
25240: pipe fd 0
25241: [518112d76184]
25242:
25243: 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
25244:
25245: * visudo.c:
25246: Ignore editor exit value since XPG4 says vi's exit value is the
25247: count of editing errors made (failed searches, etc).
25248: [b9d952284865]
25249:
25250: 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
25251:
25252: * configure:
25253: regen
25254: [cb3aa586f03b]
25255:
25256: * configure.in:
25257: sco now is identified by config.guess as *-sco-*
25258: [46664bbdea61]
25259:
25260: * configure.in:
25261: Check for getspnam() in -lgen if not in -lc for UnixWare.
25262: [0f152ad1ba93]
25263:
25264: 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
25265:
25266: * sudoers.pod, visudo.pod:
25267: "upper case" -> "uppercase"
25268: [f9151f232326]
25269:
25270: * sudoers.pod:
25271: fix typos and grammar; pjanzen@foatdi.harvard.edu
25272: [2855d73d0237]
25273:
25274: 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
25275:
25276: * sudoers.pod:
25277: Missing word (specify); krapht@secureops.com
25278: [65523eb37a2c]
25279:
25280: 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
25281:
25282: * sudo.c:
25283: If we fail to lookup a login class, apply the default one.
25284: [d4869faa6816]
25285:
25286: * logging.c:
25287: In log_error() free message, not logline unconditionally, then free
25288: logline if it is not the same as message. No function change but
25289: this mirrors how they are allocated.
25290: [565e5f6cc643]
25291:
25292: 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
25293:
25294: * configure:
25295: regenerate
25296: [834a48f548a2]
25297:
25298: * configure.in:
25299: remove some backslash quotes that are unneeded
25300: [50d401d6e2ca]
25301:
25302: * configure.in:
25303: o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
25304: instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
25305: can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
25306: to AC_DEFINE things manually.
25307: [f502c5f15f92]
25308:
25309: * config.guess, config.sub:
25310: Updated from autoconf-2.50
25311: [6140205915ef]
25312:
25313: 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
25314:
25315: * README:
25316: Update mailing list section. We use mailman now, not majordomo.
25317: [b9a8ca45e6dc]
25318:
25319: 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
25320:
25321: * getspwuid.c, logging.c, sudo.c:
25322: Use setpwent()/endpwent() + all the shadow variants to make sure we
25323: don't inadvertantly leak an fd to the child. Apparently Linux's
25324: shadow routines leave the fd open even if you don't call setspent().
25325: Reported by mike@gistnet.com; different patch used.
25326: [d33792ef6c01]
25327:
25328: 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
25329:
25330: * sudoers.pod:
25331: s/eg./e.g./
25332: [bd32a0acaf93]
25333:
25334: * tgetpass.c:
25335: select() may return EAGAIN. If so, continue like we do for EINTR.
25336: [5f202c943818]
25337:
25338: * logging.c:
25339: Fix a non-exploitable buffer overflow in the word splitting code.
25340: This should really be rewritten.
25341: [4c724363863a]
25342:
25343: * Makefile.in:
25344: FAQ link goes away
25345: [1d26dd6c8972]
25346:
25347: * INSTALL:
25348: Tell people to look in sample.syslog.conf for examples, not FAQ
25349: [affcae3f43ca]
25350:
25351: * TROUBLESHOOTING:
25352: Update list of env vars that are cleared
25353: [234e56f1435a]
25354:
25355: * sudo.c:
25356: remove struct env_table decl since that stuff has all moved to env.c
25357: [5dd923148777]
25358:
25359: 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
25360:
25361: * fileops.c:
25362: Fix a pasto in flock-style unlocking and include <sys/file.h> for
25363: flock on older systems; twetzel@gwdg.de
25364: [d5420d9d2861]
25365:
25366: * configure:
25367: regen to get NeXT lockf/flock fix
25368: [d3ba6ed70e15]
25369:
25370: * configure.in:
25371: force NeXT to use flock since lockf is broken
25372: [bd5391dca1bb]
25373:
25374: 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
25375:
25376: * check.c:
25377: Use stashed user_gid when checking against exempt gid since sudo
25378: sets its gid to a a value that makes sudoers readable. Previously
25379: if you used gid 0 as the exempt group everyone would be exempt. From
25380: Paul Kranenburg <pk@cs.few.eur.nl>
25381: [0b140cc3a817]
25382:
25383: 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
25384:
25385: * configure:
25386: regen
25387: [cc455408f32b]
25388:
25389: * aclocal.m4:
25390: #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
25391: some types (such as ssize_t) therein.
25392: [b6aee85ca331]
25393:
25394: 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
25395:
25396: * defaults.c:
25397: Fix negation of paths in a boolean context. Problem found by
25398: apt@UH.EDU
25399: [8aee217a7cdf]
25400:
25401: 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
25402:
25403: * visudo.c:
25404: pasto
25405: [ad32b277bf68]
25406:
25407: 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
25408:
25409: * visudo.c:
25410: SA_RESETHAND means the opposite of what I was thinking--oops To
25411: block all signals in old-style signals use ~0, not 0xffffffff
25412: [6ecdd793590a]
25413:
25414: 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
25415:
25416: * defaults.c:
25417: coerce difference of pointers to int when used in a string length
25418: printf format; deraadt@openbsd.org
25419: [a9d10f07180d]
25420:
25421: 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
25422:
25423: * visudo.c:
25424: Block all signals in Exit() to avoid a signal race. There is still
25425: a tiny window but I'm not going to worry about it.
25426: [6661805c0458]
25427:
25428: 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
25429:
25430: * env.c:
25431: glibc uses the LANGUAGE env var so clear that too; Solar Designer
25432: [d4ba95628afb]
25433:
25434: * lex.yy.c:
25435: Regenerate with a fix to flex.skl that preserves errno from
25436: clobbering by isatty().
25437: [607eec736e19]
25438:
25439: 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
25440:
25441: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
25442: auth/sia.c, auth/sudo_auth.c:
25443: Some defaults I_ defines got renamed.
25444: [ec19b23caaf3]
25445:
25446: * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
25447: defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
25448: set_perms.c, sudo.c, sudo.tab.c:
25449: Move defaults info into its own files from which we generate .h and
25450: .c files. This makes adding or rearranging variables much simpler.
25451: [e91b880b5043]
25452:
25453: 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
25454:
25455: * configure, configure.in:
25456: fix typo in last commit
25457: [10a6ee2bae71]
25458:
25459: * compat.h, config.h.in, configure, configure.in:
25460: Add check + emulation for setegid (like seteuid).
25461: [29492092bd2f]
25462:
25463: * env.c:
25464: Make env_keep override badenv_table as documented Fix traversal of
25465: badenv_table (broken in last commit)
25466: [37c9f0d22673]
25467:
25468: * set_perms.c, sudo.c, sudo.h:
25469: Don't try and build saved uid version of set_perms on systems w/o
25470: them. Rename set_perms_saved_uid() -> set_perms_posix() Make
25471: set_perms_setreuid simply be set_perms_fallback() and simply include
25472: the appropriate function at compile time (setreuid() vs. setuid()).
25473: [3107333c062c]
25474:
25475: * sudoers.cat, sudoers.man.in, sudoers.pod:
25476: PATH is also preserved when env_reset is in effect
25477: [90e45c5711ff]
25478:
25479: * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
25480: configure.in, defaults.c, defaults.h, env.c, find_path.c,
25481: getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
25482: sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
25483: visudo.c, visudo.cat, visudo.man.in:
25484: New Defaults options: o stay_setuid - sudo will remain setuid if
25485: system has saved uids or setreuid(2) o env_reset - reset the
25486: environment to a sane default o env_keep - preserve environment
25487: variables that would otherwise be cleared
25488:
25489: No longer use getenv/putenv/setenv functions--do environment munging
25490: by hand. Potentially dangerous environment variables can be cleared
25491: only if they contain '/' pr '%' characters to protect buggy
25492: programs. Moved environment routines into env.c (new file)
25493: [c2f97651db4c]
25494:
25495: * INSTALL:
25496: Clear up --without-passwd description
25497: [2f336dab6733]
25498:
25499: * putenv.c, sudo_setenv.c:
25500: We now build up a new environment from scratch and assign it to
25501: "environ".
25502: [6ae6152f2238]
25503:
25504: 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
25505:
25506: * sudo.pod, visudo.pod:
25507: Grammatical fixes from Paul Janzen
25508: [e03ead2e56f8]
25509:
25510: 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
25511:
25512: * visudo.c:
25513: If there was a syntax error and the user just wants to quit, unlink
25514: sudoers if it is zero length.
25515: [74ba7921f520]
25516:
25517: * visudo.c:
25518: 'Q' means ignore parse error, not 'q'
25519: [e8d0e4491fe6]
25520:
25521: * visudo.c:
25522: Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
25523: <dim@xs4all.nl>
25524: [b24990a72491]
25525:
25526: 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
25527:
25528: * set_perms.c:
25529: Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
25530: [41a8db10e076]
25531:
25532: 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
25533:
25534: * config.guess, config.sub:
25535: Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
25536: [6052da895d2e]
25537:
25538: 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
25539:
25540: * sudo.c, visudo.c:
25541: Use exit(127), not exit(-1)
25542: [9ff0c3eada34]
25543:
25544: * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
25545: Move set_perms() to its own file and use POSIX saved uid or
25546: setreuid() if available.
25547:
25548: Added stay_setuid option for systems that have libraries that
25549: perform extra paranoia checks in system libraries for setuid
25550: programs (ie: anything with issetugid(2)).
25551: [28960f842698]
25552:
25553: * sudo.c:
25554: strip more bits from the environment and add a facility for
25555: stripping things only if they contain '/' or '%' to address printf
25556: format string vulnerabilities in other programs.
25557: [b98d6375f299]
25558:
25559: 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
25560:
25561: * configure:
25562: regen
25563: [7e74e5c91049]
25564:
25565: * configure.in:
25566: For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
25567: strcasecmp().
25568: [a418e9e70442]
25569:
25570: * configure:
25571: regen
25572: [bbff244a52bc]
25573:
25574: * configure.in:
25575: Check for strcasecmp(3) in -lc89 for NCR Unix
25576: [361c99576681]
25577:
25578: 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
25579:
25580: * config.h.in:
25581: Define HAVE_INNETGR #ifdef HAVE__INNETGR
25582: [473cdb92b6db]
25583:
25584: * configure:
25585: regen
25586: [4e6364a195e0]
25587:
25588: * compat.h, config.h.in, configure.in:
25589: Add check for _innetgr(3) since NCR systems have that instead of
25590: innetgr(3).
25591: [25e6852e7494]
25592:
25593: 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
25594:
25595: * auth/securid.c:
25596: check return value of creadcfg() call sd_close() after sd_auth()
25597: store username in sd->username so we don't rely on the USER env
25598: variable
25599: [d106b4f42722]
25600:
25601: 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
25602:
25603: * INSTALL:
25604: document --with-bsdauth
25605: [f1518ecc2ee9]
25606:
25607: * configure:
25608: regen
25609: [dceb35071ea8]
25610:
25611: * configure.in:
25612: --with-bsdauth assumes --with-logincap
25613: [4200778083fd]
25614:
25615: * auth/bsdauth.c, auth/fwtk.c:
25616: When prompting for a response to a challenge, if the user just hits
25617: return then reprompt with echo turned on.
25618: [a539b6474a97]
25619:
25620: 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
25621:
25622: * sudo.c:
25623: Remove debugging code that should not have been committed, oops.
25624: [9862607b77a7]
25625:
25626: * auth/bsdauth.c:
25627: Use lower-level routines and get the password ourselves. Checks for
25628: a challenge and if there is one echo is not turned off.
25629: [2d8fcd166baa]
25630:
25631: * auth/pam.c, auth/sudo_auth.h:
25632: minor housekeeping, no real code changes
25633: [d0074a277fb4]
25634:
25635: 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
25636:
25637: * sudo.c:
25638: Fix a coredump in the logging functions if gethostname(2) fails by
25639: deferring the call to log_error() until things are better setup.
25640:
25641: Fix return value of set_loginclass() in non-BSD-auth case.
25642:
25643: Hard-code 'sudo' in the usage message so we can fit more options on
25644: a line
25645: [d9d1b7579818]
25646:
25647: * logging.c:
25648: Fix errant ';' (typo) that broken MSG_ONLY
25649: [849b2276a470]
25650:
25651: 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
25652:
25653: * sudo.cat, sudo.man.in:
25654: regen
25655: [bb3c8c6704d1]
25656:
25657: * sudo.pod:
25658: Document -a flag
25659: [e18316cebaac]
25660:
25661: * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
25662: configure, configure.in, getspwuid.c, sudo.c:
25663: Add support for BSD authentication.
25664: [f374cfd9ca0d]
25665:
25666: 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
25667:
25668: * sudoers.pod:
25669: Fix typo; from sato@complex.eng.hokudai.ac.jp
25670: [3085fee9766e]
25671:
25672: 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
25673:
25674: * sudoers.pod:
25675: Mention negating umask
25676: [c9e410294dae]
25677:
25678: * defaults.c:
25679: Allow user to specify umask of 0777 (same as !umask)
25680: [bb771daa96fe]
25681:
25682: 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
25683:
25684: * sudo.pod, visudo.pod:
25685: Fix a typo and give a URL for the sudo history.
25686: [77f73199aedb]
25687:
25688: 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
25689:
25690: * defaults.c, sudo.pod:
25691: fix typos; pepper@reppep.com
25692: [5532c7421340]
25693:
25694: 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
25695:
25696: * sudo.c, sudo.h, sudo_setenv.c:
25697: sudo_setenv() now exits on memory alloc failure instead of returning
25698: -1.
25699: [71f1cf18f47b]
25700:
25701: 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
25702:
25703: * sudo.c:
25704: Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
25705: and possibly others.
25706: [b69d985b0d22]
25707:
25708: * logging.c:
25709: Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
25710: that "%m" won't be expanded but we don't use that anyway since the
25711: logging routines may splat to stderr as well.
25712: [8d37a544d0c0]
25713:
25714: * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
25715: sudoers.pod:
25716: Add always_set_home variable
25717: [dbcaff646e07]
25718:
25719: * configure, configure.in:
25720: Have to hard code default values in help since the defaults are set
25721: _after_ the help stuff.
25722: [7b5d6d72f55c]
25723:
25724: 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
25725:
25726: * lex.yy.c, parse.lex:
25727: Allow special characters (including '#') to be embedded in pathnames
25728: if quoted by a '\\'. The quoted chars will be dealt with by
25729: fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
25730: [3ed33cf09977]
25731:
25732: 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
25733:
25734: * install-sh:
25735: Better path searching for programs we need.
25736: [60517cb1f0d6]
25737:
25738: * TROUBLESHOOTING:
25739: Add section on "C compiler cannot create executables" errors.
25740: [e4ada6eaee59]
25741:
25742: * Makefile.binary, Makefile.in, version.h:
25743: Crank version
25744: [93d1bd5b7f5e]
25745:
25746: * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
25747: sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
25748: visudo.man.in, visudo.pod:
25749: Substitute values from configure into man pages.
25750: [619854c356c1]
25751:
25752: 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
25753:
25754: * parse.c, sudo.c:
25755: The listpw and verifypw sudoers options would not take effect
25756: because the value of the default was checked *before* sudoers was
25757: parsed. Instead of passing in the value of PWCHECK_* to
25758: sudoers_lookup(), pass in the arg for def_ival() so the check can be
25759: deferred until after sudoers is parsed.
25760: [4f596e358f72]
25761:
25762: 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
25763:
25764: * tgetpass.c:
25765: When writing prompt, no need to write the NUL as well;
25766: hag@linnaean.org
25767: [fbcdd7b431ee]
25768:
25769: 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
25770:
25771: * install-sh:
25772: When looking for chown, check in /sbin too
25773: [657ba6653f8c]
25774:
25775: 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
25776:
25777: * visudo.c:
25778: Remove extraneous call to init_defaults() and set runas_user to NULL
25779: betweem parses so init_defaults will reset it each time, thus
25780: avoiding a reference to free()d data.
25781: [7421fcd692af]
25782:
25783: 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
25784:
25785: * config.h.in, interfaces.c, interfaces.h, sudo.c:
25786: Add support for using getifaddrs() to get the list of ip addr /
25787: netmask pairs. Currently IPv4-only.
25788: [a35bc4f7306d]
25789:
25790: * visudo.c:
25791: Add a missing check for UserEditor == NULL Add missing '+' before
25792: line number when invoking editor to fix a syntax error
25793: [f0d4635f6082]
25794:
25795: 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
25796:
25797: * sudo.c:
25798: Call clean_env very early in main() for paranoia's sake. Idea from
25799: Marc Esipovich.
25800: [f8d72ebd0115]
25801:
25802: 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
25803:
25804: * sudo.h:
25805: Update proto for evasprintf and easprintf
25806: [d147d6e58419]
25807:
25808: * alloc.c:
25809: Make easprintf() and evasprintf() return an int.
25810: [b2ca5d089667]
25811:
25812: * check.c:
25813: If the targetpw flag is set, use target username as part of the
25814: timestamp path. If tty tickets are in effect cat the tty and the
25815: target username with a ':' as the separator.
25816: [de11abc693c2]
25817:
25818: 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
25819:
25820: * auth/pam.c:
25821: Backout part of last change; setting PAM_USER to the invoking user
25822: breaks things like targetpw.
25823: [427218a7387f]
25824:
25825: * auth/pam.c:
25826: set tty and username via pam_set_item
25827: [85d1922dbcc9]
25828:
25829: * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
25830: Fix root, runas, and target authentication for non-passwd file auth
25831: methods.
25832: [a14535e7b30c]
25833:
25834: 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
25835:
25836: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
25837: sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
25838: Use B<-Z> not C<-Z> for command line flags in all places. This is
25839: more consistent and works around a bug in Pod::Man.
25840: [64b5a05f30c5]
25841:
25842: * sudoers.cat, sudoers.man.in, sudoers.pod:
25843: Fix an occurence of 'semicolon' that should be 'colon'
25844: [4ea5aacae3fb]
25845:
25846: 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
25847:
25848: * configure, configure.in:
25849: Fix --with-badpri help line
25850: [3cc40977c043]
25851:
25852: 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
25853:
25854: * defaults.c, logging.c, sudo.c:
25855: Bracket calls to syslog with an openlog() and closelog() since some
25856: authentication methods (like PAM) may do their own logging via
25857: syslog. Since we don't use syslog much (usually just once per
25858: session) this doesn't really incur a performance penalty. It also
25859: Fixes a SEGV with pam_kafs.
25860: [fe1cc28529f6]
25861:
25862: 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
25863:
25864: * sudo.c:
25865: Fix -H flag. runas_homedir is only valid after
25866: set_perms(PERM_RUNAS, mode)
25867: [ce9b1c6f68a6]
25868:
25869: 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
25870:
25871: * INSTALL:
25872: Clarify the fact that insults are not enabled just by including them
25873: in the binary.
25874: [d5a31d48320c]
25875:
25876: 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
25877:
25878: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
25879: visudo.man.in:
25880: Regenerated with perl 5.6.0 pod2man
25881: [21751433768b]
25882:
25883: * Makefile.in:
25884: Give date string to pod2man since its default is ugly and it ain't
25885: got no alibi.
25886: [0080b2f6298f]
25887:
25888: * Makefile.in:
25889: Do section substitution on the output of pod2man and remove hack
25890: needed for old pod2man.
25891: [1ef843d5c78b]
25892:
25893: * sudo.pod, sudoers.pod, visudo.pod:
25894: Put back real man sections, we will do the substitution later.
25895: [f728c1abad7e]
25896:
25897: 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
25898:
25899: * configure, configure.in:
25900: Don't bother checking for the path to vi if user specified --with-
25901: editor
25902: [bf698487e0d5]
25903:
25904: 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
25905:
25906: * CHANGES, visudo.c:
25907: Visudo now does its own fork/exec instead of calling system(3).
25908: [99bbcd88863b]
25909:
25910: * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
25911: sudoers.pod, visudo.c:
25912: Visudo now checks for the existence of an editor and gives a
25913: sensible error if it does not exist.
25914:
25915: The path to the editor for visudo is now a colon-separated list of
25916: allowable editors. If the user has $EDITOR set and it matches one
25917: of the allowed editors that editor will be used. If not, the first
25918: editor in the list that actually exists is used.
25919: [cc86eb9f5440]
25920:
25921: * sudo.cat, sudo.man.in, sudo.pod:
25922: Clear up confusion wrt sudo's return value.
25923: [9385b12d8e79]
25924:
25925: 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
25926:
25927: * Makefile.in:
25928: Strip sudo and visudo for bindist target
25929: [a995ddd79177]
25930:
25931: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
25932: sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
25933: Use @mansectsu@ and @mansectform@ in the man page bodies as well.
25934: [5eb9e60a726f] [SUDO_1_6_3]
25935:
25936: * visudo.cat, visudo.man.in, visudo.pod:
25937: Typo: @sysconf@ -> @sysconfdir@
25938: [f07f52fcd099]
25939:
25940: * Makefile.in:
25941: 'make dist' should not cause any files to be modified so remove its
25942: dependencies.
25943: [7f44a2666a9c]
25944:
25945: * CHANGES:
25946: Whoops, forgot to add release marker
25947: [16c0f16b35b8]
25948:
25949: 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
25950:
25951: * CHANGES:
25952: Final change for 1.6.3 (or so I hope)
25953: [473c89da6123]
25954:
25955: * sudo.cat, sudoers.cat, visudo.cat:
25956: Use SYSV man sections since BSD systems will have nroff...
25957: [0a6bd154324e]
25958:
25959: 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
25960:
25961: * parse.yacc, sudo.tab.c:
25962: When checking to see if the host/user matches in a defaults spec,
25963: check against TRUE, not just non-zero since it might be -1.
25964: [41f2b7ad3fdd]
25965:
25966: * configure, configure.in:
25967: OSF/1 puts file formats in section 4, not 5.
25968: [d77c1301afa9]
25969:
25970: * CHANGES, INSTALL, sudo.c:
25971: Make login class support work on BSD/OS
25972: [e9bbe3c08ade]
25973:
25974: * RUNSON:
25975: Update for 1.6.3
25976: [c40ce1d76c4d]
25977:
25978: * configure, configure.in:
25979: If there is no inet_addr but there *is* an __inet_addr that's ok
25980: since inet_addr is probably just a macro then. The better thing to
25981: do would be to look for the macro, but this is fine for now.
25982: [1b8865ae4d68]
25983:
25984: * configure, configure.in:
25985: Don't use shlicc for BSD/OS 4.x
25986: [83fbf6dedd2c]
25987:
25988: * Makefile.in, configure, configure.in:
25989: *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
25990: configure variable so we can deal with this. Also, only remove *.man
25991: for 'distclean' not 'clean'.
25992: [30d56e6de214]
25993:
25994: * sudo.c:
25995: set_loginclass() should be static like the proto says
25996: [d570a2d55fb8]
25997:
25998: 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
25999:
26000: * fnmatch.c:
26001: Add #ifdef __STDC__ around the rangematch function header to avoid
26002: promotion of test to int, thus violating the prototype. Gcc handles
26003: this gracefully but more std ANSI compilers will complain.
26004: [7d98c3e332b2]
26005:
26006: * emul/fnmatch.h:
26007: Pull in newer fnmatch(3) that supports FNM_CASEFOLD
26008: [4e1320852f8b]
26009:
26010: * aclocal.m4, configure, fnmatch.3, fnmatch.c:
26011: Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
26012: FNM_CASEFOLD in configure
26013: [9ef952bf1896]
26014:
26015: * CHANGES, TODO:
26016: update for 1.6.3
26017: [e4ba6368a0c5]
26018:
26019: * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
26020: Fully qualified hosts w/ wildcards were not matching the FQHOST
26021: token type. There's really no need for a separate token for fully-
26022: qualified vs. unqualified anymore so FQHOST is now history and
26023: hostname_matches now decides which hostname (short or long) to check
26024: based on whether or not the pattern contains a '.'.
26025: [fbd2887d9811]
26026:
26027: * parse.h:
26028: Fully qualified hosts w/ wildcards were not matching the FQHOST
26029: token type. There's really no need for a separate token for fully-
26030: qualified vs. unqualified anymore so FQHOST is now history and
26031: hostname_matches now decides which hostname (short or long) to check
26032: based on whether or not the pattern contains a '.'.
26033: [dd7bbe223461]
26034:
26035: * lex.yy.c, parse.c, parse.lex, parse.yacc:
26036: Fully qualified hosts w/ wildcards were not matching the FQHOST
26037: token type. There's really no need for a separate token for fully-
26038: qualified vs. unqualified anymore so FQHOST is now history and
26039: hostname_matches now decides which hostname (short or long) to check
26040: based on whether or not the pattern contains a '.'.
26041: [630d9d205397]
26042:
26043: * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
26044: sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
26045: Add support for wildcards in the hostname.
26046: [d8d821ed4238]
26047:
26048: * Makefile.in:
26049: Add targets for *.man.in, using config.status to generate *.man from
26050: *.man.in
26051: [640e50ede485]
26052:
26053: * sudoers.cat, sudoers.man.in, sudoers.pod:
26054: Document set_logname option and enbolden refs to sudo and visudo.
26055: [9622b3a48707]
26056:
26057: * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
26058: sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
26059: visudo.cat, visudo.man.in, visudo.pod:
26060: Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
26061: from Michael D. Marchionna. configure now does substitution on the
26062: man pages, allowing us to fix up the paths and set the section
26063: correctly. Based on an idea from Michael D. Marchionna.
26064: [463e928a0a2f]
26065:
26066: * auth/passwd.c:
26067: Better fix for handling HP-UX aging info.
26068: [3950f42d8549]
26069:
26070: * sudo.c:
26071: Add support for set_logname run-time default
26072: [c6a7cc76b8b4]
26073:
26074: * sudo.man.in, sudoers.man.in, visudo.man.in:
26075: configure does substitution on these to produce *.man
26076: [b83fc3c1bfc9]
26077:
26078: * sudo.man, sudoers.man, visudo.man:
26079: These files now get generated from *.man.in at configure time.
26080: [c499061f79e0]
26081:
26082: 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
26083:
26084: * defaults.c, defaults.h:
26085: Add set_logname option so users can turn off setting of LOGNAME/USER
26086: environment variables.
26087: [6316869180b8]
26088:
26089: * lsearch.c, parse.c, testsudoers.c:
26090: kill register
26091: [6e104e653748]
26092:
26093: 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
26094:
26095: * auth/passwd.c:
26096: HP-UX adds extra info at the end for password aging so when
26097: comparing the result of crypt to pw_passwd we only compare the first
26098: len(epass) bytes *unless* the user entered an empty string for a
26099: password.
26100: [3d24d4e4e889]
26101:
26102: * logging.c:
26103: Get rid of grandchild hack, it was causing problems and there is
26104: really no need for it. This fixes a bug where we spin eating up CPU
26105: when the user runs a long-running process like a shell.
26106: [5743b10b1e81]
26107:
26108: 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
26109:
26110: * sudo.c:
26111: User can always specify a login class if he/she is already root.
26112: [710d160cef9f]
26113:
26114: * config.h.in, configure, configure.in, defaults.c, defaults.h,
26115: sudo.c, sudo.h:
26116: FreeBSD login class (login.conf) support.
26117: [026b981d6328]
26118:
26119: 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
26120:
26121: * auth/sudo_auth.c:
26122: HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
26123: [9cd4929f1a78]
26124:
26125: 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
26126:
26127: * auth/passwd.c:
26128: Truncate unencrypted password to 8 chars if encrypted password is
26129: exactly 13 characters (indicateing standard a DES password). Many
26130: versions of crypt() do this for you, but not all (like HP-UX's).
26131: [a9d0259cb193]
26132:
26133: 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
26134:
26135: * INSTALL, RUNSON:
26136: Mention that gcc on dynix may have problems
26137: [77b97fa5bf1b]
26138:
26139: 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
26140:
26141: * Makefile.in:
26142: Link visudo with NET_LIBS since we now call syslog via defaults.c
26143: [9e3830b277cc]
26144:
26145: * defaults.c:
26146: Use Argv[0] as the first arg to openlog() since visudo uses this
26147: too.
26148: [e61078f328ec]
26149:
26150: 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
26151:
26152: * sudo.c:
26153: Stash coredumpsize resource limit and retsore it before the exec()
26154: Otherwise the child ends up with a coredumpsize of 0.
26155: [f6a4783835a3]
26156:
26157: 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
26158:
26159: * sudo.cat, sudo.man, sudo.pod:
26160: document -S flag
26161: [3ebd805b7142]
26162:
26163: * sudo.c:
26164: fix usage string
26165: [66b2dfa47fe8]
26166:
26167: * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
26168: auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
26169: Added -S flag (read passwd from stdin) and tgetpass_flags global
26170: that holds flags to be passed in to tgetpass(). Change echo_off
26171: param to tgetpass() into a flags field. There are currently 2
26172: possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
26173: tgetpass(), abstract the echo set/clear via macros and if (flags &
26174: TGP_ECHO) but echo is not set on the terminal, but sure to set it.
26175: [a4fcbb712cd0]
26176:
26177: * tgetpass.c:
26178: Fixed a bug that caused an infinite loop when the password timeout
26179: was disabled.
26180: [2be1ffc5a39f]
26181:
26182: 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
26183:
26184: * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
26185: sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
26186: Add rootpw, runaspw, and targetpw options.
26187: [2d4563e46df7]
26188:
26189: * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
26190: visudo.c:
26191: enveditor -> env_editor
26192: [ddc5f856e583]
26193:
26194: 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
26195:
26196: * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
26197: sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
26198: visudo.man:
26199: crank versino to 1.6.3
26200: [a5f7d3e74360]
26201:
26202: * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
26203: sudoers.pod, visudo.c:
26204: Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
26205: them. This means that visudo will now parse the sudoers file
26206: *before* it is edited so a bogus sudoers file will cause a warning
26207: to go to stderr. Also, visudo checks the variables once--it does not
26208: check them after each editor run since that could be confusing.
26209: [9f5af18e9212]
26210:
26211: 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
26212:
26213: * RUNSON:
26214: 1.6.2 -> 1.6.2p1
26215: [e25b74f1d1af]
26216:
26217: * check.c, sudo.c, sudo.h:
26218: Move user_is_exempt prototype into sudo.h
26219: [daf26a6ded8a]
26220:
26221: 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
26222:
26223: * configure, configure.in:
26224: Fix thinko, some && should have been || in the last commit
26225: [4b9b2d487ded]
26226:
26227: * configure, configure.in:
26228: Don't initialized Makefile variables to be NULL since the user may
26229: want to import variables from their environment.
26230: [7be019f4422c]
26231:
26232: 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
26233:
26234: * configure, configure.in:
26235: typo
26236: [38f4d8971f0a]
26237:
26238: 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
26239:
26240: * sudo.tab.c:
26241: fix a yacc (skeleton.c) warning
26242: [a2da228a937b]
26243:
26244: 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
26245:
26246: * INSTALL, RUNSON, configure, configure.in:
26247: Make pam work on HP-UX 11.0;jaearick@colby.edu
26248: [b94de0ff6f42]
26249:
26250: * CHANGES:
26251: recent changes; prepare for 1.6.2p1
26252: [b291635ea141]
26253:
26254: * find_path.c:
26255: Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
26256: [4306285c4f6e]
26257:
26258: 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
26259:
26260: * sudo.tab.c:
26261: Regen with yacc that has a memory leak plugged.
26262: [e26383a04eb7]
26263:
26264: * sudoers.cat, sudoers.man, sudoers.pod:
26265: Expanded docs on sudoers 'defaults' options based on INSTALL file
26266: info.
26267: [54c3d62d6c74]
26268:
26269: * INSTALL:
26270: Fix some while lies
26271: [d15311782150]
26272:
26273: 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
26274:
26275: * Makefile.in:
26276: When making a bindist, link FAQ to TROUBLESHOOTING instead of
26277: copying.
26278: [2d88a6ac88cf]
26279:
26280: * sudoers.cat, sudoers.man, sudoers.pod:
26281: Add netgroup caveat
26282: [28d119f466e3] [SUDO_1_6_2]
26283:
26284: * RUNSON:
26285: Last minute updates
26286: [89fb4ed22d52]
26287:
26288: * TROUBLESHOOTING:
26289: PAM entry
26290: [a9fd59f39457]
26291:
26292: * auth/pam.c:
26293: correct a comment
26294: [a29627225ba9]
26295:
26296: * CHANGES, RUNSON:
26297: update for 1.6.2
26298: [b7f1c40ea732]
26299:
26300: * auth/pam.c:
26301: Better detection of PAM errors and fix custom prompts with PAM.
26302: Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
26303: [ff69234b94a5]
26304:
26305: 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
26306:
26307: * snprintf.c:
26308: Cast ULONG_MAX to unsigned long long when comparing to an unsigned
26309: long long value.
26310: [9d918c3a2ecd]
26311:
26312: 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
26313:
26314: * CHANGES, config.h.in, configure, configure.in, visudo.c:
26315: Fix sudoers locking in visudo. We now lock the sudoers file itself,
26316: not the temp file (since locking the temp file can foul up editors).
26317: The previous locking scheme didn't work because the fd was closed
26318: too early.
26319: [de2011bb11ed]
26320:
26321: * config.h.in, configure, configure.in:
26322: Don't need test for ftruncate() any more.
26323: [e5f71c848104]
26324:
26325: * configure, configure.in:
26326: Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
26327: the unbundled HP-UX cc.
26328: [2c373612c644]
26329:
26330: 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
26331:
26332: * sudoers.cat, sudoers.man, sudoers.pod:
26333: "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
26334: [05360d2c314e]
26335:
26336: 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
26337:
26338: * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
26339: parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
26340: version.h, visudo.c:
26341: update copyright year on changed files
26342: [5792a2a28a4c]
26343:
26344: * RUNSON:
26345: updates
26346: [edf8f19aa403]
26347:
26348: * CHANGES:
26349: aix fix
26350: [4d4a243b31e2]
26351:
26352: * INSTALL:
26353: Crank version to 1.6.2
26354: [bcb5cb411624]
26355:
26356: * configure:
26357: Crank version to 1.6.2
26358: [32a19f33427f]
26359:
26360: * sudo.c:
26361: When using rlimit check for RLIM_INFINITY When computing the value
26362: of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
26363: [8c16166802e5]
26364:
26365: * CHANGES:
26366: recent changes
26367: [09fc7112e44d]
26368:
26369: * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
26370: sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
26371: Crank version to 1.6.2
26372: [055fa61a7c61]
26373:
26374: * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
26375: Add 'shell_noargs' runtime option back in. We have to defer
26376: checking until after the sudoers file has been parsed but since
26377: there are now other options that operate that way this one can too.
26378: Based on a patch from bguillory@email.com.
26379: [231db7a007a6]
26380:
26381: * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
26382: Add "listpw" and "verifypw" options.
26383: [190683bac878]
26384:
26385: * sudoers.cat, sudoers.man, sudoers.pod:
26386: o Fix some typos/omissions o Add section on verifypw and listpw o
26387: Define how NOPASSWD interacts with the -v and -l flags
26388: [6feb7350eb79]
26389:
26390: 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
26391:
26392: * configure, configure.in:
26393: For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
26394: -D_HPUX_SOURCE to CPPFLAGS.
26395: [06cc35d89dc8]
26396:
26397: * defaults.c, defaults.h:
26398: In struct sudo_defs_types, move the union to the end and don't
26399: initialize the union member since that only works with an ANSI
26400: compiler. We set the value of the union by hand in init_defaults()
26401: anyway. This allows sudo to compile on a K&R compiler again.
26402: [623487e1fcfa]
26403:
26404: 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
26405:
26406: * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
26407: netgr_matches needs to check shost as well as host since they may be
26408: different.
26409: [3f43ace23d3e]
26410:
26411: * tgetpass.c:
26412: End on \r as well as \n
26413: [cb7c6e6f4202]
26414:
26415: 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
26416:
26417: * sudo.c:
26418: Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
26419: from 0400 to whatever SUDOERS_MODE is (converting from the old
26420: sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
26421: 0400 which should always be the case.
26422: [34cd83d49d20]
26423:
26424: * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
26425: Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
26426: w/o a passwd if there is *any* entry for the user on the host with a
26427: NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
26428: the user on the host w/ the specified runas user have the NOPASSWD
26429: flag set.
26430: [4b3b85697653]
26431:
26432: * Makefile.in:
26433: add check target
26434: [3d24d34a76fd]
26435:
26436: 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
26437:
26438: * visudo.c:
26439: Treat EOF at whatnow prompt like 'x' instead of looping.
26440: [5deffc27114c]
26441:
26442: 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
26443:
26444: * CHANGES:
26445: recent changes
26446: [5836a9452568] [SUDO_1_6_1]
26447:
26448: 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
26449:
26450: * config.h.in, configure, configure.in, sudo.c:
26451: Add check for initgroups() since old SYSV lacks this.
26452: [657a6005a569]
26453:
26454: * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
26455: parse.c, testsudoers.c:
26456: o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
26457: exists.
26458: [17d081e917d6]
26459:
26460: 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
26461:
26462: * auth/sudo_auth.c:
26463: Don't allow insults to be enabled if the insults[] array is empty.
26464: Otherwise there would be division by zero.
26465: [b20c14db6029]
26466:
26467: * insults.h:
26468: Don't allow insults to be enabled if the insults[] array is empty.
26469: Otherwise there would be division by zero.
26470: [028f130204b0]
26471:
26472: * CHANGES, RUNSON:
26473: Don't allow insults to be enabled if the insults[] array is empty.
26474: Otherwise there would be division by zero.
26475: [974f4780254b]
26476:
26477: * insults.h:
26478: Don't care about USE_INSULTS #define since the insult stuff may be
26479: overridden at runtime.
26480: [b873df8b299c]
26481:
26482: * auth/sudo_auth.c:
26483: Honor insults flag.
26484: [756111640fdc]
26485:
26486: * CHANGES, parse.c:
26487: Don't ask the user for a password if the user is not allowed to run
26488: the command and the authenticate flag (in sudoers) is false.
26489: [cea9fdc09c76]
26490:
26491: * CHANGES, RUNSON, lex.yy.c, parse.lex:
26492: o Whenever we get a bare newline we change to the INITIAL state. o
26493: Enter GOTRUNAS when we see Runas_Alias
26494:
26495: This allows #uid to work in a RunasAlias.
26496: [a475513e7c7a]
26497:
26498: 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
26499:
26500: * CHANGES, parse.yacc, sudo.tab.c:
26501: fix parsing of runas lists: o oprunasuser and runaslist now return a
26502: value o in a runasspec, if a runaslist does not return TRUE, set
26503: runas_matches to FALSE. Normally, a runaslist only returns FALSE
26504: for explicitly denied users. o since runaslist does not modify the
26505: stack there is no need for a push/pop in runasalias.
26506: [82b305b34a8c]
26507:
26508: * check.c, sudo.c:
26509: Don't kill the user's tickets until after sudoers has been parsed
26510: since tty_tickets and ticket_dir could be set in sudoers.
26511: [f43e25367f3a]
26512:
26513: * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
26514: configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
26515: sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
26516: crank version to 1.6
26517: [95f8bdcf9bb2]
26518:
26519: * testsudoers.c:
26520: add set_fqdn() stub
26521: [bbc81af5b41a]
26522:
26523: 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
26524:
26525: * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
26526: sudoers.man, sudoers.pod, visudo.c:
26527: o Kill shell_noargs option, it cannot work since the command needs
26528: to be set before sudoers is parsed. o Fix the "set_home" sudoers
26529: option (only worked at compile time). o Fix "fqdn" sudoers option.
26530: We now set host/shost via set_fqdn which gets called when the
26531: "fqdn" option is set in sudoers. o Move the openlog() to
26532: store_syslogfac() so this gets overridden correctly from the
26533: sudoers file.
26534: [3dca861f0f5d]
26535:
26536: * auth/securid.c:
26537: SecurID support should compile now.
26538: [a544e5c6ea34]
26539:
26540: 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
26541:
26542: * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
26543: visudo.man, visudo.pod:
26544: fix some syntactic goofs
26545: [b3451f0d5239]
26546:
26547: 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
26548:
26549: * Makefile.in, sudo.html, sudoers.html, visudo.html:
26550: No longer need the .html files as they are generated automatically
26551: on the web site.
26552: [1b4aa4204584]
26553:
26554: * CHANGES, LICENSE:
26555: kill characters that made wml unhappy
26556: [b988fbc6da56]
26557:
26558: * HISTORY:
26559: typo
26560: [a418963f7fce]
26561:
26562: 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
26563:
26564: * README:
26565: majordomo@cs.colorado.edu -> majordomo@courtesan.com
26566: [5d151e8ffd3b]
26567:
26568: * Makefile.in, configure:
26569: Wrap script execution w/ /bin/sh for the benefit of ctm
26570: [3a9c4766b2c3]
26571:
26572: 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
26573:
26574: * sudo.c:
26575: Make the -s flag be exclusive too. Also reorder the flags in the
26576: exclusive usage message so they are alphabetical.
