1:
2:
3: * NEWS, configure, configure.in:
4: sudo 1.8.6p3
5: [97fef3d9ed65]
6:
7: 2012-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
8:
9: * doc/fixman.sh:
10: Don't use embedded newline when matching, use \n. This got expanded
11: at some point. Bug #573
12: [6652f834b8f5]
13:
14: * plugins/sudoers/sudoreplay.c:
15: Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not
16: all file systems support d_type. Bug #572
17: [8b861c62945f]
18:
19: * plugins/sudoers/sudoreplay.c:
20: Avoid calling fclose(NULL) in the error path when we cannot open an
21: I/O log file.
22: [9401d5c4bb05]
23:
24: 2012-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
25:
26: * NEWS, configure, configure.in:
27: Sudo 1.8.6p2
28: [6e32496280f2]
29:
30: * src/exec.c:
31: When setting the signal handler for SIGTSTP to the default value in
32: non-I/O log mode, store the old handler value for when we restore it
33: after resume.
34: [242628694e42]
35:
36: 2012-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
37:
38: * NEWS:
39: Mention support for SUCCESS=return in /etc/nsswitch.conf
40: [ef1f35aa0863]
41:
42: * NEWS, configure, configure.in:
43: sudo 1.8.6p1
44: [73a5e1f004b3]
45:
46: 2012-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
47:
48: * plugins/sudoers/env.c:
49: Avoid setting LOGNAME, USER and USERNAME variables twice when
50: set_logname is enabled.
51: [0de4f5fbd1d4]
52:
53: * plugins/sudoers/env.c:
54: Fix duplicate detection in sudo_putenv(), do not prune out the
55: variable we just set when overwriting an existing instance. Fixes
56: bug #570
57: [854ee714c831]
58:
59: * plugins/sudoers/env.c:
60: Add some debuggging
61: [a25cd3305823]
62:
63: 2012-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
64:
65: * plugins/sudoers/sudo_nss.c:
66: Disable word wrap in list mode when stdout is a pipe to make "sudo
67: -l | grep ..." more useful. Adapted from a diff by Daniel Kopecek.
68: [65ade04511fd]
69:
70: * common/lbuf.c:
71: Print a trailing newline in lbuf_print() when there is not enough
72: space to do word wrapping and the lbuf does not end with a newline.
73: [c0200e19cd09]
74:
75: * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
76: Add support for [SUCCESS=return] in nsswitch.conf; from Daniel
77: Kopecek
78: [5c480316e3ce]
79:
80: * MANIFEST:
81: Add sssd.c
82: [9cadd014ef97]
83:
84: 2012-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
85:
86: * plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo,
87: plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo,
88: plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo,
89: src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo:
90: regen .po files
91: [62423d4d143d]
92:
93: * MANIFEST, plugins/sudoers/po/vi.mo:
94: Add Vietnamese sudoers translation from translationproject.org
95: [33666a605525]
96:
97: * NEWS:
98: mention PIE
99: [05032e5304c6]
100:
101: * MANIFEST, plugins/sudoers/po/vi.po:
102: Add Vietnamese sudoers translation from translationproject.org
103: [015c2204bae2]
104:
105: 2012-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
106:
107: * Makefile.in, compat/Makefile.in, mkdep.pl:
108: Add missing signame dependency
109: [e493bfb01929]
110:
111: * src/exec.c, src/ttyname.c:
112: Silence compiler warnings.
113: [1c5374b66d9b]
114:
115: * MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c,
116: config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
117: src/exec.c, src/exec_pty.c:
118: Replace strsigname() with sig2str(), emulating it as needed.
119: [1e348cca1fa6]
120:
121: * config.h.in, configure, configure.in, src/utmp.c:
122: Use fseeko() for legacy utmp handling if available.
123: [b4bbd8d2c0e9]
124:
125: 2012-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
126:
127: * compat/strsigname.c, config.h.in, configure, configure.in:
128: Detect sys_sigabbrev[] and use it in place of sys_signame[] if
129: present. For some reason glibc does not declare sys_sigabbrev so we
130: must add an extern definition of our own.
131: [b38f3fbd7078]
132:
133: * compat/strsignal.c, compat/strsigname.c:
134: Handle NULL entries in sys_siglist and sys_signame.
135: [a388959d9654]
136:
137: * compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c,
138: compat/mksigname.h, compat/strsignal.c, compat/strsigname.c:
139: Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name}
140: [711e41aba59a]
141:
142: 2012-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
143:
144: * NEWS:
145: sync
146: [5a2522488754]
147:
148: * src/exec.c:
149: Pass on SIGTSTP to the command if it was sent by a user process (not
150: the kernel or the terminal) when we are not I/O logging and set the
151: default SIGTSTP handler when we re-send the signal to ourself,
152: restoring our handler after we resume.
153: [4259c47e31c0]
154:
155: * src/exec.c:
156: Shells typically change their process group when they start up so
157: that they can implement job control. Most well-behaved shells
158: change the pgrp back to its original value before suspending so we
159: must not try to restore in that case, lest we race with the child
160: upon resume, potentially stopping sudo with SIGTTOU while the
161: command continues to run. Some shells, such as pdksh, just suspend
162: the shell by sending SIGSTOP to themselves without restoring the
163: pgrp. In this case we need to change the pgrp back for them. Should
164: fix bug #568
165: [6ac6751ffd17]
166:
167: 2012-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
168:
169: * MANIFEST, compat/Makefile.in, compat/mksigname.c,
170: compat/mksigname.h, compat/strsignal.c, compat/strsigname.c,
171: config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
172: src/exec.c, src/exec_pty.c:
173: Use strsigname() to print signal names in the debug output. If the
174: system has no strsigname(), use our own.
175: [0735f18906b9]
176:
177: 2012-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
178:
179: * plugins/sudoers/regress/testsudoers/test5.inc,
180: plugins/sudoers/regress/testsudoers/test5.sh:
181: Remove generated file and change path for temporary include file.
182: [4e9fa830c6b5]
183:
184: * plugins/sudoers/Makefile.in:
185: When running regress tests, list pass/fail rate for each dir
186: (testsudoers and visudo) instead of the total. Also prevent the
187: result files from clobbering each other by keeping them in the
188: relevant directories.
189: [6aac53baff7d]
190:
191: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
192: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
193: Don't print an error message in yyerror() if open_sudoers() fails,
194: we've already printed an error message. Also restore the check for
195: sudoers_warnings in yyerror().
196: [aa6036df5fb2]
197:
198: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
199: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
200: plugins/sudoers/toke.l:
201: Avoid printing the >>> parse error <<< message for testsudoers when
202: the -t flag is specified.
203: [76f3433c8992]
204:
205: 2012-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
206:
207: * plugins/sudoers/parse.c:
208: Fix NULL deref when an entry has no Runas_Entry
209: [4b14983ff6e7]
210:
211: * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
212: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
213: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
214: src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po,
215: src/po/zh_CN.mo, src/po/zh_CN.po:
216: sync with translationproject.org
217: [440e9c9b37de]
218:
219: * NEWS:
220: sync
221: [3142ba2dce60]
222:
223: * plugins/sudoers/check.c:
224: Correct the check_user() comment header.
225: [73da30308fff]
226:
227: * plugins/sudoers/auth/sudo_auth.c:
228: Change a log_fatal() into log_error() when no auth methods are
229: configured. The caller already checks the return value.
230: [05f5c39793a7]
231:
232: * plugins/sudoers/logging.c:
233: Add missing debug_return
234: [3a76bb7c2fe7]
235:
236: 2012-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
237:
238: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
239: doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
240: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
241: doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
242: doc/sudoers.man.in, doc/sudoers.mdoc.in:
243: Make the capitalization consistent for .Ss and .Sx
244: [5c5735ee4b2f]
245:
246: * doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat,
247: doc/sudo.man.in, doc/sudo.mdoc.in:
248: Add COMMAND EXECUTION section that describes how sudo runs the
249: command, the extra sudo processes and signal handling.
250: [dff2d88e984e]
251:
252: 2012-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
253:
254: * Makefile.in:
255: Happy Easter
256: [4b9d697c6b83]
257:
258: 2012-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
259:
260: * compat/Makefile.in:
261: Don't echo the awk command when building siglist.in
262: [21daa72921e6]
263:
264: * doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
265: doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
266: Cosmetic changes.
267: [19259528e9ad]
268:
269: * doc/Makefile.in:
270: The HISTORY, LICENSE and CONTRIBUTORS files are not longer
271: generated.
272: [ea6ac9e981e6]
273:
274: * MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po,
275: plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo,
276: plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po,
277: plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po,
278: src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po,
279: src/po/uk.po, src/po/vi.po:
280: Sync with translationproject.org and add Italian sudoers
281: translation.
282: [9276740aea59]
283:
284: 2012-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
285:
286: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
287: Expand description of fqdn to talk about systems where the hosts
288: file is searched before DNS.
289: [4ee812ca6116]
290:
291: 2012-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
292:
293: * doc/Makefile.in:
294: For cat pages there is nothing to make unless DEVEL is set.
295: [fab4a5b68708]
296:
297: * configure, configure.in, doc/Makefile.in:
298: Always use mandoc to format cat pages and remove now-extraneous
299: nroff configure tests.
300: [5747f4ed5762]
301:
302: * pp:
303: sync polypkg from git
304: [89ddf6ea3e3f]
305:
306: * plugins/sudoers/sudoers.c:
307: Use AI_FQDN instead of AI_CANONNAME if available since "canonical"
308: is not always the same as "fully qualified".
309: [7c1d9c098386]
310:
311: 2012-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
312:
313: * doc/sudoers.mdoc.in:
314: Fix some typos. Describe error messages not related to policy
315: permissions.
316: [f5ebf9030d85]
317:
318: * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
319: plugins/sudoers/visudo.c:
320: Add new check_defaults() function to check (but not update) the
321: Defaults entries. Visudo can now use this instead of
322: update_defaults to check all the defaults regardless instead of just
323: the global Defaults entries.
324: [3fa879ce1b65]
325:
326: 2012-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
327:
328: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
329: Document sudoers log format.
330: [08998a7061ab]
331:
332: * NEWS:
333: Update for sudo 1.8.5p3
334: [6e102a5d4e8d]
335:
336: * src/load_plugins.c:
337: Add missing check for I/O plugin API version when checking for the
338: presence of I/O plugin hooks.
339: [ef05c7eeaf81]
340:
341: * src/hooks.c:
342: Can't call debug code in the process_hooks_xxx functions() since
343: ctime() may look up the timezone via the TZ environment variable.
344: [2179fb26bd8e]
345:
346: 2012-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
347:
348: * src/exec_common.c, src/sesh.c, src/utmp.c:
349: Include signal.h before sudo_exec.h since it uses sigset_t * in the
350: fork_pty prototype.
351: [94fc0d859600]
352:
353: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
354: doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
355: doc/visudo.man.in, doc/visudo.mdoc.in:
356: Remove OPTIONS section; options now go inside DESCRIPTION
357: [a619fc58a746]
358:
359: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
360: regen
361: [44719d80bc06]
362:
363: * MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
364: plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
365: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
366: plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
367: plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
368: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
369: plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
370: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
371: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
372: src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po,
373: src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po:
374: Sync with translationproject.org and add new Slovenian translation.
375: [34b4b966bbac]
376:
377: * common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
378: plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c,
379: plugins/sudoers/testsudoers.c:
380: Reduce the number of "internal error, foo overflow" messages that
381: need to be translated.
382: [93ffa2b3d53f]
383:
384: * NEWS:
385: Mention HP-UX reboot fix.
386: [1e39b5aa32ac]
387:
388: * INSTALL, NEWS, common/sudo_debug.c, configure, configure.in,
389: doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in,
390: plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c,
391: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
392: Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers
393: data source. From Daniel Kopecek and Pavel Brezina.
394: [3f85e95d6928]
395:
396: 2012-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
397:
398: * common/sudo_conf.c, src/load_plugins.c:
399: If sudo.conf contains an I/O plugin but no policy plugin, use
400: sudoers for the policy plugin. If a policy plugin is specified
401: without an I/O plugin, only the policy plugin will be loaded.
402: [ea192df2439d]
403:
404: * doc/Makefile.in, doc/sudoers.man.in:
405: Do not modify the .Os section when building the .man.in file from
406: .mdoc.in.
407: [a9f9628e147f]
408:
409: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
410: Add a note about wildcards matching multiple words and include an
411: example. Also mention that for sudoedit, a wildcard in command line
412: args does not match a slash.
413: [fcb9fbac14e0]
414:
415: 2012-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
416:
417: * src/exec_pty.c, src/sudo_exec.h:
418: Fix a comment, update a variable name in a prototype; all cosmetic.
419: [e89f10cbd6e1]
420:
421: * plugins/sudoers/iolog.c:
422: Cast 2nd argument of lseek() to off_t if it is a constant for
423: systems with 64-bit off_t but without a proper lseek() prototype.
424: [d8779da135d0]
425:
426: * compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
427: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
428: plugins/sudoers/visudo.c:
429: Fix some warnings from clang checker-267
430: [1e44ef7860b5]
431:
432: * plugins/sample/sample_plugin.c:
433: Fix memory leak found by clang checker-267
434: [f8a43617fdfb]
435:
436: 2012-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
437:
438: * src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h:
439: If we receive a signal from the command we executed, do not forward
440: it back to the command. This fixes a problem with BSD-derived
441: versions of the reboot command which send SIGTERM to all other
442: processes, including the sudo process. Sudo would then deliver
443: SIGTERM to reboot which would die before calling the reboot() system
444: call, effectively leaving the system in single user mode.
445: [4ffab9ab9e98]
446:
447: 2012-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
448:
449: * doc/fixman.sh, doc/fixmdoc.sh:
450: Remove section about Solaris 10 on other systems. Add missing
451: sudoers.man.in bit to fixman.sh.
452: [176559199ba7]
453:
454: 2012-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
455:
456: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
457: Expand section on Solaris privileges.