26577: [4c7af200db34]
26578:
26579: 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
26580:
26581: * auth/pam.c:
26582: make pam errors other than PAM_PERM_DENIED fatal
26583: [64bcb3fd2baf]
26584:
26585: * auth/API:
26586: fix typo
26587: [f3134c88b12e]
26588:
26589: * INSTALL:
26590: make it clear that /etc/pam.d/sudo is required on linux
26591: [213cc3eaad82]
26592:
26593: * auth/pam.c:
26594: fix a warning on redhat and spew an error if pam_authenticate()
26595: returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
26596: [7e46dd19da89]
26597:
26598: * sudo.cat, sudo.html, sudo.man, sudo.pod:
26599: Be very clear that the password required is the user's not root's
26600: [a6da127347e5]
26601:
26602: 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
26603:
26604: * Makefile.in:
26605: add sample.syslog.conf to DISTFILES and BINFILES
26606: [8661c27c007e]
26607:
26608: 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
26609:
26610: * RUNSON:
26611: updates from Brian Jackson + some formatting
26612: [6d31c6fa63f8]
26613:
26614: 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
26615:
26616: * INSTALL.binary, Makefile.binary, README, RUNSON:
26617: o One RUNSon update o Changes for automating real binary releases
26618: [dd9585f4406c]
26619:
26620: * Makefile.in:
26621: Add bindist target
26622: [546ed3fa94bb]
26623:
26624: 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
26625:
26626: * TROUBLESHOOTING:
26627: talk about run-time options in addition to compile-time options
26628: [1eb813ff0a9a] [SUDO_1_6_0]
26629:
26630: * CHANGES:
26631: fix typos
26632: [65e92bb70a7b]
26633:
26634: * sudo.c:
26635: need sys/time.h if HAVE_SETRLIMIT
26636: [ce31655a8a60]
26637:
26638: * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
26639: sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
26640: get rid of references to sudo-bugs. Now mention the web site or the
26641: sudo@ alias
26642: [a9db861fd8c6]
26643:
26644: * sudoers.html:
26645: repair pod2html damage
26646: [62ece4277f1f]
26647:
26648: * RUNSON, TODO:
26649: Update for 1.6 release
26650: [98569c57ba2a]
26651:
26652: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
26653: Add warning about using ALL in a command context.
26654: [6c77685ab280]
26655:
26656: 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
26657:
26658: * visudo.c:
26659: Call yyrestart() on a parse error to reset the lexer state.
26660: [1370a27acdb2]
26661:
26662: * lex.yy.c, parse.lex:
26663: Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
26664: since it might not get called in yywrap if we get a parse error
26665: (and we only reread the file on error anyway).
26666: [37f4b449e28e]
26667:
26668: * lex.yy.c, parse.lex:
26669: Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
26670: might still exist. Call yyrestart() instead of using the deprecated
26671: YY_NEW_FILE macro.
26672: [7d0d873046c6]
26673:
26674: * lex.yy.c, parse.lex:
26675: flex doesn't need %N table size declarations
26676: [268b020fd60a]
26677:
26678: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
26679: Mention what characters need to be escaped in names.
26680: [72ccbb6b0f31]
26681:
26682: 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
26683:
26684: * configure:
26685: regen
26686: [65827abb5c7b]
26687:
26688: * INSTALL:
26689: clarify Mac OS X entry
26690: [8da1549a71f5]
26691:
26692: * RUNSON:
26693: update
26694: [0cff8df7459f]
26695:
26696: * configure.in:
26697: o Use AC_MSG_ERROR throughout o Check syslog configure options for
26698: danity
26699: [4cb81e642e5c]
26700:
26701: 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
26702:
26703: * defaults.c:
26704: Fix printing of type T_MODE in dump_defaults()
26705: [a868bb6f5515]
26706:
26707: * strcasecmp.c:
26708: missing sys/types.h
26709: [ca694ca325b6]
26710:
26711: * INSTALL:
26712: Break out options that may be overridden at run time into their own
26713: section. Add a not about Max OS X and correct some lies.
26714: [d8bcfd120593]
26715:
26716: 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
26717:
26718: * CHANGES, config.h.in, configure, configure.in, sudo.c:
26719: o Now use getrlimit to find the highest fd when closing all non-std
26720: fd's o Turn off core dumps via setrlimit for the sake of paranoia
26721: [dd9f651b6def]
26722:
26723: * RUNSON:
26724: updates
26725: [f581841fe615]
26726:
26727: 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
26728:
26729: * CHANGES:
26730: updates
26731: [553baa1d44c7]
26732:
26733: * tgetpass.c:
26734: When read()'ing, do a single character at a time to be sure we don't
26735: go oast the newline.
26736: [907d33f55bb4]
26737:
26738: * sudo.c:
26739: For the sudo_root option, check against user_uid, not getuid() since
26740: at this point, ruid == euid == 0.
26741: [92d5c51939b4]
26742:
26743: * RUNSON:
26744: some updates
26745: [e3ed0c1f312b]
26746:
26747: * logging.h:
26748: Fix compilation problem when --with-logging=file was specified.
26749: This means that syslog is now required to build sudo but that should
26750: not be a problem. If it is it can be fixed trivially with a
26751: configure check for syslog() or syslog.h.
26752: [839a4b069190]
26753:
26754: * tgetpass.c:
26755: Make this work again for things like "sudo echo hi | more" where the
26756: tty gets put into character at a time mode. We read until we read
26757: end of line or we run out of space (similar to fgets(3)).
26758: [c8f746df2e63]
26759:
26760: 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
26761:
26762: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
26763: change ital to bold
26764: [f860978e530a]
26765:
26766: * RUNSON:
26767: update
26768: [9bcfbb405568]
26769:
26770: 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
26771:
26772: * defaults.c:
26773: Error out if syslog parameters are given without a value. For
26774: Ultrix or 4.2BSD "syslog" is allowed without a value since there are
26775: no facilities in the 4.2BSD syslog.
26776: [69e7a686f5f0]
26777:
26778: 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
26779:
26780: * defaults.c:
26781: Ignore the syslog facility for systems w/ old syslog like Ultrix.
26782: [5c250adbbb84]
26783:
26784: * TROUBLESHOOTING:
26785: people with "." early in their path can have problems running sudo
26786: from the build dir ;-)
26787: [20a1744a24a4]
26788:
26789: 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
26790:
26791: * sudo.cat, sudo.html, sudo.man, sudo.pod:
26792: Remove -r realm option
26793: [127caa537f95]
26794:
26795: * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
26796: configure.in, sudo.c:
26797: New krb5 code from Frank Cusack <fcusack@iconnet.net>.
26798: [7177a3893a62]
26799:
26800: * CHANGES:
26801: update to reality
26802: [766cfbb512d6]
26803:
26804: 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
26805:
26806: * auth/fwtk.c:
26807: include <auth.h> to get function prototypes.
26808: [d6c7c12d09fe]
26809:
26810: * sudo.cat, sudo.html, sudo.man, sudo.pod:
26811: document -L flag
26812: [dc803e1ce0d7]
26813:
26814: 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
26815:
26816: * sudo.c:
26817: in set_perms(), always call setuid(0) before changing the ruid/euid
26818: so we always know it will succeed.
26819: [8cced1b862bf]
26820:
26821: * defaults.h:
26822: #undef T_FOO to avoid conflicts with system defines (like on
26823: ULTRIX).
26824: [d9f0aac092b0]
26825:
26826: * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
26827: sudoers.pod:
26828: Docuement "Defaults" lines in /etc/sudoers. Still needs some
26829: fleshing out but this is a start.
26830: [521a1e629bbc]
26831:
26832: 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
26833:
26834: * use strtol, not strtoul since not everyone has not strtoul
26835: [988462f093cc]
26836:
26837: * defaults.c:
26838: use strtol, not strtoul since not everyone has not strtoul
26839: [fce835ce62e3]
26840:
26841: * lex.yy.c, parse.lex:
26842: last {WORD} rule should only apply in the INITIAL state
26843: [9b57570bfa83]
26844:
26845: * lex.yy.c, parse.lex:
26846: o Add support for escaped characters in the WORD macro o Modify
26847: fill() to squash escape chars
26848: [87572d59e4e0]
26849:
26850: * defaults.c, defaults.h:
26851: o Add T_PATH flag to allow simple sanity checks for default values
26852: that are supposed to be pathnames. o Fix a duplicate free when
26853: visudo finds an error.
26854: [bdc6855a6c6d]
26855:
26856: 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
26857:
26858: * defaults.c, defaults.h, logging.c:
26859: mail_if_foo -> mail_foo
26860: [cbee9415875d]
26861:
26862: 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
26863:
26864: * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
26865: o Add requiretty option o Move O_NOCTTY to compat.h
26866: [65b8bf0e1795]
26867:
26868: * logging.c:
26869: The exit() in log_error() was mistakenly removed in a previous
26870: version. Put it back...
26871: [9473449130a4]
26872:
26873: 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
26874:
26875: * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
26876: auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
26877: configure, configure.in, defaults.c, defaults.h, find_path.c,
26878: getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
26879: o Change defaults stuff to put the value right in the struct. o
26880: Implement mailer_flags o Store syslog stuff both in int and string
26881: form. Setting the string form magically updates the int version.
26882: o Add boolean attribute to strings where it makes sense to say !foo
26883: [4698953f9a36]
26884:
26885: * tgetpass.c:
26886: add O_NOCTTY when opening /dev/tty just in case
26887: [4c6d1d1bb300]
26888:
26889: 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
26890:
26891: * auth/API:
26892: cleanup function no longer takes a status arg
26893: [0819edbfe7f8]
26894:
26895: * INSTALL:
26896: the the
26897: [19aadb65ea28]
26898:
26899: 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
26900:
26901: * TODO, config.h.in, configure, configure.in, logging.c:
26902: Use strftime() instead of ctime() if it is available.
26903: [fb60ea63b514]
26904:
26905: 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
26906:
26907: * defaults.c:
26908: fix copyright date
26909: [4a53b54aa72f]
26910:
26911: * RUNSON:
26912: update ReliantUNIX entry
26913: [de618a4f67d9]
26914:
26915: * defaults.c, defaults.h, logging.c:
26916: add log_year option
26917: [251a9e20568a]
26918:
26919: * configure, configure.in:
26920: add --without-sendmail to help output
26921: [93162f199902]
26922:
26923: * configure, configure.in:
26924: enforce an otctal arg for --with-suoders-mode
26925: [45e1b04ccad3]
26926:
26927: 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
26928:
26929: * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
26930: auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
26931: auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
26932: defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
26933: parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
26934: testsudoers.c, version.c, visudo.c:
26935: Add support for "Defaults" line in sudoers to make configuration
26936: variables changable at runtime (and on a global, per-host and per-
26937: user basis). Both the names and the internal representation are
26938: still subject to change. It was necessary to make sudo_user.runas
26939: but a char ** instead of a char * since this value can be changed by
26940: a Defaults line. There is a similar (but more complicated) issue
26941: with sudo_user.prompt but it is handled differently at the moment.
26942:
26943: Add a "-L" flag to list the name of options with their descriptions.
26944: This may only be temporary.
26945:
26946: Move some prototypes to parse.h
26947:
26948: Be much less restrictive on what is allowed for a username.
26949: [f71abf7ba80c]
26950:
26951: * sample.syslog.conf:
26952: Add more info
26953: [e952e6f42d4d]
26954:
26955: 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
26956:
26957: * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
26958: strcasecmp.c:
26959: UCB has dropped the advertising clause from their license.
26960: [a5602b36a341]
26961:
26962: 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
26963:
26964: * auth/sudo_auth.h:
26965: move dce_verofy proto to correct section
26966: [972c815af558]
26967:
26968: * auth/dce.c:
26969: remove XXX
26970: [820631855be0]
26971:
26972: 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
26973:
26974: * emul/fnmatch.h:
26975: Add fnmatch() prototype
26976: [79e84576d92a]
26977:
26978: * fnmatch.c, parse.c, testsudoers.c:
26979: Move inclusion of emul/fnmatch.h to be after sudo.h for __P
26980: [1182c89fa811]
26981:
26982: * sudo.h:
26983: add strcasecmp proto
26984: [512d1d8a6a0c]
26985:
26986: * auth/sudo_auth.c:
26987: add check for case where there are no auth methods
26988: [e4af2b91b43e]
26989:
26990: * configure, configure.in:
26991: Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
26992: SunOS4 w/ gcc
26993: [746ce8bcec23]
26994:
26995: * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
26996: include strings.h everywhere we include string.h
26997: [6f7d5d437e7b]
26998:
26999: * version.c:
27000: nicer output when showing auth methods
27001: [0eac4b977f9d]
27002:
27003: * version.c:
27004: Add support for SEND_MAIL_WHEN_NO_HOST
27005: [9f20a3a3fae6]
27006:
27007: * config.h.in, configure, configure.in:
27008: Add _GNU_SOURCE for Linux
27009: [c7bd8c511847]
27010:
27011: * lex.yy.c, parse.lex:
27012: fix definition of OCTECT
27013: [4af30e63244d]
27014:
27015: * configure, configure.in:
27016: aix_auth.o not authenticate.o
27017: [fe95dfb08df4]
27018:
27019: 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
27020:
27021: * sudo.c:
27022: Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
27023: keyboard). Since we run with ruid/euid == 0 the user can't really
27024: signal us in nasty ways.
27025: [a7f6487c0f48]
27026:
27027: * visudo.c:
27028: Don't need to worry about catching too many signals since we do
27029: locking on the tmp file. If a lockfile is really stale, it will be
27030: detected and overwritten.
27031: [28983db3e749]
27032:
27033: * INSTALL, Makefile.in:
27034: include auth/API in tarball
27035: [014991600252]
27036:
27037: * auth/sudo_auth.c:
27038: move memset() of plaintext pw outside of verify loop and only do the
27039: memset if we are *not* in standalone mode.
27040: [66f8e87567e2]
27041:
27042: * auth/sudo_auth.c, auth/sudo_auth.h:
27043: DCE is not a standalone method
27044: [34963e2d8a1b]
27045:
27046: * sudo.c:
27047: fix --enable-noargs-shell
27048: [4234062abbb0]
27049:
27050: * snprintf.c:
27051: "#ifdef __STDC__" not "#if __STDC__" (I missed one)
27052: [c430b80454c6]
27053:
27054: * auth/fwtk.c, auth/sia.c:
27055: _cleanup() function returns an int.
27056: [d1a1cc071ec1]
27057:
27058: * auth/dce.c:
27059: there were still some return(0)'s hanging around, make them
27060: AUTH_FAILURE
27061: [1002aa1962c3]
27062:
27063: * parse.c:
27064: typo in comment
27065: [5abc410dbfd2]
27066:
27067: * version.c:
27068: add missing semicolon
27069: [a262283b52a5]
27070:
27071: * auth/sudo_auth.h:
27072: missing backslash
27073: [bf89f6bd2900]
27074:
27075: 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
27076:
27077: * CHANGES, config.h.in, configure, configure.in:
27078: Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
27079: [f1a9bca0cf67]
27080:
27081: * Makefile.in:
27082: add parse.h to HDRS
27083: [a3d054987766]
27084:
27085: * Makefile.in, configure, configure.in:
27086: Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
27087: LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
27088: network libs like -lsocket, -lnsl go in NET_LIBS. This allows
27089: testsudoers to build on Solaris and is a bit cleaner in general.
27090: [4e6239e97002]
27091:
27092: * UPGRADE:
27093: mention ptmp -> sudoers.tmp
27094: [ec3baa0fe8a1]
27095:
27096: * config.h.in, configure, configure.in:
27097: Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
27098: [6f93dc7f39f5]
27099:
27100: * RUNSON:
27101: add 2 reports
27102: [ce0fcc00ee4e]
27103:
27104: * auth/kerb5.c:
27105: Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
27106: return a value more like a system function
27107: [0dd56aa21424]
27108:
27109: * auth/dce.c:
27110: Add an XXX
27111: [58fc8562c212]
27112:
27113: * TODO:
27114: more things todo!
27115: [5a459d0cf339]
27116:
27117: * sample.sudoers:
27118: update based on what is in the man page
27119: [1a0477db96fa]
27120:
27121: * parse.yacc, sudo.tab.c:
27122: minor change to first line printed in -l mode
27123: [69eb57d96952]
27124:
27125: * sudo.cat, sudo.html, sudo.man, sudo.pod:
27126: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
27127: standard and add "EXAMPLES" section
27128: [7e543335ebe1]
27129:
27130: * visudo.cat, visudo.html, visudo.man, visudo.pod:
27131: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
27132: standard
27133: [f82d87ed65c2]
27134:
27135: * logging.c, parse.c, sudo.h:
27136: add FLAG_NO_CHECK
27137: [c7d69176a2d7]
27138:
27139: * lex.yy.c, parse.lex:
27140: make an OCTET really be limited to 0-255
27141: [6ee568dd6a02]
27142:
27143: * UPGRADE:
27144: mention timestamp changes
27145: [e44d5302bf60]
27146:
27147: * PORTING:
27148: cosmetic cleanup
27149: [36fa3a2664dd]
27150:
27151: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
27152: new sudoers(8) man page
27153: [e674d06283d0]
27154:
27155: 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
27156:
27157: * version.c:
27158: Update comments about syslog name tables
27159: [63830a782dcb]
27160:
27161: * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
27162: strcasecmp.c, sudo.tab.c:
27163: include strcasecmp() for those without it
27164: [a0d8e2488bbc]
27165:
27166: * sample.sudoers:
27167: Use the : operator some more and fix a typo
27168: [18804c70da86]
27169:
27170: * HISTORY:
27171: update the history of sudo
27172: [9d9b3d5279b3]
27173:
27174: * parse.c, parse.lex, testsudoers.c:
27175: CIDR-style netmask support
27176: [768644467353]
27177:
27178: * CHANGES:
27179: recent changes
27180: [a4319e9d07cb]
27181:
27182: * sudo.tab.c, sudo.tab.h:
27183: these should be generated with byacc, not bison
27184: [f57b9489b752]
27185:
27186: * lex.yy.c:
27187: regen
27188: [522461f95dfa]
27189:
27190: * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
27191: In "sudo -l" mode, the type of the stored (expanded) alias was not
27192: stored with the contents. This could lead to incorrect output if
27193: the sudoers file had different alias types with the same name.
27194: Normal parsing (ie: not in '-l' mode) is unaffected.
27195: [823fe2bc4b79]
27196:
27197: 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
27198:
27199: * configure, configure.in:
27200: define _XOPEN_SOURCE to get at crypt() proto on some systems
27201: [1b3769b86fb9]
27202:
27203: 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
27204:
27205: * snprintf.c:
27206: fix comment
27207: [fc1264df00f7]
27208:
27209: * tgetpass.c:
27210: don't need limits.h
27211: [f1631829af45]
27212:
27213: * snprintf.c:
27214: kill bogus reference to vfprintf
27215: [a0b99b25d389]
27216:
27217: * sample.sudoers, sudoers:
27218: better examples
27219: [b4d87ea64cc8]
27220:
27221: * snprintf.c:
27222: Add some const in the K&R defs. This is safe since we define const
27223: away if the compiler doesn't grok it.
27224: [614d6e83d45e]
27225:
27226: * aclocal.m4, configure:
27227: Better test for working long long support. Ultrix compiler supports
27228: basic long long but not all operations on them.
27229: [5da1508710ed]
27230:
27231: * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
27232: snprintf.c, sudo.c:
27233: Add check for LONG_IS_QUAD #undef MAXINT before including
27234: hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
27235: in snprintf.c and use LONG_IS_QUAD
27236: [a1f7993367fc]
27237:
27238: 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
27239:
27240: * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
27241: snprintf.c:
27242: UCB-derived snprintf + asprintf support. Supports quads if the
27243: compiler does. No floating point yet, perhaps later...
27244: [0caf05aba945]
27245:
27246: 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
27247:
27248: * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
27249: goodpath.c, logging.c, parse.c, sudo.c:
27250: Run most of the code as root, not the invoking user. It doesn't
27251: really gain us anything to run as the user since an attacker can
27252: just have an setuid(0) in their egg. Running as root solves
27253: potential problems wrt signalling.
27254: [408e530dda01]
27255:
27256: * sudo.tab.c:
27257: regen
27258: [f8cfb37e37de]
27259:
27260: 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
27261:
27262: * logging.c, sudo.c:
27263: Don't wait for child to finish in log_error(), let the signal
27264: handler get it if we are still running, else let init reap it for
27265: us. The extra time it takes to wait lets the user know that mail is
27266: being sent.
27267:
27268: Install SIGCHLD handler in main() and for POSIX signals, block
27269: everything
27270: *except* SIGCHLD.
27271: [d2b6ab0ef3be]
27272:
27273: * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
27274: parse.yacc, sudo.c, sudo.h:
27275: sudoers_lookup() now returns a bitmap instead of an int. This makes
27276: it possible to express things like "failed to validate because user
27277: not listed for this host". Some thigns that were previously
27278: VALIDATE_FOO are now FLAG_FOO. This may change later on.
27279:
27280: Reorganized code in log_auth() and sudo.c to deal with above
27281: changes.
27282:
27283: Safer versions of push/pushcp with in the do { ... } while (0) style
27284:
27285: parse.yacc now saves info on the stack to allow parse.c to determine
27286: if a user was listed, but not for the host he/she tried to run on.
27287:
27288: Added --with-mail-if-no-host option
27289: [63326cb01efc]
27290:
27291: 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
27292:
27293: * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
27294: visudo.man, visudo.pod:
27295: o NewArgv and NewArgc don't need to be externally visible. o If
27296: pedantic > 1, it is a parse error. o Add -s (strict) option to
27297: visudo which sets pedantic to 2.
27298: [5d7d81b55cd5]
27299:
27300: * HISTORY, INSTALL:
27301: Just have sudo-bugs contact info in one place
27302: [e7f6588ea683]
27303:
27304: * sudo.cat, sudo.html, sudo.man, sudo.pod:
27305: Add BUGS section
27306: [6607d96ea510]
27307:
27308: * Makefile.in, configure, configure.in:
27309: Add testsudoers to default build target if --with-devel Don't clean
27310: generated parser files unless "distclean".
27311: [5827b769dc57]
27312:
27313: * parse.yacc, sudo.tab.c:
27314: In pedantic mode we need to save *all* the aliases, not just those
27315: that match, or we get spurious warnings.
27316: [24f5b1f0e1de]
27317:
27318: * TROUBLESHOOTING:
27319: reference samples.sylog.conf
27320: [11841668380a]
27321:
27322: 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
27323:
27324: * sample.syslog.conf:
27325: Sample entries for syslog.conf
27326: [0f7697d878a1]
27327:
27328: * CHANGES:
27329: recent changes
27330: [8bca8810c6bd]
27331:
27332: * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
27333: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
27334: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
27335: auth/sudo_auth.c, auth/sudo_auth.h:
27336: In struct sudo_auth, turn need_root and configured into flags and
27337: add a flag to specify an auth method is running alone (the only
27338: one). Pass auth methods their sudo_auth pointer, not the data
27339: pointer. This allows us to get at the flags and tell if we are the
27340: only auth method. That, in turn, allows the method to be able to
27341: decide what should/should not be a fatal error. Currently only
27342: rfc1938 uses it this way, which allows us to kill the OTP_ONLY
27343: define and te hackery that went with it. With access to the
27344: sudo_auth struct, methods can also get at a string holding their
27345: cannonical name (useful in error messages).
27346: [b7e320fc6511]
27347:
27348: * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
27349: getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
27350: sudo.tab.h:
27351: o --with-otp deprecated, use --without-passwd instead o real
27352: dependencies in the Makefile o --with-devel option to enable yacc,
27353: lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
27354: back to being a token, not a string but don't leak memory o rename
27355: hsotspec -> host in parse.yacc
27356: [912c45226cb2]
27357:
27358: 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
27359:
27360: * BUGS, CHANGES:
27361: recent changes
27362: [801fa6e55687]
27363:
27364: * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
27365: sudo.c, sudo.h:
27366: o Digital UNIX needs to check for *snprintf() before -ldb is added
27367: to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
27368: for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
27369: functions in snprintf.c to fix -Wall o Add missing includes to fix
27370: more -Wall
27371: [8d207203e126]
27372:
27373: * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
27374: configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
27375: visudo.c:
27376: o Add a "pedentic" flag to the parser. This makes sudo warn in
27377: cases where an alias may be used before it is defined. Only turned
27378: on for visudo and testsudoers. o Add --disable-authentication option
27379: that makes sudo not require authentication by default. The PASSWD
27380: tag can be used to require authentication for an entry. We no
27381: longer overload --without-passwd.
27382: [f307e09adf98]
27383:
27384: * lex.yy.c, parse.lex:
27385: Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
27386: username can contain just about anything so be very permissive. Also
27387: drop the unused \. punctuation.
27388: [06a50614ff89]
27389:
27390: 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
27391:
27392: * parse.yacc, sudo.tab.c:
27393: o add a 'val' element to aliasinfo struct and move -> parse.h o
27394: find_alias() now returns an aliasinfo * instead of boolean o
27395: add_alias() now takes a value parameter to store in the
27396: aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
27397: return: 1) positive match 0) negative match (due to '!')
27398: -1) no match This means setting $$ explicitly in all cases, which I
27399: should have done in the first place. It also means that we always
27400: store a value that is != -1 and when we see a '!' we can set
27401: *_matches to !rv if rv != -1. The upshot of all of this is that '!'
27402: now works the way it should in lists and some of the rules are more
27403: uniform and sensible.
27404: [ad8e73b5d581]
27405:
27406: * Makefile.in:
27407: add parse.h dependency
27408: [4ccccd464d30]
27409:
27410: * parse.h:
27411: kill unused *_matched macros
27412: [02cba6dcb732]
27413:
27414: * parse.yacc:
27415: Allow a list of users as the first thing in a user spec, not just a
27416: single entry. This makes things more uniform, though it does allow
27417: you to write user specs that are hard to read.
27418: [3c4c91c508ca]
27419:
27420: * sudo.tab.c:
27421: parse.yacc
27422: [feca81881bb6]
27423:
27424: * configure:
27425: regen
27426: [6f247010bb3b]
27427:
27428: * configure.in:
27429: fix check for crypt() in libufc
27430: [82770736f4b0]
27431:
27432: 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
27433:
27434: * README:
27435: sudo-users list now exists
27436: [4716d2bb0bbf]
27437:
27438: * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
27439: Update to reality.
27440: [1eda2d57e42a]
27441:
27442: * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
27443: config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
27444: version.c, visudo.c:
27445: o Move lock_file() and touch() into fileops.c so visudo can use them
27446: o Visudo now locks the sudoers temp file instead of bailing when the
27447: temp file already exists. This fixes the problem of stale temp
27448: files but it does *require* that you not try to put the temp file in
27449: a world-writable directory. This shoud not be an issue as the temp
27450: file should live in the same dir as sudoers. o Visudo now only
27451: installs the temp file as sudoers if it changed.
27452: [2517cd06c070]
27453:
27454: 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
27455:
27456: * logging.c:
27457: add fcntl locking
27458: [c304adeaf515]
27459:
27460: * config.h.in, configure, configure.in, logging.c:
27461: Lock the log file.
27462: [d8652704fbdf]
27463:
27464: * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
27465: visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
27466: o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
27467: temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
27468: -> _PATH_SUDOERS_TMP
27469: [68cad8975807]
27470:
27471: 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
27472:
27473: * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
27474: o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
27475: root sudo -V config reporting
27476: [cdd2613a9dcf]
27477:
27478: * configure, configure.in:
27479: aix_auth.o not authenticate.o
27480: [d972e35f6730]
27481:
27482: * config.h.in:
27483: Add --with-goodpri and --with-badpri configure options to specify
27484: the syslog priority to use.
27485: [2595ae50ab86]
27486:
27487: * INSTALL, configure, configure.in, logging.h:
27488: Add --with-goodpri and --with-badpri configure options to specify
27489: the syslog priority to use.
27490: [8276ee9b2b49]
27491:
27492: * compat.h:
27493: kill crufty AIX stuff
27494: [a4f35ef9854e]
27495:
27496: * Makefile.in:
27497: Sigh, some versions of make (like Solaris's) don't deal with $< like
27498: I would expect. Both GNU and BSD makes get this right but... So, we
27499: just expand $< inline at the cost of some ugliness.
27500: [b1b456f8801f]
27501:
27502: * version.c:
27503: If the invoking user is root, sudo will now print configure info in
27504: -V mode. Currently just prints logging info, to be expanded later.
27505: [392f7ed99267]
27506:
27507: * logging.c, logging.h, sudo.c, sudo.h:
27508: o new defines for syslog facility and priority o use new
27509: print_version() functino for -V mode
27510: [78abc5142985]
27511:
27512: * check.c:
27513: Don't need version.c
27514: [db9a830ad893]
27515:
27516: * aclocal.m4, config.h.in, configure, configure.in:
27517: Add check for syslog facilities and priorities tables in syslog.h
27518: [b86213e5fc5c]
27519:
27520: * Makefile.in:
27521: o authenticate -> aix_auth o add version.c
27522: [44b6b9a8d0f5]
27523:
27524: * auth/sudo_auth.c:
27525: Missed a prompt -> user_prompt conversion
27526: [e4c60b1f210c]
27527:
27528: 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
27529:
27530: * TODO:
27531: sudo should lock its logfile
27532: [6d2830b28b07]
27533:
27534: * parse.yacc, sudo.tab.c:
27535: o Add '!' correctly when expanding Aliases. o Add shortcut macros
27536: for append() to make things more readable. o The separator in
27537: append() is now a string instead of a char. o In append(), only
27538: prepend the separator if the last char is not a '!'. This is a
27539: hack but it greatly simplifies '!' handling. o In -l mode, Runas
27540: lists and NOPASSWD/PASSWD tags are now inherited across entries in
27541: a list (matches current behavior). o Fix formatting in -l mode such
27542: that items in a list are separated by a space. Greatlt improves
27543: readability. o Space for name field in struct aliasinfo is now
27544: allocated dyanically instead of using a (big) buffer. o In
27545: add_alias(), only search the list once (lsearch instead of lfind +
27546: lsearch)
27547: [51f7e07addb9]
27548:
27549: * lex.yy.c, sudo.tab.c, sudo.tab.h:
27550: regen
27551: [5c19bb05dc21]
27552:
27553: * configure, configure.in:
27554: Solais pam doesn't require anye xtra setup
27555: [a25ba03d91d1]
27556:
27557: * parse.yacc:
27558: o Simpler '!' support now that the lexer deals with multiple !'s for
27559: us. o In the case of opFOO, have FOO give a boolean return value and
27560: set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
27561: it gets fill()'d in parse.lex--fixes a small memory leak. In the
27562: long run it may be better to just fix parse.lex and make ALL back
27563: into a token. However, having it be a string is useful since it
27564: can be easily passed back to the parent rule if we so desire.
27565: [b3c64b443018]
27566:
27567: * parse.lex:
27568: o Remove some unnecessary backslashes o collapse multiple !'s by
27569: using !+ and checking if yyleng is even or odd. this allows us to
27570: simplify ! handling in parse.yacc
27571: [76330e8da8e3]
27572:
27573: * sudo.c:
27574: -u flag was being ignored
27575: [e30283207585]
27576:
27577: 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
27578:
27579: * Makefile.in:
27580: correct fix
27581: [a0e2377dec8f]
27582:
27583: * Makefile.in:
27584: work around pod2man stupididy
27585: [7c755640b67f]
27586:
27587: * Makefile.in:
27588: correct dependencies for .cat
27589: [5ed7b0653b68]
27590:
27591: * sudo.cat, sudo.man, visudo.cat, visudo.man:
27592: regen
27593: [b74510dd6a0a]
27594:
27595: * sudo.pod, visudo.pod:
27596: Add copyright Update to reality
27597: [188e9b046c15]
27598:
27599: * parse.c, sudo.c, sudo.h:
27600: rename validate() to the more descriptive sudoers_lookup()
27601: [7a1cb652f379]
27602:
27603: * auth/aix_auth.c:
27604: use tgetpass
27605: [b8ba5daec40a]
27606:
27607: 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
27608:
27609: * CHANGES:
27610: updates
27611: [e61460cdf4a0]
27612:
27613: * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
27614: configure, configure.in, sudo.c:
27615: Sudo, not CU Sudo
27616: [9061b3573c0c]
27617:
27618: * LICENSE:
27619: add 4th term to license similar to term 5 in the apache license
27620: [92712e895afb]
27621:
27622: * emul/search.h, emul/utime.h:
27623: add 4th term to license similar to term 5 in the apache license
27624: [4f93a8b9396e]
27625:
27626: * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
27627: auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
27628: auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
27629: auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
27630: logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
27631: pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
27632: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
27633: visudo.c:
27634: add 4th term to license similar to term 5 in the apache license
27635: [afae9f2bf9ec]
27636:
27637: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
27638: add 4th term to license similar to term 5 in the apache license
27639: [c389d3fdafac]
27640:
27641: * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
27642: getspwuid.c, goodpath.c:
27643: add 4th term to license similar to term 5 in the apache license
27644: [969e63dbd38e]
27645:
27646: * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
27647: insults.h, logging.c, sudo.c, sudo.h:
27648: there was a 1995 release too
27649: [5963fd89457a]
27650:
27651: 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
27652:
27653: * CHANGES:
27654: updates
27655: [254b794f16ab]
27656:
27657: * check.c:
27658: Use dirs instead of files for timestamp. This allows tty and non-
27659: tty schemes to coexist reasonably. Note, however, that when you
27660: update a tty ticket, the mtime on the user dir gets updated as well.
27661: [44bfac32f799]
27662:
27663: * configure, configure.in:
27664: Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
27665: when linking test program, not just -lprot. Also add check for
27666: getspnam(). The SCO docs indicate that /etc/shadow can be used but
27667: this may be a lie.
27668: [2ba21d36cc1e]
27669:
27670: 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
27671:
27672: * auth/API:
27673: first cut at auth API description
27674: [3d10df021eb8]
27675:
27676: 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
27677:
27678: * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
27679: auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
27680: auth/sudo_auth.h:
27681: auth API change. There is now an init method that gets run before
27682: the main loop. This allows auth routines to differentiate between
27683: initialization that happens once vs. setup that needs to run each
27684: time through the loop.
27685: [76df1c0d3478]
27686:
27687: * auth/kerb5.c, logging.c:
27688: use easprintf() and evasprintf()
27689: [fd97d96dc12f]
27690:
27691: * alloc.c, sudo.h:
27692: add easprintf() and evasprintf(), error checking versions of
27693: asprintf() and vasprintf()
27694: [f54385de20b7]
27695:
27696: * TODO:
27697: remove 2 items. One done, one won't do.
27698: [64513b47bc7a]
27699:
27700: * lex.yy.c, sudo.tab.c:
27701: regen
27702: [4aa299de2752]
27703:
27704: * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
27705: visudo.html, visudo.man:
27706: regen
27707: [553c0d1209be]
27708:
27709: * CHANGES:
27710: new changes
27711: [d7be00b7e36b]
27712:
27713: * sudo.pod:
27714: o Document -K flag and update meaning of -k flag. o BSD-style
27715: copyright o Document clearing of BIND resolver environment variables
27716: o Clarify bit about shared libs o suggest rc files create /tmp/.odus
27717: if your OS gives away files
27718: [4a4092be1455]
27719:
27720: * visudo.pod:
27721: BSD license
27722: [ad0bfd0a4630]
27723:
27724: * version.h:
27725: BSD-style copyright
27726: [ecc6479325be]
27727:
27728: * tgetpass.c:
27729: o BSD copyright o no need to block signals, we now do that in main()
27730: o cosmetic changes
27731: [61958beda7ab]
27732:
27733: * testsudoers.c, visudo.c:
27734: o BSD-style copyright o Use "struct sudo_user" instead of old
27735: globals. o some cometic cleanup
27736: [88c0c6924082]
27737:
27738: * sudo_setenv.c:
27739: BSD-style copyright
27740: [df20290129a0]
27741:
27742: * sudo.h:
27743: o BSD copyright o logging and parser bits moved to their own .h
27744: files o new "struct sudo_user" to encapsulate many of the old
27745: globals.
27746: [50fc86bf25cb]
27747:
27748: * sudo.c:
27749: o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
27750: logging routines o simplified flow of control o BIND resolver
27751: additions to badenv_table
27752: [8c53f15bfcb0]
27753:
27754: * strerror.c:
27755: BSD-style copyright
27756: [7c906c3a82ac]
27757:
27758: * snprintf.c:
27759: Now compiles on more K&R compilers
27760: [07ab1d3231c7]
27761:
27762: * putenv.c:
27763: BSD-style copyright, cosmetic changes
27764: [c42371295881]
27765:
27766: * pathnames.h.in:
27767: BSD-style copyright
27768: [e5c34ebd4cf1]
27769:
27770: * parse.c, parse.h, parse.lex, parse.yacc:
27771: BSD-style copyright. Move parser-specific defines and structs into
27772: parse.h + other cosmetic changes
27773: [d3088efb6228]
27774:
27775: * logging.h:
27776: defines for logging routines
27777: [13147941c02d]
27778:
27779: * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
27780: BSD-style copyright, cosmetic changes
27781: [e8205e91a4fa]
27782:
27783: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
27784: interfaces.h:
27785: BSD-style copyright
27786: [b9499da7cdce]
27787:
27788: * configure.in:
27789: o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
27790: kill --disable-tgetpass o add --without-passwd o changes to fill in
27791: AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
27792: v?asprintf() o replace --with-AuthSRV with --with-fwtk
27793: [9a3f39b9c128]
27794:
27795: * config.h.in:
27796: BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
27797: HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
27798: HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
27799: [9a09054db53a]
27800:
27801: * compat.h:
27802: BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
27803: [25509c566975]
27804:
27805: * alloc.c:
27806: BSD-style copyright
27807: [4967be892363]
27808:
27809: * TROUBLESHOOTING:
27810: no more --with-getpass
27811: [afd5b670c196]
27812:
27813: * TODO:
27814: Take out things I've done...
27815: [375420c8270e]
27816:
27817: * README:
27818: Refer to LICENSE
27819: [c486c8db30f6]
27820:
27821: * PORTING:
27822: --with-getpass no longer exists
27823: [db48202df1bb]
27824:
27825: * Makefile.in:
27826: BSD-style copyright. Update to reflect reality wrt new files and
27827: new auth modules.
27828: [61a2ca7940fb]
27829:
27830: * INSTALL:
27831: Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
27832: --without-passwd.
27833: [64e8f9e1c05e]
27834:
27835: * HISTORY:
27836: Update history a bit
27837: [df60c0a871b8]
27838:
27839: * COPYING, LICENSE:
27840: Now distributed under a BSD-style license
27841: [d1a184ccabe1]
27842:
27843: * auth/sudo_auth.c:
27844: o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
27845: options. o skey/opie replaced by rfc1938 code o new struct sudo_user
27846: global
27847: [891b57060868]
27848:
27849: * auth/pam.c, auth/sia.c:
27850: BSD-style copyright and use new log functions
27851: [65c44445ea84]
27852:
27853: * auth/kerb5.c:
27854: o BSD-style copyright o Use new log functiongs o Use asprintf() and
27855: snprintf() where sensible.
27856: [1ff0feaacf95]
27857:
27858: * check.c:
27859: Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
27860: done more reasonably--better sanity checks and tty-based stamps are
27861: now done as files in a directory with the same name as the invoking
27862: user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
27863: to mix tty and non-tty based ticket schemes but this may change in
27864: the future (it requires sudo to use a directory instead of a file in
27865: the non-tty case). Also, ``sudo -k'' now sets the ticket back to
27866: the epoch and ``sudo -K'' really deletes the file. That way you
27867: don't get the lecture again just because you killed your ticket in
27868: .logout. BSD-style copyright now.
27869: [ec3460f85be8]
27870:
27871: * logging.c:
27872: o rewritten logging routines. log_error() now takes printf-style
27873: varargs and log_auth() for the return value of validate(). o BSD-
27874: style copyright
27875: [438292025c4e]
27876:
27877: * auth.c, check_sia.c, dce_pwent.c, secureware.c:
27878: superceded by new auth API
27879: [412060590da7]
27880:
27881: * auth/kerb4.c:
27882: BSD-style copyright
27883: [cc4e800833c7]
27884:
27885: * auth/fwtk.c:
27886: Use snprintf() where it makes sense and add a BSD-style copyright
27887: [1b7502388a74]
27888:
27889: * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
27890: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
27891: BSD-style copyright
27892: [42583bedae5c]
27893:
27894: * emul/utime.h, utime.c:
27895: BSD-style copyright
27896: [3985c90aba47]
27897:
27898: * emul/search.h:
27899: this has been rewritten so use my BSD-style copyright
27900: [176df1b0de6f]
27901:
27902: 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
27903:
27904: * snprintf.c:
27905: include malloc.h if no stdlib.h
27906: [7b123f1d1d03]
27907:
27908: * snprintf.c:
27909: KTH snprintf()/asprintf() for systems w/o them
27910: [3ca9aefb9d01]
27911:
27912: * strerror.c:
27913: strerror() for systems w/o it
27914: [7f0bd8a1c1b4]
27915:
27916: 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
27917:
27918: * visudo.c:
27919: stylistic changes
27920: [6f99aceb7170]
27921:
27922: * parse.c, parse.lex, parse.yacc:
27923: Add contribution info in the main comment
27924: [e50cec10acd6]
27925:
27926: 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
27927:
27928: * auth/pam.c:
27929: remove missed ref to PAM_nullpw
27930: [a43e59692cdb]
27931:
27932: * auth/sudo_auth.h:
27933: pasto
27934: [891ff138ab89]
27935:
27936: * auth/kerb5.c:
27937: more or less complete now--still untested
27938: [21036732faa0]
27939:
27940: * auth/afs.c, auth/pam.c:
27941: don't use user_name macro, it will go away
27942: [def7cf727349]
27943:
27944: * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
27945: combine skey/opie code into rfc1938.c
27946: [44d88ca93d3e]
27947:
27948: * auth/dce.c, auth/sudo_auth.h:
27949: DCE authentication method; basically unchanged from dce_pwent.c
27950: [4d468473dd6f]
27951:
27952: * auth/aix_auth.c, auth/sudo_auth.h:
27953: AIX authenticate() support. Could probably be much better
27954: [000013321a33]
27955:
27956: * auth/sia.c:
27957: Fix an uninitialized variable and some cleanup. Now works (tested)
27958: [fd6ad88ff055]
27959:
27960: * auth/sia.c, auth/sudo_auth.h:
27961: SIA support for digital unix
27962: [5335f3e70eab]
27963:
27964: * auth/pam.c:
27965: don't use prompt global, it will go away
27966: [fadd22dd6ce4]
27967:
27968: * auth/secureware.c:
27969: correct copyright years
27970: [6aa07c49f51b]
27971:
27972: * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
27973: auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
27974: auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
27975: New authentication API and methods
27976: [9debe9b59c79]
27977:
27978: 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
27979:
27980: * sudo.tab.c:
27981: regen
27982: [84578e82c1a6]
27983:
27984: * parse.yacc:
27985: only save an entry if user_matches && host_matches, even if the
27986: stack is empty (fix for previous commit)
27987: [00984b078d8a]
27988:
27989: * sudo.tab.c:
27990: regen
27991: [66acf160b4b7]
27992:
27993: * parse.yacc:
27994: 1) Always save an entry on the stack if it is empty. This fixes the
27995: -l and -v flags that were broken by earlier parser changes.
27996:
27997: 2) In a Runas list, don't negate FALSE -> TRUE since that would make
27998: !foo match any time the user specified a runas user (via -u) other
27999: than foo.
28000: [f322eb54b015]
28001:
28002: * testsudoers.c:
28003: interfaces and num_interfaces are now auto, not extern
28004: [113add5c6518]
28005:
28006: 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
28007:
28008: * auth.c:
28009: use a static global to keep stae about empty passwords
28010: [bc02e30807d8]
28011:
28012: * check_sia.c:
28013: make PASSWORD_NOT_CORRECT logging consistent with other modules
28014: [21962549d5fd]
28015:
28016: 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
28017:
28018: * auth.c:
28019: PAM prompt code was wrong, looks like we have to kludge it after
28020: all.
28021: [91f246155ead]
28022:
28023: * auth.c:
28024: In the PAM code, when a user hits return at the first password
28025: prompt, exit without a warning just like the normal auth code
28026: [918f59bacdb7]
28027:
28028: * configure, configure.in:
28029: kludge around cross-compiler false positives
28030: [5e5fc8356400]
28031:
28032: * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
28033: New (correct) PAM code Tgetpass now takes an echo flag for use with
28034: PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
28035: useless umask setting Change error from BAD_ALLOCATION ->
28036: BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
28037: for consistency
28038: [e71397f09dd8]
28039:
28040: * sudo.c:
28041: Some -Wall and kill some trailing spaces
28042: [8229b43d5c4e]
28043:
28044: * configure.in:
28045: define -D__EXTENSIONS__ for solaris so we get crypt() proto
28046: [7533e4436cab]
28047:
28048: 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
28049:
28050: * RUNSON:
28051: add Dynix 4.4.4
28052: [b69f773efbce]
28053:
28054: * INSTALL, config.h.in, configure, configure.in:
28055: for kerberos V < version, fall back on old kerb4 auth code
28056: [d685ed3a1d8e]
28057:
28058: * INSTALL:
28059: clarify some things
28060: [2f5ba2e8e53a]
28061:
28062: * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
28063: typos
28064: [8925a109c093]
28065:
28066: 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
28067:
28068: * sudo.c:
28069: mention why DONT_LEAK_PATH_INFO is not the default
28070: [0346260cb4ec]
28071:
28072: 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
28073:
28074: * tgetpass.c:
28075: Fix open(2) return value checking, was NULL for fopen, should be -1
28076: for open
28077: [355878bf6d8a]
28078:
28079: * configure:
28080: regen
28081: [68bf82871862]
28082:
28083: * configure.in:
28084: better wording for solaris pam notice
28085: [04e88c7a6c42]
28086:
28087: * CHANGES:
28088: document recent changes
28089: [7c922c5622ef]
28090:
28091: * TROUBLESHOOTING:
28092: Update shadow password section
28093: [e8448bae7d66]
28094:
28095: * auth.c:
28096: move authentication code from check.c to auth.c
28097: [e9f6ecae2399]
28098:
28099: * Makefile.in, check.c, sudo.h:
28100: move authentication code to auth.c
28101: [124cded85f46]
28102:
28103: 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
28104:
28105: * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
28106: getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
28107: logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
28108: sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
28109: visudo.c:
28110: Move interface-related defines to interfaces.h so we don't have to
28111: include <netinet/in.h> everywhere.
28112: [e7599d8ea0bf]
28113:
28114: 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
28115:
28116: * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
28117: parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
28118: o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
28119: turns out the old DES crypt does the right thing with passwords
28120: longert than 8 characters. o Fix common typo (necesary ->
28121: necessary) o Update TODO list
28122: [ad75007a6f13]
28123:
28124: 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
28125:
28126: * sudo.c:
28127: set $LOGNAME when we set $USER
28128: [391596210fd7]
28129:
28130: 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
28131:
28132: * INSTALL:
28133: add comment about digital unix and interfaces.c warning with gcc
28134: [e20f815901cc]
28135:
28136: 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
28137:
28138: * sample.sudoers:
28139: use modern paths and give examples for some of the new parser
28140: features
28141: [e7b2e507c695]
28142:
28143: 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
28144:
28145: * parse.c:
28146: fix comment
28147: [5eb0d005a65f]
28148:
28149: * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
28150: getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
28151: parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
28152: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
28153: Function names should be flush with the start of the line so they
28154: can be found trivially in an editor and with grep
28155: [3c400abde574]
28156:
28157: * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
28158: sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
28159: free(3) is already void, no need to cast it
28160: [6981e1ebda0f]
28161:
28162: * logging.c, sudo.c, sudo.h:
28163: catch case where cmnd_safe is not set (this should not be possible)
28164: [3e1e3038546c]
28165:
28166: * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
28167: testsudoers.c, visudo.c:
28168: Stash the "safe" path (ie: the one listed in sudoers) to the command
28169: instead of stashing the struct stat. Should be safer.
28170: [aa2883fcf57e]
28171:
28172: 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
28173:
28174: * INSTALL, Makefile.in, UPGRADE:
28175: notes on updating from an earlier release
28176: [df9fffa4ab2c]
28177:
28178: * CHANGES:
28179: updated
28180: [574f5065d15a]
28181:
28182: 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
28183:
28184: * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
28185: sudoers.man, sudoers.pod:
28186: You can now specifiy a host list instead of just a host or alias.
28187: Ie: user = host1,host2,ALIAS,!host3 my_command now works.
28188: [e3942bb78021]
28189:
28190: * testsudoers.c:
28191: Quiet -Wall
28192: [a3edc8b08c3a]
28193:
28194: * parse.yacc, sudo.tab.c:
28195: Move the push from the beginning of cmndspec to the end. This means
28196: we no longer have to do a push at the end of privilege, just reset
28197: some values.
28198: [8ea66e5860c6]
28199:
28200: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
28201: runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
28202: use "!" most everywhere
28203: [aadae4d1c9d5]
28204:
28205: 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
28206:
28207: * sudoers.pod:
28208: modernize paths and update su example based on sample.sudoers one
28209: [3f6a37e16c83]
28210:
28211: * sample.sudoers:
28212: New runas semantics
28213: [756ee92865b7]
28214:
28215: * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
28216: strdup.c, sudo.h:
28217: In estrdup(), do the malloc ourselves so we don't need to rely on
28218: the system strdup(3) which may or may not exist. There is now no
28219: need to provide strdup() for those w/o it. Also, the prototype for
28220: estrdup() was wrong, it returns char * and its param is const.
28221: [5f1f984da8e3]
28222:
28223: * getcwd.c:
28224: $Sudo tag
28225: [e4188a35e68c]
28226:
28227: * check.c:
28228: buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
28229: [2aec87c86cde]
28230:
28231: * CHANGES, TODO, parse.yacc, sudo.tab.c:
28232: It is now possible to use the '!' operator in a runas list as well
28233: as in a Cmnd_Alias, Host_Alias and User_Alias.
28234: [a4fdaabda990]
28235:
28236: * logging.c, sudo.h:
28237: Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
28238: [73d0376785ae]
28239:
28240: * sudo.h:
28241: Definitions of *_matched were wrong--user top, not top-2 as
28242: subscript.
28243: [5f8350a57362]
28244:
28245: * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
28246: Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
28247: command but the NOPASSWD flag was set. Make runasspec, runaslist,
28248: runasuser, and nopasswd typeless in parse.yacc Add support for '!'
28249: in the runas list Fix double printing of '%' and '+' for groups and
28250: netgroups respectively Add *_matched macros (no need for local stack
28251: variable). Should only be used directly after a pop (since top must
28252: be >= 2).
28253: [392b1400c4e6]
28254:
28255: * aclocal.m4, configure.in:
28256: Add copyright, somewhat silly
28257: [55c2cdd82dca]
28258:
28259: 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
28260:
28261: * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
28262: compat.h, config.h.in, configure, configure.in, dce_pwent.c,
28263: emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
28264: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
28265: lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
28266: putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
28267: sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
28268: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
28269: visudo.man:
28270: Crank version to 1.6 and combine copyright statements
28271: [0e1c791658ae]
28272:
28273: * sample.sudoers:
28274: Use ! not ^ to do negation
28275: [1480a0761730]
28276:
28277: * lex.yy.c, sudo.tab.c:
28278: regen
28279: [89ca5a46684b]
28280:
28281: * parse.lex, parse.yacc:
28282: Make runas and NOPASSWD tags persistent across entris in a command
28283: list. Add a PASSWD tag to reverse NOPASSWD. When you override a
28284: runas or *PASSWD tag the value given becomes the new default for the
28285: rest of the command list.
28286: [f1bbb4066542]
28287:
28288: 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
28289:
28290: * CHANGES, RUNSON:
28291: update for 1.5.9
28292: [a1ae9d4a7d54] [SUDO_1_5_9]
28293:
28294: * visudo.c:
28295: Shift return value of system(3) by 8 to get real exit value and if
28296: it is not 1 or 0 print the retval along with the error message.
28297: [c1ff50d743fb]
28298:
28299: 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
28300:
28301: * Makefile.in:
28302: testsudoers needs LIBOBJS too
28303: [972571b4e4bf]
28304:
28305: * parse.c, parse.yacc, sudo.tab.c:
28306: Fix another parser bug. For a sudoers entry like this: millert
28307: ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
28308: as root.
28309: [51968e1eb33d]
28310:
28311: * CHANGES:
28312: new change
28313: [271c6110bb62]
28314:
28315: * parse.yacc, sudo.tab.c:
28316: Save entries that match a ! command on the matching stack too
28317: [5afb5107116c]
28318:
28319: * sudo.c:
28320: Make sudo's usage info better when mutually exclusive args are given
28321: and don't rely on argument order to detect this; nick@zeta.org.au
28322: [2422753c88fd]
28323:
28324: 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
28325:
28326: * CHANGES, Makefile.in, RUNSON:
28327: updates from CU
28328: [b37381e3dafb]
28329:
28330: * Makefile.in:
28331: use gzip
28332: [94a64e52a166]
28333:
28334: * parse.yacc, sudo.tab.c:
28335: Fix off by one error introduced in *alloc changes
28336: [95ede581153a]
28337:
28338: * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
28339: check_sia.c, compat.h, config.h.in, configure, configure.in,
28340: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
28341: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
28342: interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
28343: pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
28344: sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
28345: sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
28346: visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
28347: ++version
28348: [c6d88f024e37]
28349:
28350: * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
28351: interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
28352: putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
28353: sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
28354: Use emalloc/erealloc/estrdup
28355: [44221d97361a]
28356:
28357: * alloc.c:
28358: error checking memory allocation routines
28359: [5f8c1e7bbc71]
28360:
28361: * parse.yacc, sudo.tab.c:
28362: Still not right, this fixes it for real
28363: [ad553b6f5339]
28364:
28365: * parse.yacc, sudo.tab.c:
28366: Fix for previous commit
28367: [4d6f989f9bf2]
28368:
28369: * CHANGES, INSTALL, parse.yacc:
28370: Fix a parser bug that was exposed when mixing different runas specs
28371: and ! commands. For example: millert ALL=(daemon)
28372: /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
28373: as well as daemon when it should just allow daemon. The problem was
28374: that comma-separated commands in a list shared the same entry on the
28375: matching stack. Now they get their own entry iff there is a full
28376: match. It may be better to just make the runas spec persistent
28377: across all commands in a list like the user and host entries of the
28378: matching stack. However, since that is a fairly major change it
28379: should gets its own minor rev increase.
28380: [c4b939cdcc8e]
28381:
28382: 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
28383:
28384: * check.c, config.h.in:
28385: Simplify PAM code and fix a PAM-related warning on Linux
28386: [2468399523b6]
28387:
28388: 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
28389:
28390: * CHANGES:
28391: updates
28392: [29d4a997769c]
28393:
28394: * sample.sudoers:
28395: better su entry
28396: [76d8285a72ba]
28397:
28398: * configure:
28399: regen
28400: [b7450cc6975d]
28401:
28402: * check.c, configure.in:
28403: new pam code that works on solaris, should work on linux too;
28404: aelberg@home.com
28405: [84c16c0ff259]
28406:
28407: 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
28408:
28409: * RUNSON:
28410: more entries
28411: [b6bef8660759]
28412:
28413: * config.h.in:
28414: only include strings.h if there is no string.h
28415: [b66054a32b00]
28416:
28417: 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
28418:
28419: * config.guess:
28420: Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
28421: [c086d2fe63af]
28422:
28423: 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
28424:
28425: * sudo.c:
28426: shost must be set before log functions are called #ifdef HOST_IN_LOG
28427: [d49a7944358f]
28428:
28429: 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
28430:
28431: * CHANGES, lex.yy.c, parse.lex:
28432: Fix a bug wrt quoting characters in command args. Stop processing
28433: an arg when you hit a backslash so the quoted-character detection
28434: can catch it.
28435: [2281438d7f41]
28436:
28437: 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
28438:
28439: * interfaces.c:
28440: include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
28441: [31118a9e9916]
28442:
28443: 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
28444:
28445: * configure, configure.in:
28446: add missing case statement so --without-sendmail works
28447: [ca25614f7dd9]
28448:
28449: 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
28450:
28451: * CHANGES:
28452: more
28453: [4d70e44f7f93]
28454:
28455: 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
28456:
28457: * configure, configure.in:
28458: only search for -lsun in irix <= 4.x
28459: [e604238317b1]
28460:
28461: * configure, configure.in:
28462: back out last configure.in change now that I've hacked autoconf to
28463: fix the real problem and add a missing newline
28464: [2dabf59a79b5]
28465:
28466: * CHANGES:
28467: updated
28468: [bb35d526552f]
28469:
28470: * getcwd.c:
28471: add def of dirfd() for those without it
28472: [95f0173d8441]
28473:
28474: * configure, configure.in:
28475: When falling back to checking for socket() when linking with
28476: "-lsocket -lnsl" check for main() instead since autoconf has already
28477: cached the results of checking for socket() in -lsocket. This is
28478: really an autoconf bug as it should use the extra libs as part of
28479: the cache variable name.
28480: [a845f8b710ad]
28481:
28482: * configure.in:
28483: typo
28484: [a7d62f62a478]
28485:
28486: 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
28487:
28488: * configure.in:
28489: fix occurrence of $with_timeout that should be
28490: $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
28491: bochum.de
28492: [8c4da2cf73d1]
28493:
28494: 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
28495:
28496: * sudo.cat, sudo.html, sudo.man, sudo.pod:
28497: fix grammar; espie@openbsd.org
28498: [7031d9dfbc3e] [SUDO_1_5_8]
28499:
28500: 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
28501:
28502: * parse.yacc, sudo.c, testsudoers.c:
28503: add cast for strdup in places it does not have it
28504: [7ce4478d3b0f]
28505:
28506: 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
28507:
28508: * configure, configure.in:
28509: define for_BSD_TYPES irix
28510: [858337ff4af8]
28511:
28512: 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
28513:
28514: * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
28515: Make it clear that it is the user's password, not root's, that we
28516: want.
28517: [ae0f51b35ee4]
28518:
28519: * check.c, sudo.h:
28520: If the user enters an empty password and really has no password,
28521: accept the empty password they entered. Perviously, they could
28522: enter anything
28523: *but* an empty password. Also, add GETPASS macro that calls either
28524: tgetpass() or getpass() depending on how sudo was configured.
28525: Problem noted by jdg@maths.qmw.ac.uk
28526: [2fde21ce94c1]
28527:
28528: 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
28529:
28530: * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
28531: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
28532: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
28533: interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
28534: pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
28535: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
28536: visudo.c:
28537: add explicate copyright
28538: [d3b4449834a5]
28539:
28540: * CHANGES:
28541: mention -lsocket, -lnsl configure changes
28542: [9140af4ad8ae]
28543:
28544: 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
28545:
28546: * sudo.c:
28547: Don't clobber errno after calling check_sudoers().
28548: [59bd581b2654]
28549:
28550: 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
28551:
28552: * configure, configure.in:
28553: When linking with both -lsocket and -lnsl be sure to do so in that
28554: order. Also, when we can't find socket() or inet_addr() and have to
28555: try linking with both libs, issue a warning.
28556: [0ee547163067]
28557:
28558: * sudo.cat, sudo.man, sudo.pod:
28559: clarify bad timestamp and fmt
28560: [70e42cf56c75]
28561:
28562: 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
28563:
28564: * INSTALL, RUNSON:
28565: be clear that pam is linux-only and add a RUNSON entry
28566: [7fdeab875e0d]
28567:
28568: 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
28569:
28570: * CHANGES, INSTALL, configure, configure.in:
28571: fix and correctly document --with-umask; problem noted by
28572: adap@adap.org
28573: [11cd0481d63a]
28574:
28575: 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
28576:
28577: * configure, configure.in:
28578: only use /usr/{man,catman}/local to store man pages if suer didn't
28579: override prefix or mandir
28580: [781ad2cbe9be]
28581:
28582: * INSTALL, configure, configure.in:
28583: fix typo, make --with-SecurID take an arg
28584: [026a9b4014fc]
28585:
28586: 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
28587:
28588: * RUNSON:
28589: updates from users
28590: [2286982b31e6]
28591:
28592: * CHANGES, INSTALL, check.c, configure, configure.in:
28593: FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
28594: [23aa4e5c6b02]
28595:
28596: * configure, configure.in:
28597: better fix for the problem of unresolved symbols in -lnsl or
28598: -lsocket
28599: [82fe70fc287f]
28600:
28601: * configure, configure.in:
28602: when checking for functions in -lnsl and -lsocket link with both of
28603: them to avoid unresolved symbols on some weirdo systems
28604: [1734a591808e]
28605:
28606: 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
28607:
28608: * BUGS, CHANGES, RUNSON, TODO:
28609: old changes that didn't make it into RCS before the RCS->CVS switch
28610: [846eb2b8f9aa]
28611:
28612: 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
28613:
28614: * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
28615: configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
28616: getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
28617: ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
28618: lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
28619: secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
28620: sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
28621: visudo.pod:
28622: add sudo tags
28623: [962f81eaa5ab]
28624:
28625: * sudo.h:
28626: testing Sudo tag
28627: [e84cbc521129]
28628:
28629: * version.h:
28630: testing Sudo tag
28631: [a8c3a3998b88]
28632:
28633: * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
28634: config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
28635: find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
28636: ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
28637: logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
28638: secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
28639: sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
28640: utime.c, version.h, visudo.c, visudo.cat, visudo.man:
28641: crank version and regen files
28642: [23eacf00a1a4]
28643:
28644: * Makefile.in:
28645: kill rcs goop in update_version and fix now that version is a const
28646: [e6e50bd8d1e1]
28647:
28648: * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
28649: sudo.c, sudo.h, sudo.pod:
28650: kerb5 support from fcusack@iconnet.net
28651: [8134027986e2]
28652:
28653: * realpath.c, sudo_realpath.c:
28654: we no longer use realpath
28655: [0f5f64abc646]
28656:
28657: * qualify.c:
28658: replaced by find_path.c
28659: [9e32a87e09c4]
28660:
28661: * options.h:
28662: all options are now configure flags
28663: [ee6bd9610102]
28664:
28665: * lex.yy.c:
28666: regen
28667: [bdbf8a18161f]
28668:
28669: * getwd.c:
28670: superceded by getcwd.c
28671: [1e54ee0990b4]
28672:
28673: * getpass.c:
28674: superceded by tgetpass.c
28675: [4e0d1edc30e3]
28676:
28677: * SUPPORTED:
28678: superceded by RUNSON
28679: [854c5a21cb53]
28680:
28681: * OPTIONS:
28682: No longer used now that we have configure options for everything.
28683: [9b1ae1c89259]
28684:
28685: * configure:
28686: regen based on configure.in
28687: [3a4d73936973]
28688:
28689: * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
28690: sudoers.man, visudo.cat, visudo.html, visudo.man:
28691: regen based on sudo.pod, sudoers.pod, and visudo.pod
28692: [c267beb90778]
28693:
28694: 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
28695:
28696: * check.c:
28697: fix tty tickets in remove_timestamp (didn't use ':')
28698: [fd964a74a32b]
28699:
28700: 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
28701:
28702: * interfaces.c:
28703: close sock when we are done with it
28704: [95de0380f8a4]
28705:
28706: 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
28707:
28708: * parse.yacc:
28709: never say "error on line -1"
28710: [361db1491121]
28711:
28712: 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
28713:
28714: * configure.in:
28715: check for -lnsl before -lsocket
28716: [8e966d6bbcb5]
28717:
28718: * configure.in:
28719: quote '[', ']' used in ranges correctly
28720: [fa4f9c6ff651]
28721:
28722: 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
28723:
28724: * config.h.in:
28725: add missing NO_ROOT_SUDO noted by drno@tsd.edu
28726: [c969f25d1667]
28727:
28728: 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
28729:
28730: * version.h:
28731: 1.5.7
28732: [7a22de0bc148]
28733:
28734: * INSTALL:
28735: more info for 1.5.7
28736: [30ad9e784799]
28737:
28738: * README:
28739: update for 1.5.7
28740: [cd03a0a27cd2]
28741:
28742: * parse.yacc:
28743: make increases of cm_list_size and ga_list_size be similar to
28744: increases of stacksize (ie: >= not > in initial compare).
28745: [6bd450a896c7]
28746:
28747: * parse.yacc:
28748: when we get a syntax error, report it for the previous line since
28749: that's generally where the error occurred.
28750: [c4ac84058f0b]
28751:
28752: 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
28753:
28754: * config.h.in, configure.in, interfaces.c:
28755: add back check for sys/sockio.h but only use it if SIOCGIFCONF is
28756: not defined
28757: [d197f31fd1e4] [SUDO_1_5_7]
28758:
28759: * config.h.in:
28760: define BSD_COMP for svr4
28761: [87ac1147ff79]
28762:
28763: * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
28764: goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
28765: parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
28766: testsudoers.c, tgetpass.c, utime.c, visudo.c:
28767: more -Wall
28768: [d98e2d32db2a]
28769:
28770: * configure.in:
28771: kill check for sockio,h
28772: [4399779014c1]
28773:
28774: * config.h.in:
28775: no more HAVE_SYS_SOCKIO_H
28776: [67484528e347]
28777:
28778: * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
28779: goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
28780: parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
28781: testsudoers.c, tgetpass.c, utime.c, visudo.c:
28782: -Wall
28783: [2b7e83976788]
28784:
28785: 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
28786:
28787: * sudo.c:
28788: add missing inform_user()
28789: [8689528c6d55]
28790:
28791: 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
28792:
28793: * find_path.c:
28794: return NOT_FOUND if given fully qualified path and it does not exist
28795: previously it would perror(ENOENT) which bypasses the option to not
28796: leak path info
28797: [ccbc3d0130ae]
28798:
28799: * configure.in:
28800: for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
28801: -ldes
28802: [c77d3b484ece]
28803:
28804: 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
28805:
28806: * INSTALL:
28807: tty tickets are user:tty now
28808: [a53a303a614d]
28809:
28810: * check.c:
28811: when using tty tickets make it user:tty not user.tty as a username
28812: could have a '.' in it
28813: [3160b3f5c890]
28814:
28815: 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
28816:
28817: * sudo.c:
28818: add "ignoring foo found in ." for auth successful case
28819: [24257169e0bd]
28820:
28821: 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
28822:
28823: * sudo.c:
28824: add missing printf param
28825: [8c905124f777]
28826:
28827: 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
28828:
28829: * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
28830: go back to printing "command not found" unless --disable-path-info
28831: specified. Also, tell user when we ignore '.' in their path and it
28832: would have been used but for --with-ignore-dot.
28833: [066e118c11e4]
28834:
28835: * check.c, sudo.c:
28836: Only one space after a colon, not two, in printf's
28837: [38452f4c8007]
28838:
28839: 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
28840:
28841: * sudo.pod:
28842: document setting $USER
28843: [80557fe6aede]
28844:
28845: * check.c:
28846: fix bugs with prompt expansion
28847: [44c4fca5f009]
28848:
28849: * sudo.c:
28850: set $USER for root too
28851: [4b525e1c6269]
28852:
28853: 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
28854:
28855: * getspwuid.c:
28856: typo
28857: [5107446f43e0]
28858:
28859: * configure.in:
28860: HP-UX's iscomsec is in -lsec, not libc
28861: [03c9f700b795]
28862:
28863: * configure.in:
28864: remove some entries in the OS case statement that did nothing
28865: [ea96e7e0f624]
28866:
28867: * TROUBLESHOOTING:
28868: add "cd" section and flush out syslog section
28869: [5107f7363b78]
28870:
28871: * Makefile.in:
28872: no more sudo-lex.yy.c
28873: [ed50826efbbc]
28874:
28875: * check_sia.c:
28876: add custom prompt support
28877: [6a285cea10b7]
28878:
28879: * testsudoers.c:
28880: kill perror("malloc") since we already have a good error messages
28881: pw_ent -> pw for brevity
28882: [eee31052921e]
28883:
28884: * sudo.c:
28885: kill perror("malloc") since we already have a good error messages
28886: pw_ent -> pw for brevity set $USER if -u specified
28887: [9f3753461f8a]
28888:
28889: * parse.yacc:
28890: kill perror("malloc") since we already have a good error messages
28891: [849459088ac3]
28892:
28893: * parse.c:
28894: kill perror("malloc") since we already have a good error messages
28895: pw_ent -> pw for brevity when checking if %group matches, look up
28896: user in password file so that %groups works in a RunAs spec.
28897: [0489b4ecc59a]
28898:
28899: * logging.c:
28900: kill perror("malloc") since we already have a good error messages
28901: [3191a18b3526]
28902:
28903: * check.c, getspwuid.c, interfaces.c:
28904: kill perror("malloc") since we already have a good error messages
28905: pw_ent -> pw for brevity
28906: [7193fdb38cf9]
28907:
28908: 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
28909:
28910: * tgetpass.c:
28911: the prompt is expanded before tgetpass is called
28912: [0f408f508041]
28913:
28914: * sudo.h:
28915: tgetpass now has the same args as getpass again
28916: [b6778cd9d79f]
28917:
28918: * getspwuid.c:
28919: add iscomsec, issecure support
28920: [007be7ec7ae7]
28921:
28922: * check.c:
28923: we now expand any %h or %u in the prompt before passing to tgetpass
28924: [f3db8c9ee387]
28925:
28926: * configure.in:
28927: add check for syslog(3) in -lsocket, -lnsl, -linet
28928: [5a96f902ce00]
28929:
28930: * config.h.in:
28931: add HAVE_ISCOMSEC and HAVE_ISSECURE
28932: [f640b0d4cf05]
28933:
28934: * configure.in:
28935: add check for iscomsec in HP-UX
28936: [b28b249040f0]
28937:
28938: * configure.in:
28939: check for issecure if we have getpwanam on SunOS some options are
28940: incompatible with DUNIX SIA check for dispcrypt on DUNIX
28941: [a49d05d9c913]
28942:
28943: 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
28944:
28945: * config.h.in:
28946: add HAVE_DISPCRYPT
28947: [7376d543d8d6]
28948:
28949: * secureware.c:
28950: add back support for non-dispcrypt based checking for older DUNIX
28951: [977b98e936be]
28952:
28953: * INSTALL:
28954: sia changes
28955: [c5387c06e30f]
28956:
28957: * configure.in:
28958: SIA becomes the default on Digital UNIX now havbe --disable-sia to
28959: turn it off...
28960: [3b647558ea13]
28961:
28962: * check.c:
28963: move local includes after system ones
28964: [b2abad4c4aef]
28965:
28966: 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
28967:
28968: * check.c, check_sia.c, sudo.h:
28969: add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
28970: stderr
28971: [547cbf299661]
28972:
28973: * check_sia.c:
28974: fix while loop in sia_attempt_auth() that checks the password. Only
28975: the first iteration was working.
28976: [1886fd1ac831]
28977:
28978: 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
28979:
28980: * aclocal.m4:
28981: don't trust UID_MAX or MAXUID
28982: [2aeddb1654d8]
28983:
28984: * configure.in:
28985: fix two pastos
28986: [c18f0a10b75d]
28987:
28988: * configure.in:
28989: fix typo
28990: [1eb3190ef12d]
28991:
28992: * getspwuid.c, secureware.c:
28993: init crypt_type to INT_MAX since it is legal to be negative in DUNX
28994: 5.0
28995: [cefbde04822d]
28996:
28997: * configure.in:
28998: for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
28999: -ldb since DUNX < 4.0 lacks it
29000: [e6b11d971068]
29001:
29002: 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
29003:
29004: * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
29005: secureware.c, sudo.c, tgetpass.c:
29006: getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
29007: minutes if the shadow files don't exist).
29008: [2f297d095004]
29009:
29010: 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
29011:
29012: * INSTALL:
29013: updated --with-editor blurb
29014: [77d8a3ea7328]
29015:
29016: * TROUBLESHOOTING:
29017: tell how to put sudoers in a different dir
29018: [456cd20eb1d0]
29019:
29020: * configure.in:
29021: add missing quotes around $with_editor
29022: [22881748ab1b]
29023:
29024: * configure.in:
29025: typo in --with-editor bits
29026: [ab6964580681]
29027:
29028: * INSTALL:
29029: I don't expect it to work on Solaris
29030: [1c2fceaaf56e]
29031:
29032: * check.c:
29033: add back security/pam_misc.h
29034: [6ffd30033c1e]
29035:
29036: 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
29037:
29038: * INSTALL:
29039: remove dunix note since configure checks for this now
29040: [e9904512b8e8]
29041:
29042: * configure.in:
29043: add check for broken dunix prot.h (4.0 < 4.0D is bad)
29044: [8a4c1e6aef3b]
29045:
29046: * getspwuid.c, secureware.c, tgetpass.c:
29047: new dunix shadow code, use dispcrypt(3)
29048: [1b936bc7268c]
29049:
29050: * config.h.in:
29051: add HAVE_INITPRIVS
29052: [4369f4c4f914]
29053:
29054: * sudo.c:
29055: call initprivs() if we have it for getprpwuid later on
29056: [11cf5915d826]
29057:
29058: * Makefile.in:
29059: clean pathnames.h too
29060: [5f1df3262613]
29061:
29062: * configure.in:
29063: quote "Sorry, try again." with [] since it has a comma in it set
29064: LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
29065: getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
29066: initprivs later.
29067: [e226b0a3f250]
29068:
29069: * INSTALL:
29070: update Digital UNIX note about acl.h
29071: [80132b71d73a]
29072:
29073: * INSTALL:
29074: add --with-sia
29075: --without-root-sudo -> --disable-root-sudo some reordering
29076: [198386358818]
29077:
29078: * secureware.c:
29079: add whitespace
29080: [4aadaf1a54b0]
29081:
29082: * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
29083: add SIA support
29084: [fa3ddbb9cc51]
29085:
29086: * check_sia.c:
29087: Initial revision
29088: [2968551d40e4]
29089:
29090: 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
29091:
29092: * configure.in:
29093: when checking for -lsocket, -lnsl, and -linet, check for the
29094: specific functions we need from them.
29095: [8d33e64362a3]
29096:
29097: * config.h.in, sudo.h:
29098: move Syslog_* defs into sudo.h
29099: [03d1774f25c7]
29100:
29101: * Makefile.in, sudo.h:
29102: added check_secureware
29103: [e46e3cbb9a97]
29104:
29105: * configure.in:
29106: finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
29107: [dbefe1856503]
29108:
29109: * insults.h:
29110: don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
29111: defined. configure now does that for us
29112: [e4520ea0581f]
29113:
29114: * configure.in:
29115: move some --with options around change a bunch of echo's to
29116: AC_MSG_CHECKING, AC_MSG_RESULT pairs
29117: [ffdf6869fdd7]
29118:
29119: * configure.in:
29120: change $with_foo-bar -> $with_foo_bar kill extra " that caused a
29121: syntax error add some echo verbage
29122: [3278c49bf74b]
29123:
29124: 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
29125:
29126: * check.c:
29127: moved SecureWare stuff into secureware.c
29128: [42d3d3ac35dc]
29129:
29130: * secureware.c:
29131: Initial revision
29132: [aa7f72a249cf]
29133:
29134: * INSTALL:
29135: update url to solaris gcc bins
29136: [36a3eb668777]
29137:
29138: * INSTALL:
29139: change option formatter and flesh out someentries
29140: [6fbd1db4a8ad]
29141:
29142: * TROUBLESHOOTING, sudo.pod, visudo.pod:
29143: environmental variable -> environment variable
29144: [6f14d708e32d]
29145:
29146: * BUGS:
29147: everything is now done via configure
29148: [c217858f58ab]
29149:
29150: * README:
29151: prev rev was 1.5.6
29152: [7b4177103c35]
29153:
29154: * Makefile.in:
29155: passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
29156: [31c6b0a5e0e2]
29157:
29158: * config.h.in:
29159: SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
29160: [d406a1ef6d25]
29161:
29162: * Makefile.in:
29163: merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
29164: sudoers_mode from configure
29165: [1c509500655a]
29166:
29167: * configure.in:
29168: SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
29169: the Makefile, not config.h
29170: [d4482f1492fe]
29171:
29172: * INSTALL:
29173: document all --with/--enable options
29174: [22d81b312d7f]
29175:
29176: 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
29177:
29178: * insults.h:
29179: options.h is no more
29180: [560946a33f7f]
29181:
29182: * config.h.in:
29183: assimilated options.h
29184: [dd8ce74613c1]
29185:
29186: * configure.in:
29187: moved options from options.h to configure
29188: [d39662f71b4e]
29189:
29190: * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
29191: logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
29192: sudo_setenv.c, visudo.c:
29193: no more options.h
29194: [43924bf0858d]
29195:
29196: * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
29197: remove references to options.h
29198: [ef3474295395]
29199:
29200: * dce_pwent.c, interfaces.c, sudo.c:
29201: kill sys/time.h
29202: [4d833f0034e4]
29203:
29204: * tgetpass.c:
29205: if select return < -1 still prompt for pw
29206: [e0009e5c93a2]
29207:
29208: * options.h:
29209: convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
29210: configure options
29211: [e60a1e546516]
29212:
29213: * parse.c:
29214: FAST_MATCH is no longer an optino
29215: [c448dbb3464b]
29216:
29217: * check.c:
29218: remove_timestamp() if timestamp is preposterous
29219: [70d9a86c6ecd]
29220:
29221: * options.h:
29222: convert more options to --with/--enable
29223: [34646d9b09dc]
29224:
29225: * INSTALL, aclocal.m4:
29226: logfile -> logpath
29227: [42de502bc637]
29228:
29229: * configure.in:
29230: convert more options into --with and --enable
29231: [92d0898c9844]
29232:
29233: * tgetpass.c:
29234: catch EINTR in select and restart
29235: [f045d2f234d7]
29236:
29237: * logging.c:
29238: sys/errno -> errno
29239: [7f0c5beab6f2]
29240:
29241: 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
29242:
29243: * sudo.c:
29244: UMASK -> SUDO_UMASK.
29245: [48f308661514]
29246:
29247: * check.c, logging.c:
29248: time.h, not sys/time.h
29249: [91de049c79e4]
29250:
29251: 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
29252:
29253: * logging.c:
29254: MAILER -> _PATH_SENDMAIL
29255: [df65d6896639]
29256:
29257: * INSTALL, configure.in:
29258: no more --with-C2, now it is --disable-shadow
29259: [18bfcab3b9ab]
29260:
29261: * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
29262: getspwuid.c, sudo.c, tgetpass.c:
29263: new shadow password scheme. Always include shadow support if the
29264: platform supports it and the user did not disable it via configure
29265: [2135d93bb4a9]
29266:
29267: 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
29268:
29269: * configure.in:
29270: --with-getpass -> --{enable,disable}-tgetpass
29271: [451b33fdd4c7]
29272:
29273: * Makefile.in:
29274: pathnames.h -> pathnames.h.in
29275: [b109022eca69]
29276:
29277: * check.c:
29278: fix version string
29279: [761b25c314ea]
29280:
29281: * check.c:
29282: move pam_conv to be static to auth function remove pam_misc.h
29283: (solaris doesn't have one)
29284: [a682e4da987a]
29285:
29286: * aclocal.m4:
29287: _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
29288: [e6005d0599b5]
29289:
29290: * configure.in:
29291: munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
29292: [24c0ac2155ef]
29293:
29294: * pathnames.h.in:
29295: convert to pathnames.h.in
29296: [013bddf7f684]
29297:
29298: 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
29299:
29300: * configure.in:
29301: fix typo in sysv4 matching case /.
29302: [2994c4f88cf5]
29303:
29304: 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
29305:
29306: * check.c:
29307: pam stuff needs to run as root, not user, for shadow passwords
29308: [d94ff75de503]
29309:
29310: 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
29311:
29312: * BUGS, INSTALL, README, configure.in:
29313: updated version
29314: [775adc7de7ac]
29315:
29316: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
29317: emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
29318: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
29319: logging.c, options.h, parse.c, parse.lex, parse.yacc,
29320: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
29321: testsudoers.c, tgetpass.c, utime.c, visudo.c:
29322: updated version
29323: [5ca599fb6b93]
29324:
29325: * check.c:
29326: user version.h for long message
29327: [47a52ac7e542]
29328:
29329: * check.c:
29330: this is version 1.5.6
29331: [8451ac79eee2]
29332:
29333: 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
29334:
29335: * Makefile.in:
29336: remove errant backslash
29337: [0222a8a650ff]
29338:
29339: 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
29340:
29341: * options.h, parse.yacc, pathnames.h.in:
29342: fix version string
29343: [fdee73255d64] [SUDO_1_5_6]
29344:
29345: * BUGS, CHANGES, TODO:
29346: updtaed for 1.5.6
29347: [752443bf7f26]
29348:
29349: * RUNSON:
29350: updated for 1.5.6
29351: [0f878123fe6a]
29352:
29353: 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
29354:
29355: * interfaces.c:
29356: kill unused localhost_mask var copy if name to ifr_tmp after we zero
29357: it
29358: [8e89c364cef2]
29359:
29360: 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
29361:
29362: * INSTALL:
29363: Better description of new vs. old sudoers modes fix some typos
29364: better description of /usr/ucb/cc gotchas on slowaris
29365: [c00b2a6fc1e8]
29366:
29367: * Makefile.in:
29368: add sample.pam
29369: [ec7f6cc19b00]
29370:
29371: * sudo.c:
29372: set NewArgv[0] to user_shell, not basename(user_shell)
29373: [1e907cbc9f7b]
29374:
29375: 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
29376:
29377: * README:
29378: mention TROUBLESHOOTING more fix some typos
29379: [2c2e6907d4a4]
29380:
29381: * configure.in:
29382: move --enable/--disable to be after --with
29383: [9b30097f76c1]
29384:
29385: * INSTALL:
29386: document --enable/--disable
29387: [c522362e38a8]
29388:
29389: * INSTALL:
29390: document --with-pam
29391: [7e38932c78ac]
29392:
29393: 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
29394:
29395: * configure.in:
29396: Add message for pam users
29397: [d224f277e3cd]
29398:
29399: * sample.pam:
29400: Initial revision
29401: [3a84d7045f54]
29402:
29403: * config.h.in:
29404: fix HAVE_PAM
29405: [2f0f303ebd88]
29406:
29407: * check.c, config.h.in, configure.in:
29408: pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
29409: [ea3e0a72d707]
29410:
29411: 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
29412:
29413: * config.h.in:
29414: add HOST_IN_LOG and WRAP_LOG
29415: [822c36eeb6a8]
29416:
29417: * logging.c:
29418: add WRAP_LOG and HOST_IN_LOG
29419: [3cf6052bd27e]
29420:
29421: * configure.in:
29422: add --enable-log-host and --enable-log-wrap
29423: [c968cc12b353]
29424:
29425: * aclocal.m4:
29426: use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
29427: [915fef7e11a1]
29428:
29429: 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
29430:
29431: * compat.h:
29432: add howmany macro
29433: [9107a057a7c8]
29434:
29435: * tgetpass.c:
29436: include sys/param.h to get howmany macro
29437: [7e908b5e1f32]
29438:
29439: 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
29440:
29441: * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
29442: add RUNAS_DEFAULT
29443: [1e76398ea3fd]
29444:
29445: 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
29446:
29447: * fnmatch.c:
29448: bring in stdio.h for NULL
29449: [69c016610cbb]
29450:
29451: * aclocal.m4:
29452: allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
29453: [15ab2972f8d0]
29454:
29455: * sudo.c:
29456: use HAVE_SET_AUTH_PARAMETERS
29457: [8abfdc8c80f7]
29458:
29459: * config.h.in:
29460: add HAVE_SET_AUTH_PARAMETERS
29461: [673a5ebd5539]
29462:
29463: * configure.in:
29464: add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
29465: [a401f5a7469a]
29466:
29467: * config.sub:
29468: add support for HI-UX/MPP SR220001 02-03 0 SR2201
29469: [cb657b7acaae]
29470:
29471: * interfaces.c:
29472: initialize previfname
29473: [26a1902f56dc]
29474:
29475: * interfaces.c:
29476: Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
29477: it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
29478: kludging it
29479: [fa5c890c313b]
29480:
29481: * configure.in:
29482: typo
29483: [bff579fbe95c]
29484:
29485: * Makefile.in:
29486: don't need special build line for sudo.tab.o
29487: [10c0a0a912e4]
29488:
29489: * Makefile.in:
29490: don't clean sudo.tab.[ch]
29491: [c40d5968efbb]
29492:
29493: * sudo.c:
29494: Sudo should prompt for a password before telling the user that a
29495: command could not be found.