458: [3a1bfa2f1743]
459:
460: * NEWS:
461: Expand a bit on the Solaris priv set changes.
462: [bffb78b4a520]
463:
464: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
465: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
466: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
467: The second argument to init_parser() is now bool.
468: [fb727a4fb651]
469:
470: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
471: Fix printing of parse error message to stderr.
472: [dea6b420b84f]
473:
474: * plugins/sudoers/check.c, plugins/sudoers/defaults.c,
475: plugins/sudoers/match.c, plugins/sudoers/parse.c,
476: plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
477: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
478: If a command matches using an empty Runas_List (i.e. Runas_List is
479: present but empty) and the -u option was not specified, set runas_pw
480: to user_pw instead of using runas_default. This is intended to be
481: used in conjunction with the Solaris Privilege Set support for rules
482: that grant privileges without changing the user.
483: [e84a081f3c11]
484:
485: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
486: plugins/sudoers/gram.c, plugins/sudoers/gram.h,
487: plugins/sudoers/gram.y, plugins/sudoers/match.c,
488: plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h:
489: Add support for parsing an empty Runas_List, which only allows the
490: command to be run as the invoking user. This can be used in
491: conjunction with the Solaris Privilege Set support to grant
492: privileges without changing the user.
493: [dc34373792fc]
494:
495: 2012-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
496:
497: * doc/fixman.sh:
498: Fix HP-UX, just use ".TH name section" like the vendor manuals.
499: [559738237c92]
500:
501: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
502: Fix compilation on Solaris
503: [2d310302207c]
504:
505: * .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh,
506: doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh,
507: doc/sudoers.mdoc.sh:
508: Generate a sed script file when munging *.mdoc or *.man instead of
509: passing sed expressions on the command line. Older seds do not
510: support \n in a replacement so generate and run a sed script
511: instead.
512: [0bcce3f1ca18]
513:
514: * doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in,
515: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in,
516: doc/visudo.man.in:
517: Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION"
518: [fe0f10b63776]
519:
520: 2012-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
521:
522: * src/exec.c:
523: When checking whether a signal is user-generated, compare si_code
524: against SI_USER instead of <= 0 since on HP-UX, terminal-related
525: signals get a code of 0.
526: [4e9021243343]
527:
528: * src/sudo.c:
529: SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX
530: interchangably. This causes problems when setting RLIMIT_NPROC to
531: RLIM_INFINITY due to a bug in bash where bash tries to honor the
532: value of _SC_CHILD_MAX but treats a value of -1 as an error, and
533: uses a default value of 32 instead.
534:
535: Previously, we just checked RLIMIT_NPROC and, if it was unlimited,
536: restored the previous value of RLIMIT_NPROC. However, that makes it
537: impossible to set nproc to unlimited. We now only restore the nproc
538: resource limit if sysconf(_SC_CHILD_MAX) is negative. In most
539: cases, pam_limits will set RLIMIT_NPROC for us.
540: [cb71cc8d0b08]
541:
542: 2012-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
543:
544: * plugins/sudoers/ldap.c:
545: Active Directory apparently requires that tenths of a second be
546: present in a date so append .0 to the "now" value in the time
547: filter. Also remove space for the global AND from TIMEFILTER_LENGTH
548: since it was not being used consistently. Buffers of
549: TIMEFILTER_LENGTH now need to account for the terminating NUL byte.
550: [d28619ff6e45]
551:
552: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
553: Fix SELinux build
554: [cc0d1f4e851b]
555:
556: 2012-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
557:
558: * MANIFEST:
559: Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
560: were not being kept in sync.
561: [fc3ad1847cb1]
562:
563: * doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod,
564: doc/license.pod:
565: Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
566: were not being kept in sync.
567: [950363dffe3a]
568:
569: 2012-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
570:
571: * plugins/sudoers/logging.c:
572: Fix printing of the permission denied message to standard error when
573: a user is not allowed to run a command. This got broken by the
574: recent logging changes.
575: [b7af63da3ca1]
576:
577: * plugins/sudoers/sudoers_version.h:
578: Bump grammar version for Solaris privs.
579: [2a2baf024477]
580:
581: * doc/schema.ActiveDirectory:
582: Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder
583: were added. From David Hicks.
584: [3fc432a8edb4]
585:
586: 2012-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
587:
588: * plugins/sudoers/Makefile.in:
589: Remove lex.yy.c when building toke.c
590: [72bb9e62b289]
591:
592: * doc/Makefile.in:
593: Fix building docs in a build dir.
594: [7a6f435af022]
595:
596: * doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod,
597: doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod,
598: doc/sudoreplay.pod, doc/visudo.pod:
599: Remove pod versions of the manual; we now use mdoc.
600: [5c967d2dd5db]
601:
602: * MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh,
603: doc/sudoers.man.sh, doc/sudoers.mdoc.sh:
604: Add post-processing scripts to strip out login class, BSD auth,
605: SELinux and privilege set bits when they are not supported.
606: [d0d51f72f597]
607:
608: * NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in,
609: doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in,
610: doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod,
611: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
612: plugins/sudoers/def_data.in, plugins/sudoers/gram.c,
613: plugins/sudoers/gram.h, plugins/sudoers/gram.y,
614: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
615: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
616: plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
617: plugins/sudoers/toke.l, src/sudo.c, src/sudo.h:
618: Merge in Solaris privilege support by Darren Moffat and John
619: Zolnowsky
620: [3aa0a64f2f5c]
621:
622: 2012-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
623:
624: * doc/contributors.pod:
625: Sync with CONTRIBUTORS file
626: [9a0852306ad9]
627:
628: * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
629: doc/sudoers.man.in, doc/sudoreplay.man.in:
630: Regen .man.in files with my private mandoc.
631: [dc3c9fc449eb]
632:
633: * doc/Makefile.in:
634: add MANDOC variable
635: [35527e66afc5]
636:
637: 2012-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
638:
639: * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
640: doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in:
641: Regen .man.in files with hacked mandoc to avoid issues with historic
642: nroff.
643: [d45cfa7d665f]
644:
645: 2012-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
646:
647: * doc/sudo.mdoc.in, doc/sudoers.mdoc.in:
648: Fix groff warnings.
649: [111d522ca807]
650:
651: * doc/Makefile.in:
652: Fix dependencies for .man.in files.
653: [aefeffe1af2b]
654:
655: * .hgignore:
656: Add doc/*.mdoc to ignore file
657: [1e4de6ef2ad8]
658:
659: * INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in,
660: doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
661: doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
662: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
663: doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
664: doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
665: doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
666: doc/visudo.man.in, doc/visudo.mdoc.in:
667: Build .man.in and .cat files from .mdoc.in files. Add new --with-man
668: and --with-mdoc configure options.
669: [c963fd7e8f80]
670:
671: 2012-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
672:
673: * doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in,
674: doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
675: Sudo manuals formatted in mdoc, to replace the pod versions.
676: [e6dca4030451]
677:
678: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
679: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
680: doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod,
681: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
682: doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod:
683: More minor costmetic fixes.