29496: [d718c85a0047]
29497:
29498: * BUGS:
29499: for 1.5.6
29500: [0cc1fe5b9129]
29501:
29502: * INSTALL, README:
29503: no longer require yacc
29504: [d9096fc5b8b6]
29505:
29506: * Makefile.in:
29507: typo
29508: [70feb1aefbd5]
29509:
29510: * Makefile.in:
29511: y.tab -> sudo.tab include pre-yacc'd parse.yacc
29512: [cc802025fd44]
29513:
29514: * parse.lex:
29515: include sudo.tab.h, not y.tab.h don't break out of command args if
29516: you get a '='
29517: [728ad26dbda5]
29518:
29519: * insults.h:
29520: fix version ,
29521: [242bbce1b2d4]
29522:
29523: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
29524: fix version
29525: [2bb9086fea1e]
29526:
29527: * compat.h:
29528: fix version
29529: [7e634d498ce6]
29530:
29531: * getcwd.c:
29532: getcwd(3) from OpenBSD for those without it.
29533: [6c68d0df8f6c]
29534:
29535: * sudo.h:
29536: HAVE_GETWD -> HAVE_GETCWD
29537: [2ad1e64d60c0]
29538:
29539: * configure.in:
29540: pretend sunos doesn't have getcwd(3) since it opens a pipe to
29541: getpwd!
29542: [677992ba5a6a]
29543:
29544: * parse.c:
29545: use NAMLEN() macro
29546: [8f5685aa3165]
29547:
29548: * fnmatch.c:
29549: remove duplicate include of string.h
29550: [6024f3051ac3]
29551:
29552: * configure.in:
29553: call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
29554: [3d82a9c22cc2]
29555:
29556: * aclocal.m4:
29557: add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
29558: [53fbc47282f9]
29559:
29560: * config.h.in:
29561: add dev_t and ino_t
29562: [5929bb0c7e1a]
29563:
29564: 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
29565:
29566: * check.c:
29567: fix OTP_ONLY for opie
29568: [7edcfa78f2ec]
29569:
29570: 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
29571:
29572: * testsudoers.c, tgetpass.c:
29573: include stdlib.h for malloc proto
29574: [c9f4b99a2fe9]
29575:
29576: 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
29577:
29578: * Makefile.in:
29579: make update_version saner
29580: [d522f93ee04a]
29581:
29582: * config.h.in:
29583: add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
29584: [c9a2d21dc608]
29585:
29586: * configure.in:
29587: check for waitpid and wait3 or no waitpid
29588: [1f18c3224184]
29589:
29590: * logging.c:
29591: used waitpid or wait3 if we have 'em
29592: [391c3279ee65]
29593:
29594: 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
29595:
29596: * visudo.c:
29597: fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
29598: [fbf53b18178f]
29599:
29600: 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
29601:
29602: * configure.in:
29603: don't need to explicately mention -lsocket -lnsl for sequent
29604: [1898dc055352]
29605:
29606: 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
29607:
29608: * configure.in:
29609: dynix should not link with -linet
29610: [278a4b9cfe2a]
29611:
29612: 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
29613:
29614: * INSTALL:
29615: mention that HP-UX doesn't ship with yacc
29616: [bde5147198c0]
29617:
29618: 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
29619:
29620: * check.c:
29621: ignore kerberos if we can't get the local realm
29622: [1e311a091a27]
29623:
29624: 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
29625:
29626: * BUGS, INSTALL, README, configure.in:
29627: ++version
29628: [499ffc746018]
29629:
29630: * version.h:
29631: ++
29632: [35ba1ee01bd3]
29633:
29634: * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
29635: find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
29636: logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
29637: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
29638: updated version
29639: [b4990a513f31]
29640:
29641: * check.c, sudo.h:
29642: fix version
29643: [5710795834e8]
29644:
29645: * getcwd.c:
29646: don't use popen/pclose. Do it inline.
29647: [29e57b0646a4]
29648:
29649: * lsearch.c:
29650: add rcsid
29651: [b2b55c39858d]
29652:
29653: * sudo.c:
29654: typo
29655: [d381ac39ed0f]
29656:
29657: * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
29658: ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
29659: sudo.h:
29660: updated version
29661: [462d6e1a2d75]
29662:
29663: * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
29664: MAX* + 1 -> MAX*
29665: [2c2eeb78d34f]
29666:
29667: * Makefile.in:
29668: getwd.c -> getcwd.c
29669: [7d718c32fc02]
29670:
29671: * config.h.in:
29672: kill HAVE_GETWD
29673: [6ad3d702343f]
29674:
29675: * configure.in:
29676: getcwd, not getwd
29677: [33e5b9841f58]
29678:
29679: * getcwd.c:
29680: use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
29681: purpose
29682: [24e58d340161]
29683:
29684: 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
29685:
29686: * OPTIONS, options.h:
29687: add STUB_LOAD_INTERFACES
29688: [d747cb23ca83]
29689:
29690: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
29691: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
29692: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
29693: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
29694: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
29695: testsudoers.c, tgetpass.c, utime.c, visudo.c:
29696: updated version
29697: [0798229312cc]
29698:
29699: * configure.in:
29700: support *-ccur-sysv4 and fix two typos
29701: [24a823ad7cc9]
29702:
29703: 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
29704:
29705: * configure.in:
29706: don't echo about with_logfile and with_timedir
29707: [31e4a1e2d9ad]
29708:
29709: * INSTALL:
29710: document --with-logfile and --with-timedir
29711: [674f811a40e0]
29712:
29713: * aclocal.m4:
29714: support --with-logfile and --with-timedir
29715: [2fc36b35db12]
29716:
29717: * configure.in:
29718: Add --with-logfile and --with-timedir
29719: [09045bf07e29]
29720:
29721: * sudo.c:
29722: change size computation of NewArgv for UNICOS
29723: [b50df07da3a1]
29724:
29725: 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
29726:
29727: * configure.in:
29728: treate -*-sysv4* like *-*-svr4
29729: [471b7ef4dbf2]
29730:
29731: 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
29732:
29733: * configure.in:
29734: fix spacing for --with-authenticate help
29735: [8321cb37c410]
29736:
29737: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
29738: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
29739: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
29740: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
29741: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
29742: testsudoers.c, tgetpass.c, utime.c, visudo.c:
29743: updated version
29744: [dc1ab97312eb]
29745:
29746: * parse.yacc:
29747: fix off by one error in push macro
29748: [bece59c8c3a9]
29749:
29750: 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
29751:
29752: * configure.in:
29753: removed bogus alloca hack
29754: [a68dd720462d]
29755:
29756: * check.c:
29757: added AIX 4.x authenticate() support
29758: [12985eb448a0]
29759:
29760: * parse.yacc:
29761: include alloca.h if using bison and not gcc and it exists. fixes an
29762: alloca problem on hpux 10.x
29763: [e3b5c4f26072]
29764:
29765: * INSTALL:
29766: mention --with-authenticate
29767: [78a1c96820e7]
29768:
29769: * configure.in:
29770: added AIX authenticate() support
29771: [c983193ec252]
29772:
29773: * config.h.in:
29774: add HAVE_AUTHENTICATE
29775: [7b0e5f5db5d9]
29776:
29777: * interfaces.c:
29778: dynamically size ifconf buffer
29779: [10afb0e9b2f9]
29780:
29781: * configure.in:
29782: quote '[' and ']'
29783: [8fc38a4defad]
29784:
29785: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
29786: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
29787: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
29788: logging.c, options.h, parse.c, parse.lex, parse.yacc,
29789: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
29790: testsudoers.c, tgetpass.c, utime.c, visudo.c:
29791: updated version
29792: [5f66de71ec61]
29793:
29794: * visudo.pod:
29795: add ERRORS section
29796: [3df3edb73cf6]
29797:
29798: 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
29799:
29800: * TROUBLESHOOTING:
29801: add busy stmp file explanation
29802: [6c555d469b6f]
29803:
29804: 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
29805:
29806: * configure.in:
29807: the name of the cached var that signals whether or not you are cross
29808: compiling changed. It is now ac_cv_prog_cc_cross
29809: [123911c0658c]
29810:
29811: 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
29812:
29813: * INSTALL:
29814: mention glibc 2.07 is fixed wrt lsearch()\.
29815: [ded758524582]
29816:
29817: 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
29818:
29819: * sample.sudoers, sudoers.pod:
29820: better example of su but not root su
29821: [b3199610be21]
29822:
29823: 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
29824:
29825: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
29826: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
29827: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
29828: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
29829: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
29830: testsudoers.c, tgetpass.c, utime.c, visudo.c:
29831: updated version
29832: [46922b84e86b]
29833:
29834: * Makefile.in:
29835: correct regexp for updating version
29836: [8032728b2a8a]
29837:
29838: * tgetpass.c:
29839: remove bogus flush of stderr spew prompt before turning off echo.
29840: Seems to fix a weird problem where if sudo complained about a bogus
29841: stamp file the user would sometimes not have a chance to enter a
29842: password
29843: [7aa1493cc141]
29844:
29845: * check.c:
29846: fix bogus flush of stderr
29847: [6d047871c5e8]
29848:
29849: * sudo.c:
29850: close fd's <=2 not <=3 and move that chunk of code up
29851: [553e4faac195]
29852:
29853: * configure.in:
29854: support hpux1[0-9] not just hpux10
29855: [5a34a000ff8a]
29856:
29857: 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
29858:
29859: * parse.c:
29860: set sudoers_fp to nil after closing
29861: [221a8b4bbf34]
29862:
29863: 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
29864:
29865: * config.guess, config.sub:
29866: updated from autoconf 2.12
29867: [6fc86a0fc61b]
29868:
29869: * configure.in:
29870: add *-*-svr4 rule
29871: [38f0427f7c9d]
29872:
29873: 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
29874:
29875: * tgetpass.c:
29876: fix select usage for high fd's (dynamically allocate readfds)
29877: [c2d1f76e0321]
29878:
29879: * check.c:
29880: kill extra whitespace
29881: [d784b6c9c514]
29882:
29883: * sudo.c:
29884: do an initgroups() before running a command, unless the target user
29885: is root.
29886: [4ca561287480]
29887:
29888: 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
29889:
29890: * TROUBLESHOOTING:
29891: tell people to use tabs, not spaces, in syslog.conf
29892: [8ae90a205134]
29893:
29894: 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
29895:
29896: * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
29897: parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
29898: updated version
29899: [4d855ff5de26]
29900:
29901: * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
29902: logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
29903: updated version
29904: [8e007e178b33]
29905:
29906: * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
29907: insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
29908: updated version
29909: [9ddea5c8814d]
29910:
29911: * Makefile.in:
29912: more tweaks to update_version
29913: [047698752855]
29914:
29915: * Makefile.in:
29916: fixed up update_version rule
29917: [47b6fa34b77f]
29918:
29919: * configure.in:
29920: ++version
29921: [c1ca664e30b7]
29922:
29923: * Makefile.in:
29924: removed supe of check.c
29925: [8f340a05296a]
29926:
29927: * INSTALL:
29928: ++version I missed
29929: [a298e6c17491]
29930:
29931: * RUNSON:
29932: updated
29933: [a14f6057bc15]
29934:
29935: * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
29936: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
29937: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
29938: insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
29939: parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
29940: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
29941: visudo.c:
29942: updated version
29943: [02231b1a3ab3]
29944:
29945: * CHANGES:
29946: updated for 1.5.5
29947: [634e5fcaf40b]
29948:
29949: * Makefile.in:
29950: add rules to update version stuff in files so I don't need to do it
29951: by hand
29952: [3620ad60485a]
29953:
29954: * sudo.h:
29955: sudoers_fp is now extern
29956: [88c6e9b9ea84]
29957:
29958: * sudo.c:
29959: in check_sudoers, cache the sudoers file handle in sudoers_fp so we
29960: don't have to open it again in the parse. This may help with weird
29961: solaris problems where EAGAIN sometime occurrs.
29962: [d3c26451ed1d]
29963:
29964: * parse.c:
29965: sudoers file open is now done only in check_sudoers() so we just do
29966: a rewind() instead of an open. May help people on solaris who were
29967: getting EAGAIN.
29968: [c8b8c7722fa5]
29969:
29970: 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
29971:
29972: * INSTALL:
29973: mention that newer glibc is fixed
29974: [20f06f5d3ef3]
29975:
29976: 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
29977:
29978: * sudo.c:
29979: newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
29980: _RLD* instead of _RLD_*
29981: [1e22c588d602]
29982:
29983: * parse.c:
29984: typo
29985: [d0b7cb85f08a]
29986:
29987: * parse.c:
29988: fix that bug for real
29989: [5a6eeca6d04b]
29990:
29991: * INSTALL:
29992: document Linux's libc6 brokenness.
29993: [0246c1aa64ee]
29994:
29995: * parse.yacc:
29996: -Wall
29997: [d0e452fb1e2d]
29998:
29999: * RUNSON:
30000: updated
30001: [4949a1bbd0a9] [SUDO_1_5_4]
30002:
30003: * TROUBLESHOOTING:
30004: remind people to HUP syslogd
30005: [590962faa4f0]
30006:
30007: * Makefile.in:
30008: add -O flag to tar
30009: [622d02de339d]
30010:
30011: * RUNSON:
30012: updated
30013: [a72930d6e615]
30014:
30015: * TODO:
30016: updated
30017: [4a51bd458390]
30018:
30019: * sudo.pod:
30020: remove author's email addr. people should mail sudo-bugs
30021: [9b6bbdb3a6d9]
30022:
30023: * INSTALL:
30024: fix version
30025: [246274c6c8af]
30026:
30027: * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
30028: find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
30029: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
30030: logging.c, options.h, parse.c, parse.lex, parse.yacc,
30031: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
30032: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
30033: ++version
30034: [f532ff4ee766]
30035:
30036: * RUNSON:
30037: updated
30038: [62d5c71358b5]
30039:
30040: * INSTALL, Makefile.in:
30041: ++version
30042: [1a7c7628edfc]
30043:
30044: * CHANGES:
30045: updated fort 1.5.4
30046: [7e4873508c99]
30047:
30048: * check.c:
30049: exit(1) if user enters no passwd
30050: [f382c0e35e4e]
30051:
30052: * BUGS:
30053: ++version
30054: [fab6a867ab67]
30055:
30056: * parse.c:
30057: commands can start with ./* not just /* -- fixes a serious security
30058: hole.
30059: [244d2fe35ee3]
30060:
30061: 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
30062:
30063: * sudo.c:
30064: Don't set the tty variable to NULL when we lack a tty, leave it as
30065: "unknown".
30066: [193b26daba03]
30067:
30068: 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
30069:
30070: * sample.sudoers:
30071: fix usage of (username) in conjunction with , and !
30072: [7ae68607f68f]
30073:
30074: * visudo.c:
30075: catch the case where the user is not in the passwd file
30076: [31650258deb0]
30077:
30078: * tgetpass.c:
30079: use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
30080: select(2)
30081: [60ab2d9a9ee8]
30082:
30083: * sudo.c:
30084: define tty global to an initial value to avoid dumping core in
30085: logging functions when passwd file is unavailable.
30086: [77056c7bc908]
30087:
30088: * sudo.c:
30089: do the set_perms(PERM_USER, sudo_mode) after we have gotten the
30090: passwd entry
30091: [1fdb8e579a5a]
30092:
30093: * sudo.pod:
30094: talk about problem of ALL
30095: [1cd1905c9f6f]
30096:
30097: 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
30098:
30099: * README:
30100: new web location
30101: [d24dc26f6da5]
30102:
30103: * INSTALL:
30104: fdesc bug is fixed in Open/Net BSD
30105: [7d4d81b08ac3]
30106:
30107: * HISTORY:
30108: updates from Nieusma
30109: [3a43769a1b78]
30110:
30111: 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
30112:
30113: * dce_pwent.c:
30114: move compat.h after the system includes
30115: [5ea43a5968ac]
30116:
30117: 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
30118:
30119: * logging.c:
30120: save errno from being clobbered by wait(). From Theo
30121: [f2d1c48cd592]
30122:
30123: 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
30124:
30125: * compat.h:
30126: fix an occurence of setresuid -> setreuid (typo)
30127: [394de35c9b1c]
30128:
30129: 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
30130:
30131: * install-sh:
30132: check for path to strip
30133: [2b7ef824bd55]
30134:
30135: 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
30136:
30137: * logging.c:
30138: deal with maxfilelen < 0 case
30139: [f0af095178d7]
30140:
30141: * OPTIONS:
30142: fixed descriptin
30143: [629f60bd4b5f]
30144:
30145: 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
30146:
30147: * sudo.c:
30148: correct error message if mode/owner wrong and not statable by owner
30149: but is statable by root.
30150: [cb631ce2e85e]
30151:
30152: 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
30153:
30154: * config.guess, config.sub:
30155: autoconf 2.11
30156: [f3cbe59e0756]
30157:
30158: 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
30159:
30160: * CHANGES, RUNSON, TODO:
30161: sudo 1.5.3.
30162: [2be3229b8626]
30163:
30164: 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
30165:
30166: * parse.yacc, sudo.h:
30167: command_alias -> generic_alias
30168: [c404ca8c510d] [SUDO_1_5_3]
30169:
30170: * sample.sudoers:
30171: added Runas_Alias example and fixed syntax errors
30172: [c304053f4a8a]
30173:
30174: * OPTIONS, options.h:
30175: updated MAILSUBJECT
30176: [18d1573fcd2a]
30177:
30178: * logging.c:
30179: added %h expansion
30180: [a4bff9b284fd]
30181:
30182: * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
30183: configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
30184: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
30185: insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
30186: parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
30187: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
30188: visudo.c:
30189: ++version
30190: [211ff20f956f]
30191:
30192: * BUGS, emul/utime.h:
30193: ++version
30194: [cde5376579e3]
30195:
30196: * sudoers.pod:
30197: document Runas_Alias
30198: [b1a58f28fb2c]
30199:
30200: * visudo.pod:
30201: q (uid) -> Q
30202: [d256649a0e6b]
30203:
30204: * visudo.c:
30205: buffer oflow checking q (uit) -> Q if yyparse() fails drop into
30206: whatnow
30207: [1cb183d15626]
30208:
30209: * parse.yacc:
30210: add size params to sprintf
30211: [9228f698921f]
30212:
30213: * parse.lex:
30214: allow trailing space after '\\' but before '\n'
30215: [f51dbbf69fdf]
30216:
30217: * find_path.c:
30218: off by one error in path size check
30219: [a6d75ccd7632]
30220:
30221: * check.c:
30222: sprintf paranoia
30223: [3ffb12d198dd]
30224:
30225: 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
30226:
30227: * parse.yacc:
30228: fixed more_aliases
30229: [aab12f2a50af]
30230:
30231: * visudo.c:
30232: now warns if killed by signal ./
30233: [310c186a0fd7]
30234:
30235: 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
30236:
30237: * parse.yacc:
30238: fix Runas_Alias stuff Alias's in runas list now get expanded (but it
30239: is gross)
30240: [45590b83120f]
30241:
30242: * sudo.c:
30243: Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
30244: [d53e01c14c58]
30245:
30246: * parse.yacc:
30247: add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
30248: [7a4a040aae2d]
30249:
30250: * parse.lex:
30251: Add Runas_Alias and simplify a rule.
30252: [6f794a769a37]
30253:
30254: * parse.yacc:
30255: always store User_Alias's since they can be used inside of a runas
30256: list. Sigh. Really need a Runas_Alias instead.
30257: [3bab058a873e]
30258:
30259: 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
30260:
30261: * visudo.c:
30262: deal with case where there is no sudoers file
30263: [fa38b3bb244d]
30264:
30265: 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
30266:
30267: * TROUBLESHOOTING:
30268: added one
30269: [e61346d06725]
30270:
30271: 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
30272:
30273: * HISTORY, testsudoers.c:
30274: developement -> development
30275: [4df55e293941]
30276:
30277: * INSTALL:
30278: added a note
30279: [3845fb83dbc0]
30280:
30281: * RUNSON:
30282: for 1.5.2
30283: [5489b7298942]
30284:
30285: * CHANGES:
30286: updated
30287: [0741834929e6]
30288:
30289: 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
30290:
30291: * PORTING:
30292: removed seteuid() notes
30293: [1010a60f281d] [SUDO_1_5_2]
30294:
30295: 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
30296:
30297: * compat.h:
30298: better seteuid() emulatino
30299: [e807623b662c]
30300:
30301: * configure.in:
30302: added check for seteuid
30303: [8cf9fabc6f4f]
30304:
30305: * config.h.in:
30306: added HAVE_SETEUID
30307: [596db46aa828]
30308:
30309: 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
30310:
30311: * configure.in:
30312: first stab at sequent support
30313: [b85a7bfcac76]
30314:
30315: * config.h.in:
30316: added HAVE_SYS_SELECT_H
30317: [93ecdd042463]
30318:
30319: * compat.h:
30320: sequent -> _SEQUENT_
30321: [63a38b6da98c]
30322:
30323: * compat.h:
30324: added seteuid() macro for DYNIX
30325: [695bd63c5ea6]
30326:
30327: * tgetpass.c:
30328: _AIX -> HAVE_SYS_SELECT_H
30329: [b31221211bc2]
30330:
30331: 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
30332:
30333: * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
30334: parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
30335: testsudoers.c, tgetpass.c, utime.c, visudo.c:
30336: ++version
30337: [8052992fd453]
30338:
30339: * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
30340: getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
30341: ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
30342: pathnames.h.in, version.h:
30343: ++version
30344: [f7ad15e1598a]
30345:
30346: * sudo.pod:
30347: added -H and SUDO_PS1
30348: [bb965241e30c]
30349:
30350: * configure.in:
30351: use SUDO_FUNC_FNMATCH
30352: [6a8350d85fb2]
30353:
30354: * aclocal.m4:
30355: added SUDO_FUNC_FNMATCH
30356: [45b32c91c4ba]
30357:
30358: * sudo.c:
30359: added -H flag
30360: [11ebc6872fd6]
30361:
30362: * sudo.h:
30363: added MODE_RESET_HOME /
30364: [67a7f8bcbbd6]
30365:
30366: 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
30367:
30368: * INSTALL:
30369: mention OPIE
30370: [5723515d5bbd]
30371:
30372: * options.h:
30373: SKEY -> OTP
30374: [c1d268130bc4]
30375:
30376: * configure.in:
30377: added opie support
30378: [123872b41b20]
30379:
30380: * compat.h, config.h.in:
30381: added HAVE_OPIE
30382: [528c71afc1e5]
30383:
30384: * check.c:
30385: added HAVE_OPIE and changed to *_OTP_*
30386: [4c62f5db872a]
30387:
30388: * OPTIONS:
30389: SKEY -> OTP
30390: [bd858e5e9652]
30391:
30392: 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
30393:
30394: * check.c:
30395: moved fclose() in skey stuff.
30396: [11f7dc8431a6]
30397:
30398: 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
30399:
30400: * putenv.c:
30401: index -> strchr remove unnecesary stuff
30402: [af2d05238062]
30403:
30404: * check.c:
30405: now call skeychallenge() to get challenge instead of making one up
30406: ourselves. this way, we get extra goodies in the prompt.
30407: [49b770d98d3a]
30408:
30409: 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
30410:
30411: * CHANGES:
30412: added one
30413: [3f5149357e2a] [SUDO_1_5_1]
30414:
30415: * parse.lex:
30416: allow logins to start with a number (YUCK!)
30417: [7ed7ef324741]
30418:
30419: 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
30420:
30421: * TROUBLESHOOTING:
30422: added soalris 2.5 vs 2.4 note
30423: [16160a251aae]
30424:
30425: * configure.in:
30426: DUNIX doesn't need -lnsl
30427: [be924cc322c3]
30428:
30429: * CHANGES:
30430: *** empty log message ***
30431: [1b2937521981]
30432:
30433: * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
30434: getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
30435: ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
30436: options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
30437: strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
30438: utime.c, version.h, visudo.c:
30439: courtesan
30440: [5f203589bbfe]
30441:
30442: * PORTING, README, RUNSON:
30443: courtesan
30444: [d72517f4937e]
30445:
30446: * INSTALL, Makefile.in, TROUBLESHOOTING:
30447: courtesan
30448: [5c007e3c7a71]
30449:
30450: * visudo.pod:
30451: *** empty log message ***
30452: [37ebe85bd4e1]
30453:
30454: * sudo.pod, visudo.pod:
30455: courtesan
30456: [37f02e2130ea]
30457:
30458: 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
30459:
30460: * HISTORY:
30461: added courtesan ./
30462: [b01435226276]
30463:
30464: 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
30465:
30466: * sudo.c:
30467: added $SUDO_PROMPT support
30468: [cb1fa72c093d]
30469:
30470: 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
30471:
30472: * check.c:
30473: print long skey challemged to stderr, not stdout
30474: [750fc775b3b2]
30475:
30476: 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
30477:
30478: * CHANGES:
30479: updated for 1.5.1
30480: [9b615f393057]
30481:
30482: * emul/utime.h:
30483: ++version
30484: [a94de18deafb]
30485:
30486: 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
30487:
30488: * RUNSON:
30489: updated for 1.5.1
30490: [4092f20ab634]
30491:
30492: 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
30493:
30494: * check.c:
30495: use shost, not host for tgetpass
30496: [6061c49ff9be]
30497:
30498: * sudo.pod:
30499: documented %u and %h
30500: [6d2922d29897]
30501:
30502: * OPTIONS:
30503: documented %u and %h
30504: [1a71da13a864]
30505:
30506: * configure.in:
30507: fixed typo
30508: [1230dec2b062]
30509:
30510: * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
30511: dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
30512: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
30513: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
30514: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
30515: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
30516: ++version
30517: [65ce8eabf77a]
30518:
30519: * BUGS:
30520: ++version
30521: [afecab53aab7]
30522:
30523: 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
30524:
30525: * Makefile.in, configure.in, version.h:
30526: ++version
30527: [fb3ff940d672]
30528:
30529: * sudo.h:
30530: new tgetpass() params
30531: [9eccc5b0f8ae]
30532:
30533: * check.c:
30534: pass use and host to tgetpass
30535: [c56d9d13c401]
30536:
30537: * tgetpass.c:
30538: added %u and %h escapes
30539: [04ae775d3e5d]
30540:
30541: * OPTIONS, check.c, options.h:
30542: added NO_MESSAGE
30543: [3927dad19057]
30544:
30545: * configure.in:
30546: added cray (unicos) support
30547: [1122210c5fb1]
30548:
30549: 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
30550:
30551: * OPTIONS, options.h, sudo.c:
30552: added SHELL_SETS_HOME
30553: [0b26909b0929]
30554:
30555: 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
30556:
30557: * INSTALL:
30558: added note about "make install"
30559: [7e56ea76d4b4]
30560:
30561: * parse.yacc:
30562: changed length/size params from int to size_t
30563: [5654e5ceb1b3]
30564:
30565: * OPTIONS:
30566: now get CSOPS insults as well by default
30567: [297323d0179a]
30568:
30569: * insults.h:
30570: use csops insults too by default
30571: [07fafc136169]
30572:
30573: * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
30574: version = 1.5
30575: [4b8772b11e3b]
30576:
30577: * sudo.c:
30578: added runas_homedir
30579: [b0e0d4417a15]
30580:
30581: * TODO:
30582: updated for 1.5
30583: [66259df825d5]
30584:
30585: * RUNSON:
30586: updated for 1.5
30587: [e08bc9ebfe95]
30588:
30589: * CHANGES:
30590: 1.5 release
30591: [8c16942fea41]
30592:
30593: * INSTALL:
30594: added "upgrading" notes
30595: [210d968964ff]
30596:
30597: 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
30598:
30599: * visudo.c:
30600: now do chmod and chown after edit of temp file and before rename
30601: [de174e34faa7] [SUDO_1_5_0]
30602:
30603: 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
30604:
30605: * Makefile.in:
30606: ++version added INSTALL.configure
30607: [c9e9214f52ae]
30608:
30609: * configure.in, version.h:
30610: ++version
30611: [5985abed3eb2]
30612:
30613: * TROUBLESHOOTING:
30614: *** empty log message ***
30615: [d65c540ec52e]
30616:
30617: * parse.yacc:
30618: added missing cast
30619: [e7247319a7d5]
30620:
30621: * sudo.c:
30622: sets $HOME to pw_dir of runas user
30623: [d3f7f4d05752]
30624:
30625: * sudo.pod:
30626: document $HOME change
30627: [854454d458c4]
30628:
30629: 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
30630:
30631: * sudo.pod:
30632: fixed up some wording
30633: [b0c8582f2c97]
30634:
30635: * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
30636: interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
30637: strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
30638: visudo.c:
30639: ++version
30640: [748be723fd8b]
30641:
30642: * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
30643: insults.h, options.h, pathnames.h.in, sudo.h:
30644: ++version
30645: [acdf8b1b2a1b]
30646:
30647: * emul/utime.h:
30648: ++version
30649: [b3f35298ab8d]
30650:
30651: * sudo.h:
30652: name nad type changes
30653: [db24ab3da141]
30654:
30655: * testsudoers.c:
30656: now works with new sudo
30657: [379346c42cc2]
30658:
30659: * parse.yacc:
30660: fixed some XXX
30661: [f5fe4c990052]
30662:
30663: * parse.yacc:
30664: some variable name changes + comment headers for functions.
30665: [3dc3bd9aa73d]
30666:
30667: * tgetpass.c:
30668: added extra paren's to make compilers happy
30669: [9e4968a34d56]
30670:
30671: * sudo.c:
30672: *** empty log message ***
30673: [70c924c1ed69]
30674:
30675: * parse.c:
30676: now uses init_parser() if not in sudoers and tries "list" or
30677: "validate" scold but don't be nasty.
30678: [c0d8fb3f8c9e]
30679:
30680: * TROUBLESHOOTING:
30681: now can use upper case login names
30682: [c772fffcefe5]
30683:
30684: * visudo.c:
30685: now uses init_parser()
30686: [b9efae7243fd]
30687:
30688: * INSTALL, README:
30689: updated
30690: [27dc8283fdc8]
30691:
30692: * PORTING:
30693: added info about PASSWORD_TIMEOUT
30694: [980e15d892f8]
30695:
30696: * INSTALL.configure:
30697: Initial revision
30698: [8292e89a08d3]
30699:
30700: * BUGS:
30701: fixed a bug ,
30702: [c6e46f5624f9]
30703:
30704: * parse.yacc:
30705: now dynamically allocates memory for the stacks -- no more
30706: overflows!
30707: [8615c35b6ad3]
30708:
30709: * sudo.pod:
30710: -l now explands command aliases
30711: [39f45605935d]
30712:
30713: * parse.yacc:
30714: hacks to expand command aliases for `sudo -l'
30715: [e4eb752608f9]
30716:
30717: * sudo.c:
30718: remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
30719: [01327ca5084b]
30720:
30721: * sudo.h:
30722: added struct command_alias
30723: [dd2f32764082]
30724:
30725: * sudo.pod:
30726: fixed a bug
30727: [e708ff08d2eb]
30728:
30729: * lsearch.c:
30730: in compar() key should be first arg
30731: [fc14c3fa62ee]
30732:
30733: 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
30734:
30735: * BUGS:
30736: fixed some bugs
30737: [639dfe425bd5]
30738:
30739: * parse.yacc:
30740: can now deal with upcase HOST and USER names
30741: [c6aa7bcfb00d]
30742:
30743: * sudo.c:
30744: don't yell too loudly at non-sudoers if they do "sudo -l"
30745: [4ef146128d89]
30746:
30747: * sudo.pod:
30748: fixed thinko
30749: [830f2f0f22e7]
30750:
30751: * parse.c:
30752: fix comment
30753: [d20ce9e17ddc]
30754:
30755: 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
30756:
30757: * parse.c, parse.yacc:
30758: added support for new `sudo -l' stuff
30759: [7dceaef3c733]
30760:
30761: * sudo.c:
30762: now uses list_matches()
30763: [293364821b61]
30764:
30765: * sudo.h:
30766: added struct sudo_match
30767: [b2684179d179]
30768:
30769: * configure.in:
30770: now more -lgnumalloc
30771: [4f8ae42617d8]
30772:
30773: 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
30774:
30775: * install-sh:
30776: added more paths for chown and whoami
30777: [6e685a19426c]
30778:
30779: 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
30780:
30781: * check.c:
30782: typo
30783: [3adfa01c04bc]
30784:
30785: 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
30786:
30787: * aclocal.m4:
30788: fixed DUNIX check for shadow pw
30789: [c25324bcd27b]
30790:
30791: * tgetpass.c:
30792: now only turn off echo if it is already on. this fixes a race when
30793: you use sudo in a pipelin
30794: [28388c2de21c]
30795:
30796: * INSTALL:
30797: updated
30798: [b45ac9366b7e]
30799:
30800: * configure.in:
30801: changed "test -z $foo && do_this" to if; then construct
30802: [2183c4426bca]
30803:
30804: 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
30805:
30806: * configure.in:
30807: added missing defines of SHADOW_TYPE
30808: [be89ea68a7f3]
30809:
30810: 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
30811:
30812: * check.c:
30813: protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
30814: only in dunix 4.x
30815: [1e7c1c677263]
30816:
30817: * getspwuid.c:
30818: added AUTH_CRYPT_C1CRYPT support
30819: [88d6b0058b20]
30820:
30821: * parse.c:
30822: no longer return VALIDATE_NOT_OK if there was a runas that didn't
30823: match. Now we can have runas stuff on more than one line.
30824: [52b68920d7b7]
30825:
30826: * getspwuid.c, sudo.c, tgetpass.c:
30827: use SHADOW_TYPE instead of HAVE_C2_SECURITY
30828: [cf401dfcbc06]
30829:
30830: * configure.in:
30831: got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
30832: something
30833: [c7a233c4dd93]
30834:
30835: * config.h.in:
30836: removed HAVE_C2_SECURITY added SPW_BSD
30837: [8314405e9754]
30838:
30839: * compat.h:
30840: use SHADOW_TYPE instead of HAVE_C2_SECURITY
30841: [6f94870df17f]
30842:
30843: * check.c:
30844: SHADOW_TYPE is always defined so just against its value
30845: [72c69a55d02f]
30846:
30847: * aclocal.m4:
30848: added SUDO_CHECK_SHADOW_DUNIX
30849: [ef025ae9d496]
30850:
30851: 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
30852:
30853: * sudoers.pod:
30854: * -> ?* in one example added another instance of (runas) and one of
30855: NOPASSWD:
30856: [d74fe1dcbe7d]
30857:
30858: 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
30859:
30860: * configure.in:
30861: added back check for config.cache from other host type
30862: [0ba87871f585]
30863:
30864: * parse.lex:
30865: removed an instance of \"
30866: [1e008d3709f6]
30867:
30868: * sample.sudoers:
30869: added an example
30870: [dbfcf68ee330]
30871:
30872: * sudoers.pod:
30873: updated wrt new wildcard matching
30874: [193fa44a475b]
30875:
30876: * configure.in:
30877: new check for shadow passwords if we don't know anything
30878: [67465df7dc9a]
30879:
30880: * aclocal.m4:
30881: new SUDO_CHECK_SHADOW_GENERIC
30882: [3563b16a41b8]
30883:
30884: * configure.in:
30885: added back check for -lsocket (oops)
30886: [a80882ee1cb6]
30887:
30888: * configure.in:
30889: better (working) check for shadow passwd type if we know to use C2.
30890: [3cdd2a59a641]
30891:
30892: * configure.in:
30893: now uses AC_CANONICAL_HOST to figure out os type
30894: [80db7fe6e704]
30895:
30896: * Makefile.in:
30897: added config.{guess,sub}
30898: [c6be7e3ca384]
30899:
30900: * aclocal.m4:
30901: removed unused stuff to figure out os type
30902: [c9a0f3b57123]
30903:
30904: * config.sub:
30905: added openbsd
30906: [bfc6bfec3668]
30907:
30908: * config.sub:
30909: Initial revision
30910: [e6e06ce0d17d]
30911:
30912: * config.guess:
30913: Initial revision
30914: [99dd06f79199]
30915:
30916: * testsudoers.c:
30917: don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
30918: pathname. need to check against sudoers_args even if user_args is
30919: nil
30920: [66e6cf77f5d6]
30921:
30922: * parse.c:
30923: don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
30924: pathname need to check against sudoers_args even if user_args is nil
30925: [74374df17311]
30926:
30927: 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
30928:
30929: * check.c:
30930: added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
30931: [cbb00261c415]
30932:
30933: * testsudoers.c:
30934: now takes command line args and uses cmnd_args
30935: [f0c2fd35a527]
30936:
30937: * parse.lex:
30938: fill_args was adding an extra leading space
30939: [692fc999b2e8]
30940:
30941: 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
30942:
30943: * visudo.c:
30944: fixed dummy command_matches()
30945: [93d9543db6e2]
30946:
30947: * parse.yacc:
30948: fixed prototype
30949: [7b0addfbd429]
30950:
30951: * sudo.h:
30952: added cmnd_args
30953: [8f47c4ae65ef]
30954:
30955: * parse.yacc:
30956: now uses flat args string
30957: [016e65877da3]
30958:
30959: * parse.c, parse.lex:
30960: now uses flat arg string
30961: [5b5f2e3f4c09]
30962:
30963: * visudo.c:
30964: added cmnd_args def
30965: [876867134775]
30966:
30967: * sudo.c:
30968: now sets cmnd_args global
30969: [e6fee70cb59b]
30970:
30971: * logging.c:
30972: cmnd_args is now exported from sudo.[ch]
30973: [7a9cd36e356f]
30974:
30975: 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
30976:
30977: * parse.yacc:
30978: can't rely on cmnd_matches as much as I thought -- added some $$
30979: stuff back in to prevent namespace pollution problems.
30980: [3c45fedb5af3]
30981:
30982: * parse.yacc:
30983: Simplified parse rules wrt runas and NOPASSWD (more consistent).
30984: [e6d838c8a4c7]
30985:
30986: 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
30987:
30988: * parse.lex:
30989: NOPASSWD may now have blanks before the ':' '(' only starts a
30990: 'runas' if in the initial state to avoid collision with command args
30991: [c5c01172f499]
30992:
30993: * configure.in:
30994: added checks for specific shadow passwd schemes
30995: [b7e3d1f7b84f]
30996:
30997: * aclocal.m4:
30998: added routines to check for specific shadow passwd types
30999: [e5e1d19960a6]
31000:
31001: 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
31002:
31003: * configure.in:
31004: added support for ncr boxen
31005: [bea9dc5aae7f]
31006:
31007: * aclocal.m4:
31008: added support for detecting ncr boxen
31009: [8653a158a924]
31010:
31011: 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
31012:
31013: * configure.in:
31014: added sinix support
31015: [5de2b2173ee1]
31016:
31017: 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
31018:
31019: * TROUBLESHOOTING:
31020: added info about "config.cache from other other" error.
31021: [845b10198e0b]
31022:
31023: * aclocal.m4:
31024: now makes sure you don't have a config.cache file from another OS
31025: [4fe32571c021]
31026:
31027: * configure.in:
31028: now sets $LIBS when needed to configure links with libs when doing
31029: tests hpux10 now uses SPW_SECUREWARE for C2 added check for
31030: bigcrypt(3) if SPW_SECUREWARE
31031: [2df6b8ca538f]
31032:
31033: * getspwuid.c:
31034: fixed typo
31035: [fe1cb1d792d6]
31036:
31037: * tgetpass.c:
31038: now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
31039: [f71138372c07]
31040:
31041: * getspwuid.c:
31042: no more SPW_HPUX10
31043: [cfdeb18bc16b]
31044:
31045: * config.h.in:
31046: no more SPW_HPUX10 added HAVE_BIGCRYPT
31047: [00d296479a61]
31048:
31049: * compat.h:
31050: now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
31051: [6c6d9e680417]
31052:
31053: * check.c:
31054: SPW_SECUREWARE now uses bigcrypt
31055: [be71fc66690f]
31056:
31057: 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
31058:
31059: * sample.sudoers:
31060: fixed 2 syntax errors
31061: [45eee19ef4ac]
31062:
31063: * sudoers:
31064: root may now run ALL as ALL
31065: [1b54c6b9b212]
31066:
31067: 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
31068:
31069: * interfaces.c:
31070: fixed a typo/thinko that broke BSD's with sa_len
31071: [603438360126]
31072:
31073: 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
31074:
31075: * check.c, configure.in:
31076: updated AFS support
31077: [e572eb8d177a]
31078:
31079: * TROUBLESHOOTING:
31080: added entry about /usr/ucb/cc
31081: [025b353aa9d3]
31082:
31083: * INSTALL:
31084: prep no longer holds gcc binaries
31085: [8b0942958049]
31086:
31087: * INSTALL:
31088: updated AFS note
31089: [7af6efd5abe4]
31090:
31091: * Makefile.in:
31092: added @AFS_LIBS@
31093: [97b6fe6ad7d6]
31094:
31095: * compat.h:
31096: AFS allows long passwords
31097: [5fb17122c302]
31098:
31099: * testsudoers.c:
31100: fixed -u user support
31101: [b1a0c1648639]
31102:
31103: * parse.c:
31104: sudo -v now groks VALIDATE_OK_NOPASS
31105: [74fc03fffe7e]
31106:
31107: * parse.yacc:
31108: fixed no_passwd vs. runas_matched
31109: [549a9b791a6a]
31110:
31111: * TROUBLESHOOTING:
31112: took out stuff about NFS-mounting since it is no longer an issue
31113: [d95ab7fbbc61]
31114:
31115: * INSTALL:
31116: added --with-libraries > --with-libpath --with-incpath
31117: [d5d15a7a0f4c]
31118:
31119: * parse.yacc:
31120: was setting runas_matches to -1 in wrong place
31121: [db2b1deb8d33]
31122:
31123: * check.c:
31124: removed usersec.h which is not present in new AFS versions
31125: [618b016dd17f]
31126:
31127: * tgetpass.c:
31128: now deals with timeout <= 0
31129: [ba53a1257255]
31130:
31131: * OPTIONS:
31132: updated
31133: [75093bd8fdca]
31134:
31135: * configure.in:
31136: BSD/OS >= 2.0 now uses shlicc instead of just gcc
31137: [ff6dbf7825c2]
31138:
31139: * sudo.c:
31140: fixed backwards compatibility with sudo 1.4 sudoers mode for root
31141: readable/writable filesystems
31142: [2694ed627221]
31143:
31144: * Makefile.in:
31145: now gives INSTALL -c flag
31146: [63db055a2fd1]
31147:
31148: * parse.yacc:
31149: slightly simpler initialization of no_passwd and runas_matches
31150: [463a1b5fa323]
31151:
31152: * testsudoers.c:
31153: added -u username support
31154: [38b072fcd6b3]
31155:
31156: * configure.in:
31157: improved --with-libraries support
31158: [047dbc5f0af2]
31159:
31160: 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
31161:
31162: * configure.in:
31163: added --with-incpath, --with-libpath, --with-libraries
31164: [20f20d6c718c]
31165:
31166: * parse.yacc:
31167: now initializes some fields that weren't getting set to -1 pretty
31168: gross -- need a rewrite.