684: [a7287a68385a]
685:
686: 2012-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
687:
688: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
689: Minor cosmetic fixes.
690: [9c48bdaf3946]
691:
692: 2012-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
693:
694: * plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot:
695: Use "a password is required" instead of "password required" when the
696: -n flag is used and we need to read a password.
697: [a3c30fc41648]
698:
699: 2012-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
700:
701: * NEWS:
702: Mention logging changes.
703: [8238fd6e02e8]
704:
705: * plugins/sudoers/po/sudoers.pot:
706: regen
707: [e2cf634ba63b]
708:
709: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
710: Document that other mail_* flags have precedence over mail_badpass.
711: [9f4cc9188f40]
712:
713: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
714: plugins/sudoers/logging.c, plugins/sudoers/logging.h,
715: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
716: Move log_denial() calls and logic to log_failure(). Move
717: authentication failure logging to log_auth_failure(). Both of these
718: call audit_failure() for us.
719:
720: This subtly changes logging for commands that are denied by sudoers
721: but where the user failed to enter the correct password.
722: Previously, these would be logged as "N incorrect password attempts"
723: but now are logged as "command not allowed". Fixes bug #563
724: [cad35f0b3ad7]
725:
726: 2012-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
727:
728: * common/aix.c:
729: Do not set a resource limit to zero when we are unable to fetch a
730: value from /etc/security/limits.
731: [62bfb0a7895e]
732:
733: 2012-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
734:
735: * sudo.pp:
736: Add "Provides: sudo" to debian sudo-ldap package
737: [beb8afa0beb2]
738:
739: 2012-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
740:
741: * configure, configure.in, zlib/Makefile.in:
742: Define NO_VIZ for zlib when gcc doesn't support symbol visibility
743: attributes.
744: [9fdcbf526386]
745:
746: * configure, configure.in:
747: Use the autoconf cache when checking for symbol export control
748: support.
749: [03c2cce8711f]
750:
751: * INSTALL, common/Makefile.in, compat/Makefile.in, configure,
752: configure.in, mkpkg, plugins/sample/Makefile.in,
753: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
754: plugins/system_group/Makefile.in, src/Makefile.in:
755: Add configure check for building PIE executables instead of doing it
756: in mkpkg.
757: [02b5b78ef258]
758:
759: * sudo.pp:
760: MacOS pp backend doesn't like modes longer than 4 characters.
761: [01b49022bf01]
762:
763: 2012-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
764:
765: * configure, configure.in:
766: Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding
767: -fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool
768: will strip -fstack-protector from the linker flags and we always
769: link with libtool.
770: [0a0a0250ac2b]
771:
772: 2012-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
773:
774: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
775: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
776: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
777: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
778: Regen for sudo 1.8.6
779: [1657ee28b496]
780:
781: * NEWS, doc/sudoers.ldap.pod:
782: Document improved Tivoli Directory Server support.
783: [fb411edf4687]
784:
785: * config.h.in, configure, configure.in, plugins/sudoers/ldap.c:
786: Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf
787: option to specify Tivoli key db password. Allow TLS ciphers to be
788: configured for Tivoli.
789: [737e17c91e60]
790:
791: 2012-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
792:
793: * plugins/sudoers/ldap.c:
794: Tivoli Directory Server 6.3 libs always return a (bogus) error when
795: setting LDAP_OPT_CONNECT_TIMEOUT.
796: [504406637c38]
797:
798: * NEWS:
799: Update
800: [687a755604e8]
801:
802: * plugins/sudoers/ldap.c:
803: Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the
804: same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a
805: set an ldap option fatal.
806: [17cf93ae3304]
807:
808: 2012-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
809:
810: * plugins/sudoers/sudoers.c:
811: Zero pointers in sudo_user struct after freeing, just in case.
812: [8eff1f80b943]
813:
814: * plugins/sudoers/sudoers.c:
815: Free user_gids in close function if it has not already been freed.
816: [cbce28877f37]
817:
818: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
819: plugins/sudoers/sudoers.h:
820: Defer group ID to name resolution until we actually need it.
821: [463e75b81e89]
822:
823: * src/sudo.c:
824: It is safe to read in sudo.conf before calling user_info().
825: [3290b6434e3c]
826:
827: * plugins/sudoers/env.c, plugins/sudoers/ldap.c:
828: Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to
829: prevent potential truncation. Bug #562.
830: [29d9fc4e0c4e]
831:
832: 2012-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
833:
834: * sudo.pp:
835: If installing with installp, error out if there is already an
836: instance of the rpm package installed.
837: [ec24c6faba22]
838:
839: * mkpkg:
840: Add --disable-nls for AIX
841: [192ac2f7d65e]
842:
843: 2012-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
844:
845: * sudo.pp:
846: Debian sudo-ldap packages should now depend on libldap-2.4-2, not
847: libldap2.
848: [cbcec71e6b58]
849:
850: 2012-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
851:
852: * sudo.pp:
853: Add Homepage and Bugs to debian control file.
854: [0f19d7d14e66]
855:
856: 2012-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
857:
858: * mkpkg:
859: fix typo when setting aix_freeware
860: [2fd6feb50195]
861:
862: * common/Makefile.in, compat/Makefile.in, configure, configure.in,
863: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
864: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
865: plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in:
866: Don't run regress tests or sudoers sanity check (using the newly-
867: built visudo) when cross compiling. Bug #560
868: [0c4e3f68b2f5]
869:
870: * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
871: plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map,
872: plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in,
873: plugins/sample_group/sample_group.exp,
874: plugins/sample_group/sample_group.map,
875: plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
876: plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map,
877: plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in,
878: plugins/system_group/system_group.exp,
879: plugins/system_group/system_group.map,
880: plugins/system_group/system_group.sym:
881: Rename foo.sym -> foo.exp Remove foo.map from the repo and generate
882: it on demand Use a loader option file for HP-UX ld to explicitly
883: export symbols
884: [2402ff5302ab]
885:
886: * src/Makefile.in:
887: Remove extraneous backslash
888: [8ca054de138c]
889:
890: * plugins/sudoers/regress/check_symbols/check_symbols.c:
891: Don't check for errorx as an exported symbols as it is now a macro.
892: Check for user_in_group() instead.
893: [7b02c8ecd3ea]
894:
895: 2012-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
896:
897: * configure, configure.in:
898: Adjust ld map file support to use an anonymous scope to match the
899: updated .map files.
900: [49be44282d9e]
901:
902: 2012-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
903:
904: * config.h.in, configure, configure.in, include/gettext.h:
905: Older versions of Solaris lack ngettext()
906: [028af10dfa5f]
907:
908: * configure, configure.in:
909: Move the check for -static-libgcc until after AC_LANG_WERROR has
910: been called and use AX_CHECK_COMPILE_FLAG().
911: [a7b09120e7ff]
912:
913: * include/gettext.h:
914: Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H
915: [3aa2780d4a4e]
916:
917: * include/error.h, include/sudo_debug.h:
918: Fix gcc 2.x variant macro support.
919: [8e71c2370997]
920:
921: * plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c:
922: Fix compilation on gcc 2.95 and other compilers that only allow
923: variable declarations at the beginning of a block.