31169: [021c160390c6]
31170:
31171: 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
31172:
31173: * alloca.c:
31174: removed emacs'isms
31175: [9d4ec2efe057]
31176:
31177: * configure.in:
31178: no longer add -lPW to *_LIBS since we include alloca.c
31179: [a626d1bbea80]
31180:
31181: * config.h.in:
31182: added HAVE_ALLOCA_H
31183: [15491e2a6cff]
31184:
31185: * Makefile.in:
31186: added alloca.c
31187: [0400f25e1fe4]
31188:
31189: * alloca.c:
31190: Initial revision
31191: [06d033aa4882]
31192:
31193: * configure.in:
31194: ++version
31195: [f52c0fb98f90]
31196:
31197: 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
31198:
31199: * sudo.c:
31200: now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
31201: not always set to a valid uid.
31202: [c2669f77704d]
31203:
31204: * OPTIONS:
31205: fixed entry for SUDO_MODE
31206: [d7272f6035b8]
31207:
31208: * sudo.c:
31209: Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
31210: being set to -2. Now beat NFS to the punch and set uid to "nobody"
31211: ourselves, preserving group 0 to read sudoers.
31212: [b1fbc5dd1e34]
31213:
31214: * parse.c:
31215: moved set_perms(PERM_ROOT) to be before yyparse()
31216: [7619d8080735]
31217:
31218: * logging.c:
31219: fixed a typo
31220: [318acc48cde0]
31221:
31222: * configure.in:
31223: no longer need AC_PROG_INSTALL
31224: [de01b1336dc8]
31225:
31226: * Makefile.in:
31227: always use install-sh to avoid install(1)'s that use get{pw,gr}nam
31228: [ea2351986406]
31229:
31230: * INSTALL:
31231: make clean -> make distclean
31232: [704a98e8ba10]
31233:
31234: 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
31235:
31236: * parse.yacc:
31237: removed some unnecsary if's
31238: [f00db6508132]
31239:
31240: * Makefile.in, version.h:
31241: ++version
31242: [bdb6740b24c8]
31243:
31244: * parse.c, testsudoers.c:
31245: now includes netgroup.h
31246: [93f5a06352bc]
31247:
31248: * interfaces.c:
31249: removed cats of ioctl to int since they didn't shut up -Wall
31250: [83e9f912cd7a]
31251:
31252: * interfaces.c:
31253: explicately cast ioctl() to int since it it not always declared
31254: [2ff9294e469e]
31255:
31256: * sudo.h:
31257: added declarations for yyparse() and yylex()
31258: [6071321ab771]
31259:
31260: * parse.yacc:
31261: fixed an occurence of '==' -> '='
31262: [2c46d2e11d57]
31263:
31264: * config.h.in, configure.in:
31265: added check for netgroup.h
31266: [73403050f4e3]
31267:
31268: * sudo.c:
31269: fixed 2 compiler warnings
31270: [680929b0bd97]
31271:
31272: * sudo.c:
31273: SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
31274: initialized
31275: [18707ecd07c2]
31276:
31277: 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
31278:
31279: * sudo.pod:
31280: fixed a typo
31281: [e4b5c12aa130]
31282:
31283: 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
31284:
31285: * parse.yacc:
31286: fixed a formatting thingie
31287: [c79327b6f19b]
31288:
31289: * parse.c, parse.yacc:
31290: fixed -u support with multiple user lists on a line
31291: [e4d1066adca2]
31292:
31293: * configure.in:
31294: unixware needs -lgen
31295: [b5bf9bca63cc]
31296:
31297: * README:
31298: updated ftp location
31299: [b25a033f7921]
31300:
31301: * sudoers.pod:
31302: add net_addr/netmask support
31303: [674e83516d1e]
31304:
31305: * sample.sudoers:
31306: added net_addr/mask example
31307: [774878e89b28]
31308:
31309: * parse.c, parse.lex:
31310: added support for net_addr/netmask
31311: [e33de27325d8]
31312:
31313: 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
31314:
31315: * sudoers.pod:
31316: ^ -> !
31317: [1a084950d6ef]
31318:
31319: 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
31320:
31321: * RUNSON:
31322: updated for 1.4.3
31323: [c82019025d09]
31324:
31325: * CHANGES:
31326: udpated for 1.4.3
31327: [ceaa81adb8f0]
31328:
31329: * BUGS, TODO, TROUBLESHOOTING:
31330: updated
31331: [ff94fae4b853]
31332:
31333: * sample.sudoers:
31334: updated with examples of new stuff
31335: [99d0b4cb4c9c]
31336:
31337: * INSTALL, README:
31338: ++version
31339: [b763b80fe836]
31340:
31341: * sudoers.pod:
31342: updated wrt -u and NOPASSWD
31343: [0b5b722ea0f4]
31344:
31345: * sudo.pod:
31346: updated wrt -u and CAVEATS
31347: [71d5d53b5d18]
31348:
31349: 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
31350:
31351: * sudo.c:
31352: fixed usage()
31353: [114c7d09b550]
31354:
31355: * parse.lex:
31356: now use :foo: character classes (makes no diff for generated lexer)
31357: [7b0aeb737a02]
31358:
31359: 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
31360:
31361: * check.c:
31362: fixed LONG_SKEY_PROMPT stuff
31363: [0efe78b4bdda]
31364:
31365: 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
31366:
31367: * visudo.c:
31368: fixed a comment
31369: [3d289017104b]
31370:
31371: * lsearch.c:
31372: make more like NetBSD one -- now compiles w/o warnings
31373: [932206296a54]
31374:
31375: * emul/search.h:
31376: fixed decls of lsearch()
31377: [c58cf4584c45]
31378:
31379: * config.h.in, configure.in, getspwuid.c:
31380: added SPW_HPUX10
31381: [d74e5eaa5f17]
31382:
31383: * check.c:
31384: hpux 10 uses bigcrypt() if C2
31385: [359eb63f4021]
31386:
31387: 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
31388:
31389: * parse.c:
31390: now always uses fnmatch to match args
31391: [a9d91f35256a]
31392:
31393: * tgetpass.c:
31394: back to using stdio instead of raw i/o since that caused some
31395: problems
31396: [e7ce2bc92974]
31397:
31398: 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
31399:
31400: * sudo.c:
31401: now give usage warning if use -l,-v,-k with args
31402: [6b48180c4fea]
31403:
31404: 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
31405:
31406: * sudo.c:
31407: NewArgc is now set to 1 for -l, -v, -k
31408: [7497cb1416a8]
31409:
31410: * sudo.c:
31411: now sets sudoers to correct group if mode is 0400
31412: [484c43d99718]
31413:
31414: * install-sh:
31415: updated to version used by inn and bind
31416: [28683ad8725a]
31417:
31418: * configure.in:
31419: now uses -lgnumalloc if it exists
31420: [3651ca4415a2]
31421:
31422: * Makefile.in:
31423: "make install" now sets uid/gid and mode on sudoers if it exists
31424: [1f5216191ae9]
31425:
31426: * sudo.c:
31427: rmeoved debugging statements
31428: [aeda278e2c26]
31429:
31430: * parse.yacc:
31431: added a missing free()
31432: [592c9482a159]
31433:
31434: * sudo.c:
31435: now uses user_gid instead of getegid (which was wrong anyway) to set
31436: SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
31437: (logging.c depends on args being in the environment)
31438: [9f5328a3b942]
31439:
31440: * logging.c:
31441: now uses SUDO_COMMAND envariable to get command args rather than
31442: building it up again.
31443: [7f8edc5bccb7]
31444:
31445: * parse.c:
31446: now uses user_gid
31447: [4b9303ae45fe]
31448:
31449: * sudo.c:
31450: fixed off by one error in allocation NewArgv
31451: [921ea1a4e7c6]
31452:
31453: * parse.c:
31454: in sudoers, 'command ""' now means command with no args
31455: [a5273648ace2]
31456:
31457: * configure.in:
31458: added check for fnmatch(3) and fnmatch.h
31459: [258916a7866f]
31460:
31461: * config.h.in:
31462: added HAVE_FNMATCH
31463: [b9860d361e93]
31464:
31465: * Makefile.in:
31466: replaced wildcat.* with fnmatch.*
31467: [03ad9ee21a1c]
31468:
31469: * testsudoers.c:
31470: now uses fnmatch()
31471: [5a7f7de987a9]
31472:
31473: 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
31474:
31475: * parse.c:
31476: now uses fnmatch() instead of wildmat a trailing star (*) by itself
31477: now matches multiple args added support for wildcards in the
31478: pathname in sudoers
31479: [1f7fb950b868]
31480:
31481: 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
31482:
31483: * fnmatch.c:
31484: now includes compat.h and config.h
31485: [090206b95cf8]
31486:
31487: * config.h.in:
31488: added HAVE_FNMATCH_H
31489: [90eb42150173]
31490:
31491: * configure.in:
31492: now checks for alloca() (if needed by bison or dce) and links with
31493: -lPW if it contains alloca() and libv and compiler do not.
31494: [cfa2b3cef49a]
31495:
31496: * emul/fnmatch.h, fnmatch.3, fnmatch.c:
31497: Initial revision
31498: [20b1f762a32a]
31499:
31500: 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
31501:
31502: * sudo.c:
31503: now fixes mode on sudoers if set to 0400 to aid in upgrade
31504: [d4bdfd521820]
31505:
31506: 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
31507:
31508: * Makefile.in:
31509: fixed pod2man usage
31510: [5adf2ec77b27]
31511:
31512: * Makefile.in, configure.in, version.h:
31513: ++version
31514: [b4029de876d0]
31515:
31516: * testsudoers.c, visudo.c:
31517: runas_user is now initialized to "root"
31518: [8537d97bff39]
31519:
31520: * sudo.h:
31521: removed PERM_FULL_ROOT
31522: [241f8bbf647f]
31523:
31524: * sudo.c:
31525: runas_user defaults to "root" so no more need to PERM_RUNAS
31526: [fc0c0dfc72ba]
31527:
31528: * parse.c:
31529: will now only running commands as root if there was no runas list
31530: (or if root is in the runas list)
31531: [40c587666c81]
31532:
31533: * logging.c:
31534: now logs "USER=%s"
31535: [b733504c87fd]
31536:
31537: * parse.yacc:
31538: runas_matches is now set to false if we get a negative match
31539: [5495b150b300]
31540:
31541: * parse.lex:
31542: make #uid work + some minor cleanup
31543: [07851bbce03a]
31544:
31545: * sample.sudoers:
31546: added support for NOPASSWD and "runas" from garp@opustel.com /
31547: [7a9c67b51fa5]
31548:
31549: * visudo.c:
31550: added support for "runas" from garp@opustel.com replaced
31551: SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
31552: SUDOERS_MODE
31553: [e714209b9885]
31554:
31555: * testsudoers.c:
31556: added support for "runas" from garp@opustel.com
31557: [b837f856da10]
31558:
31559: * sudo.h:
31560: added support for NO_PASSWD and runas from garp@opustel.com replaced
31561: SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
31562: fro SUDOERS_MODE
31563: [cea6f26679b7]
31564:
31565: * sudo.c:
31566: added support for NO_PASSWD and runas from garp@opustel.com replaced
31567: SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
31568: SUDOERS_MODE
31569: [61b5434237c5]
31570:
31571: * parse.yacc:
31572: added support for NO_PASSWD and runas from garp@opustel.com
31573: [72ebd3056f22]
31574:
31575: * parse.c, parse.lex:
31576: added support for NO_PASSWD and runas from garp@opustel.com
31577: [fef6dbdd114d]
31578:
31579: * logging.c:
31580: added support for SUDOERS_WRONG_MODE and "runas"
31581: [e794efc2b443]
31582:
31583: * configure.in:
31584: added --with-CC only link with -lshadow on linux (with shadow pw) if
31585: libc lacks getspnam()
31586: [3ecf4ae21002]
31587:
31588: * OPTIONS, options.h:
31589: removed NO_PASSWD since it is not possible to do this in the sudoers
31590: file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
31591: SUDOERS_GID. Added SUDOERS_MODE.
31592: [2eaa4891ef48]
31593:
31594: * Makefile.in:
31595: now uses SUDOERS_UID and SUDOERS_GID
31596: [8d615f0fdb2a]
31597:
31598: 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
31599:
31600: * INSTALL:
31601: added --with-CC
31602: [a1b8286a81b8]
31603:
31604: 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
31605:
31606: * parse.lex:
31607: added double quote support
31608: [a5e4fc7e3a2b]
31609:
31610: * sudoers.pod:
31611: documented double quoting
31612: [c6ea47969a44]
31613:
31614: 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
31615:
31616: * mkinstalldirs:
31617: Initial revision
31618: [dcb86d65ad8f]
31619:
31620: * check.c:
31621: fixed some indentation
31622: [4d1c5ab8072b]
31623:
31624: * Makefile.in:
31625: fixed a typo
31626: [0d27eebc7227]
31627:
31628: * Makefile.in:
31629: added install-dirs .
31630: [f499b99b8be7]
31631:
31632: 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
31633:
31634: * dce_pwent.c:
31635: new version from "Jeff A. Earickson" <jaearick@colby.edu>
31636: [422481be5fbd]
31637:
31638: 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
31639:
31640: * configure.in:
31641: $CSOPS -> $with_csops (whoops, missed one)
31642: [b04c6948130e]
31643:
31644: * BUGS:
31645: updated
31646: [c4d5713e227d]
31647:
31648: * parse.lex:
31649: FQHOST now has same constraints as non-FQHOST
31650: [e1c3bf2381d1]
31651:
31652: * INSTALL:
31653: added note about OS's w/ shadow passwords turned on by default
31654: [166257f43be4]
31655:
31656: 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
31657:
31658: * configure.in:
31659: fixed a typo
31660: [e5c3e2e9a359]
31661:
31662: * configure.in:
31663: added support for --without-THING sanitized shadow pw situtation by
31664: adding support for
31665: --without-C2
31666: [65dc6bf64cce]
31667:
31668: * tgetpass.c:
31669: fixed a typo wrt placement of an end paren
31670: [a8780f818231]
31671:
31672: * check.c:
31673: was closing an fd that may not have been opened
31674: [760271c7bdc9]
31675:
31676: 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
31677:
31678: * OPTIONS, options.h, sudo.c:
31679: added NO_PASSWD
31680: [28ff1dc93d7a]
31681:
31682: 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
31683:
31684: * configure.in:
31685: now always use shadow pw on some arches
31686: [069161ccffda]
31687:
31688: 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
31689:
31690: * configure.in:
31691: added pyramid support
31692: [a0eb57a3a531]
31693:
31694: * configure.in:
31695: no longer check for C2 if alternate passwd method is used no longer
31696: check for some libs twice
31697: [2d0c3c902b40]
31698:
31699: * parse.yacc:
31700: moved fqdn stuff into parse.lex (FQHOST)
31701: [d9c9abd481d8]
31702:
31703: * parse.lex:
31704: added FQHOST rules
31705: [4a1695acff6d]
31706:
31707: * tgetpass.c:
31708: now define TCSASOFT in necesary
31709: [3fac2e21c9ab]
31710:
31711: * tgetpass.c:
31712: now uses read/write instead of stdio string goop to avoid problems
31713: with select(2)
31714: [67fd174e518c]
31715:
31716: * OPTIONS, find_path.c, options.h:
31717: -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
31718: [d05ba5100d28]
31719:
31720: 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
31721:
31722: * INSTALL:
31723: added note about no shadow auto-detect if using alternate auth
31724: schemes
31725: [b425592232a3]
31726:
31727: * configure.in:
31728: don't check for C2 if AFS or DCE (unless they said --with-C2)
31729: [61342962171a]
31730:
31731: * testsudoers.c:
31732: now groks shost
31733: [85dda17303f6]
31734:
31735: * OPTIONS, find_path.c, options.h:
31736: added NO_DOT_PATH
31737: [c261ca1fb196]
31738:
31739: 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
31740:
31741: * find_path.c:
31742: checkdot now works correctly
31743: [3bc4835bb3e9]
31744:
31745: 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
31746:
31747: * configure.in:
31748: can't have DCE and C2 passwords both...
31749: [fb9a8ab7ca66]
31750:
31751: 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
31752:
31753: * parse.yacc, sudo.c, sudo.h, visudo.c:
31754: now uses shost even if not FQDN
31755: [87f7498b3a1f]
31756:
31757: * configure.in:
31758: now looks for skey in /usr/lib and doesn't require libskey to be in
31759: /usr/local/lib just because skey.h is (for my netbsd box :-)
31760: [ceb1763e37d2]
31761:
31762: * aclocal.m4, config.h.in, pathnames.h.in:
31763: _SUDO_PATH_ -> _CONFIG_PATH_
31764: [84d97ad13d75]
31765:
31766: * aclocal.m4, sudo.pod:
31767: /var/run/.odus -> /var/run/sudo
31768: [922da220b8f5]
31769:
31770: * pathnames.h.in:
31771: now uses _SUDO_PATH_TIMEDIR
31772: [5ecab0155fdf]
31773:
31774: * OPTIONS:
31775: udpated FQDN
31776: [361b6f7440c0]
31777:
31778: * aclocal.m4, configure.in:
31779: added SUDO_TIMEDIR
31780: [368c95c8c950]
31781:
31782: * config.h.in:
31783: added _SUDO_PATH_TIMEDIR
31784: [3879864d808c]
31785:
31786: * sudo.pod:
31787: updated wrt /var/run/sudo
31788: [9e14f2a429d3]
31789:
31790: * sudo.c, sudo.h:
31791: added support for shost if FQDN
31792: [51a3f51a09a1]
31793:
31794: * parse.yacc, visudo.c:
31795: now uses shost if FQDN
31796: [d19da2e92b42]
31797:
31798: * check.c:
31799: Now use skeylookup() instead off skeychallenge()
31800: [4c7438bb2ae0]
31801:
31802: 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
31803:
31804: * logging.c:
31805: mail_argv should not contain ALERTMAIL as it includes "-t"
31806: [67ffaaa8f843]
31807:
31808: 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
31809:
31810: * INSTALL, Makefile.in, README, configure.in, version.h:
31811: ++version
31812: [e08fd4a809fc]
31813:
31814: * compat.h:
31815: added more _PASSWD_LEN stuff -- now uses PASS_MAX too
31816: [2f20c3153689]
31817:
31818: * tgetpass.c:
31819: now includes limits.h moved _PASSWD_LEN -> compat.h
31820: [b1ca3cafdacc]
31821:
31822: 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
31823:
31824: * INSTALL, README:
31825: ++version
31826: [3eacf32803f5]
31827:
31828: * Makefile.in:
31829: ++versoin
31830: [3b91c317630a]
31831:
31832: * Makefile.in:
31833: fixed a typo
31834: [3661ac4a7803]
31835:
31836: * configure.in:
31837: ++version
31838: [60e842973745]
31839:
31840: 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
31841:
31842: * RUNSON:
31843: updated
31844: [def2c3c24195]
31845:
31846: * CHANGES:
31847: done for 1.4.1 (I hope)
31848: [2ab543769a40]
31849:
31850: * sudoers.pod:
31851: added info on wildcards
31852: [ce3bd41bc063]
31853:
31854: * sample.sudoers:
31855: added wildcard example
31856: [762feb0577bd]
31857:
31858: * Makefile.in:
31859: now uses *.pod to build *.man and *.cat & *.html
31860: [3ec14962028b]
31861:
31862: * configure.in:
31863: addedSUDO_PROG_BSHELL !ll
31864: [3c80b320bf16]
31865:
31866: * visudo.pod:
31867: fixed up some formatting
31868: [12166c434526]
31869:
31870: * sudoers.pod:
31871: redid section describing sample sudoers stuff
31872: [b8065cceec71]
31873:
31874: * sudo.pod:
31875: fixed some formatting
31876: [aa9a681add0f]
31877:
31878: * getspwuid.c:
31879: now treats "" as bourne shell
31880: [30194a72ad56]
31881:
31882: * Makefile.in:
31883: TESTOBJS nwo includes wildmat.o
31884: [86cc6500f84d]
31885:
31886: * testsudoers.c:
31887: now works with NewArg[cv]
31888: [2f72674ce942]
31889:
31890: * sudo.c:
31891: removed an XXX (fixed it in getspwuid.c)
31892: [e791ee0d1a68]
31893:
31894: * aclocal.m4:
31895: added check for bourne shell
31896: [a2fd51676b8a]
31897:
31898: * pathnames.h.in:
31899: added _PATH_BSHELL
31900: [e7c10011d47b]
31901:
31902: * config.h.in:
31903: added _SUDO_PATH_BSHELL
31904: [6a1182898de9]
31905:
31906: 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
31907:
31908: * visudo.c:
31909: unixware vi returns 256 instead of 0
31910: [234ffc7c6786]
31911:
31912: * INSTALL:
31913: added Linux note
31914: [5f85efcd2b58]
31915:
31916: * logging.c:
31917: fixed up some XXX's. file log format now looks a little more like
31918: real syslog(3) format.
31919: [6df55707bfc3]
31920:
31921: * README, TROUBLESHOOTING:
31922: updated wrt lex/flex
31923: [eb787d69156b]
31924:
31925: * Makefile.in:
31926: commented out rule to build lex.yy.c from parse.lex since we ship
31927: with a pre-flex'd parser
31928: [7507e2ce4a95]
31929:
31930: * parse.c, parse.yacc, visudo.c:
31931: path_matches -> command_matches
31932: [0bd469424f86]
31933:
31934: * logging.c:
31935: eliminated some strcat()'s
31936: [9878a79bc374]
31937:
31938: * configure.in:
31939: no longer checks for lex/flex (now assumes flex)
31940: [a086ccc73798]
31941:
31942: * configure.in:
31943: now checks for $kerb_dir_candidate/krb.h instead of just
31944: kerb_dir_candidate
31945: [9133bc3c5208]
31946:
31947: 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
31948:
31949: * parse.yacc:
31950: now use a 'hook' expression instead of an iffy one :-)
31951: [9560df01b8c0]
31952:
31953: 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
31954:
31955: * visudo.c:
31956: now works with new sudo arg stuff
31957: [310a0d43ddad]
31958:
31959: * parse.yacc:
31960: fixed dereferencing deadbeef
31961: [474ef8a8006b]
31962:
31963: * sudo.c:
31964: changed an occurrence of Argv to NewArgv
31965: [205b012b7691]
31966:
31967: * parse.lex:
31968: took out support for quoted commands since there is no need...
31969: [5c5036d353b1]
31970:
31971: * parse.c:
31972: fixed a typo in a for() loop
31973: [7e8d5283c43b]
31974:
31975: * logging.c:
31976: protected against dereferencing rogue pointers
31977: [56debd517717]
31978:
31979: * sudo.c:
31980: now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
31981: also allows us to eliminate some kludges in parse_args() and
31982: eliminate superfluous code.
31983: [5122f66ad150]
31984:
31985: * logging.c:
31986: no longer uses cmnd_args, now uses NewArgv instead.
31987: [abddd23cf068]
31988:
31989: * sudo.h:
31990: added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
31991: (no longer used)
31992: [78410984fb05]
31993:
31994: * Makefile.in:
31995: added wildmat.c to SRCS & SUDOBJS
31996: [3800efb41794]
31997:
31998: * parse.yacc:
31999: COMMAND is now a struct containing the path and args
32000: [5c32822c5b94]
32001:
32002: * parse.lex:
32003: replaced append() with fill_cmnd() and fill_args. command args from
32004: a sudoers entry are now stored in an arrary for easy matching.
32005: [a981d7f4eb0d]
32006:
32007: * parse.c:
32008: command line args from sudoers file are now in an array like ones
32009: passed in from the command line
32010: [1d9e37e84519]
32011:
32012: 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
32013:
32014: * parse.c:
32015: wildwat stuff now works
32016: [49d16488531f]
32017:
32018: 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
32019:
32020: * version.h:
32021: ++version
32022: [53e55463ef89]
32023:
32024: * Makefile.in:
32025: ++version added wildmat.*
32026: [0508297a4711]
32027:
32028: 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
32029:
32030: * parse.lex:
32031: added support for quoted commands (w/ or w/o args)
32032: [b9a637155673]
32033:
32034: 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
32035:
32036: * sudo.pod, visudo.pod:
32037: cleaned up formatting
32038: [4591d4195437]
32039:
32040: * sudo.pod, visudo.pod:
32041: Initial revision
32042: [7564a8242750]
32043:
32044: 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
32045:
32046: * sudoers.pod:
32047: looks reasonable, could be mroe readable
32048: [a5be2d19d9e0]
32049:
32050: * sudoers.pod:
32051: Initial revision
32052: [957888be31a6]
32053:
32054: 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
32055:
32056: * RUNSON:
32057: updated
32058: [633743aa924b]
32059:
32060: * OPTIONS:
32061: updated NO_ROOT_SUDO entry
32062: [f1c15b1dec9e]
32063:
32064: 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
32065:
32066: * RUNSON:
32067: *** empty log message ***
32068: [5b63de579ff7] [SUDO_1_4_0]
32069:
32070: * sudo.c:
32071: fixed SECURE_PATH
32072: [6002889f606d]
32073:
32074: * RUNSON:
32075: udpa`ted for 1.4
32076: [6014a8592815]
32077:
32078: * configure.in:
32079: AIX aixcrypt.exp now uses $(srcdir)
32080: [b0d57674fef4]
32081:
32082: * TROUBLESHOOTING:
32083: added entry for anal ansi compilers
32084: [4193cec1c6b1]
32085:
32086: 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
32087:
32088: * INSTALL:
32089: added info on libcrypt_i for SCO
32090: [575497d56698]
32091:
32092: * TODO:
32093: *** empty log message ***
32094: [d0aaf67b9913]
32095:
32096: * sample.sudoers:
32097: added comments
32098: [a7773f7eda8d]
32099:
32100: * TODO:
32101: 1.4 release
32102: [1dade29e9fd9]
32103:
32104: * CHANGES:
32105: ++version
32106: [67241be40780]
32107:
32108: * INSTALL, OPTIONS, README, config.h.in, configure.in:
32109: ++version
32110: [2e0a37897f68]
32111:
32112: * BUGS:
32113: ++version and fixed ISC
32114: [78963f01a0e3]
32115:
32116: * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
32117: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
32118: insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
32119: sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
32120: visudo.c:
32121: ++version
32122: [b6227f29b3d9]
32123:
32124: * interfaces.c:
32125: added STUB_LOAD_INTERFACES ++version
32126: [d8150a3fd577]
32127:
32128: * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
32129: version.h:
32130: ++version
32131: [da9e90e69bdc]
32132:
32133: * PORTING:
32134: added info about fd_set in tgetpass added info on interfaces.c
32135: [a39902febd17]
32136:
32137: 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
32138:
32139: * dce_pwent.c:
32140: added sudo header
32141: [fc0f2c48682e]
32142:
32143: * tgetpass.c:
32144: fixed a typo
32145: [43d40b72ee8f]
32146:
32147: * Makefile.in:
32148: tgetpass.o is now only linked in with sudo (not visudo)
32149: [7407c5ff11f8]
32150:
32151: 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
32152:
32153: * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
32154: configure.in:
32155: ++version
32156: [9b82ad805d6b]
32157:
32158: * emul/utime.h:
32159: added copyright notice
32160: [4380f16cd075]
32161:
32162: * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
32163: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
32164: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
32165: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
32166: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
32167: ++version
32168: [32717fdb5d05]
32169:
32170: * tgetpass.c:
32171: minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
32172: [326864428da2]
32173:
32174: * configure.in:
32175: ISC now gets -lcrypt now check for sys/bsdtypes.h
32176: [e064799c054b]
32177:
32178: * config.h.in:
32179: added check for sys/bsdtypes.h
32180: [9adb9533c363]
32181:
32182: 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
32183:
32184: * parse.yacc:
32185: removed debugging stuff (setting freed ptr to NULL)
32186: [02fe8eec63a0]
32187:
32188: * TROUBLESHOOTING:
32189: added 2 entries
32190: [02884e2733e2]
32191:
32192: * Makefile.in:
32193: added FAQ
32194: [074d8dfcf28d]
32195:
32196: * TROUBLESHOOTING:
32197: added section on syslog
32198: [e6bc02a22b86]
32199:
32200: * configure.in:
32201: added AC_ISC_POSIX for better ISC support
32202: [8436b3e12af2]
32203:
32204: * config.h.in:
32205: fixed typo
32206: [f1b3922babf4]
32207:
32208: * config.h.in:
32209: added define for _POSIX_SOURCE
32210: [ded6d92b34f9]
32211:
32212: 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
32213:
32214: * configure.in:
32215: fixed check for lsearch()
32216: [75baa5bc28a3]
32217:
32218: 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
32219:
32220: * interfaces.c:
32221: fixed for AIX now deal if num_interfaces == 0 (should not happen)
32222: [ae450e859227]
32223:
32224: 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
32225:
32226: * configure.in:
32227: now only define HAVE_LSEARCH if there is a corresponding search.h
32228: [8ce645c5d17f]
32229:
32230: * interfaces.c:
32231: works on ISC again
32232: [ccac920d424c]
32233:
32234: 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
32235:
32236: * configure.in:
32237: now define HAVE_LSEARCH if we find lsearch() in libcompat
32238: [7343e4313a87]
32239:
32240: * lsearch.c:
32241: char * -> const char *
32242: [1c0b11c2300a]
32243:
32244: * configure.in:
32245: now looks in -lcompat for lsearch()
32246: [a1cc1d6fcd09]
32247:
32248: * Makefile.in:
32249: remove sudo.core visudo.core for clan target
32250: [b523456a85df]
32251:
32252: * aclocal.m4:
32253: added UID_MAX support in check for MAX_UID_T_LEN
32254: [7ab262b1173f]
32255:
32256: * Makefile.in:
32257: fixed another occurence of sudo_getpwuid.*
32258: [fb5809c07da2]
32259:
32260: * Makefile.in, getspwuid.c:
32261: sudo_getpwuid.c -> getspwuid.c
32262: [875f2ef808b4]
32263:
32264: * configure.in:
32265: moved the "echo"
32266: [ad7b8f966076]
32267:
32268: * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
32269: compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
32270: getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
32271: ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
32272: parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
32273: sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
32274: version.h, visudo.c:
32275: ++version
32276: [ee57c6410ffa]
32277:
32278: * testsudoers.c:
32279: added group support
32280: [54d8097df8bd]
32281:
32282: * sample.sudoers:
32283: added group entry
32284: [50994d31fd49]
32285:
32286: * sudoers.man:
32287: documented group support
32288: [0a16707f8fed]
32289:
32290: * parse.c, parse.lex, parse.yacc, visudo.c:
32291: added group support
32292: [427218c879c8]
32293:
32294: 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
32295:
32296: * check.c:
32297: tkfile was too short and overflowed the kerberos realm
32298: [53823a1ff5af]
32299:
32300: 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
32301:
32302: * sudo.c:
32303: now copy command args directly from Argv
32304: [77408278b6fd]
32305:
32306: * sudo.c:
32307: replaced code to copy cmnd_args so that is does not use realloc
32308: since most realloc()'s really stink
32309: [b29a0ff73fb6]
32310:
32311: 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
32312:
32313: * configure.in:
32314: syslog() fixed in hpux 10.01
32315: [2648e6f0cdb0]
32316:
32317: 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
32318:
32319: * configure.in:
32320: AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
32321: [8f108b8d8711]
32322:
32323: * configure.in:
32324: better error if cannot find skey incs or libs
32325: [5887662ee9d3]
32326:
32327: * aclocal.m4:
32328: now use a temp file for determining max len of uid_t in string form.
32329: the old hacky way broke on netbsd
32330: [b68f470fa9f8]
32331:
32332: * sudo.c:
32333: added set of parens and a space
32334: [8a3d4826d022]
32335:
32336: 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
32337:
32338: * dce_pwent.c:
32339: fixes from Jeff Earickson <jaearick@colby.edu> ,
32340: [bde0f0b756ec]
32341:
32342: * check.c:
32343: modified a comment
32344: [e2a97f1afbbe]
32345:
32346: * Makefile.in:
32347: fixed up testsudoers target
32348: [d39c4e7bb609]
32349:
32350: * configure.in:
32351: DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
32352: SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
32353: [da7a1c433828]
32354:
32355: * Makefile.in:
32356: LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
32357: VISUDO_LDFLAGS
32358: [4b69503e8487]
32359:
32360: 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
32361:
32362: * configure.in:
32363: fix for C2 on hpux 10 now uses -linet if it exists
32364: [8d300112263d]
32365:
32366: * check.c:
32367: LONG_SKEY_PROMPT is less of a klusge /
32368: [dcc144abaac3]
32369:
32370: * configure.in:
32371: fixed typos w/ dce stuff
32372: [f7dfd6d4e149]
32373:
32374: * Makefile.in:
32375: added dce_pwent.c
32376: [79047acdc516]
32377:
32378: 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
32379:
32380: * INSTALL:
32381: amended section on combining authentication mechanisms
32382: [dc5138c7c716]
32383:
32384: * PORTING:
32385: minor updates for 1.3.6
32386: [fe80c13bd994]
32387:
32388: * TROUBLESHOOTING:
32389: added 2 more entries
32390: [c7201439a0f5]
32391:
32392: * BUGS:
32393: updated for 1.3.6
32394: [979b414d2a2d]
32395:
32396: * README:
32397: overhauled
32398: [3af8b60eb594]
32399:
32400: * INSTALL:
32401: rewrote for sudo 1.3.6
32402: [b16027b9c726]
32403:
32404: * TROUBLESHOOTING:
32405: added 3 entries
32406: [934c9ee3f153]
32407:
32408: 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
32409:
32410: * find_path.c, getspwuid.c, sudo.c:
32411: added explict casts for strdup since many includes don't prototype
32412: it. gag me.
32413: [3e19a11f2fcc]
32414:
32415: * sudo.h:
32416: removed prototype for sudo_getpwuid() since convex C compiler choked
32417: on it.
32418: [c3ea74ca67b0]
32419:
32420: * sudo.c:
32421: added prototype for sudo_getpwuid()
32422: [4a8e3cdc2b98]
32423:
32424: * lsearch.c:
32425: now compiles on strict ANSI compilers
32426: [3ce5d72d0b08]
32427:
32428: * check.c:
32429: added LONG_SKEY_PROMPT support
32430: [48a18b8a2332]
32431:
32432: * Makefile.in:
32433: added extra $'s for make to eat up, yum.
32434: [2995b214e12b]
32435:
32436: * OPTIONS, options.h:
32437: added LONG_SKEY_PROMPT
32438: [f23ae799b5a4]
32439:
32440: 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
32441:
32442: * check.c:
32443: s/key support now works with normal s/key as well as logdaemon
32444: [d67573f523bf]
32445:
32446: * OPTIONS, options.h:
32447: added SKEY_ONLY
32448: [bbf07654e0de]
32449:
32450: * compat.h:
32451: set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
32452: [205895b96a36]
32453:
32454: * INSTALL:
32455: added DCE note added more AIX notes
32456: [6345403b3522]
32457:
32458: * sudo.c:
32459: now include pthread.h for DCE support
32460: [6fe02865f679]
32461:
32462: * check.c:
32463: dce_pwent() is ok after all .,
32464: [d26a8746a55d]
32465:
32466: * logging.c:
32467: now uses SYSLOG() macro that equates to either syslog() or
32468: syslog_wrapper
32469: [42ac4cff8045]
32470:
32471: * dce_pwent.c:
32472: minor formatting changes. renamed check() to somthing less generic
32473: [71859f217be1]
32474:
32475: * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
32476: visudo.c:
32477: now uses user_pw_ent and simple macros to get at the contents
32478: [f4cbf3e7145a]
32479:
32480: 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
32481:
32482: * check.c:
32483: simpler dec unix C2 support
32484: [86bc8f75250e]
32485:
32486: * getspwuid.c:
32487: now sets crypt_type for DEC unix C2
32488: [99aeadd18266]
32489:
32490: 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
32491:
32492: * configure.in:
32493: added csops paths for skey
32494: [b8ca672e2117]
32495:
32496: * getspwuid.c:
32497: now includes string.h for strdup() prototype
32498: [3605259c3620]
32499:
32500: * getspwuid.c:
32501: fixed a few typos
32502: [46c97e4ea417]
32503:
32504: * check.c:
32505: now includes skey.h
32506: [11e611ce1b61]
32507:
32508: * getspwuid.c:
32509: fixed up comments
32510: [223dac56f0c8]
32511:
32512: * check.c:
32513: moved a lot of the shadow passwd crap to sudo_getpwuid()
32514: [97d8887fb7d3]
32515:
32516: * sudo.c:
32517: now uses sudo_pw_ent
32518: [d014dadbef48]
32519:
32520: * testsudoers.c:
32521: now uses sudo_pw_ent
32522: [d92936ed7e34]
32523:
32524: * visudo.c:
32525: now sets sudo_pw_ent
32526: [ff75cdfcf8b3]
32527:
32528: * getspwuid.c:
32529: Initial revision
32530: [6deb6df9d7bc]
32531:
32532: * tgetpass.c:
32533: moved dce stuff into compat.h
32534: [1124284396e7]
32535:
32536: * logging.c, sudo.h:
32537: now uses sudo_pw_ent
32538: [404ff20a5067]
32539:
32540: * Makefile.in:
32541: added sudo_getpwuid.c
32542: [6666d0644512]
32543:
32544: * compat.h:
32545: added dce support
32546: [3c3b36a7ce0e]
32547:
32548: * parse.yacc:
32549: now uses sudo_pw_ent
32550: [9f5e8d11bd68]
32551:
32552: 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
32553:
32554: * check.c:
32555: fixed exempt_group stuff for OS's that don't put base gid in group
32556: vector
32557: [003f153bd396]
32558:
32559: * check.c:
32560: S/Key support now works with sunos4 shadow passwords
32561: [1eb64a5efff1]
32562:
32563: * Makefile.in:
32564: fixed clean rule
32565: [5695a2c62816]
32566:
32567: * config.h.in, configure.in:
32568: added DCE support
32569: [f53c766c1947]
32570:
32571: * tgetpass.c:
32572: DCE & KERB support
32573: [904cf436506a]
32574:
32575: * check.c:
32576: first stab at dce support
32577: [aea5ca07b1e3]
32578:
32579: * dce_pwent.c:
32580: now smells like sudo
32581: [8b3d609b49cd]
32582:
32583: * dce_pwent.c:
32584: Initial revision
32585: [b573555f2399]
32586:
32587: * check.c:
32588: skey'd sudo now works w/ normal password as well
32589: [8d038f9f6e94]
32590:
32591: 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
32592:
32593: * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
32594: getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
32595: ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
32596: parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
32597: sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
32598: version.h, visudo.c:
32599: updated version number
32600: [ba7e346d7904]
32601:
32602: * README:
32603: updated to reflect version change
32604: [1d15cf1d8cc8]
32605:
32606: * configure.in:
32607: --with options now line up ++version
32608: [08ebf625fbca]
32609:
32610: * sudo.h:
32611: removed unecesary S/Key stuff
32612: [68188cba90af]
32613:
32614: * configure.in:
32615: fixed S/Key support
32616: [f6d9cbc36618]
32617:
32618: * Makefile.in:
32619: -I stuff now goes in CPPFLAGS
32620: [7b8e53c5b046]
32621:
32622: * check.c:
32623: fixed SKey support
32624: [52c1a5cf4435]
32625:
32626: * README:
32627: updated version
32628: [bed6498a10bb]
32629:
32630: * OPTIONS:
32631: fixed description of EXEMPTGROUP
32632: [cfeead55edc2]
32633:
32634: * sudo.c:
32635: more people use _RLD_ than just alphas...
32636: [6a3c7090a6f6]
32637:
32638: * Makefile.in:
32639: replaced $man_prefix with $mandir
32640: [dc4b36a550e2]
32641:
32642: * configure.in:
32643: fixed a typo
32644: [a38a4acddcaf]
32645:
32646: * Makefile.in:
32647: now use more GNU'ish dir names
32648: [c5498391a520]
32649:
32650: * configure.in:
32651: now set *dir correctly (can override from command line)
32652: [523ff98fd438]
32653:
32654: * sudo.c:
32655: now deal with situations where we getwd() fails
32656: [88a9e61dccbb]
32657:
32658: 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
32659:
32660: * Makefile.in:
32661: added etc_dir, bin_dir, sbin_dir
32662: [75fd08d92842]
32663:
32664: * configure.in:
32665: added sbin_dir
32666: [3cb318c0d8d1]
32667:
32668: * Makefile.in:
32669: now ship a flex-generated lex.yy.c
32670: [4d083ed70dce]
32671:
32672: * Makefile.in:
32673: now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
32674: [4d51dc9c3780]
32675:
32676: * pathnames.h.in:
32677: _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
32678: [773fd163d52f]
32679:
32680: * options.h:
32681: no more error for redefining SUDOERS_OWNER
32682: [4ba336644c6a]
32683:
32684: * OPTIONS:
32685: expanded SUDOERS_OWNER section
32686: [12fae405759e]
32687:
32688: 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
32689:
32690: * visudo.c:
32691: now warn if chown(2) failed
32692: [d0d1db6e3a1f]
32693:
32694: * logging.c:
32695: better default warning for NO_SUDOERS_FILE
32696: [5260b458ac64]
32697:
32698: * sudo.c:
32699: added missing set_perms() no more cryptic message if the sudoers
32700: file is zero length, now just give a parse error
32701: [b81ea724838a]
32702:
32703: * logging.c:
32704: better diagnostics if NO_SUDOERS_FILE
32705: [877e878663c5]
32706:
32707: * sudo.c:
32708: check_sudoers() now catches sudoers files that are not readable (but
32709: are stat'able).
32710: [fea05663b3de]
32711:
32712: 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
32713:
32714: * configure.in:
32715: now add -D__STDC__ for convex cc (not gcc)
32716: [c80fc53ff51b]
32717:
32718: * configure.in:
32719: MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
32720: [fe238226a057]
32721:
32722: * Makefile.in:
32723: now uses exec_prefix & prefix from configure
32724: [f62fca5f56bd]
32725:
32726: * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
32727: parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
32728: utime.c, visudo.c:
32729: options.h is now <> instead of "" so shadow build trees can have a
32730: custom copy of options.h
32731: [e6782676099c]
32732:
32733: * check.c:
32734: user_is_exempt() is no longer a hack, it now uses getgrnam()
32735: [287f8d5356f7]
32736:
32737: * options.h:
32738: EXEMPTGROUP is now "sudo"
32739: [61487304dbe1]
32740:
32741: * configure.in:
32742: MAN_POSTINSTALL now contains a leading space
32743: [eaad4ac34012]
32744:
32745: * Makefile.in:
32746: removed leading tab if @MAN_POSTINSTALL@ not defined now removes
32747: testsudoers in clean:
32748: [e01711baceb8]
32749:
32750: * tgetpass.c:
32751: includes pwd.h to get _PASSWD_LEN definition
32752: [8ec174f263f1]
32753:
32754: 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
32755:
32756: * sudo.c:
32757: unset the KRB_CONF envariable if using kerberos so we don't get
32758: spoofed into using a bogus server
32759: [2561a0274fca]
32760:
32761: 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
32762:
32763: * parse.yacc:
32764: now explicately initialize match[] tp be FALSE
32765: [0e45e5c47766]
32766:
32767: 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
32768:
32769: * sudo.c:
32770: removed unused variable now passes -Wall
32771: [3452508bc16d]
32772:
32773: * parse.yacc:
32774: yyerror and dumpaliases are now void's now passes -Wall
32775: [2769dfb51993]
32776:
32777: * parse.lex:
32778: added prototype for yyerror
32779: [1f3f0c1b4ab4]
32780:
32781: * check.c, logging.c, parse.c:
32782: now passes -Wall
32783: [eab57e5e81d2]
32784:
32785: * interfaces.c:
32786: rmeoved unused cruft now passes -Wall
32787: [7a47e1866f4b]
32788:
32789: * Makefile.in:
32790: fixed headers that moved to emul dir
32791: [e680c1e5049b]
32792:
32793: * logging.c:
32794: fixed deref of nil pointer if no args
32795: [973b9bea432f]
32796:
32797: 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
32798:
32799: * OPTIONS:
32800: added a caveat to FQDN section
32801: [dcf6e2a5fff4]
32802:
32803: 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
32804:
32805: * Makefile.in:
32806: more $srcdir support for install targets
32807: [f6eac78436dd]
32808:
32809: * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
32810: strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
32811: don't include malloc.h if we include stdlib.h
32812: [fca2ff307cd8]
32813:
32814: * parse.yacc:
32815: local search.h now lives in emul
32816: [51c458904424]
32817:
32818: * check.c, utime.c:
32819: local utime.h now lives in emul dir
32820: [f92fc9e8c8de]
32821:
32822: * lsearch.c:
32823: local search.h now lives in emul
32824: [579efc407439]
32825:
32826: * Makefile.in:
32827: added support for building in other than the sourcedir
32828: [2ab53a43f7d4]
32829:
32830: 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
32831:
32832: * OPTIONS:
32833: annotated CSOPS_INSULTS option
32834: [9e57d45a0afa]
32835:
32836: * TROUBLESHOOTING:
32837: updated shadow passwords blurb
32838: [39b785bc7253]
32839:
32840: * sudo.c:
32841: if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
32842: passes along foo as the arguments
32843: [a91077aa8fc5]
32844:
32845: 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
32846:
32847: * parse.lex:
32848: collapsed pathname and dir sections into one -- its now less
32849: expensive
32850: [89caa03bec25]
32851:
32852: * parse.lex:
32853: fixed spacing quoting [,:\\=] now works correctly append() and
32854: fill() now take args to make the above work
32855: [09d023d9ef3a]
32856:
32857: * sudo.c:
32858: fixed a typo that caused commands with no tty on fd 0 but a tty on
32859: fd 1 to erroneously have "none" as their tty
32860: [07d2c0e7977c]
32861:
32862: 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
32863:
32864: * check.c:
32865: timestampfile is now a global static removed decl of timestampfile
32866: in remove_timestamp since we can just use the global one
32867: [f0cbdc6aab1c]
32868:
32869: * check.c:
32870: created touch() to update timestamps added USE_TTY_TICKETS support
32871: (bit of a kludge)
32872: [cee1dd0318f8]
32873:
32874: * compat.h:
32875: added _S_IFDIR and S_ISDIR
32876: [b4a51cc9628e]
32877:
32878: * OPTIONS, options.h:
32879: added USE_TTY_TICKETS
32880: [b4e22f81f25e]
32881:
32882: * parse.yacc:
32883: removed const from casts for lsearch() & lfind() to placate irix 4.x
32884: C compiler
32885: [5003081f76ea]
32886:
32887: 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
32888:
32889: * sudo.c:
32890: now only strip '/dev/' off of a tty if it starts with '/dev/'
32891: [7f62bcd24039]
32892:
32893: * pathnames.h.in:
32894: added _PATH_DEV
32895: [6375f44d1910]
32896:
32897: * configure.in:
32898: AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
32899: have termios.h
32900: [9c60391235fd]
32901:
32902: * tgetpass.c:
32903: fixed incorrect #ifdef termio uses "unsigned short" not int for
32904: c_?flag
32905: [d032e6a29845]
32906:
32907: * parse.lex, parse.yacc:
32908: fixed a spelling error
32909: [cad6a944c7b1]
32910:
32911: * Makefile.in:
32912: fixed typo
32913: [204a65403e7c]
32914:
32915: 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
32916:
32917: * Makefile.in:
32918: fixed a comment
32919: [268f760e57ad]
32920:
32921: * parse.yacc:
32922: added dotcat() to cat 2 strings w/ a dot effeciently now that we
32923: dynamically allocate strings they need to be free()'d
32924: [ec2e2152f415]
32925:
32926: * parse.lex:
32927: dynamically allocates space for strings
32928: [d10ac3533d66]
32929:
32930: * sudo.h:
32931: no more MAXCOMMANDLENGTH
32932: [e2e1219bff8a]
32933:
32934: * sudo.h:
32935: added decl of tty
32936: [c8ae81303ee5]
32937:
32938: * logging.c, sudo.c:
32939: moved tty stuff into sudo.c
32940: [e028abefeb07]
32941:
32942: 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
32943:
32944: * parse.c:
32945: fixed a logic bug. Was denying a command if user gave command line
32946: args but there were none in the sudoers file which is wrong.
32947: [7489a99b8e8a]
32948:
32949: * sudo.h:
32950: MAXCOMMMANDLEN dropped down to 1K
32951: [38ef54ba290b]
32952:
32953: * parse.lex:
32954: return foo; -> return(foo);
32955: [0e8be1b57001]
32956:
32957: * parse.yacc:
32958: fixed netgr_matches() prototype
32959: [e69f15910464]
32960:
32961: * parse.lex:
32962: added support for escaping "termination" characters
32963: [8bd4ef50f35c]
32964:
32965: * parse.c:
32966: buf is now of size MAXPATHLEN+1 since it never holds command args
32967: [2ce4b763058c]
32968:
32969: * sudo.c:
32970: fixed comments
32971: [0c74a3d2ebb0]
32972:
32973: * goodpath.c:
32974: fixed negation problem (doh!)
32975: [782814e3a2d1]
32976:
32977: * parse.yacc:
32978: fixed 2nd parameter to lfind()
32979: [63d7b1623c08]
32980:
32981: * parse.lex:
32982: now do bounds checking in fill() and append()
32983: [54381b563251]
32984:
32985: * sudo.c:
32986: include netdb.h as we should added a missing void cast added
32987: SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
32988: realloc actually moved the string instead of shrinking it
32989: [897ccdec9c06]
32990:
32991: * sample.sudoers:
32992: updated with examples of new features
32993: [9b3ed00e8aa6]
32994:
32995: * goodpath.c:
32996: now set errno to EACCES if not a regular file or not executable
32997: [2d069548a5ea]
32998:
32999: * find_path.c:
33000: if given a fully-qualified or relative path we now check it with
33001: sudo_goodpath() and error out with the appropriate error message if
33002: the file does not exist or is not executable
33003: [590f89dd8dec]
33004:
33005: * emul/search.h, lsearch.c:
33006: now use correct args for lfind
33007: [fccdcdbf020e]
33008:
33009: * logging.c:
33010: added a comment
33011: [fab9f49708ea]
33012:
33013: * insults.h:
33014: added in CSOps insults
33015: [ad8eb1862adc]
33016:
33017: * ins_csops.h:
33018: Initial revision
33019: [de5a475ec018]
33020:
33021: * tgetpass.c:
33022: added RCS id
33023: [c3ffd550a482]
33024:
33025: * sudo.h:
33026: increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
33027: [aba25c90d08a]
33028:
33029: * OPTIONS:
33030: added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
33031: [e27bd62e9ccf]
33032:
33033: * sudo.c:
33034: fixed -k load_interfaces() now gets called if FQDN is set
33035: -p now works with -s
33036: [07ca2a34bae8]
33037:
33038: * parse.c:
33039: don't try to stat() "pseudo commands" like "validate"
33040: [75527045984b]
33041:
33042: * options.h:
33043: added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
33044: [07b157a0eafd]
33045:
33046: * configure.in:
33047: added SecurID support added other insults to --with-csops
33048: [6c992ceb244c]
33049:
33050: * config.h.in:
33051: added HAVE_SECURID
33052: [e734ff617fe8]
33053:
33054: * Makefile.in:
33055: added clobber target added ins_csops.h now gets CFLAGS from
33056: configure
33057: [d1e29c7cec25]
33058:
33059: * aclocal.m4:
33060: relaxed SUDO_FULL_VOID
33061: [fb4084f27406]
33062:
33063: * visudo.c:
33064: function comment blocks are now in same style as rest of code
33065: [04a2931354c5]
33066:
33067: * testsudoers.c:
33068: added support for command line args in /etc/sudoers
33069: [bfe4e1bcc655]
33070:
33071: * sudoers.man:
33072: updated to have command args in the sudoers file
33073: [1cd34355e9ea]
33074:
33075: * sudo.man:
33076: added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
33077: [930b48023b68]
33078:
33079: 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
33080:
33081: * parse.yacc:
33082: PATH renamed to COMMAND
33083: [4e109a6de3cd]
33084:
33085: * parse.lex:
33086: it is now a parse error for directories to have args attached to
33087: them
33088: [2ab10a146b54]
33089:
33090: * logging.c:
33091: now say command args if telling user to buzz off
33092: [933de26ded8b]
33093:
33094: * sudo.c:
33095: -s no longer indicates end of args sped up loading on cmnd_args in
33096: load_cmnd()
33097: [eac99a4da862]
33098:
33099: * parse.c:
33100: removed an unreachable statement
33101: [634302623c49]
33102:
33103: * parse.lex:
33104: made more efficient by pulling out the terminators when in GOTCMND
33105: state and making them their own rule
33106: [80798f1e1166]
33107:
33108: 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
33109:
33110: * sudo.h:
33111: removed MAXLOGLEN since it is no longer used
33112: [102824196b71]
33113:
33114: * parse.lex:
33115: now allows command args
33116: [d29dfa1e5254]
33117:
33118: * parse.c:
33119: now groks command arguments
33120: [6c414cb7f105]
33121:
33122: * logging.c:
33123: now sets tty correctly when piped input
33124: [de46a30c0406]
33125:
33126: * sudo.c:
33127: fixed loading of cmnd_args (was including command name too)
33128: [15319a425ea6]
33129:
33130: * logging.c:
33131: fixed a core dump due to incorrect if construct
33132: [582363c7d7fa]
33133:
33134: 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
33135:
33136: * configure.in:
33137: only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
33138: [da591fe9b931]
33139:
33140: * aclocal.m4:
33141: fixed check for ISC
33142: [52e59f2082a7]
33143:
33144: * sudo.c:
33145: now sets cmnd_args used by log_error() and that will be used by the
33146: parse to check against command args
33147: [c6804389723b]
33148:
33149: * sudo.h:
33150: added cmnd_args
33151: [4d00446b4a8d]
33152:
33153: * logging.c:
33154: now dynamically allocate logline since we can guess at its size
33155: [4bed8c8446aa]
33156:
33157: 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
33158:
33159: * logging.c:
33160: cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
33161: "register" since the compiler knows more than I do now do a
33162: "basename" of the tty
33163: [3b1bbf0b3da1]
33164:
33165: 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
33166:
33167: * configure.in:
33168: ++version
33169: [5ce552f9a5f1]
33170:
33171: * sudo.h:
33172: added shell extern changed MODE_* to be bit masks to allow for
33173: several options together
33174: [06f9dc4f400c]
33175:
33176: * sudo.c:
33177: added -s (shell) option made MODE_* masks so we can do bitwise & and
33178: | to see if multiple flags are set.
33179: [01f8143010ad]
33180:
33181: * check.c:
33182: added securid support
33183: [909e078005fe]
33184:
33185: 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
33186:
33187: * logging.c:
33188: removed a bunch of unnecesary strncpy()'s and replaced with strcat()
33189: [644506b57d61]
33190:
33191: 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
33192:
33193: * Makefile.in, version.h:
33194: ++version
33195: [3cd6f1fbc3d9]
33196:
33197: 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
33198:
33199: * parse.yacc:
33200: fixed free() of an uninitialized pointer (yuck)
33201: [8c404ee502ee]
33202:
33203: * testsudoers.c:
33204: added netgr_matches
33205: [e7c9fa2f774c]
33206:
33207: * parse.c:
33208: cleaned up netgr_matches
33209: [8108f00b810e]
33210:
33211: 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
33212:
33213: * RUNSON:
33214: updated for 1.3.4
33215: [4741704310a1]
33216:
33217: 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
33218:
33219: * Makefile.in:
33220: now installs sudoers.man -- really should clean this up though.
33221: [455631d45a1d]
33222:
33223: * Makefile.in:
33224: added sudoers.cat and sudoers.man
33225: [0bdedd6c7363]
33226:
33227: * sudo.man:
33228: pulled out stuff on the sudoers file format into a separate man page
33229: [de215d999cb9]
33230:
33231: * sudoers.man:
33232: Initial revision
33233: [f25eafbb7095]
33234:
33235: * HISTORY:
33236: fixed up my email address
33237: [254fbf80be74]
33238:
33239: * configure.in:
33240: added checks for innetgr and getdomainname
33241: [24a99cb7e97e]
33242:
33243: * visudo.c:
33244: added dummy netgr_matches function
33245: [1841ff2c01da]
33246:
33247: * parse.c:
33248: added netgr_matches
33249: [ec90db6a97b8]
33250:
33251: * parse.lex, parse.yacc:
33252: added NETGROUP support
33253: [c9dd93e3bc4b]
33254:
33255: * config.h.in:
33256: added HAVE_INNETGR & HAVE_GETDOMAINNAME
33257: [14abd494d875]
33258:
33259: 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
33260:
33261: * sudo.c:
33262: rewrote clean_env() that has rm_env() builtin
33263: [55cb43818a95]
33264:
33265: 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
33266:
33267: * check.c:
33268: now cast uid to long in sprintf
33269: [b549eea40aeb]
33270:
33271: * OPTIONS:
33272: added _INSULTS suffix to HAL & GOONS end
33273: [ed620d0aad30]
33274:
33275: * options.h:
33276: added _INSULTS suffix to HAL & GOONS
33277: [9f72e9b83afd]
33278:
33279: * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
33280: converted to new scheme of insult "unions" end
33281: [2f6d2b412132]
33282:
33283: * sudo.c:
33284: now uses MAX_UID_T_LEN
33285: [c1df79e0f389]
33286:
33287: * configure.in:
33288: added SUDO_UID_T_LEN !l
33289: [195f0b9f5f84]
33290:
33291: * config.h.in:
33292: added MAX_UID_T_LEN
33293: [73f42ae4f14d]
33294:
33295: * check.c:
33296: now use MAX_UID_T_LEN
33297: [df9c063234cb]
33298:
33299: * aclocal.m4:
33300: added check for max len of uid_t fixed sco vs. isc check
33301: [d558f36d2223]
33302:
33303: 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
33304:
33305: * configure.in:
33306: corrected version
33307: [828dd1571e86]
33308:
33309: * configure.in:
33310: added sco support
33311: [af1e2f616638]
33312:
33313: * aclocal.m4:
33314: hack to check for sco
33315: [549ab99a9a43]
33316:
33317: * interfaces.c:
33318: removed #include <net/route.h> since it was hosing some OS's
33319: [ac78a7c04005]
33320:
33321: 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
33322:
33323: * find_path.c:
33324: fixed prreadlink() prototype
33325: [b380fe1f2b11]
33326:
33327: * check.c:
33328: added parens in #if's
33329: [e96ade691b82]
33330:
33331: * configure.in:
33332: added SPW_ prefix
33333: [a302683a1483]
33334:
33335: * sudo.h:
33336: moved SPW_* to config.h.in
33337: [6b3be70e34cf]
33338:
33339: * sudo.c:
33340: added a set of parens
33341: [8188d735d695]
33342:
33343: * config.h.in:
33344: added SPW_*
33345: [5ead6371cf60]
33346:
33347: * sudo.h:
33348: added SPW_* reordered error codes
33349: [dead25b4ed0a]
33350:
33351: * check.c:
33352: moved SPW_* to sudo.h
33353: [ca51fb04caf4]
33354:
33355: 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
33356:
33357: * sudo.c:
33358: SPW_AUTH -> SPW_SECUREWARE
33359: [6b512b2bc5dc]
33360:
33361: * logging.c:
33362: GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
33363: [defdd0944e2f]
33364:
33365: * configure.in:
33366: AUTH -> SECUREWARE
33367: [d1f8a17001dd]
33368:
33369: * check.c:
33370: SPW_AUTH -> SPW_SECUREWARE
33371: [af0e8d8b89b2]
33372:
33373: * check.c:
33374: now uses SHADOW_TYPE to make shadow pw support more readable and
33375: modular. It's a start...
33376: [8c2a59667014]
33377:
33378: * configure.in:
33379: added autodetection of shadow passwords
33380: [85f81fa54b1b]
33381:
33382: * sudo.c:
33383: now uses SHADOW_TYPE define
33384: [355e5dc09b07]
33385:
33386: * config.h.in:
33387: added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
33388: [c0c06e83e483]
33389:
33390: * aclocal.m4:
33391: added SUDO_CHECK_SHADOW
33392: [464301301639]
33393:
33394: 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
33395:
33396: * configure.in:
33397: define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
33398: memmove() since we dno longer use it...
33399: [8aefa87d7d31]
33400:
33401: * CHANGES:
33402: updated
33403: [ce97b3fd7182]
33404:
33405: * logging.c:
33406: added BROKEN_SYSLOG support
33407: [a45c3bca36f6]
33408:
33409: * config.h.in:
33410: added BROKEN_SYSLOG
33411: [6f6abf0a6268]
33412:
33413: * check.c:
33414: now only bitch it timestamp > time_now + 2 * timeout to allow for a
33415: machine udpating its time from a server
33416: [546bc8d35325]
33417:
33418: * sudo.man:
33419: added 2 security notes updated Nieusma's email addr
33420: [616756c56977]
33421:
33422: * lsearch.c:
33423: changed a memmove() to memcpy() since we don't have to worry about
33424: overlapping segments.
33425: [30baa478526b]
33426:
33427: 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
33428:
33429: * interfaces.c:
33430: cleanup up the loop when interfaces are groped in so that it is
33431: readable
33432: [1fa39446bd69]
33433:
33434: * Makefile.in, version.h:
33435: ++version
33436: [b46bd2b1770f]
33437:
33438: 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
33439:
33440: * CHANGES:
33441: annotated 124-126
33442: [b82a2b3ec7ce]
33443:
33444: 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
33445:
33446: * check.c:
33447: fixed permissions check on /tmp/.odus
33448: [cc2431a65468]
33449:
33450: 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
33451:
33452: * check.c:
33453: fixed some comments
33454: [8896d09b4fda]
33455:
33456: * check.c:
33457: now checks owner & mode of timedir also checks for bogus dates on
33458: timestamp file
33459: [a0fad5df5b0a]
33460:
33461: * OPTIONS:
33462: updated TIMEOUT info
33463: [033cc22d9e04]
33464:
33465: * logging.c, sudo.h:
33466: added BAD_STAMPDIR and BAD_STAMPFILE
33467: [31d9ce691101]
33468:
33469: * compat.h:
33470: added definition of S_IRWXU
33471: [ff2dab091a9b]
33472:
33473: * CHANGES:
33474: updated
33475: [a40df90284f1]
33476:
33477: 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
33478:
33479: * interfaces.c:
33480: added #ifdef to make it compile on strange arches
33481: [4a127f12afce]
33482:
33483: 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
33484:
33485: * aclocal.m4:
33486: fixed check for fulkl void impl.
33487: [b6f2a4a361d8]
33488:
33489: * check.c:
33490: added mssing "static"
33491: [520552f2772b]
33492:
33493: * insults.h:
33494: replaced #elif with #else #if constructs for ancient C compilers
33495: [39ab2d365b57]
33496:
33497: * INSTALL:
33498: updated irix c2 & kerb5 info
33499: [ae79b99b4905]
33500:
33501: * configure.in:
33502: added shadow pw support for irix
33503: [632469d9c528]
33504:
33505: 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
33506:
33507: * BUGS, TODO:
33508: updated
33509: [2a96bb18ac30]
33510:
33511: * CHANGES:
33512: last changes for sudo 1.3.3
33513: [c1c0cd1034b8]
33514:
33515: * configure.in:
33516: now calls SUDO_SOCK_SA_LEN
33517: [14ea78159d45]
33518:
33519: * config.h.in:
33520: added HAVE_SA_LEN
33521: [cc2a346aa905]
33522:
33523: * aclocal.m4:
33524: added SUDO_SOCK_SA_LEN
33525: [456a2025644a]
33526:
33527: * interfaces.c:
33528: now works with ip implementations that use sa_len in sockaddr
33529: [90be6e028077]
33530:
33531: * INSTALL:
33532: added note about buggy AIX compiler
33533: [c0f6d427e4e4]
33534:
33535: * interfaces.c:
33536: now include sys/time.h for AIX
33537: [2510858ab38b]
33538:
33539: 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
33540:
33541: * Makefile.in:
33542: getcwd -> getwd
33543: [66085ebca98e]
33544:
33545: * interfaces.c:
33546: now works for ISC and others. yay.
33547: [f336d4ffc927]
33548:
33549: 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
33550:
33551: * Makefile.in, version.h:
33552: version++
33553: [836cffc2078d]
33554:
33555: 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
33556:
33557: * aclocal.m4:
33558: fixed test for full void impl
33559: [fb004107e7b9]
33560:
33561: * sudo.c:
33562: now check to see that st_dev is non-zero before assuming that we are
33563: being spoofed
33564: [1b0e1c30c506]
33565:
33566: 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
33567:
33568: * aclocal.m4, configure.in:
33569: SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
33570: [4953379bfb01]
33571:
33572: 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
33573:
33574: * aclocal.m4:
33575: fixed include file order for SUDO_FUNC_UTIME_POSIX
33576: [ff64ab7df44f]
33577:
33578: * logging.c:
33579: added cast for ttyname()
33580: [444f05f56758]
33581:
33582: * configure.in:
33583: fixed typo
33584: [de068e748431]
33585:
33586: * check.c:
33587: now deal correctly with all known variation of utime() -- yippe
33588: [b778a4195a89]
33589:
33590: * configure.in:
33591: added SUDO_FUNC_UTIME_POSIX
33592: [cf635f2269d6]
33593:
33594: * aclocal.m4:
33595: added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
33596: [d79593be4b73]
33597:
33598: * config.h.in:
33599: added HAVE_UTIME_POSIX
33600: [c67b4ac0dca5]
33601:
33602: * check.c:
33603: fixed a typo
33604: [b14df5680f59]
33605:
33606: * check.c:
33607: no longer assume !HAVE_UTIME_NULL means old BSD utime()
33608: [0aeaf4b2f38b]
33609:
33610: * check.c:
33611: fixed fascist C compiler warning
33612: [c61ddf2f1f93]
33613:
33614: * interfaces.c:
33615: now set strioctl.ic_timout in STRSET() now initialize num_interfaces
33616: to 0 (just to be anal)
33617: [c54cc2ba0052]
33618:
33619: 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
33620:
33621: * sudo.h:
33622: increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
33623: [74cf585a54fb]
33624:
33625: * logging.c:
33626: added tty logging
33627: [e27d8dcfbd78]
33628:
33629: * interfaces.c:
33630: reworked the ISC code
33631: [bcf57ce8ae69]
33632:
33633: * Makefile.in, version.h:
33634: updated version
33635: [032941c9b94d]
33636:
33637: * check.c:
33638: now expect old-style utime(3) if utime() can't take NULL as an arg
33639: [018dd4a73030]
33640:
33641: * configure.in:
33642: added check for utime.h
33643: [0b76e8feb618]
33644:
33645: * config.h.in:
33646: added HAVE_UTIME_H
33647: [62ee42feda46]
33648:
33649: * Makefile.in:
33650: added CPPFLAGS STATIC_FLAGS -> LDFLAGS
33651: [fa3201d294e1]
33652:
33653: * configure.in:
33654: now search for kerb libs and includes
33655: [cc332401e571]
33656:
33657: * check.c:
33658: added support for utime(2)'s that can't take a NULL parameter
33659: [98797fedf69f]
33660:
33661: * utime.c:
33662: moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
33663: [6ce6d825fb44]
33664:
33665: * configure.in:
33666: added utime(s) stuff
33667: [a2afb744403e]
33668:
33669: * check.c:
33670: now use utime()
33671: [48902240a51e]
33672:
33673: * config.h.in:
33674: added HAVE_UTIME and HAVE_UTIME_NULL
33675: [9a56ab65d4f4]
33676:
33677: 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
33678:
33679: * utime.c:
33680: now use HAVE_UTIME_NULL
33681: [e3944de09a92]
33682:
33683: * emul/utime.h, utime.c:
33684: Initial revision
33685: [a2cbf2ef3427]
33686:
33687: * check.c:
33688: need to setuid(0) to make kerb4 stuff work.
33689: [c6cfda4039d7]
33690:
33691: * tgetpass.c:
33692: no more special case for kerberos
33693: [4a5c33145be9]
33694:
33695: * config.h.in:
33696: took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
33697: emulation)
33698: [a607ee43e650]
33699:
33700: * compat.h:
33701: no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
33702: kerberos
33703: [02fb274cc136]
33704:
33705: * check.c:
33706: now use private ticket file for kerberos support to avoid trouncing
33707: on system one
33708: [28d8b6b812c7]
33709:
33710: 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
33711:
33712: * sudo.h:
33713: added SPOOF_ATTEMPT & cmnd_st
33714: [d3b42a1f4d0d]
33715:
33716: * sudo.c:
33717: added anti-spoofing support
33718: [ab1e2aa44a57]
33719:
33720: * parse.c:
33721: now use global cmnd_st
33722: [47018265a1a6]
33723:
33724: * logging.c:
33725: added SPOOF_ATTEMPT suypport
33726: [7bbe9dd2a021]
33727:
33728: * testsudoers.c, visudo.c:
33729: added void casts where appropriate
33730: [f191441ba333]
33731:
33732: * parse.yacc:
33733: fixed up spacing and added void casts where appropriate
33734: [15d886fc809c]
33735:
33736: * sudo.c:
33737: fixed problem with "-p prompt" but no args
33738: [6fc048261a3e]
33739:
33740: 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
33741:
33742: * sudo.man:
33743: added BUGS and annotated -l description
33744: [e5c506de2603]
33745:
33746: * sudo.h:
33747: validate() now takes a flag
33748: [26627becc60a]
33749:
33750: * sudo.c:
33751: validate() now takes a flag added -l
33752: [a4f7bb97fe54]
33753:
33754: * parse.yacc:
33755: added support for -l
33756: [e7a9b10b0ad3]
33757:
33758: * parse.c:
33759: validate() now takes a flag that says whether or not to check the
33760: command
33761: [9e1e67f4e281]
33762:
33763: 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
33764:
33765: * logging.c:
33766: now deals with Argv == 1
33767: [0acb637ab635]
33768:
33769: * sudo.man:
33770: added -p option
33771: [e60382fc0561]
33772:
33773: * sudo.c:
33774: added prompt support reworked parse_args()
33775: [2f605267ed4a]
33776:
33777: * sudo.h:
33778: added prompt
33779: [5ab021bdb419]
33780:
33781: * options.h:
33782: added PASSPROMPT
33783: [614727ff44a2]
33784:
33785: * check.c:
33786: now use BUFSIZ as length of kerb password added kpass so pass is
33787: always a char * now use prompt global when asking for a password
33788: [76be09af784f]
33789:
33790: * tgetpass.c:
33791: now use BUFSIZ as _PASSWD_LEN if using kerberos
33792: [1e907eed312b]
33793:
33794: * OPTIONS:
33795: added PASSPROMPT
33796: [ddb2f405ce40]
33797:
33798: 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
33799:
33800: * configure.in:
33801: only look for -lufc or -lcrypt if crypt() not in libc
33802: [9717d315661f]
33803:
33804: * check.c:
33805: don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
33806: (unknown user) silently fail
33807: [2b48693d4ee9]
33808:
33809: * INSTALL:
33810: added kerb4 note
33811: [986e393f740c]
33812:
33813: * tgetpass.c:
33814: HAVE_KERBEROS -> HAVE_KERB4
33815: [e438bfb5e6aa]
33816:
33817: * check.c:
33818: removed debugging printf
33819: [1cf9f5cbffa5]
33820:
33821: * configure.in:
33822: KERBEROS -> KERB4 added checks for setreuid & setresuid
33823: [01e9945beb1e]
33824:
33825: * config.h.in:
33826: HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
33827: [0e0bb5b8ac3e]
33828:
33829: * compat.h:
33830: added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
33831: with setresuid if applic
33832: [9dae24c47696]
33833:
33834: * check.c:
33835: HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
33836: no setreuid() or a broken one
33837: [1fca642bdb8e]
33838:
33839: 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
33840:
33841: * configure.in:
33842: added kerberos support
33843: [da5639b9b8e7]
33844:
33845: * config.h.in:
33846: added HAVE_KERBEROS
33847: [fcc5be550e65]
33848:
33849: * tgetpass.c:
33850: added KERBEROS support (long passwords)
33851: [303ba6924dd2]
33852:
33853: * check.c:
33854: added kerberos support
33855: [e40afe98fc1d]
33856:
33857: 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
33858:
33859: * sudo.h:
33860: added MODE_BACKGROUND
33861: [9b483c932016]
33862:
33863: * sudo.man:
33864: escaped dashes added -b option
33865: [62e84f1a7714]
33866:
33867: * sudo.c:
33868: added -b option
33869: [7e78aaefeb95]
33870:
33871: * check.c:
33872: added crypt() for osf/1 3.x enhanced secuiry
33873: [e9aa5abdb7d5]
33874:
33875: * configure.in:
33876: now check for -lcrypt
33877: [5cb9c67e9fa2]
33878:
33879: * interfaces.c:
33880: added ENXIO like EADDRNOTAVAIL
33881: [74223bb1ba75]
33882:
33883: 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
33884:
33885: * configure.in:
33886: now emulate getwd(), not getcwd()
33887: [3e5439d9a5f4]
33888:
33889: * sudo.c:
33890: getcwd() -> getwd()
33891: [6392a96a658e]
33892:
33893: * getwd.c:
33894: getcwd -> getwd
33895: [1b0ab9bae11e]
33896:
33897: 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
33898:
33899: * ins_2001.h, ins_classic.h, ins_goons.h:
33900: Initial revision
33901: [86db60d8cf00]
33902:
33903: * insults.h:
33904: broke out insults into separate include files
33905: [0a01993bd38a]
33906:
33907: * OPTIONS, options.h:
33908: added GOONS
33909: [e283203c6515]
33910:
33911: * Makefile.in:
33912: added ins_2001.h ins_classic.h ins_goons.h
33913: [2a39cd6a4cd2]
33914:
33915: * Makefile.in, version.h:
33916: ++version
33917: [05ebf4f5e41a]
33918:
33919: * visudo.c:
33920: moved signal handler setup to setup_signals()
33921: [3dd976c04540]
33922:
33923: * sudo.h:
33924: added load_interfaces()
33925: [af2d473b09e2]
33926:
33927: * sudo.c:
33928: moved load_interfaces to interfaces.c
33929: [5c8c138e5d4c]
33930:
33931: * parse.yacc:
33932: added clearaliases
33933: [aeb4ff301daa]
33934:
33935: * OPTIONS, options.h:
33936: added FAST_MATCH
33937: [f49ea3d1b525]
33938:
33939: * parse.lex:
33940: now uses clearaliases variable
33941: [a2dda415bf61]
33942:
33943: * interfaces.c:
33944: Initial revision
33945: [a1990e3f5c69]
33946:
33947: * Makefile.in:
33948: added interfaces.[co]
33949: [1e8e5984de97]
33950:
33951: * testsudoers.c:
33952: now uses ip addrs and netmasks via load_interfaces()
33953: [54b8f7a6835e]
33954:
33955: * sudo.c:
33956: now remove IFS instead of setting to "sane" value
33957: [ce7eec9f115e]
33958:
33959: 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
33960:
33961: * parse.c:
33962: added FAST_MATCH
33963: [816d4f5fe81a]
33964:
33965: 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
33966:
33967: * Makefile.in:
33968: sudo_goodpath.c-> goodpath.c
33969: [a5072c4e1de2]
33970:
33971: * sudo.c:
33972: added Andy's new ISC changes
33973: [caa6bbee358e]
33974:
33975: 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
33976:
33977: * OPTIONS:
33978: added a sentence to SECURE_PATH info
33979: [cad6e1569d15]
33980:
33981: * BUGS:
33982: added one
33983: [4b35cf699a83]
33984:
33985: * CHANGES:
33986: updated
33987: [5fded9dc62f0]
33988:
33989: * RUNSON:
33990: updated
33991: [33cb993cfd39]
33992:
33993: 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
33994:
33995: * RUNSON:
33996: updated for beta3
33997: [a05dc6a91995]
33998:
33999: * Makefile.in, version.h:
34000: ++version
34001: [54aaf3fadc75]
34002:
34003: * aclocal.m4:
34004: sendmail is now looked for in �/usr/ucblib
34005: [231ac1a4662f]
34006:
34007: * sudo.c:
34008: fixed indentation
34009: [fb137400c8c2]
34010:
34011: * aclocal.m4:
34012: fixed a typo
34013: [e03f1acc468b]
34014:
34015: * sudo.c:
34016: updated ISC mods
34017: [070290d4754b]
34018:
34019: * configure.in:
34020: added unixware case
34021: [e90250bae0d9]
34022:
34023: * check.c:
34024: user_is_exempt is no longer hidden
34025: [1a341765b8af]
34026:
34027: * RUNSON:
34028: updated
34029: [a9c4898b26dd]
34030:
34031: * aclocal.m4:
34032: isc and riscos changes
34033: [98b5d86585d1]
34034:
34035: * OPTIONS:
34036: added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
34037: [e1ecc464ce4b]
34038:
34039: * Makefile.in:
34040: fixed a typo and added testsudoers stuff
34041: [435d60e163dc]
34042:
34043: * testsudoers.c:
34044: Initial revision
34045: [6ce14a448662]
34046:
34047: 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
34048:
34049: * parse.yacc:
34050: applied fixed patch from Chris
34051: [cd6144203d13]
34052:
34053: 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
34054:
34055: * Makefile.in:
34056: fixed a typo
34057: [34f8a54ba041]
34058:
34059: * parse.yacc:
34060: added a set of braces for bison
34061: [f0e43b938914]
34062:
34063: * parse.yacc:
34064: merged in Chris' changes to dekludge the parser.
34065: [82d6e373ab1c]
34066:
34067: * logging.c:
34068: send_mail() was calling find_path() which is wrong since find_path()
34069: stores cmnd in a static var. Anyhow, it doesn't make much sense
34070: since MAILER should always be fully qualified
34071: [6eae6a0b8098]
34072:
34073: 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
34074:
34075: * sample.sudoers:
34076: added User_Alias stuff
34077: [aaba8c8e918d]
34078:
34079: * aclocal.m4:
34080: SUDO_NEXT now looks for /usr/lib/NextStep/software_version
34081: [52bd81f34b32]
34082:
34083: * RUNSON:
34084: added DEC UNIX 3.0 w/ gcc
34085: [7daf570775b5]
34086:
34087: * visudo.c:
34088: Exit was being used in places where exit should be used
34089: [6026a89c07ed]
34090:
34091: * sudoers:
34092: added "User alias specification"
34093: [a487b6e234f8]
34094:
34095: * parse.yacc:
34096: fixed probs caused by making nslots and naliases a size_t
34097: [0be919384f3f]
34098:
34099: * RUNSON:
34100: added KSR, upped rev to 1.3.1b2
34101: [ce04ee6faadf]
34102:
34103: * logging.c, parse.yacc:
34104: 1024 -> BUFSIZ
34105: [cd6dda45fa11]
34106:
34107: * parse.yacc:
34108: void * -> VOID * naliases and nslots are now size_t to appease
34109: lsearch on 64-bit machines
34110: [bf2f807c0dc1]
34111:
34112: 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
34113:
34114: * TODO:
34115: did a bunch of things and added a bunch :-)
34116: [42afd957b829]
34117:
34118: * PORTING:
34119: updated
34120: [972f95c85776]
34121:
34122: * visudo.man:
34123: closer to BSD manpage style
34124: [07ae88f50325]
34125:
34126: * sudo.man:
34127: closer to standard BSD man format
34128: [372c28dcc135]
34129:
34130: * compat.h, config.h.in, emul/search.h, insults.h, options.h,
34131: pathnames.h.in, sudo.h, version.h:
34132: added RCS id
34133: [c0ec90b81002]
34134:
34135: * sudo.h:
34136: removed crufty #defines that are no longer used
34137: [35e2b4b477f0]
34138:
34139: * BUGS:
34140: fixed a bug
34141: [5bb3e1bee85e]
34142:
34143: * sudo.man:
34144: updated based on sudo changes
34145: [e65de1cae438]
34146:
34147: * parse.yacc:
34148: now allow ALL keyword in User_Aliases now allow ALL keyword as well
34149: as a NAME or ALIAS
34150: [1fb31404dd0f]
34151:
34152: * CHANGES:
34153: updated
34154: [b24018ac610b]
34155:
34156: * sudo.c:
34157: now sets SUDO_COMMAND and SUDO_GID envariables.
34158: [e9d791557fb7]
34159:
34160: * aclocal.m4:
34161: fixed bug with full void impl check
34162: [35715301023c]
34163:
34164: * parse.yacc:
34165: fixed User_Alias supoprt
34166: [4c30dfbaaa07]
34167:
34168: * parse.yacc:
34169: added stubs for User_Alias support
34170: [f4afbd247edf]
34171:
34172: * sudo.c:
34173: now sets removes # bogus interfaces from num_interfaces
34174: [6f077fac9ab1]
34175:
34176: * parse.lex:
34177: added User_Alias support
34178: [bc7997e5df85]
34179:
34180: 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
34181:
34182: * Makefile.in:
34183: removed extraneous TODO
34184: [bc87a3b14d6d]
34185:
34186: 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
34187:
34188: * visudo.c:
34189: ntwk_matches -> addr_matches
34190: [475044e288b8]
34191:
34192: * parse.yacc:
34193: ntwk_matches -> addr_matches
34194: [dd1f4093fd2d]
34195:
34196: * parse.c:
34197: ntwk_matches -> addr_matches now use inet_addr() not inet_network()
34198: (which expects octet boundaries) fixes for OSF (sizeof(int) !=
34199: sizeof(long))
34200: [acd2f556940f]
34201:
34202: * sudo.c:
34203: took out debugging info
34204: [044023063eca]
34205:
34206: * aclocal.m4:
34207: OS was being set to unknown before non-uname based host checks.
34208: This caused no checks to happen since $OS was not zero-length.
34209: [335a7267479d]
34210:
34211: * sudo.c:
34212: fixed loading of interfaces struct still has debugging info in
34213: though
34214: [2d1a18998c1e]
34215:
34216: * parse.c:
34217: fixed typo
34218: [175674a3a9fa]
34219:
34220: 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
34221:
34222: * Makefile.in:
34223: ++version
34224: [55d191b5daa3]
34225:
34226: * version.h:
34227: ++
34228: [d7d1f115696a]
34229:
34230: * visudo.c:
34231: removed extraneous extern decl of "top
34232: [50355621047d]
34233:
34234: * visudo.c:
34235: now zeros "top"
34236: [4e683210345b]
34237:
34238: * parse.yacc:
34239: removed parser_cleanup (no need for it now)
34240: [afa59f222b6c]
34241:
34242: * parse.lex:
34243: now calls reset_aliases() directly
34244: [3a23cbd60fc0]
34245:
34246: 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
34247:
34248: * OPTIONS:
34249: added a sentence to SECURE_PATH description
34250: [c5bf75b85af0]
34251:
34252: * parse.c:
34253: fixed my stupid bug where I used NAMLEN on something I wanted to
34254: just get the name from. argh.
34255: [111f460f6540]
34256:
34257: 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
34258:
34259: * lsearch.c:
34260: fixed argument order of memmove() that i hosed when converting from
34261: bcopy(). arghh.