924: [9d80c802bb46]
925:
926: * configure, configure.in, plugins/sudoers/Makefile.in:
927: Link check_symbols with SUDO_LIBS to make sure we link with the
928: requisite libraries to successfully dlopen sudoers.so. This is
929: needed on HP-UX where a program dlopen()ing a shared object that
930: uses pthreads must also be linked with pthreads (and HP-UX LDAP uses
931: pthreads).
932: [b8961cd82337]
933:
934: * plugins/sudoers/regress/check_symbols/check_symbols.c:
935: Add check for exported local symbols. This will cause a "make
936: check" failure on systems where we don't support symbol hiding.
937: [8aa549389bb1]
938:
939: * configure, configure.in:
940: Additional ${foo} -> $(foo) Makefile tweaks.
941: [046bbde18f52]
942:
943: * plugins/sample/sample_plugin.map,
944: plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map,
945: plugins/system_group/system_group.map:
946: No need to provide a name for the scope in the map file since we
947: don't use the it for versioning.
948: [5ed4b997560d]
949:
950: 2012-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
951:
952: * MANIFEST, plugins/sudoers/Makefile.in,
953: plugins/sudoers/regress/check_symbols/check_symbols.c:
954: Add regress test for symbol visibility.
955: [9adddd4e0518]
956:
957: 2012-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
958:
959: * NEWS, configure, configure.in:
960: sudo 1.8.6
961: [57008a7afb77]
962:
963: * configure, configure.in, include/missing.h:
964: Add support for controlling symbol visibility using the HP and
965: Solaris C compilers.
966: [46d5b468979e]
967:
968: * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
969: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
970: plugins/sudoers/sudoers.h:
971: Use the expanded io log dir when updating the sequence number.
972: Includes a workaround for older versions of sudo where the sequence
973: number was stored in the unexpanded io log dir.
974: [210797dab9a8]
975:
976: 2012-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
977:
978: * src/parse_args.c:
979: Simplify "sudo -s" argv rewriting.
980: [7be143dae7c5]
981:
982: * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
983: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
984: plugins/system_group/Makefile.in, src/Makefile.in,
985: src/sudo_noexec.map:
986: Don't use a map file for sudo_noexec.so since Solaris ld doesn't
987: allow '*' in the global section. The libtool export flag is now
988: added to LT_LDFLAGS instead of commenting/uncommenting lines.
989: [38fc37a66b04]
990:
991: 2012-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
992:
993: * config.h.in, configure, configure.in, include/missing.h:
994: The visibility attribute was actually added in gcc 3.3.x, not 4.0.
995: Just assume that if -fvisibility=hidden works that the attribute is
996: usable.
997: [d3904d6faf14]
998:
999: * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
1000: plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
1001: plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
1002: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
1003: plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map,
1004: plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c,
1005: plugins/system_group/system_group.c:
1006: Export group cache from sudoers.so for system_group.so to use.
1007: [16695d207fc5]
1008:
1009: * MANIFEST, configure, configure.in, include/missing.h,
1010: plugins/sample/Makefile.in, plugins/sample/sample_plugin.map,
1011: plugins/sample_group/Makefile.in,
1012: plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in,
1013: plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
1014: plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in,
1015: plugins/system_group/system_group.map, src/sudo_noexec.c,
1016: src/sudo_noexec.map:
1017: Use gcc's visibility attribute to specify when symbols are visible
1018: or hidden, if available. If not available, use an ELF version
1019: script if it is supported. If all else fails, fall back to using
1020: libtool's -export-symbols.
1021: [64e889921727]
1022:
1023: 2012-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
1024:
1025: * sudo.pp:
1026: Add mode for installed locale files but leave the directories with
1027: default mode and owner.
1028: [142237dbb31f]
1029:
1030: 2012-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
1031:
1032: * mkpkg, sudo.pp:
1033: Install AIX packages under /opt/freeware with links in /usr/bin and
1034: /usr/sbin. This matches the layout of the sudo package from AIX
1035: freeware.
1036: [0b79d47bbe01]
1037:
1038: * Makefile.in, configure, configure.in, plugins/sample/Makefile.in,
1039: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
1040: plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp:
1041: Install shared objects with mode 0644 except on HP-UX which needs
1042: the executable bit set.
1043: [ae416af0ba6c]
1044:
1045: * Makefile.in, doc/Makefile.in, include/Makefile.in,
1046: plugins/sudoers/Makefile.in, src/Makefile.in:
1047: Make installed file modes consistent with the file modes in the sudo
1048: package.
1049: [307386373289]
1050:
1051: 2012-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
1052:
1053: * doc/sudoers.pod:
1054: Add "%:" prefix when talking about QAS non-Unix group support.
1055: [7cb25f6861f8]
1056:
1057: * pp, sudo.pp:
1058: Fix packaging of symbolic links on HP-UX when the link source
1059: already exists in the filesystem.
1060: [c9bb48031596]
1061:
1062: * mkpkg:
1063: Only specify prefix if we are overriding the default value. Fixes
1064: the man dir (/usr/local/man vs. /usr/local/share/man).
1065: [65351b6c1697]
1066:
1067: * sudo.pp:
1068: Fix setting of sudoedit_man variable.
1069: [9beed9ae5bba]
1070:
1071: * doc/Makefile.in:
1072: Echo the command when linking the sudoedit manual.
1073: [6c83b5657b55]
1074:
1075: 2012-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
1076:
1077: * mkpkg, sudo.pp:
1078: Build .deb packages with selinux support.
1079: [3fd9cb1b4526]
1080:
1081: 2012-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
1082:
1083: * sudo.pp:
1084: Don't list paths for unstripped binaries in the lintial overrides.
1085: [4c8e16f1773b]
1086:
1087: * pp:
1088: Add support for Installed-Size header in control file, required by
1089: newer debian versions.
1090: [e97d76234bee]
1091:
1092: * pp:
1093: Fix extended description in .deb files.
1094: [d35e27ace146]
1095:
1096: * sudo.pp:
1097: Add Depends, Replaces and Conflicts headers for .deb packages.
1098: [76eb6c4b3278]
1099:
1100: 2012-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
1101:
1102: * plugins/sudoers/sudo_nss.c:
1103: If there are no privs to print, write the message to the lbuf
1104: instead of printing it directly.
1105: [ecd56226abb7]
1106:
1107: 2012-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
1108:
1109: * sudo.pp:
1110: Set -e in %pos and %preun for debian to quiet a lintian warning.
1111: [8bb908514df9]
1112:
1113: * doc/Makefile.in, src/Makefile.in, sudo.pp:
1114: Install sudoedit and the sudoedit manual as symbolic links, not hard
1115: links and package them as such.
1116: [f317ff3cf3e7]
1117:
1118: * sudo.pp:
1119: Make sudo binary permissions 755 instead of 111 Add lintian
1120: overrides file for .deb files.
1121: [991cd7d7f0e1]
1122:
1123: * configure, configure.in, doc/Makefile.in, mkpkg:
1124: Replace out of date MAN_POSTINSTALL with MANCOMPRESS and
1125: MANCOMPRESSEXT which can be used to compress the installed manual
1126: pages. Compress the man pages for .deb files to appease lintian.
1127: [4e34083b41d2]
1128:
1129: * sudo.pp:
1130: Debian fixes:
1131: * fix modes to be more in line with what Debian expects
1132: * add section
1133: * install LICENSE as copyright and ChangeLog as changelog
1134: * create stub changelog.debian
1135: [7f6c5647f588]
1136:
1137: * pp:
1138: Fix find command to properly skip files in the DEBIAN dir when
1139: building md5sums.
1140: [8918bde941fa]
1141:
1142: * pp, sudo.pp:
1143: Use a debian-compliant package maintainer field.
1144: [fc51a94170eb]
1145:
1146: 2012-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
1147:
1148: * plugins/sudoers/sudoreplay.c:
1149: No need to loop over atomic_writev(), it guarantees to write all
1150: data or return an error.
1151:
1152: Fix handling of stdout/stderr that contains "\r\n" and handle a
1153: "\r\n" pair that spans a buffer.
1154: [8aaf02d90c45]
1155:
1156: 2012-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
1157:
1158: * NEWS:
1159: Update for sudo 1.8.5p2
1160: [d369d4d40a19]
1161:
1162: * plugins/sudoers/sudoreplay.c:
1163: Instead of doing extra write()s when replaying stdout, build up a
1164: vector for writev() instead. This results in far fewer system
1165: calls.
1166: [303d866c025c]
1167:
1168: 2012-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
1169:
1170: * src/env_hooks.c, src/sudo.h, src/tgetpass.c:
1171: Provide unhooked version of getenv() and use it when looking up
1172: DISPLAY and SUDO_ASKPASS in the environment.
1173: [04dbdccf4a14]
1174:
1175: 2012-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
1176:
1177: * plugins/sudoers/sudoreplay.c:
1178: When replaying a log of stdout or stderr, do newline to carriage
1179: return + linefeed conversion. We cannot have termios do this for us
1180: since we've disabled output postprocessing (POST) when setting raw
1181: mode.
1182: [61352a7d996f]
1183:
1184: 2012-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
1185:
1186: * configure, configure.in:
1187: When checking for -fstack-protector, treat warnings as fatal errors.
1188: [4124cd12d511]
1189:
1190: 2012-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
1191:
1192: * configure, configure.in:
1193: Fix test for -z relro
1194: [548bdb6f5c4a]
1195:
1196: * MANIFEST:
1197: Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4
1198: [ed063264a2a1]
1199:
1200: * INSTALL, aclocal.m4, configure, configure.in,
1201: m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4:
1202: Build with -fstack-protector and link with -zrelo where supported.
1203: Added --disable-hardening option to disable hardening options.
1204: [0b6c1a1ceb03]
1205:
1206: 2012-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
1207:
1208: * plugins/sudoers/Makefile.in,
1209: plugins/sudoers/regress/testsudoers/test1.sh,
1210: plugins/sudoers/regress/testsudoers/test2.sh,
1211: plugins/sudoers/regress/testsudoers/test3.sh,
1212: plugins/sudoers/regress/testsudoers/test4.out.ok,
1213: plugins/sudoers/regress/testsudoers/test4.sh,
1214: plugins/sudoers/regress/testsudoers/test5.inc,
1215: plugins/sudoers/regress/testsudoers/test5.out.ok,
1216: plugins/sudoers/regress/testsudoers/test5.sh,
1217: plugins/sudoers/testsudoers.c:
1218: Add tests for sudoers mode, owner and group checks.
1219: [a7607443aba0]
1220:
1221: * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
1222: If sudoers_mode is group-readable but the actual sudoers file is
1223: not, open the file as uid 0, not uid 1. This fixes a problem when
1224: sudoers has a more restrictive mode than what sudo expects to find.
1225: In older versions, sudo would silently chmod the file to add the
1226: group-readable bit.
1227: [c056b6003e6f]
1228:
1229: * INSTALL, common/secure_path.c, config.h.in, configure, configure.in:
1230: No longer throw an error if sudoers is a symbolic link. Deprecated
1231: the --with-stow option as that is now (effectively) the default.
1232: [8ce783e54886]
1233:
1234: 2012-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
1235:
1236: * plugins/sudoers/Makefile.in,
1237: plugins/sudoers/regress/testsudoers/test2.inc,
1238: plugins/sudoers/regress/testsudoers/test2.out.ok,
1239: plugins/sudoers/regress/testsudoers/test2.sh,
1240: plugins/sudoers/regress/testsudoers/test3.d/root,
1241: plugins/sudoers/regress/testsudoers/test3.out.ok,
1242: plugins/sudoers/regress/testsudoers/test3.sh:
1243: Add basic tests for #include and #includedir
1244: [b303e4218951]
1245:
1246: * plugins/sudoers/testsudoers.c:
1247: Add -U sudoers_uid option to testsudoers.
1248: [3f8ed13501ba]
1249:
1250: 2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
1251:
1252: * NEWS, configure, configure.in:
1253: Update for 1.8.5p1
1254: [c33c49bf5b4b]
1255:
1256: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
1257: Fix #includedir; from Mike Frysinger
1258: [d4833d4e39a0]
1259:
1260: * plugins/sudoers/check.c:
1261: Don't prompt for a password if the user is in the exempt group, is
1262: root, or is running the command as themselves even if the -k option
1263: was specified. This makes "sudo -k command" consistent with the
1264: behavior one would get if the user ran "sudo -k" immediately before
1265: running the command.
1266: [632b3961df00]
1267:
1268: 2012-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
1269:
1270: * INSTALL:
1271: Fix capitalization
1272: [7258aa977caf]
1273:
1274: * mkpkg:
1275: Build PIE executable on Mac OS X 10.5 and above.
1276: [2a5c7ef92182]
1277:
1278: 2012-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
1279:
1280: * NEWS:
1281: Update for sudo 1.8.4p5
1282: [21164f508b68]
1283:
1284: * plugins/sudoers/match_addr.c:
1285: Add missing break between AF_INET and AF_INET6 in
1286: addr_matches_if_netmask()
1287: [672a4793931a]
1288:
1289: * plugins/sudoers/mon_systrace.c:
1290: Move systrace monitor code to the attic
1291: [d6faf4754e9c]
1292:
1293: 2012-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
1294:
1295: * src/exec.c:
1296: The pointer to the siginfo_t struct in a signal handler may be NULL.
1297: [41a4ee934b53]
1298:
1299: 2012-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
1300:
1301: * plugins/sudoers/pwutil.c:
1302: Fix an alignment problem on NetBSD systems with a 64-bit time_t and
1303: strict alignment. Based on a patch from Martin Husemann.
1304: [1e5ba3c18f17]
1305:
1306: * include/missing.h:
1307: Add offsetof macro for those without it.
1308: [e44cb51d2587]
1309:
1310: * MANIFEST:
1311: add system_group plugin
1312: [6169793b510c]
1313:
1314: 2012-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
1315:
1316: * compat/dlopen.c:
1317: Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX.
1318: [85bd03bc5d94]
1319:
1320: 2012-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
1321:
1322: * NEWS:
1323: Mention system_group plugin
1324: [05393dd4bdb8]
1325:
1326: * Makefile.in, plugins/sudoers/Makefile.in,
1327: plugins/system_group/Makefile.in:
1328: update depends
1329: [6feb0b824fc4]
1330:
1331: * plugins/system_group/system_group.c:
1332: Only call gr_delref() when use sudo's password caching functions.
1333: [1103442e21fa]
1334:
1335: * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in:
1336: Add missing dependency on libreplace.la
1337: [05bfd9d4657f]
1338:
1339: * compat/dlopen.c:
1340: Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and
1341: PROG_HANDLE.
1342: [2382d0693acc]
1343:
1344: * Makefile.in, configure, configure.in,
1345: plugins/system_group/Makefile.in,
1346: plugins/system_group/system_group.c,
1347: plugins/system_group/system_group.sym:
1348: Add group plugin that does lookups by name using the system group
1349: database.
1350: [2ddbb604112f]
1351:
1352: * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo,
1353: src/po/pl.po:
1354: sync with translationproject.org
1355: [4ef05df4226d]
1356:
1357: 2012-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
1358:
1359: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
1360: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
1361: plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
1362: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
1363: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
1364: src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po,
1365: src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
1366: src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po,
1367: src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
1368: src/po/zh_CN.mo, src/po/zh_CN.po:
1369: sync with translationproject.org
1370: [115c3f828fc5]
1371:
1372: 2012-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
1373:
1374: * sudo.pp:
1375: Add mode for docdir and use '-' (default) for localedir mode. Fixes
1376: a problem on Linux when building in a directory with the setgid bit
1377: set.
1378: [582279c8bcb1]
1379:
1380: 2012-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
1381:
1382: * pp:
1383: Match CentOS 6.0
1384: [1e99ef210f98]
1385:
1386: 2012-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
1387:
1388: * NEWS:
1389: Update with recent changes
1390: [c5fc220ba696]
1391:
1392: * pp:
1393: Fix version check on AIX
1394: [d272e39112f4]
1395:
1396: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1397: regen
1398: [72b23509465a]
1399:
1400: * plugins/sudoers/ldap.c:
1401: Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP
1402: SDK.
1403: [87b685e70b9a]
1404:
1405: * plugins/sudoers/ldap.c:
1406: Fix printing of invalid uri
1407: [645aa53acdde]
1408:
1409: * plugins/sudoers/auth/pam.c:
1410: Pass PAM_SILENT when deleting creds to remove an annoying warning
1411: message on Solaris.
1412: [1dd0301ef293]
1413:
1414: 2012-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
1415:
1416: * src/utmp.c:
1417: Fix the setutxent and endutxent compatibility defines (this time
1418: correctly) when only setutent and endutent are available.
1419: [d136d2867db9]
1420:
1421: * plugins/sudoers/ldap.c:
1422: sudo_ldap_set_options_global() should not take an LDAP handle as an
1423: argument since the options affect the global settings.
1424: [1dc39b9d20f2]
1425:
1426: * mkpkg:
1427: Debian sudo has not been built with --with-exempt=sudo since 1.6.8.
1428: [c7716291a856]
1429:
1430: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
1431: plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c,
1432: src/sudo.h:
1433: Call the policy's init_session() function before we fork the child.
1434: That way, the session is created and destroyed in the same process,
1435: which is needed by some modules, such as pam_mount.
1436: [ece552ba002e]
1437:
1438: * doc/TROUBLESHOOTING:
1439: Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is
1440: not specified.
1441: [bd293e100b28]
1442:
1443: * plugins/sudoers/auth/pam.c:
1444: Delete creds after closing the PAM session.
1445: [5158d726d6a5]
1446:
1447: * plugins/sudoers/ldap.c:
1448: Provide a more useful error message if using a Mozilla-style LDAP
1449: SDK and you forgot to specify TLS_CERT in ldap.conf.
1450: [7cb78feb899c]
1451:
1452: * src/exec_pty.c:
1453: Add missing initialization of a sigaction structure when I/O
1454: logging. Fixes a potential problem when suspending the command.
1455: [f4480f2ba816]
1456:
1457: * plugins/sudoers/ldap.c:
1458: Split global and per-connection LDAP options into separate arrays.
1459: Set global LDAP options before calling ldap_initialize() or
1460: ldap_init(). After we have an LDAP handle, set the per-connection
1461: options. Fixes a problem with OpenLDAP using the nss crypto backend;
1462: bug #342
1463: [265c9d2dc12b]
1464:
1465: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
1466: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
1467: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
1468: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
1469: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
1470: src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po,
1471: src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
1472: sync with translationproject.org
1473: [6d7fe44be21e]
1474:
1475: 2012-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
1476:
1477: * src/sudo.c, src/sudo.h:
1478: Move struct passwd pointer into struct command details.
1479: [d6fb1eff2065]
1480:
1481: 2012-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
1482:
1483: * pp:
1484: Sync with upstream for Mac OS X (and other) fixes.
1485: [c2f4998d01b0]
1486:
1487: * mkpkg:
1488: Only built Mac intel universal binary on an intel machine.
1489: [0009e0b7e5a8]
1490:
1491: * src/Makefile.in:
1492: Do not pass libtool the -static-libtool-libs option when building
1493: sudo and sesh. Otherwise, libtool may prefer a static version of an
1494: installed library over a dynamic one when linking.
1495: [6fbac9adc885]
1496:
1497: 2012-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
1498:
1499: * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo,
1500: plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po:
1501: Add German translation for sudo Add Croatian translation for sudoers
1502: [fa4da1a6530c]
1503:
1504: * plugins/sudoers/iolog.c:
1505: typo fix in comment
1506: [abd721d1288e]
1507:
1508: 2012-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
1509:
1510: * NEWS:
1511: Update with recent changes
1512: [6fa11e8448b9]
1513:
1514: * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1515: Sort xgettext output by file name.
1516: [f650841810f0]
1517:
1518: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
1519: Clarify what "sudoreplay -l" displays and mention that it is sorted.
1520: [84031c117bd6]
1521:
1522: * config.h.in, configure, configure.in, src/ttyname.c:
1523: Use AC_HEADER_MAJOR to determine where major/minor are defined.
1524: [3c949650a223]
1525:
1526: * config.h.in, configure, configure.in, src/ttyname.c:
1527: Include sys/mkdev.h if present instead of sys/sysmacros.h for
1528: minor(). This is needed on Solaris (at least) where the makedev
1529: macros in sysmacros.h are obsolete and library functions should be
1530: used instead.
1531: [343928acf81e]
1532:
1533: * mkpkg:
1534: When building on Mac OS X, only set SDK_FLAGS if specified osversion
1535: doesn't match host.
1536: [d84c6efac872]
1537:
1538: 2012-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
1539:
1540: * src/ttyname.c:
1541: Add back buf and tty variables for _ttyname() case that were
1542: inadvertantly removed.
1543: [a4a820b22a44]
1544:
1545: 2012-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
1546:
1547: * plugins/sudoers/po/sudoers.pot:
1548: regen
1549: [5446b12c1250]
1550:
1551: * configure, configure.in:
1552: Remove b8 from version number.
1553: [5adc4dcec061]
1554:
1555: * src/ttyname.c:
1556: remove some XXX
1557: [187579a5f593]
1558:
1559: * src/ttyname.c:
1560: When looking for a device match, do a breadth-first search instead
1561: of depth-first. We already special case /dev/pts/ so chances are
1562: good that if it is not a pseudo-tty it is in the base of /dev/. Also
1563: avoid a stat(2) when possible if struct dirent has d_type.
1564: [0183f8a1b278]
1565:
1566: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
1567: src/sudo.c, src/sudo.h:
1568: Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list.
1569: [f0574d878491]
1570:
1571: * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo,
1572: src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo,
1573: src/po/vi.mo:
1574: sync with translationproject.org
1575: [4527ea78fbd5]
1576:
1577: * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po,
1578: src/po/hr.mo, src/po/hr.po:
1579: New Croatian and Galician translations from translationproject.org
1580: [ad4bd924b4de]
1581:
1582: * src/ttyname.c:
1583: Add depth-first traversal of /dev/ for the /proc case when not
1584: /dev/pts/N
1585: [499bd3456774]
1586:
1587: * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c:
1588: If struct dirent has d_type, use it to avoid an extra stat().
1589: [741dabbe4bcd]
1590:
1591: * plugins/sudoers/sudoreplay.c:
1592: Sort output of "sudoreplay -l"
1593: [c0615795bd4b]
1594:
1595: 2012-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
1596:
1597: * plugins/sudoers/sudoreplay.c:
1598: Fix duplicate free introduced in last rev
1599: [efdaabe69d75]
1600:
1601: 2012-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
1602:
1603: * plugins/sudoers/auth/pam.c:
1604: Instead of treating ^C from tgetpass() specially, always return
1605: AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL
1606: like PAM_AUTH_ERR which Mac OS X returns this when there is no tty.
1607: [a3b17298d4d0]
1608:
1609: * config.h.in, configure, configure.in, src/ttyname.c:
1610: Rototill code to determine the tty. For Linux, we now look up the
1611: tty device in /proc/pid/stat instead of trying to open
1612: /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given
1613: device number to a string. On BSD, we can use devname(). On
1614: Solaris, _ttyname_dev() does what we want. TODO: write /dev/
1615: traversal code for the generic sudo_ttyname_dev().
1616: [6b22be4d09f0]
1617:
1618: 2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
1619:
1620: * src/ttyname.c:
1621: Define PRNODEV for those w/o it.
1622: [f17290e64559]
1623:
1624: * config.h.in, configure, configure.in, src/ttyname.c:
1625: Check for SVR4-style struct psinfo.pr_ttydev and use that to
1626: determine the tty if std{in,out,err} are not ttys.
1627: [76ad33a91f4b]
1628:
1629: * src/ttyname.c:
1630: Better support for SVR4-style /proc entries where we can't use
1631: ttyname() on the /proc/pid/fd/[0-2] entries. We can, however,
1632: attempt to map the device number back to the correct pseudo-tty
1633: slave device.
1634: [4f9f48cc79eb]
1635:
1636: * src/ttyname.c:
1637: When trying to determine the tty name, check parent's stderr in
1638: addition to its stdin and stdout.
1639: [604644056c7d]
1640:
1641: * src/exec_pty.c:
1642: Treat a tty read failure like EOF as it usually means the pty has
1643: gone away. Handle write() on the tty returning EIO.
1644: [16957f4a706f]
1645:
1646: * src/exec.c, src/exec_pty.c:
1647: Linux select() may return ENOMEM if there is a kernel resource
1648: shortage. Older Solaris select() may return EIO instead of EBADF
1649: when the tty goes away. If we get an unhandled select() failure,
1650: kill the child and exit cleanly.
1651: [d93940a311ab]
1652:
1653: * src/ttyname.c:
1654: Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might
1655: block in open.
1656: [a9f809d09d52]
1657:
1658: 2012-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
1659:
1660: * plugins/sudoers/set_perms.c:
1661: Fix restoration of AIX permissions.
1662: [30c717115988]
1663:
1664: * src/parse_args.c:
1665: Allow the -k flag to be used along with the -i and -s flags.
1666: [0653b17c97f1]
1667:
1668: * plugins/sudoers/sudoreplay.c:
1669: Plug memory leak in parse_logfile() in the error path.
1670: [9cce86fa833b]
1671:
1672: * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
1673: src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po,
1674: src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po,
1675: src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
1676: src/po/zh_CN.mo, src/po/zh_CN.po:
1677: sync with translationproject.org
1678: [14af43d0b170]
1679:
1680: 2012-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
1681:
1682: * compat/regress/glob/globtest.c, config.h.in, configure,
1683: configure.in, plugins/sudoers/match.c:
1684: Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the
1685: glob() and fnmatch() results to be consistent.
1686: [4226750d73c2]
1687:
1688: 2012-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
1689:
1690: * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in,
1691: src/ttysize.c:
1692: Move ttysize.c to common so sudoreplay can use it.
1693: [b4a0aa514cd4]
1694:
1695: * plugins/sudoers/sudoreplay.c:
1696: If I/O log file includes rows + cols, warn if the user's tty is not
1697: big enough.
1698: [b980ef89efff]
1699:
1700: * plugins/sudoers/sudoreplay.c:
1701: Fix printing of TSID in "sudoreplay -l"
1702: [4221e3e108b4]
1703:
1704: * common/sudo_debug.c, include/sudo_debug.h,
1705: plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c,
1706: src/exec_pty.c:
1707: Log the process id in the debug file output. Since we don't want to
1708: keep calling getpid(), stash the value at init time and when we
1709: fork().
1710: [2782d30c024d]
1711:
1712: * src/exec_pty.c:
1713: Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It
1714: is better to receive EIO from read()/write() than to be suspended
1715: when we don't expect it. Fixes a problem when our terminal is
1716: revoked which can happen when, e.g. our sshd is killed
1717: unceremoniously. Also, only change the value of "alive" from true to
1718: false, never from false to true. It is possible for us to receive
1719: notification of the child having stopped after it is already dead.
1720: This does not mean it has risen from the grave.
1721: [26c9fe8ce0f9]
1722:
1723: * src/exec_pty.c:
1724: Distinguish between signals we received from the parent vs. those
1725: delivered explicitly to the monitor process in debugging info.
1726: [40716cb180e5]
1727:
1728: 2012-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
1729:
1730: * plugins/sudoers/check.c:
1731: In Solaris 11, /dev/pts under the "dev" filesystem, not "devices".
1732: Update tty_is_devpts() to match so we can determine when the tty has
1733: been reused.
1734: [2689665df027]
1735:
1736: * common/sudo_debug.c, include/error.h, include/sudo_debug.h:
1737: Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf()
1738: and use a new flag, SUDO_DEBUG_FILENO to specify when to use it.
1739: This allows