34262: [2f5336045c8b]
34263:
34264: * Makefile.in:
34265: finally fixed DISTFILES line
34266: [a1b419e73a63]
34267:
34268: * Makefile.in:
34269: tabs -> spaces
34270: [280fb03e5764]
34271:
34272: * Makefile.in:
34273: added missing files to DISTFILES
34274: [991fc1cd2263]
34275:
34276: * Makefile.in:
34277: SUPPORTED -> RUNSON
34278: [7580e65b05fb]
34279:
34280: 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
34281:
34282: * TODO:
34283: updated
34284: [fe764a29c1cc]
34285:
34286: * RUNSON:
34287: updated for pl5b1 release
34288: [aefc35bd2291]
34289:
34290: * BUGS, TODO:
34291: updated
34292: [8f0ea249b687]
34293:
34294: * check.c:
34295: fixed bug where if you hit return at first sudo prompt it would
34296: still log as a failure
34297: [24539c854692]
34298:
34299: * CHANGES:
34300: updated
34301: [251cc7b3ede4]
34302:
34303: * aclocal.m4:
34304: better test for bogus void * implementation
34305: [efe23180cb88]
34306:
34307: * logging.c:
34308: added PASSWORDS_NOT_CORRECT
34309: [bd12c73f83f7]
34310:
34311: * check.c:
34312: added PASSWORDS_NOT_CORRECT stuff]
34313: [90de391a979f]
34314:
34315: * sudo.h:
34316: added PASSWORDS_NOT_CORRECT
34317: [727fbeb76fc5]
34318:
34319: * tgetpass.c:
34320: moved pathnames.h
34321: [4f910e5a8df7]
34322:
34323: * sudo.c:
34324: removed some unused vars and fixed up uid2str
34325: [70e92c7f9076]
34326:
34327: * putenv.c:
34328: moved compat.h
34329: [b271091586f6]
34330:
34331: * getcwd.c, getwd.c:
34332: added pathnames.h
34333: [6f25218f133f]
34334:
34335: 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
34336:
34337: * parse.yacc:
34338: fixed a typo I introduced in the last checkin :-(
34339: [62c3af75c4fe]
34340:
34341: * parse.lex:
34342: can't have #ifdef's where N is defined so just do this the broken
34343: way for AIX
34344: [c5648a5594e4]
34345:
34346: * parse.yacc:
34347: better hack from Chris (but still a hack)
34348: [6b6d8aed93f3]
34349:
34350: * parse.lex:
34351: stupid hack for broken aix lex
34352: [efc3f9e5280e]
34353:
34354: * tgetpass.c:
34355: now includes compat.h �
34356: [401822173f77]
34357:
34358: * visudo.c:
34359: now includes fcntl.h
34360: [63865c2f8ac6]
34361:
34362: * compat.h:
34363: added FD_SET and FD_ZERO for 4.2BSD
34364: [00c5597c0bb0]
34365:
34366: * parse.yacc:
34367: dirty hack to fix parser bug. i don't really like this but it works
34368: for now...
34369: [5b8bbdc81569]
34370:
34371: * sudo.c:
34372: uid2str is now static like the prototype says
34373: [f2a97b5cb870]
34374:
34375: 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
34376:
34377: * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
34378: updated
34379: [6f79c3e92716]
34380:
34381: * RUNSON:
34382: Initial revision
34383: [12a09ef9e884]
34384:
34385: * sudo.c:
34386: check_sudoers now returns an error code and sudo calls inform_user
34387: and log_error based on the return value.
34388: [340eca188d9a]
34389:
34390: * logging.c, sudo.h:
34391: added entries for new errors
34392: [6050d8542e1f]
34393:
34394: * parse.c:
34395: now set uid to that of SUDOERS_OWNER while parsing sudoers file
34396: [3683c42bc9b0]
34397:
34398: * Makefile.in:
34399: took out testsudoers �
34400: [65317d49db48]
34401:
34402: * sudo.c:
34403: now explicately checks that it is setuid root
34404: [2fe1be60ef6a]
34405:
34406: * sudo.c:
34407: If a user has no passwd entry sudo would segv (writing to a garbage
34408: pointer). Now allocate space before writing :-)
34409: [d08e7eb5e5ef]
34410:
34411: * configure.in:
34412: reordered AC_CHECK_FUNCS
34413: [4c82e56c6f4f]
34414:
34415: * config.h.in:
34416: fixed memset macro
34417: [77ede6b714ab]
34418:
34419: * tgetpass.c, visudo.c:
34420: bzero -> memset
34421: [1a005bb322c8]
34422:
34423: * logging.c:
34424: bzero -> memset when a parse error is logged the line number of the
34425: error is now logged too
34426: [a42d68047723]
34427:
34428: * INSTALL:
34429: added Sunos to blurb about c2 security
34430: [af750a1d131e]
34431:
34432: * configure.in:
34433: added a SUN4 define for C2 security
34434: [6ad5b23a3eb0]
34435:
34436: * config.h.in:
34437: bcopy -> memmove bzero -> memset
34438: [5494460c8464]
34439:
34440: * lsearch.c:
34441: bcopy -> memmove char * -> VOID *
34442: [a15f5c316e16]
34443:
34444: * check.c:
34445: added support for sunos with C2 security
34446: [03fea5bb21e6]
34447:
34448: * OPTIONS, options.h:
34449: reordered
34450: [1686265af3e1]
34451:
34452: * pathnames.h.in:
34453: _PATH_SUDO_LOGFILE now set based on configure
34454: [5867b58e4a04]
34455:
34456: * configure.in:
34457: added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
34458: [1984d9fd1b5c]
34459:
34460: * config.h.in:
34461: added _SUDO_PATH_LOGFILE
34462: [dd3eebe62580]
34463:
34464: * aclocal.m4:
34465: added SUDO_LOGFILE to find where to put sudo.log added
34466: SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
34467: SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
34468: [c589a515a99a]
34469:
34470: 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
34471:
34472: * TROUBLESHOOTING:
34473: Initial revision
34474: [f42f1baba3a8]
34475:
34476: * sudo.c:
34477: now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
34478: to work around a problem is trusted hpux shadow passwords. yuck.
34479: [ae1f13b54687]
34480:
34481: * parse.yacc:
34482: backed out a change in malloc/realloc
34483: [ab868db0ad69]
34484:
34485: * parse.yacc:
34486: now include stdlib.h
34487: [957eef0631eb]
34488:
34489: * visudo.c:
34490: now do an freopen() of the stmp file so that yyin will always point
34491: to the same thing. This is important for flex since we are doing a
34492: YY_NEWFILE
34493: [44558922fd3e]
34494:
34495: * parse.yacc:
34496: replaced yywrap() with parser_cleanup() since yywrap() needs to be
34497: in parse.lex to be able to use YY_NEW_FILE. sigh.
34498: [12dd09921074]
34499:
34500: * parse.lex:
34501: now have a rule that matches anything that doesn't match an
34502: explicite rule. well, you know what i mean (. matches anything not
34503: yet matched). However, this means that there is input still queued
34504: up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
34505: into parse.lex and it calls parser_cleanup() which is most of the
34506: old yywrap() sigh.
34507: [7f4042bc48d6]
34508:
34509: * SUPPORTED:
34510: no longer used
34511: [8f220be4da94]
34512:
34513: * getcwd.c, getwd.c:
34514: moved compat.h to be the last include file
34515: [9f3a65e2d485]
34516:
34517: * parse.yacc:
34518: fixed type of aliascmp() args
34519: [1c27eb989bdf]
34520:
34521: * find_path.c:
34522: NULL -> '\0'
34523: [5c8d8cf1692e]
34524:
34525: * parse.yacc:
34526: added casts to lfind and lsearch args for irix
34527: [61027ddeecf8]
34528:
34529: * Makefile.in:
34530: bsdinstall -> install-sh
34531: [61de6612c5a5]
34532:
34533: * INSTALL:
34534: added info about make realclean
34535: [29c6324d727f]
34536:
34537: * Makefile.in:
34538: updated VERSION added dependencies for visudo.cat
34539: [09077d7229d4]
34540:
34541: * version.h:
34542: -> pl5b1
34543: [5d21c7ad1a41]
34544:
34545: * sudo.c:
34546: took out -l
34547: [fc1478d81b38]
34548:
34549: * Makefile.in:
34550: now there is a real visudo.man and visudo.cat
34551: [58aeac43a6dd]
34552:
34553: * sudo.man:
34554: took out visudo stuff
34555: [4a6ac4393343]
34556:
34557: * visudo.man:
34558: Initial revision
34559: [cba348843db8]
34560:
34561: * parse.c, parse.lex, parse.yacc:
34562: updated copyright
34563: [ffa16b70944a]
34564:
34565: * README:
34566: updated for pl5
34567: [a26e423e9e5f]
34568:
34569: * sudo.man:
34570: updated Nieusma & Hieb email addresses
34571: [f0083e71989d]
34572:
34573: * INSTALL:
34574: updated to include options.h and OPTIONS
34575: [ee59e2b76c94]
34576:
34577: * CHANGES, TODO:
34578: updated
34579: [51e011ad5220]
34580:
34581: * BUGS:
34582: eliminated bug #1 (yay)
34583: [e7e88515494e]
34584:
34585: * configure.in:
34586: sunos no longer gets linked statically
34587: [2e5b3ff3108f]
34588:
34589: 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
34590:
34591: * parse.lex:
34592: prototype now uses __P()
34593: [68ecdcab4c70]
34594:
34595: * parse.lex:
34596: make fill() non-ansi
34597: [d6509972260b]
34598:
34599: * parse.c:
34600: made -v (validate) work
34601: [13c9d520638c]
34602:
34603: * logging.c:
34604: now gives host
34605: [f04859cdba5a]
34606:
34607: * find_path.c:
34608: don't check for execute/statable if fq or relative path given
34609: [4bbe851f3973]
34610:
34611: * parse.c:
34612: added a cast
34613: [345c308f72f3]
34614:
34615: * visudo.c:
34616: now include ctype.h for islower and tolower macros
34617: [582c0aa332d5]
34618:
34619: * goodpath.c:
34620: moved _S_IFMT & _S_ISREG to compat.h
34621: [828e4ca4e7b4]
34622:
34623: * sudo.c:
34624: moved a set of parens
34625: [5783474ecf37]
34626:
34627: * strdup.c:
34628: now include compat.h
34629: [75e2036b94af]
34630:
34631: * emul/search.h:
34632: void * -> VOID *
34633: [cedcfaf04161]
34634:
34635: * parse.yacc:
34636: now cast malloc & realloc return vals added search for HAVE_LSEARCH
34637: now use strcmp if no strcasecmp available
34638: [d6a42bc3d4ae]
34639:
34640: * lsearch.c:
34641: void * -> VOID *
34642: [886adc44f607]
34643:
34644: * config.h.in:
34645: removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
34646: HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
34647: [3b50d7fb4349]
34648:
34649: * compat.h:
34650: added _S_IFMT, _S_IFREG, and S_ISREG
34651: [73d506c7d53c]
34652:
34653: * aclocal.m4:
34654: took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
34655: to most SUDO_* macros
34656: [8442155f5936]
34657:
34658: * Makefile.in:
34659: no more -I.
34660: [63462f195bd4]
34661:
34662: * configure.in:
34663: various 1.x ro 2.x autoconf changes now check for strcasecmp now use
34664: AC_INSTALL_PROG instead of custom one added check for fully woorking
34665: void implementation
34666: [5ac6b6e6230f]
34667:
34668: * Makefile.in:
34669: added lsearch & search.h visudo links into $(LIBOBJS)
34670: [bc119cda4598]
34671:
34672: * aclocal.m4:
34673: partial 1.x to 2.x changes added SUDO_FULL_VOID
34674: [1194d01fa5c5]
34675:
34676: * visudo.c:
34677: whatnow_help was prototyped to be static be was not declared as
34678: such
34679: [0f85489dd426]
34680:
34681: * configure.in:
34682: autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
34683: for dirent/dir/ndir.h
34684: [7408f3854948]
34685:
34686: * parse.c:
34687: now use groovy gnu autoconf macro AC_HEADER_DIRENT
34688: [e465db9f5dfa]
34689:
34690: * getcwd.c, getwd.c:
34691: MAXPATHLEN -> MAXPATHLEN+1
34692: [714d87424e21]
34693:
34694: * emul/search.h, lsearch.c:
34695: Initial revision
34696: [55d79482c535]
34697:
34698: 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
34699:
34700: * parse.yacc:
34701: eliminated bison warnings
34702: [61ca0a96da22]
34703:
34704: * parse.lex:
34705: added missing case
34706: [6be0f849747c]
34707:
34708: * visudo.c:
34709: now iincludes signal.h
34710: [221e0fcc144f]
34711:
34712: * parse.yacc:
34713: only clear data structures on a parse error
34714: [7b1c0f1a4527]
34715:
34716: * visudo.c:
34717: whatnow() now gives help on invalid input
34718: [e5a4cd88c587]
34719:
34720: * visudo.c:
34721: added a whatnow() function (sort of like mh)
34722: [932d9b145f1c]
34723:
34724: * parse.yacc:
34725: kill_aliases -> reset_aliases yywrap() now cleans up by calling
34726: reset_aliases() and clearing top took reset stuff out of yyerror()
34727: since it doesn't beling there (and doesn't work anyway). errorlineno
34728: is now initially set to -1 so we can set it to the first error that
34729: occurrs (it was getting set to the last)
34730: [2f71f95a974c]
34731:
34732: * parse.lex:
34733: added a void cast
34734: [18ae6042dce4]
34735:
34736: * visudo.c:
34737: rewrote from scratch based on 4.3BSD vipw.c
34738: [2f6814f18576]
34739:
34740: 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
34741:
34742: * sudo.c, sudo.h:
34743: removed ocmnd
34744: [a31735f41ad4]
34745:
34746: * sudo.h:
34747: no more sudo_realpath() and find_path() changed params
34748: [8e85c3b39159]
34749:
34750: * sudo.c:
34751: find_path() changed since no more realpath()
34752: [b25366c7f2ee]
34753:
34754: * parse.yacc:
34755: on error, errorlineno is set to the line where the error occurred
34756: added kill_aliases() to free the aliases struct now clean up in
34757: yyerror() so we can reparse cleanly
34758: [2342f578c27a]
34759:
34760: * options.h, parse.c:
34761: no more USE_REALPATH
34762: [cfc59babeaff]
34763:
34764: * logging.c:
34765: changed to use new find_path()
34766: [91c7a38e7751]
34767:
34768: * find_path.c:
34769: removed all the realpath() stuff
34770: [cc21a43a8562]
34771:
34772: * Makefile.in:
34773: sudo_realpath.c -> sudo_goodpath.c
34774: [03a9b1ddec2f]
34775:
34776: * visudo.c:
34777: now works correctly with utk parser
34778: [08aa554a0ce8]
34779:
34780: * goodpath.c:
34781: Initial revision
34782: [1ea607e1ffb2]
34783:
34784: * sudo_realpath.c:
34785: eliminated a compiler warning
34786: [198bcccc55b6]
34787:
34788: * sudo.c:
34789: elinated compiler warning
34790: [e2384f9a878b]
34791:
34792: * sudo_realpath.c:
34793: added sudo_goodpath()
34794: [43878c4cc540]
34795:
34796: * sudo.h:
34797: added prototype for sudo_goodpath
34798: [23e8627a2265]
34799:
34800: * parse.c:
34801: added support for /sys/dir.h
34802: [eca897087741]
34803:
34804: * options.h:
34805: USE_REALPATH turned off
34806: [620ac8b63d85]
34807:
34808: * find_path.c:
34809: added calls to sudo_goodpath()
34810: [ad170904fbcd]
34811:
34812: * configure.in:
34813: added check for dirent.h
34814: [7964a8c26855]
34815:
34816: * config.h.in:
34817: added HAVE_DIRENT_H
34818: [1f785fec7e19]
34819:
34820: * configure.in:
34821: added in linux shadow pass stuff �
34822: [e585a5785f50]
34823:
34824: 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
34825:
34826: * visudo.c:
34827: added back host, user, cmnd, parse_error
34828: [0ec19f3d64f4]
34829:
34830: * visudo.c:
34831: added in utk changes plus some minor cosmetic changes
34832: [c5c1921c8a58]
34833:
34834: * sudo.c, sudo_realpath.c:
34835: added void casts for printf's
34836: [9c6ff11c0082]
34837:
34838: * options.h:
34839: added a define of USE_REALPATH
34840: [db3711c9efc5]
34841:
34842: * configure.in:
34843: there is no more visudoers/Makefile
34844: [36e1bc1f78d0]
34845:
34846: * Makefile.in:
34847: added in utk changes (visudo is now built from the toplevel)
34848: [76203d4b345d]
34849:
34850: * find_path.c:
34851: added (void) casts to printf's
34852: [dd5cb1e060ac]
34853:
34854: * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
34855: merged in utk changes
34856: [35563307fd8e]
34857:
34858: 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
34859:
34860: * find_path.c:
34861: now check to see that what we are trying to run is a file (or a link
34862: to a file, we do a stat(2) so there is no diff)
34863: [05889c4bcace]
34864:
34865: 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
34866:
34867: * CHANGES:
34868: updated
34869: [3e8047bb26fb]
34870:
34871: * Makefile.in:
34872: aclocal.m4 -> acsite.m4 make realclean updated for new autoconf �
34873: [0bdbaa7c4c7d]
34874:
34875: * sudo.man:
34876: added myself as maintainer
34877: [77a9d75aab84]
34878:
34879: 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
34880:
34881: * sudo.c:
34882: changed setegid -> setgid
34883: [7f4788d73b6f]
34884:
34885: 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
34886:
34887: * configure.in:
34888: fixed the test for irix 5.x to skip bad libs
34889: [bfef896de013]
34890:
34891: * aclocal.m4:
34892: now initialize OS and OSREV
34893: [cc302756e440]
34894:
34895: 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
34896:
34897: * configure.in:
34898: irix5 changes
34899: [ac985b23f5f2]
34900:
34901: * configure.in:
34902: AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
34903: compatibility
34904: [0cf8c92a06d7]
34905:
34906: 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
34907:
34908: * visudo.c:
34909: use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
34910: thing wrt yyrestart (grrrr)
34911: [18e8eabfbb82]
34912:
34913: 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
34914:
34915: * Makefile.in:
34916: added visudoers/compat.h to DISTFILES
34917: [db23b574b034]
34918:
34919: * configure.in:
34920: fixed an echo
34921: [7cbc0462b89d]
34922:
34923: * sudo.c:
34924: added ocmnd declaration adjusted for find_path()'s new parameters
34925: [d929cd156474]
34926:
34927: * sudo.h:
34928: added ocmnd extern adjusted find_path() prototype
34929: [e0004daf5d3c]
34930:
34931: * parse.c:
34932: cmndcmp() now takes 3 arguments and checks against the qualified as
34933: well as the unqualified pathname. more code that should use
34934: cmndcmp() but did not, now does
34935: [6f70a8c17bee]
34936:
34937: * options.h:
34938: added to a comment
34939: [7a78680426b2]
34940:
34941: * logging.c:
34942: changed to use new find_path() parameter passing
34943: [840981d30db4]
34944:
34945: * find_path.c:
34946: find_path() now takes 2 copyout parameters (one for the qualified
34947: pathname and one for the unqualified pathname). The third parameter
34948: may be NULL.
34949: [851503b005e9]
34950:
34951: * configure.in:
34952: no longer munge pathnames.h
34953: [427d8796c5a9]
34954:
34955: * pathnames.h.in:
34956: changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
34957: as a result, pathnames.h does not need to be run through configure
34958: and the user can override the configured values easily.
34959: [2e378f2ebe88]
34960:
34961: * config.h.in:
34962: added _SUDO_PATH_* entries
34963: [0857de7cebab]
34964:
34965: * aclocal.m4:
34966: _PATH* -> _SUDO_PATH_*
34967: [7601193f56cc]
34968:
34969: * Makefile.in:
34970: updated DISTFILES and HDRS .o's now depend on config.h
34971: [39d8601965cf]
34972:
34973: 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
34974:
34975: * compat.h:
34976: removed extraneous #endif
34977: [27d4c5f2ce7e]
34978:
34979: * aclocal.m4:
34980: added SUDO_PROG_MV
34981: [76dda3bdd816]
34982:
34983: * configure.in:
34984: added SUDO_PROG_MV added riscos and isc os types took out
34985: -DSHORT_MESSAGE from --with-csops since it is now the default
34986: [68c206ad976e]
34987:
34988: * sudo.c:
34989: move the include of id.h to compat.h now includes options.h
34990: [45a1eaafb3a8]
34991:
34992: * sudo.h:
34993: moved compatibility #defines to compat.h
34994: [0eee27057698]
34995:
34996: * pathnames.h.in:
34997: added _PATH_MV
34998: [e830797ab320]
34999:
35000: * config.h.in:
35001: move __P to compat.h
35002: [188e12e0ba93]
35003:
35004: * getcwd.c, getwd.c, putenv.c:
35005: now includes compat.h
35006: [c72cb6d73981]
35007:
35008: * compat.h:
35009: Initial revision
35010: [d4d2f359ae03]
35011:
35012: 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
35013:
35014: * sudo.h:
35015: pull user-configurable stuff out and put in options.h
35016: [ef929467b070]
35017:
35018: 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
35019:
35020: * parse.lex, parse.yacc, visudo.c:
35021: now includes options.h
35022: [e36d7c82add1]
35023:
35024: * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
35025: sudo_setenv.c:
35026: now includes options.h
35027: [f186ba03de07]
35028:
35029: * Makefile.in:
35030: added visudoers/options.h
35031: [e5350c476494]
35032:
35033: * OPTIONS, options.h:
35034: Initial revision
35035: [9b6b5001e318]
35036:
35037: * Makefile.in:
35038: added OPTIONS and options.h
35039: [25448341e16a]
35040:
35041: * logging.c:
35042: changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
35043: [5dd6385dd1d3]
35044:
35045: * check.c, sudo.h:
35046: changed PASSWORD_TIMEOUT to minutes
35047: [0ec6aab98738]
35048:
35049: 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
35050:
35051: * visudo.c:
35052: now only do Editor +line_num if line_num != 0
35053: [b69f04b5e3c7]
35054:
35055: 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
35056:
35057: * visudo.c:
35058: now use mv if rename(2) fails
35059: [83210dca1bab]
35060:
35061: * BUGS:
35062: added a visudo bug
35063: [d61a806f9aa7]
35064:
35065: * check.c:
35066: expanded comment
35067: [641f2cba94cb]
35068:
35069: 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
35070:
35071: * check.c:
35072: fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
35073: [7a11135039a8]
35074:
35075: 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
35076:
35077: * sudo.c:
35078: added mips & isc support
35079: [e258dc053119]
35080:
35081: * parse.c:
35082: added support for non-root owned sudoers file
35083: [fea07e65a0fc]
35084:
35085: * check.c:
35086: added exempt group support
35087: [928fb4bd9ad5]
35088:
35089: * sudo.h:
35090: added set_perms() support added SUDOERS_OWNER so can have non-root
35091: own sudoers file added exempt group support added isc support
35092: [61c578d31fc1]
35093:
35094: * visudo.c:
35095: now copy sudoers to temp file via read/write (not stdio) now chown
35096: new sudoers file to SUDOERS_OWNER
35097: [a5176c59df70]
35098:
35099: 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
35100:
35101: * configure.in:
35102: added skey support
35103: [35a8d2fabdb7]
35104:
35105: * sudo_realpath.c:
35106: be_* -> setperms()
35107: [a1631d686e1c]
35108:
35109: * sudo.h:
35110: fixed typo added set_perms support added skey support added
35111: seteuid()/setegid() emulation for AIX
35112: [c0c8d6771406]
35113:
35114: * sudo.c:
35115: be_* -> setperms() now check to make sure sudoers file is owned by
35116: root nread/write by only root
35117: [13ab1e261f1a]
35118:
35119: * logging.c, parse.c:
35120: be_* -> setperms()
35121: [21499d845c8f]
35122:
35123: * check.c:
35124: be_* -> set_perms() added skey support
35125: [df51b56871c1]
35126:
35127: 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
35128:
35129: * Makefile.in:
35130: ++version
35131: [3c1abbe4e43c]
35132:
35133: * version.h:
35134: ++
35135: [1d2f9b540a95]
35136:
35137: 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
35138:
35139: * sudo.c:
35140: now sets IFS
35141: [eabbb41b9f08]
35142:
35143: * insults.h:
35144: fixed typo
35145: [c7997f19216e]
35146:
35147: 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
35148:
35149: * config.h.in:
35150: added HAVE_SKEY
35151: [da948ec4186b]
35152:
35153: 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
35154:
35155: * CHANGES:
35156: updated
35157: [f4b55ab007ea]
35158:
35159: * Makefile.in:
35160: ++version
35161: [0489068b8c95]
35162:
35163: * version.h:
35164: ++
35165: [d189faedf423]
35166:
35167: * sudo.c:
35168: now bail if ARgv[1] > MAXPATHLEN
35169: [0cea8ecc9dc2]
35170:
35171: * configure.in:
35172: added function check for tcgetattr(3)
35173: [e03289b22c2f]
35174:
35175: * config.h.in:
35176: only define HAVE_TERMIOS_H if you have tcgetattr(3)
35177: [757eab83d1a2]
35178:
35179: * config.h.in:
35180: added check for tcgetattr
35181: [c5ae92715930]
35182:
35183: 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
35184:
35185: * CHANGES:
35186: updated
35187: [cbc419883108]
35188:
35189: 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
35190:
35191: * parse.lex:
35192: now only include unistd.h for linux
35193: [e9adeab95ef0]
35194:
35195: 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
35196:
35197: * Makefile.in:
35198: added visudo.8 generation
35199: [d6a3f0f887f8]
35200:
35201: * configure.in:
35202: added -Wl,-bI:./aixcrypt.exp to aix flags
35203: [72594a21edcf]
35204:
35205: 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
35206:
35207: * BUGS:
35208: added one
35209: [9993a349e096]
35210:
35211: * CHANGES:
35212: updated
35213: [297b31ec4cdd]
35214:
35215: * README:
35216: added mailing list info
35217: [10372f94a2b2]
35218:
35219: * parse.yacc:
35220: now use sudolineno instead of yylineno fixed bison warnings
35221: [25a83e62057b]
35222:
35223: * configure.in:
35224: now use -no_library_replacement for osf don't make a static binary
35225: for hpux >= 9.0
35226: [1fa7b892f1a3]
35227:
35228: * tgetpass.c:
35229: added string.h/strings.h inclusion
35230: [71faa98fc0a1]
35231:
35232: * config.h.in:
35233: added ssize_t def
35234: [406284bd1ac0]
35235:
35236: * parse.lex:
35237: added inclusion of string.h/strings.h
35238: [6985b1df5d09]
35239:
35240: * aclocal.m4:
35241: fixed uname | sed (needed to quote the '[')
35242: [4cd2d3415c1a]
35243:
35244: * parse.lex:
35245: replaced yylineno with sudolineno fixed bison syntax errors
35246: [0bd31a5fab26]
35247:
35248: * visudo.c:
35249: changed yylineno to sudolineno since yylineno cannot be counted
35250: upon.
35251: [38c30104d0ae]
35252:
35253: * TODO:
35254: updated
35255: [5d4746f1a752]
35256:
35257: * parse.c:
35258: added code to support command listings
35259: [030172e133fd]
35260:
35261: * sudo.c:
35262: added code for -l flag
35263: [801dbbc82778]
35264:
35265: * sudo.man:
35266: fixed typo added info for -l flag
35267: [8916ca945d65]
35268:
35269: * configure.in:
35270: AC_SSIZE_T -> SUDO_SSIZE_T
35271: [c61f7f47013f]
35272:
35273: * aclocal.m4:
35274: added SUDO_SSIZE_T
35275: [0ccdb77be84d]
35276:
35277: * sudo.h:
35278: added MODE_LIST
35279: [9b2bd844c76c]
35280:
35281: * configure.in:
35282: added AC_SSIZE_T
35283: [35cca208f9b5]
35284:
35285: * find_path.c, sudo_realpath.c:
35286: readlink() is now declared as returning ssize~_t
35287: [0640a08d1407]
35288:
35289: * configure.in:
35290: added -laud for OSF c2
35291: [b7539c905efc]
35292:
35293: 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
35294:
35295: * Makefile.in, visudo.c:
35296: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
35297: [067fd9bcb5e1]
35298:
35299: * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
35300: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
35301: [fc46e7c7110a]
35302:
35303: * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
35304: parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
35305: sudo_setenv.c, tgetpass.c, version.h:
35306: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
35307: [d1d4fbc53a98]
35308:
35309: 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
35310:
35311: * Makefile.in:
35312: ++version
35313: [b7066d97633f]
35314:
35315: * version.h:
35316: ++
35317: [65ec69d88110]
35318:
35319: * logging.c:
35320: added host to alertmail messages
35321: [d973c19ce777]
35322:
35323: * CHANGES, TODO:
35324: udpated
35325: [5a65eb16faeb]
35326:
35327: * logging.c:
35328: fixed logging problem where mail would not say which user it was
35329: [35723edcc5d2]
35330:
35331: * configure.in:
35332: added -laud for gcc if osf & c2
35333: [18f1e0ae5548]
35334:
35335: * check.c:
35336: moved set_auth_parameters to sudo.c
35337: [d23112fe01db]
35338:
35339: * sudo.c:
35340: added set_auth_parameters for osf
35341: [eb70f65214ac]
35342:
35343: * configure.in:
35344: cleaned up -static stuff
35345: [01e9575f0422]
35346:
35347: * Makefile.in:
35348: ++version
35349: [7ac3bff5c770]
35350:
35351: * version.h:
35352: ++
35353: [10a4ff478469]
35354:
35355: * sudo.c:
35356: changed setenv() to sudo_setenv()
35357: [40a78abb9946]
35358:
35359: * check.c:
35360: fixed osf problem
35361: [3d69b118efb8]
35362:
35363: * configure.in:
35364: added OSF C2 stuff
35365: [38cff3ad4093]
35366:
35367: * CHANGES:
35368: updated
35369: [cd341dd0581a]
35370:
35371: * check.c:
35372: added osf auth support & removed some extra spaces
35373: [a448cdd81514]
35374:
35375: * INSTALL, SUPPORTED:
35376: added osf C2 stuff
35377: [f70484796146]
35378:
35379: 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
35380:
35381: * TODO:
35382: added 2 suggestions
35383: [695fbdbd86e6]
35384:
35385: * Makefile.in:
35386: removed README.v1.3.1 and added VERSION stuff
35387: [f69403eb04c6]
35388:
35389: * version.h:
35390: pl1
35391: [21580c0f8cb1]
35392:
35393: 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
35394:
35395: * version.h:
35396: 1.3.1final
35397: [630114970298]
35398:
35399: * Makefile.in:
35400: added HISTORY
35401: [901bff251614]
35402:
35403: * sudo.man:
35404: mention HISTPRY file
35405: [86dbcfd4326e]
35406:
35407: * sudo.c:
35408: use sizeof instead of a constant in 1 place
35409: [d819604c68ca]
35410:
35411: * parse.yacc:
35412: added unistd.h
35413: [6f9500f9fe7e]
35414:
35415: * parse.lex:
35416: added unistd.h
35417: [468b81a276eb]
35418:
35419: * README:
35420: udpated
35421: [7e275618923a]
35422:
35423: * HISTORY:
35424: Initial revision
35425: [5db1b0a3939b]
35426:
35427: 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
35428:
35429: * version.h:
35430: ++
35431: [7dfbb4a810bb] [SUDO_1_3_1]
35432:
35433: * CHANGES:
35434: updated
35435: [7820ee610bf8]
35436:
35437: * sudo_setenv.c:
35438: added unistd.h include
35439: [30cf2b654525]
35440:
35441: 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
35442:
35443: * sudo.c:
35444: added sys/time.h for AIX
35445: [199fc8caf3a3]
35446:
35447: 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
35448:
35449: * configure.in:
35450: added check for -lsocket and sys/sockio.h
35451: [f9abfbb31031]
35452:
35453: * config.h.in:
35454: took out libshadow check and added in sys/sockio.h check
35455: [0c4b0393ac80]
35456:
35457: * sudo.c:
35458: now include sockio.h instead of ioctl.h if it exists "sudo -" now
35459: gets a better error message
35460: [53041bea5483]
35461:
35462: * sample.sudoers:
35463: now has a dir and subnet entry
35464: [56b820f65438]
35465:
35466: 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
35467:
35468: * sudo.c:
35469: removed if_ether.h
35470: [b4f64507493e]
35471:
35472: * TODO:
35473: added an item
35474: [ea2a1bb6922a]
35475:
35476: * sudo.man:
35477: added network and ip addresses to man page
35478: [01c85016511f]
35479:
35480: * sudo.c:
35481: no error if can't get interfaces or netmask since networking may not
35482: be in the kernel.
35483: [50b8890e2134]
35484:
35485: * parse.c:
35486: nwo check for interfaces == NULL
35487: [dc1b3eef0db2]
35488:
35489: * parse.c:
35490: fixed a bug that caused directory specs in a Cmnd_Alias to fail if
35491: the last entry in the spec failed (ie: it was only looking at the
35492: last entry). CLeaned things up by adding the cmndcmp() function--all
35493: neat & tidy
35494: [007e93578e5e]
35495:
35496: * CHANGES:
35497: added one
35498: [40e8a2cef497]
35499:
35500: 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
35501:
35502: * sudo.c:
35503: now do two passes to skip bogus interfaces (lo0, etc)
35504: [465e30aecaf7]
35505:
35506: * parse.lex, parse.yacc, visudo.c:
35507: added include of netinet/in.h
35508: [11e3816ed362]
35509:
35510: * logging.c, sudo_realpath.c, sudo_setenv.c:
35511: added ninclude of netinet/in.h
35512: [daccfa40fe1e]
35513:
35514: * check.c, find_path.c, getcwd.c, getwd.c:
35515: added include of netinet/in.h
35516: [0222f95e06ad]
35517:
35518: * version.h:
35519: ++
35520: [d6b0cfa35a38]
35521:
35522: * sudo.h:
35523: added interfaces global
35524: [ba52fa8ad75e]
35525:
35526: * parse.c:
35527: now uses new interfaces global
35528: [17473ad5ecba]
35529:
35530: * sudo.c:
35531: now ip addresses are gleaned fw/o dns
35532: [8828bb2007e0]
35533:
35534: 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
35535:
35536: * sudo.c:
35537: added load_ip_addrs() to load the ip_addrs global var
35538: [60c825f04238]
35539:
35540: * parse.c:
35541: added hostcmp() to compare hostnames, ip addrs, and network addrs
35542: [ab0e40e37537]
35543:
35544: * sudo.h:
35545: added ip_addrs def added load_ip_addrs prototype
35546: [c41c565d0777]
35547:
35548: 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
35549:
35550: * CHANGES:
35551: updated
35552: [2a128dbe9bcb]
35553:
35554: * Makefile.in:
35555: removed multiple entries in DISTFILES
35556: [2490f4f371e6]
35557:
35558: * visudo.c:
35559: ansified the !STDC_HEADERS decls
35560: [646ba06d17ae]
35561:
35562: * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
35563: don't do malloc decl if gnuc
35564: [f1bad1925f98]
35565:
35566: * sudo.c:
35567: can't use getopt(3) since it munges args to the command to be run as
35568: root don't do malloc decl if gnuc
35569: [38e78f6da14e]
35570:
35571: * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
35572: sudo_realpath.c, sudo_setenv.c:
35573: ansi-fied !STDC_HEADER function prottypes
35574: [51d8cad89976]
35575:
35576: * getcwd.c, getwd.c:
35577: added missing paren
35578: [6a1fae70e27e]
35579:
35580: * Makefile.in:
35581: added putenv.c to DISTFILES
35582: [a5e4523eabbb]
35583:
35584: * sudo_setenv.c:
35585: added params to func decls when STDC_HEADERS is not defined now can
35586: count on putenv() being there
35587: [fd587796189b]
35588:
35589: * sudo_realpath.c:
35590: took out errno decl since sudo.h does it for us fixed up a next cc
35591: warning added params to func decls when STDC_HEADERS is not defined
35592: [70fa5152ace6]
35593:
35594: * sudo.h:
35595: took out environ extern added local declaratio of putenv() if local
35596: version is needed
35597: [a84bae6c020d]
35598:
35599: * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
35600: added params to func decls when STDC_HEADERS is not defined
35601: [f406f0e47ac0]
35602:
35603: * config.h.in:
35604: added memcpy check check to see that ansi vs bsd macros are ntot
35605: already defiend before defining (ie: avoid redefinition)
35606: [879ae026e19f]
35607:
35608: * configure.in:
35609: removed fluff setenv check plus check w/ replace for putenv if also
35610: no setenv
35611: [e3c03814ad4b]
35612:
35613: * putenv.c:
35614: Initial revision
35615: [3cff63e2dc1b]
35616:
35617: 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
35618:
35619: * sudo_setenv.c:
35620: Initial revision
35621: [4d637631fa6b]
35622:
35623: * sudo.h:
35624: rm'd s realp[ath added sudo_realpath and sudo_setenv
35625: [07ba001ff57e]
35626:
35627: * sudo.c:
35628: now use sudo_setenvc
35629: [fd81e04d5ef0]
35630:
35631: * configure.in:
35632: added puteenv and setenv, removed realpath
35633: [27bfacfb513b]
35634:
35635: * config.h.in:
35636: added putenv & setenv
35637: [515f14eaf6e4]
35638:
35639: * Makefile.in:
35640: added sudo_setenv
35641: [217731a717c5]
35642:
35643: * version.h:
35644: ++
35645: [eadb346d7129]
35646:
35647: 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
35648:
35649: * configure.in:
35650: added MAN_POSTINSTALL and /usr/share/catman for irix
35651: [2a9496c1bdba]
35652:
35653: * Makefile.in:
35654: added MAN_POSTINSTALL
35655: [89b0d4695529]
35656:
35657: * CHANGES:
35658: added
35659: [48c021ba8a70]
35660:
35661: * sudo.man:
35662: added SUDO_* plus new options
35663: [c0759cff5683]
35664:
35665: * CHANGES:
35666: added one
35667: [7d44a3922d56]
35668:
35669: * configure.in:
35670: took out shadow lib
35671: [07cf3de18701]
35672:
35673: * TODO:
35674: adde done
35675: [a27a578e8afe]
35676:
35677: * visudo.c:
35678: now use yyrestart() if flex now reset yylineno to 0
35679: [77d67ce0b677]
35680:
35681: * Makefile.in:
35682: support for installing a cat page instead of a man page if no nroff
35683: [44671c0fc0fa]
35684:
35685: * configure.in:
35686: now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
35687: to determine whether or not to install a cat or man page
35688: [0562d069c135]
35689:
35690: * config.h.in:
35691: added HAVE_FLEX
35692: [c5490bae39d3]
35693:
35694: * sudo.c:
35695: not set ret to MODE_RUN initially
35696: [88b4983c195b]
35697:
35698: * find_path.c:
35699: made command (and therefor cmnd dynamically allocated)
35700: [95b82e32b6de]
35701:
35702: * TODO:
35703: did #8
35704: [fb6f41308cdf]
35705:
35706: * version.h:
35707: ++
35708: [14112ecab5ae]
35709:
35710: * sudo_realpath.c:
35711: changed bufs from MAXPATHLEN to MAXPATHLEN+1
35712: [0ad4f34e55c0]
35713:
35714: * sudo.h:
35715: added MODE_ removed validate_only and added remove_timestamp()
35716: [dd5f99c57728]
35717:
35718: * sudo.c:
35719: usage() now takes an int (exit value) added parse_args() to parse
35720: command line arguments moved call to find_path() from load_globals
35721: to new function load_cmnd() removed validate_only global -- now use
35722: the concept of "modes" added -h and -k options
35723: [c3887090b28a]
35724:
35725: * parse.c:
35726: no longer use global validate_only now checks for command called
35727: "validate" removed check for non-fully qualified commands since that
35728: is done by find_path
35729: [7d56fbd26369]
35730:
35731: * find_path.c:
35732: changed MAXPATHLEN r to MAXPATHLEN+1
35733: [a86e8664d971]
35734:
35735: * find_path.c:
35736: fixed off by one error with MAXPATHLEN and fixed a comment
35737: [58adcef8c981]
35738:
35739: * check.c:
35740: check_timestamp no longer runs reminder(), it is implied in the
35741: return val added remove_timestamp()
35742: [42ab5a77066f]
35743:
35744: * CHANGES:
35745: updated
35746: [8e69b31df024]
35747:
35748: 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
35749:
35750: * BUGS:
35751: fixed on
35752: [bc34f1ac4280]
35753:
35754: * sudo_realpath.c:
35755: took out old_errno
35756: [a168d00a0768]
35757:
35758: * CHANGES:
35759: updated
35760: [04ba80922df7]
35761:
35762: 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
35763:
35764: * logging.c:
35765: moved send_mail to after syslog
35766: [4d4188087834]
35767:
35768: * sudo.c:
35769: now set SUDO_ envariables
35770: [e5963f1bd3bb]
35771:
35772: 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
35773:
35774: * version.h:
35775: ++
35776: [2a4534845d8c]
35777:
35778: * sudo_realpath.c:
35779: now print error if chdir fails
35780: [0d75c8973d49]
35781:
35782: * find_path.c:
35783: removed an XXX
35784: [e2077bcb35aa]
35785:
35786: 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
35787:
35788: * CHANGES:
35789: updated
35790: [e30a2b39b41a]
35791:
35792: * configure.in:
35793: no more static binaries for aix
35794: [77a0beb6bd80]
35795:
35796: 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
35797:
35798: * INSTALL:
35799: fixed typo
35800: [ba5e0d391bc4]
35801:
35802: * sudo_realpath.c:
35803: took out stuff not needed for sudo now does be_root/be_user itself
35804: now uses cwd global
35805: [4f6d4641d793]
35806:
35807: * version.h:
35808: +=2
35809: [97da927b297c]
35810:
35811: * logging.c, sudo.c:
35812: be_root/be_user is now down in sudo_realpath()
35813: [f331662fa50f]
35814:
35815: * logging.c, sudo.h:
35816: now works with 4.2BSD syslog (blech)
35817: [98e39d89dd36]
35818:
35819: * find_path.c:
35820: now use sudo_realpath()
35821: [ab436a8ebd02]
35822:
35823: * config.h.in:
35824: took out realpth() stuff since we now use sudo_realpath()
35825: [8de5ef9f6044]
35826:
35827: * configure.in:
35828: ultrix enhanced sec
35829: [815fb7fffcc0]
35830:
35831: * SUPPORTED:
35832: added ultrix enhanced sec.
35833: [6466766c8062]
35834:
35835: * INSTALL:
35836: updated
35837: [d681a634297a]
35838:
35839: * check.c:
35840: ultrix enhanced security suport
35841: [f10c8decbcc2]
35842:
35843: * Makefile.in:
35844: added sudo_realpath.c
35845: [6b9bcd3be022]
35846:
35847: * CHANGES:
35848: updated
35849: [2fa8084c1b53]
35850:
35851: * tgetpass.c:
35852: increased passwd len to 24 for c2 security
35853: [ec64838be62d]
35854:
35855: * BUGS:
35856: updated BUGS
35857: [ca00d8fec2ce]
35858:
35859: 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
35860:
35861: * check.c:
35862: now use user global var
35863: [568769719013]
35864:
35865: * configure.in:
35866: took out -ls
35867: [490a44180d5f]
35868:
35869: 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
35870:
35871: * configure.in:
35872: added AFS libs
35873: [4fb40c8c01ba]
35874:
35875: * sudo.h:
35876: user is now a char * added epasswd
35877: [27a919fafdfb]
35878:
35879: * sudo.c:
35880: added tzset() to load_globals added epasswd (encrypted password)
35881: global made user dynamically allocated
35882: [b99ef9bdbfce]
35883:
35884: * configure.in:
35885: added tzset test
35886: [27592dd1214b]
35887:
35888: * config.h.in:
35889: added HAVE_TZSET
35890: [b13f4213f3d0]
35891:
35892: * check.c:
35893: cleaned up encrypted passwd grab somewhat
35894: [c8ba9a4db38a]
35895:
35896: * configure.in:
35897: fixed AFS typo
35898: [2bfcbce237b6]
35899:
35900: * INSTALL:
35901: added AFS not
35902: [80c67329393c]
35903:
35904: * CHANGES:
35905: udpated
35906: [2f09ecdd5d31]
35907:
35908: * logging.c:
35909: can now log to both syslog & a file
35910: [4d5c0932bc01]
35911:
35912: * sudo.h:
35913: added BOTH_LOGS
35914: [623c539be824]
35915:
35916: * CHANGES:
35917: updated
35918: [a1c7f5ef3616]
35919:
35920: * configure.in:
35921: --with-AFS
35922: [28718d8f5daf]
35923:
35924: * config.h.in:
35925: added HAVE_AFS
35926: [2e32bb4e63e4]
35927:
35928: * check.c:
35929: added afs changes
35930: [fe4d0ff320a2]
35931:
35932: * sudo.h:
35933: removed AFS stuff :-)
35934: [a40387e6fa27]
35935:
35936: * tgetpass.c:
35937: include sys/select for AIX
35938: [f32c5a8f2c84]
35939:
35940: * sudo.h:
35941: added AFS
35942: [da2ab3dd0348]
35943:
35944: * version.h:
35945: ++
35946: [452d4dfe25af]
35947:
35948: 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
35949:
35950: * CHANGES, SUPPORTED:
35951: updated
35952: [e7dfe6f23a37]
35953:
35954: * logging.c:
35955: can now have MAILER undefined
35956: [1d33b98b35e1]
35957:
35958: * INSTALL:
35959: new sub-note about MAILER
35960: [d35c636a0574]
35961:
35962: * sudo.man:
35963: added blurb about password timeout
35964: [70c2ee50de20]
35965:
35966: * configure.in:
35967: convex c2 changes
35968: [367138a6232e]
35969:
35970: * aclocal.m4:
35971: took out duplicate define of _CONVEX_SOURCE
35972: [647182138450]
35973:
35974: * Makefile.in:
35975: added OSDEFS
35976: [7fdcd50602d1]
35977:
35978: * config.h.in:
35979: added spaces
35980: [f2b8a05e48f3]
35981:
35982: * tgetpass.c:
35983: added a goto if fgets fails
35984: [68a6586d9c45]
35985:
35986: * sudo.h:
35987: use __hpux not hpux convex c2 stuff
35988: [5c377a8d5f34]
35989:
35990: * sudo.c:
35991: use __hpux not hpux
35992: [9363bc0f9f9e]
35993:
35994: * logging.c:
35995: convex c2 stuff
35996: [ea5630975ac4]
35997:
35998: * config.h.in:
35999: define ansi-ish cpp os defines if non-ansi are defined for hpux &
36000: convex
36001: [664f53a5e786]
36002:
36003: * INSTALL:
36004: updated to say we support sonvex C2
36005: [5f2f8b87013e]
36006:
36007: * check.c:
36008: added convex c2 support
36009: [9a665d4918fa]
36010:
36011: 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
36012:
36013: * tgetpass.c:
36014: no more ioctl never returns NULL uses fgets() and select() to
36015: timeout
36016: [b333e6d63e97]
36017:
36018: 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
36019:
36020: * configure.in:
36021: things were testing -n "$GCC" instead of -z "$GCC"
36022: [059a9b15ede2]
36023:
36024: * tgetpass.c:
36025: now works + uses fgets()
36026: [353d7ebcb7bb]
36027:
36028: 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
36029:
36030: * tgetpass.c:
36031: select doesn't seem to recognize a single '\n' as input waiting so
36032: we can;t use it, sigh.
36033: [f76e3218b835]
36034:
36035: 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
36036:
36037: * PORTING:
36038: updated tgetpass() blurb
36039: [95baac736b49]
36040:
36041: * configure.in:
36042: added --with-getpass
36043: [42ac0bdf58ed]
36044:
36045: * Makefile.in:
36046: added tgetpass stuff
36047: [e2b38c635663]
36048:
36049: * tgetpass.c:
36050: now uses stdio
36051: [36af8ff66e35]
36052:
36053: * version.h:
36054: ++
36055: [4e81c9db19bd]
36056:
36057: 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
36058:
36059: * PORTING:
36060: updated ,.
36061: [54f523770a05]
36062:
36063: * config.h.in:
36064: added USE_GETPASS && HAVE_C2_SECURITY
36065: [86b355cb2953]
36066:
36067: * configure.in:
36068: fixed a test aded --with-C2 and --with-tgetpass
36069: [abf6181588ef]
36070:
36071: * check.c:
36072: added hpux C2 shit
36073: [20d4177ffa88]
36074:
36075: * Makefile.in:
36076: took out tgetpass.*
36077: [cc82fd9984b4]
36078:
36079: * INSTALL:
36080: added C2 blurb
36081: [1d2bfc35e4b6]
36082:
36083: 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
36084:
36085: * configure.in:
36086: no termio(s) for ultrix since it is broken
36087: [d3e82e835350]
36088:
36089: * check.c:
36090: added a space (yeah, anal)
36091: [05e4b31ca68c]
36092:
36093: * realpath.c, sudo_realpath.c:
36094: fixed it (duh, rtfm)
36095: [f13097cb8cb6]
36096:
36097: 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
36098:
36099: * config.h.in:
36100: took out bsd signal stuff for irix
36101: [e179cdafc97a]
36102:
36103: * visudo.c:
36104: comments in #endif
36105: [e3a629190f5e]
36106:
36107: * configure.in:
36108: don't define BSD signals for irix
36109: [3ce57bffb7f0]
36110:
36111: * TODO:
36112: did some...
36113: [274241cd0f74]
36114:
36115: * CHANGES:
36116: updated
36117: [8f29fc755faf]
36118:
36119: * realpath.c, sudo_realpath.c:
36120: took out unneeded code by changing where a strings was terminated
36121: [b5564d62d30e]
36122:
36123: 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
36124:
36125: * realpath.c, sudo_realpath.c:
36126: fix bug where /dirname would return NULL
36127: [b85f470daf26]
36128:
36129: * sudo.h:
36130: move __P to config.h
36131: [7763c0ff3f28]
36132:
36133: * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
36134: added errno definition
36135: [4cc9d2d9782a]
36136:
36137: * config.h.in:
36138: added __P
36139: [ca06f5aa58f3]
36140:
36141: * config.h.in:
36142: added HAVE_FCHDIR
36143: [206d714641e0]
36144:
36145: * strdup.c:
36146: now include stdio
36147: [0d8458da0e1d]
36148:
36149: * realpath.c, sudo_realpath.c:
36150: now works if no fchdir
36151: [e035911b6722]
36152:
36153: * visudo.c:
36154: define SA_RESETHAND to null if not defined
36155: [afec03e84342]
36156:
36157: * configure.in:
36158: added check & replace
36159: [c1a65481441c]
36160:
36161: * configure.in:
36162: took out -static for nextstep -- it doesn't work
36163: [fa1a1a611743]
36164:
36165: 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
36166:
36167: * logging.c:
36168: moved #endif to where it belongs
36169: [07d3a8972097]
36170:
36171: * SUPPORTED:
36172: correction
36173: [0c1ecba3e5a3]
36174:
36175: * configure.in:
36176: now checks for strdup realpath getcwd bzero
36177: [f029a1917515]
36178:
36179: * config.h.in:
36180: emulate bzero
36181: [d792352e44a3]
36182:
36183: * visudo.c:
36184: added posic signals
36185: [2ed0005f90fc]
36186:
36187: * tgetpass.c:
36188: bzero cast
36189: [6d91b1a1526f]
36190:
36191: * logging.c:
36192: added posix signals
36193: [67ede9c22a05]
36194:
36195: * configure.in:
36196: removed BROKEN_GETPASS added new srcs toreplace missing functions
36197: [cf44274bb1c8]
36198:
36199: * config.h.in:
36200: added posix signal stuff
36201: [a3c1c98fe8ef]
36202:
36203: * Makefile.in:
36204: added new srcs
36205: [b6a079afee47]
36206:
36207: * visudo.c:
36208: updated useag
36209: [589ed091c44f]
36210:
36211: * tgetpass.c:
36212: now uses posix signals
36213: [30f74964074f]
36214:
36215: * PORTING:
36216: updated sto reflect major changes
36217: [bcfc309e017b]
36218:
36219: * CHANGES, TODO:
36220: updated
36221: [23aacbd54278]
36222:
36223: * tgetpass.c:
36224: uses sysconf() if available
36225: [a27431c90bab]
36226:
36227: * sudo.h:
36228: added PASSWORD_TIMEOUT + prototypes for new functions
36229: [d7473c2f77c4]
36230:
36231: * realpath.c, sudo_realpath.c:
36232: for those w/o this in libc
36233: [1e47aa7a9d46]
36234:
36235: * getcwd.c, getwd.c:
36236: Initial revision
36237: [c90dea57a84f]
36238:
36239: * find_path.c:
36240: rewrote to use realpath(3) - nis now all my code
36241: [d2c3bb8fb37d]
36242:
36243: * config.h.in:
36244: added HAVE_REALPATH
36245: [02c10352a8c7]
36246:
36247: * check.c:
36248: now use tgetpass
36249: [b5c021fc179f]
36250:
36251: * Makefile.in:
36252: added LIBOBJS use tgetpass.c
36253: [230a7b3eeaa3]
36254:
36255: 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
36256:
36257: * tgetpass.c:
36258: works now :-)
36259: [025e7a3875ba]
36260:
36261: * tgetpass.c:
36262: Initial revision
36263: [3316ab33b230]
36264:
36265: * pathnames.h.in:
36266: added /dev/tty
36267: [29242585e53f]
36268:
36269: 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
36270:
36271: * version.h:
36272: incremented
36273: [f2e54b48280f]
36274:
36275: * sudo.c:
36276: always use getcwd
36277: [c6068e8a4029]
36278:
36279: * config.h.in:
36280: added check for getwd
36281: [ab1e102ad673]
36282:
36283: * configure.in:
36284: replace strdup & realpath & getcwd if missing
36285: [b0eb14f2a1c3]
36286:
36287: * pathnames.h.in:
36288: added _PATH_PWD
36289: [309d2388f69a]
36290:
36291: * aclocal.m4:
36292: added SUDO_PROG_PWD
36293: [e16e85deb96c]
36294:
36295: * strdup.c:
36296: Initial revision
36297: [810efdc15007]
36298:
36299: * realpath.c, sudo_realpath.c:
36300: Initial revision
36301: [d85eee438e09]
36302:
36303: 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
36304:
36305: * configure.in:
36306: quoted quare brackets
36307: [d0e7ca111d98]
36308:
36309: 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
36310:
36311: * sudo.c:
36312: no need to strdup() a constant
36313: [a8c44712df9a]
36314:
36315: * CHANGES:
36316: updated
36317: [71364129cca0]
36318:
36319: * sudo.man:
36320: added validate
36321: [0bb198095a26]
36322:
36323: * sudo.c:
36324: added -v to usage
36325: [31ea71f11dbb]
36326:
36327: * parse.c, sudo.c, sudo.h:
36328: added validate_only stuff
36329: [9bcd853d3c90]
36330:
36331: 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
36332:
36333: * configure.in:
36334: now finds sed
36335: [6374bb0d3f28]
36336:
36337: * aclocal.m4:
36338: $OSREV is now an int
36339: [ace0666d66cf]
36340:
36341: 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
36342:
36343: * configure.in:
36344: added mtxinu to caser
36345: [73a776887b16]
36346:
36347: * sudo.h:
36348: added EXEC macro
36349: [2e8eb28b710a]
36350:
36351: * sudo.c:
36352: now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
36353: [56afb4f658d5]
36354:
36355: * logging.c:
36356: changed mail_argv[] def now use EXEC() macro
36357: [ddcabd28edb1]
36358:
36359: * check.c:
36360: took out crypt() definition
36361: [0e657724cf5f]
36362:
36363: * version.h:
36364: upped the version
36365: [62c5d66119fc]
36366:
36367: * configure.in:
36368: always look for -lnsl
36369: [d7b594f0313b]
36370:
36371: * aclocal.m4:
36372: added an echo
36373: [1caae3491dc5]
36374:
36375: * sudo.h:
36376: SHORT_MESSAGE is now the default
36377: [cfce35c3119a]
36378:
36379: * config.h.in:
36380: fixed typo
36381: [6499a564bf75]
36382:
36383: * configure.in:
36384: added missing AC_DEFINE(SVR4) for solaris
36385: [feef0b17b94f]
36386:
36387: * sudo.man:
36388: documented the -v flag
36389: [a6429f2bc2cf]
36390:
36391: * SUPPORTED:
36392: updated
36393: [088886e79540]
36394:
36395: * check.c:
36396: proto-ized crypt()
36397: [801e4ff5b121]
36398:
36399: * config.h.in:
36400: added LIBSHADOW undef
36401: [8df588e9ee2b]
36402:
36403: * configure.in:
36404: nwo set OS to be lowercase
36405: [561ebed833e4]
36406:
36407: 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
36408:
36409: * configure.in:
36410: now use SUDO_OSTYPE to set $OS
36411: [0e60aee23098]
36412:
36413: * aclocal.m4:
36414: now use uname to determine os
36415: [99705e58d400]
36416:
36417: * visudo.c:
36418: added prototypes & moved sig handler around
36419: [1f0bc8d23b51]
36420:
36421: * sudo.h:
36422: added prototyppes
36423: [be3935a2b163]
36424:
36425: * check.c, logging.c, sudo.c:
36426: added prototypes
36427: [2079b4605ab8]
36428:
36429: * parse.c:
36430: added comment
36431: [a34d147d8399]
36432:
36433: * config.h.in:
36434: nwo use _BSD_SIGNALS not _BSD_COMPAT
36435: [63663195f047]
36436:
36437: * aixcrypt.exp:
36438: Initial revision
36439: [890aed08357e]
36440:
36441: * Makefile.in:
36442: added aixcrypt.exp
36443: [1005a183105f]
36444:
36445: * parse.lex, parse.yacc:
36446: moved config.h to top of includes
36447: [9569c49aa5f3]
36448:
36449: 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
36450:
36451: * find_path.c:
36452: now don't bitch if get EACCESS (treat like EPERM)
36453: [dbeffb638de4]
36454:
36455: * visudo.c:
36456: added -v flag and usage()
36457: [4d44ed60ed75]
36458:
36459: * version.h:
36460: fixed a typo
36461: [cf3f9347ae41]
36462:
36463: * sudo.c:
36464: cast Argv to a const for exec added -v flag
36465: [d11b6efc0e45]
36466:
36467: * logging.c:
36468: mail_argv is now a const
36469: [93bb5d90bb6f]
36470:
36471: * configure.in:
36472: only set RETSIGTYPE if it is not set already
36473: [c97aac260b77]
36474:
36475: * aclocal.m4:
36476: now defines & STDC_HEADERS for Irix
36477: [9c2b24ad1fc5]
36478:
36479: * Makefile.in:
36480: added version.h
36481: [9f79e880229a]
36482:
36483: * insults.h, sudo.h:
36484: prevent multiple inclusion
36485: [d68c8a9243ce]
36486:
36487: * version.h:
36488: Initial revision
36489: [dbb39c5ef8d9]
36490:
36491: * parse.lex, parse.yacc:
36492: now includes config.h
36493: [f117e036a56b]
36494:
36495: * aclocal.m4:
36496: now talks about sunos 4.x
36497: [c9054aa92d4e]
36498:
36499: * visudo.c:
36500: calls to Exit now pass an arg
36501: [a92104670551]
36502:
36503: 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
36504:
36505: * visudo.c:
36506: signal handler now takes an int argument
36507: [26f480c41523]
36508:
36509: * CHANGES:
36510: updated
36511: [8c166a9d796b]
36512:
36513: * sudo.c:
36514: ok, the getcwd() is now *really* done as the user
36515: [ab86cf85134a]
36516:
36517: * configure.in:
36518: changed AIX STATIC_FLAGS
36519: [b9c0a3ba5663]
36520:
36521: * aclocal.m4:
36522: solaris now defines SVR4
36523: [c3e20cac96f5]
36524:
36525: * sudo.h:
36526: added cwd and fixed stupid core dump that makes no sense. sigh.
36527: [7a9755436dbb]
36528:
36529: * sudo.c:
36530: moved getcwd stuff into load_globals
36531: [ec2bc90df1f3]
36532:
36533: * parse.c:
36534: took out externs that are in suod.h
36535: [93c4b3f856d7]
36536:
36537: * logging.c:
36538: moved cwd into load_globals
36539: [050de754d228]
36540:
36541: * find_path.c:
36542: moved cwd stuff
36543: [22f3f3b4c34d]
36544:
36545: * Makefile.in:
36546: fixed make distclean & realclean
36547: [c9964d89bcef]
36548:
36549: * TODO:
36550: updated .,
36551: [e513581ef0e3]
36552:
36553: * CHANGES:
36554: added solaris changes
36555: [505d930daf27]
36556:
36557: * aclocal.m4:
36558: added solaris changes, need to rework
36559: [33f20fb16c49]
36560:
36561: * configure.in:
36562: cleaned up for solaris
36563: [2fb8cfa05d0f]
36564:
36565: * logging.c:
36566: reinstall reapchild signal handler for non-bsd signals
36567: [3d1dc545113d]
36568:
36569: * sudo.h:
36570: took out getdtablesize() emulation for HP-UX (no longer needed)
36571: [1fc83d170f34]
36572:
36573: * sudo.c:
36574: support for HAVE_SYSCONF
36575: [50ca2a7a224a]
36576:
36577: * visudo.c:
36578: added <fcntl.h> for solaris & reorg'd the includes + minor prettying
36579: up /
36580: [0a570e826dd4]
36581:
36582: * config.h.in:
36583: added HAVE_SYSCONF
36584: [2b9a9f3a4e94]
36585:
36586: 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
36587:
36588: * configure.in:
36589: now tells you what os you are running /.
36590: [06c6332a895b]
36591:
36592: * aclocal.m4:
36593: took out extra ','
36594: [e8c75ce59f4a]
36595:
36596: 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
36597:
36598: * config.h.in:
36599: added _BSD_COMPAT
36600: [73c5099806c2]
36601:
36602: * aclocal.m4:
36603: fixed for irix5
36604: [1047d1f6c0eb]
36605:
36606: * CHANGES:
36607: updated
36608: [1bc4969fee96]
36609:
36610: * sudo.c:
36611: uid seinitialized to -2
36612: [8d7812b1878b]
36613:
36614: 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
36615:
36616: * sudo.c:
36617: now removes LIBPATH for AIX
36618: [075392eb1dd9]
36619:
36620: 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
36621:
36622: * configure.in:
36623: now uses ufc if it finds it
36624: [ab6ce30a5958]
36625:
36626: 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
36627:
36628: * sudo.h:
36629: no longer define yyval & yylval since yacc does it
36630: [09d250aea50a]
36631:
36632: * parse.lex:
36633: now defines yylval as extenr
36634: [8ec2b88952bc]
36635:
36636: * configure.in:
36637: BROKEN_GETPASS is now an OPTION
36638: [3714f4bb8312]
36639:
36640: * config.h.in:
36641: took out BROKEN_GETPASS
36642: [9c4f6aa50137]
36643:
36644: * Makefile.in:
36645: took out big comment
36646: [4c13cff0e556]
36647:
36648: * README:
36649: updated
36650: [b8b9902b620d]
36651:
36652: * Makefile.in:
36653: took out README.beta
36654: [ed2cd861e82b]
36655:
36656: * SUPPORTED:
36657: Initial revision
36658: [2fffc51e6606]
36659:
36660: * INSTALL:
36661: now reference SUPPORTED .,
36662: [d112c30be1f2]
36663:
36664: * config.h.in:
36665: now check for convex OR __convex__
36666: [a0e5701a3069]
36667:
36668: * aclocal.m4:
36669: now check for convex or __convex__
36670: [5dae2bfbe3bc]
36671:
36672: * Makefile.in:
36673: added dist target
36674: [400a54de57db]
36675:
36676: * aclocal.m4:
36677: use __convex__
36678: [58a19470ed0b]
36679:
36680: * find_path.c:
36681: now use _S_* stat stuff to be ansi-like
36682: [28cce560e048]
36683:
36684: * INSTALL:
36685: updated for configure directions
36686: [a034ccc7c30a]
36687:
36688: * Makefile.in:
36689: distclean now removes config.h and pathnames.h
36690: [300f2349b4ab]
36691:
36692: * CHANGES:
36693: updated
36694: [646f7e9430c1]
36695:
36696: * TODO:
36697: fixed typoe
36698: [70fd6361b2bc]
36699:
36700: * visudo.c:
36701: updated version
36702: [cf13d87d789f]
36703:
36704: * Makefile.in:
36705: updated version
36706: [8c5dacc27a7a]
36707:
36708: * config.h.in, pathnames.h.in:
36709: added copyright header
36710: [747ce3d3d6b7]
36711:
36712: * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
36713: parse.yacc, sudo.c, sudo.h:
36714: udpated version
36715: [4751c39bad18]
36716:
36717: * visudo.c:
36718: udpated to use configure + pathnames.h
36719: [d45dff76a1cd]
36720:
36721: * aclocal.m4:
36722: updated
36723: [f05a367a55be]
36724:
36725: * Makefile.in, config.h.in, configure.in:
36726: updated
36727: [524778598879]
36728:
36729: * sudo.h:
36730: now works with configure
36731: [83fc40e533f4]
36732:
36733: * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
36734: updated to work with configure + pathnames.h
36735: [cb67fa6ab52d]
36736:
36737: * Makefile.in:
36738: added LEXLIB
36739: [f43cad4ab0a2]
36740:
36741: 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
36742:
36743: * COPYING:
36744: updated gnu general licence to versio 2
36745: [2b0b56112ddc]
36746:
36747: * config.h.in, pathnames.h.in:
36748: Initial revision
36749: [4b586f39ec2d]
36750:
36751: * sudo.h:
36752: changed to work with configure
36753: [13f3506ddf16]
36754:
36755: 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
36756:
36757: * Makefile.in, aclocal.m4, configure.in:
36758: Initial revision
36759: [a8636ae77371]
36760:
36761: * visudo.c:
36762: now uses defines used by configure
36763: [de438d118993]
36764:
36765: 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
36766:
36767: * find_path.c:
36768: sudo won't bitch about EPERM now, for real
36769: [ce26d9ef7e3f]
36770:
36771: 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
36772:
36773: * logging.c:
36774: renamed exec_argv to eliminate a libc name clash with ksros
36775: [bcb4350d8411]
36776:
36777: * CHANGES:
36778: corrected
36779: [dae68d422efd]
36780:
36781: * logging.c, sudo.c, sudo.h:
36782: execve -> execv
36783: [40cc2c4bdb15]
36784:
36785: * TODO:
36786: upated
36787: [9275a8b8fc45]
36788:
36789: * PORTING:
36790: added 2 mroe items
36791: [6cbb5c56993c]
36792:
36793: * CHANGES:
36794: updated
36795: [73f34f8e571a]
36796:
36797: * sudo.h:
36798: added UMASK and mode_t declaration
36799: [7c2015e1d171]
36800:
36801: * sudo.c:
36802: added UMASK
36803: [d37be7523680]
36804:
36805: * logging.c:
36806: now opens log file with mode 077
36807: [0825cc3ee841]
36808:
36809: * check.c:
36810: saved current umask ans restores it
36811: [659c1aaae8e8]
36812:
36813: * sudo.h:
36814: added MAXLOGFILELEN
36815: [34331c7dee90]
36816:
36817: * logging.c:
36818: split long log lines. FOr syslog, split into multiple entries, for
36819: a log file, indent the extra for readability
36820: [72c9e4cdba6e]
36821:
36822: 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
36823:
36824: * CHANGES:
36825: added changes
36826: [81196833673d]
36827:
36828: * sudo.h:
36829: MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
36830: [1aa69e903840]
36831:
36832: 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
36833:
36834: * TODO:
36835: added input from Brett M Hogden <hogden@rge.com>
36836: [80f01fc88ce9]
36837:
36838: 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
36839:
36840: * sudo.c:
36841: added rmenv() to remove stuff from environ. can now uses execvp()
36842: OR execve() becuase of this.
36843: [e7fc2535bd67]
36844:
36845: * logging.c:
36846: now uses execvp() OR execve()
36847: [56391aa1f99d]
36848:
36849: * sudo.h:
36850: added USE_EXECVE
36851: [f21f38050b95]
36852:
36853: * sudo.h:
36854: added environ
36855: [6b805e23c6f6]
36856:
36857: * find_path.c:
36858: now ignore EPERM
36859: [c8fd7117a1d7]
36860:
36861: * sudo.h:
36862: moved some func decls out of sudo.h and into sudo.c as statics /.
36863: [5f555c267d27]
36864:
36865: * CHANGES:
36866: updated
36867: [431f478af320]
36868:
36869: * sudo.h:
36870: took out Envp
36871: [6f722be7793d]
36872:
36873: 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
36874:
36875: * BUGS:
36876: Initial revision
36877: [4a8ecf0da95c]
36878:
36879: 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
36880:
36881: * CHANGES:
36882: added SECURE_PATH
36883: [1c72cb222609]
36884:
36885: * sudo.c, sudo.h:
36886: added SECURE_PATH
36887: [5bf5357a63c5]
36888:
36889: * sudo.h:
36890: added SECURE_PATH
36891: [3976a74405ac]
36892:
36893: * INSTALL:
36894: added sample.sudoers note
36895: [1b395d29aaeb]
36896:
36897: * sudoers:
36898: Initial revision
36899: [485888d07477]
36900:
36901: 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
36902:
36903: * find_path.c:
36904: fixed typo
36905: [bfc3cc4d41ca]
36906:
36907: * PORTING:
36908: took out SAVED_UID garbage
36909: [b7c2d3469661] [SUDO_1_3_0]
36910:
36911: * INSTALL:
36912: mentioned HAL
36913: [253d6695df90]
36914:
36915: * sudo.h:
36916: added HAL line
36917: [29ec1a4ac6de]
36918:
36919: * insults.h:
36920: added HAL insults
36921: [7d7c96d77c74]
36922:
36923: * TODO:
36924: updated
36925: [aa2ed9790586]
36926:
36927: * logging.c:
36928: more verbose error if mailer not found
36929: [fca47fd00cb6]
36930:
36931: * check.c:
36932: now do getpwent as root for soem shadow password systems (bsdi)
36933: [e0339e110d46]
36934:
36935: 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
36936:
36937: * sudo.h:
36938: took out SAVED_UID garbade
36939: [fcb0e81dcdb5]
36940:
36941: * sudo.c:
36942: took out SAVED_UID garbage since it don't work
36943: [507e9513e9c2]
36944:
36945: 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
36946:
36947: * README:
36948: updated
36949: [d2b6b253dae5]
36950:
36951: * insults.h:
36952: added a missing space :-)
36953: [8940ea991f87]
36954:
36955: * sudo.c, sudo.h:
36956: took out multimax cruft
36957: [c2606b365181]
36958:
36959: * INSTALL:
36960: minor update
36961: [05fb6ee73131]
36962:
36963: * PORTING:
36964: finished
36965: [c4ac47c84dc5]
36966:
36967: * sudo.c:
36968: fixed a typo + indentation
36969: [7eab40aae8fa]
36970:
36971: 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
36972:
36973: * sudo.h:
36974: took outumoved some defines to the config file ,. ,.
36975: [defff05beb52]
36976:
36977: * PORTING:
36978: Initial revision
36979: [c803e9127959]
36980:
36981: * TODO:
36982: did #6
36983: [c6fa1c946c31]
36984:
36985: * sudo.h:
36986: added HAS_SAVED_UID
36987: [6a88a39c0a07]
36988:
36989: * sudo.c:
36990: put back AIX cruft
36991: [a24d2507ddd4]
36992:
36993: 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
36994:
36995: * sudo.c:
36996: aix changes
36997: [1663915f754a]
36998:
36999: 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
37000:
37001: * CHANGES:
37002: updated
37003: [a8cc73747cae]
37004:
37005: * check.c, logging.c, parse.c, sudo.c, sudo.h:
37006: now is only root when abs necesary
37007: [3c9d12c5cdfe]
37008:
37009: * check.c:
37010: added missing %s\n
37011: [609320b72d89]
37012:
37013: 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
37014:
37015: * install-sh:
37016: Initial revision
37017: [b5bba140a175]
37018:
37019: * TODO:
37020: updated
37021: [c9d2eba602af]
37022:
37023: * CHANGES:
37024: updated
37025: [932f1fc3bb14]
37026:
37027: * sudo.c:
37028: now removed _RLD_* for alphas
37029: [54a36e648158]
37030:
37031: * INSTALL:
37032: updated for new config scheme
37033: [61c8ae800444]
37034:
37035: * find_path.c:
37036: more verbose eror messages
37037: [b4fd123db42d]
37038:
37039: 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
37040:
37041: * TODO:
37042: now have solaris
37043: [371002fbf266]
37044:
37045: * sudo.h:
37046: define __svr4__ for SOLARIS
37047: [0b5cf5ed936d]
37048:
37049: * check.c:
37050: added svr4 junk for shadow pws for solaris 2.x
37051: [91ed58f21618]
37052:
37053: * check.c, sudo.c:
37054: took out setuid(0) and setreuid(udi) garbage. Its not needed since
37055: we start out setuid with the correct perms.
37056: [07689e782b0b]
37057:
37058: * check.c, sudo.c, sudo.h:
37059: now use setreuid()
37060: [7d64d685d78e]
37061:
37062: 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
37063:
37064: * sudo.man:
37065: revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
37066: sectoin
37067: [b26967b1e19b]
37068:
37069: * visudo.c:
37070: now uses ENV_EDITOR if you want to use the EDITOR envar
37071: [a4f8fcb9bd1d]
37072:
37073: * sudo.h:
37074: now uses ENV_EDITOR if you want to use the EDITOR envar >> .
37075: [028cc55c4328]
37076:
37077: 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
37078:
37079: * INSTALL:
37080: rewrote most of this
37081: [a6750923f9c9]
37082:
37083: * README:
37084: minor update + spell fix
37085: [a411717a7249]
37086:
37087: * sudo.h:
37088: added all options that are in the Makefile
37089: [6db3b3b841b3]
37090:
37091: * getpass.c:
37092: now use USE_TERMIO #define for sgi & hpux
37093: [b91f89ae6be1]
37094:
37095: * TODO:
37096: todo: posix sigs
37097: [4548a56eb2ef]
37098:
37099: 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
37100:
37101: * check.c, find_path.c:
37102: always include strings.h
37103: [1fc20bda92c0]
37104:
37105: * visudo.c:
37106: added STATICEDITOR
37107: [0596f820716e]
37108:
37109: * sudo.h:
37110: sgi has vi in /usr/bin too
37111: [94203b62bfd9]
37112:
37113: * sudo.man:
37114: added VISUAL
37115: [87c2844c4cac]
37116:
37117: 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
37118:
37119: * sudo.h:
37120: sue /usr/bin/vi on some systems
37121: [e3ad9190f35e]
37122:
37123: * sudo.c:
37124: fixed warning (include strings.h)
37125: [0b896de4d8a0]
37126:
37127: * sudo.man:
37128: added John_Rouillard@dl5000.bc.edu's changes (new features)
37129: [f41b4205a8cf]
37130:
37131: * CHANGES:
37132: changes from John_Rouillard@dl5000.bc.edu
37133: [6bdef8e948d5]
37134:
37135: * visudo.c:
37136: added EDITOR envar
37137: [5c4bf716de21]
37138:
37139: * check.c, find_path.c, parse.c, sudo.c:
37140: added patches from John_Rouillard directory spec
37141: uses EDITOR
37142: [f62a435f8c41]
37143:
37144: 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
37145:
37146: * getpass.c:
37147: added flush for hpux
37148: [07cfdd6a7b55]
37149:
37150: 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
37151:
37152: * sudo.c:
37153: no longer assume malloc returns a char *
37154: [7480bd2756f3]
37155:
37156: * sudo.c:
37157: alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
37158: gets removed correctly
37159: [8587166c6ac8]
37160:
37161: * sudo.h:
37162: added STD_HEADERS macro
37163: [480f5a9a516c]
37164:
37165: * sudo.c:
37166: now uses STD_HEADERS macor for ansi
37167: [c5018806fd59]
37168:
37169: * find_path.c:
37170: now uses STD_HEADERS macro
37171: [ad821e0788ea]
37172:
37173: * check.c:
37174: niceties for C compiler bitches -- no real change
37175: [0fc0b1a5fb64]
37176:
37177: 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
37178:
37179: * visudo.c:
37180: now doesn't fclose a file never opened.
37181: [ee888ec9427d]
37182:
37183: 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
37184:
37185: * sudo.man:
37186: added visudo line
37187: [698d51c66407]
37188:
37189: * sudo.man:
37190: added error stuff added me in there...
37191: [d202fd34b906]
37192:
37193: * CHANGES:
37194: noted insults
37195: [998a22c2230c]
37196:
37197: * INSTALL:
37198: added blurb about reading stuff
37199: [e71db100798f]
37200:
37201: * sudo.h:
37202: added insults
37203: [c110431cec56]
37204:
37205: * insults.h:
37206: corrected somments and removed newlines
37207: [493706fd488c]
37208:
37209: * check.c:
37210: now uses insults
37211: [6d23cf06a0ef]
37212:
37213: * insults.h:
37214: Initial revision
37215: [83153c26b4a3]
37216:
37217: * INSTALL:
37218: added dec syslog note
37219: [555437273237]
37220:
37221: * sample.sudoers:
37222: added real stuff in there
37223: [53442a7fba78]
37224:
37225: * TODO:
37226: added a todo
37227: [c630472bd4dc]
37228:
37229: * TODO:
37230: added one
37231: [806464453284]
37232:
37233: 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
37234:
37235: * sample.sudoers:
37236: Initial revision
37237: [7db0a9f1ca8f]
37238:
37239: * sudo.man:
37240: updated with changes
37241: [d9bf254c6c08]
37242:
37243: * sudo.man:
37244: Initial revision
37245: [dd6f11174ac6]
37246:
37247: * indent.pro:
37248: Initial revision
37249: [dbfbb494fad9]
37250:
37251: * CHANGES, COPYING, INSTALL, README, TODO:
37252: Initial revision
37253: [6d98f489a079]
37254:
37255: * visudo.c:
37256: updated version number and took out jeff's old addr since it is no
37257: good
37258: [ee47c24818cb]
37259:
37260: * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
37261: sudo.c, sudo.h:
37262: updated version number and took out jeff's email (since it is
37263: invalid)
37264: [54616458a52e]
37265:
37266: 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
37267:
37268: * check.c:
37269: added fflush()
37270: [145c881f4fb4]
37271:
37272: 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
37273:
37274: * find_path.c:
37275: now return NULL instead pf��of exiting for nopn��n-fatal errors
37276: [8bc74f8cb1ae]
37277:
37278: 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
37279:
37280: * check.c:
37281: new banner
37282: [5387ab2af516]
37283:
37284: * parse.lex:
37285: now sudo.h gets included first
37286: [2acb01c18e18]
37287:
37288: 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
37289:
37290: * parse.lex:
37291: now can use flex
37292: [164d3839adf0]
37293:
37294: * sudo.h:
37295: linux patch
37296: [f1b6b1b1a2ca]
37297:
37298: * sudo.c:
37299: hpux 9 fix, removes SHLIB_PATH linux patch
37300: [67611dc1737f]
37301:
37302: * check.c:
37303: linux diff
37304: [c24536682397]
37305:
37306: 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
37307:
37308: * find_path.c:
37309: stat now ignores EINVAL
37310: [c7761a5dc642]
37311:
37312: 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
37313:
37314: * find_path.c, sudo.c:
37315: now declare strdup as extern
37316: [6b7d6f8784b5]
37317:
37318: 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
37319:
37320: * visudo.c:
37321: reformatted with indent + by hand
37322: [9d43084e4990]
37323:
37324: * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
37325: used indent to "fix" coding style
37326: [489ffacbdc70]
37327:
37328: * find_path.c:
37329: now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
37330: move the code that does this into the loop body. makes it messier
37331: tho. hmmm.
37332: [c4d22b48da9a]
37333:
37334: 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
37335:
37336: * find_path.c:
37337: redid the fix for non-executable files in an easier to read way plus
37338: some minor aethetic changes
37339: [84fe337f1426]
37340:
37341: * find_path.c:
37342: fixed bug with non-executable tings of same name in path introduced
37343: by checkig errno after stat(2).
37344: [c2a812cfcbc1]
37345:
37346: 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
37347:
37348: * sudo.c:
37349: fixed off by one error
37350: [fabb7cee0041]
37351:
37352: * find_path.c:
37353: now handles decending below '/' correctly
37354: [5d2ddfc0b220]
37355:
37356: * sudo.c:
37357: now actually builds Envp instead of munging envp
37358: [bdc4b08f6898]
37359:
37360: 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
37361:
37362: * parse.yacc:
37363: now includes sys/param.h
37364: [efbb494ab4de]
37365:
37366: * visudo.c:
37367: now includes sys/param.h
37368: [ad6c91d59958]
37369:
37370: * sudo.h:
37371: fixed ifndef -> ifdef
37372: [7aebe822d863]
37373:
37374: * qualify.c:
37375: make more like find_path.c
37376: [853b2dab2e03]
37377:
37378: * find_path.c:
37379: rewritten by millert
37380: [c6a043cc11b3]
37381:
37382: * sudo.h:
37383: fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
37384: about new defines in the comment
37385: [39ffefce3aec]
37386:
37387: * logging.c:
37388: now uses USE_CWD
37389: [fa0f3b118bb3]
37390:
37391: * sudo.h:
37392: added delc for clean_envp() and Envp
37393: [a12034e300c2]
37394:
37395: * sudo.c:
37396: now rips LD_* env vars out of envp and passed sanitized Envp to exec
37397: [d201a218e056]
37398:
37399: * logging.c:
37400: now uses execve()
37401: [f3e01032cd33]
37402:
37403: * find_path.c:
37404: ENOTDIR is ok now too (in case part of the path is bogus)
37405: [b5cbbb201bb5]
37406:
37407: * qualify.c:
37408: now works correctly (ttaltotal rewrite)
37409: [0c25d64a5c68]
37410:
37411: * parse.lex:
37412: now includes sys/param.h didn't match trailing / -- fix from
37413: rouilj@cs.umb.edu
37414: [b6363ba110af]
37415:
37416: 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
37417:
37418: * sudo.c:
37419: moved around the #ifndef _AIX
37420: [7d4330950c20]
37421:
37422: * check.c, logging.c, parse.c:
37423: Initial revision
37424: [c101e9572d7f]
37425:
37426: 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
37427:
37428: * qualify.c:
37429: Initial revision
37430: [5a5f21d0e0bf]
37431:
37432: 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
37433:
37434: * find_path.c:
37435: now works if you do sudo bin/test
37436: [07835120ce43]
37437:
37438: * find_path.c:
37439: works
37440: [c3da8b5efa20]
37441:
37442: 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
37443:
37444: * sudo.h:
37445: Initial revision
37446: [28a1caa38b72]
37447:
37448: * visudo.c:
37449: Initial revision
37450: [0e5cd7c3cdbe]
37451:
37452: * parse.lex, parse.yacc:
37453: Initial revision
37454: [5f2d0cccb06b]
37455:
37456: 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
37457:
37458: * sudo.c:
37459: took out errno.h
37460: [7466431a2655]
37461:
37462: * sudo.c:
37463: now spews error if exec fails and exits with -1
37464: [e5c41ea725c1]
37465:
37466: * sudo.c:
37467: Initial revision
37468: [8aeabe39a0c2]
37469:
37470: * find_path.c:
37471: now only execs files with (an) executable bit set.
37472: [0a451f9c0e58]
37473:
37474: * find_path.c:
37475: Initial revision
37476: [02a534891a35]
37477:
37478: 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
37479:
37480: * getpass.c:
37481: added nice comment
37482: [ea8b2aaa9389]
37483:
37484: * getpass.c:
37485: now works on sgi's
37486: [bf2b7c6d0960]
37487:
37488: * getpass.c:
37489: Initial revision
37490: [9f4de251c1b5]
37491:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ChangeLog CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo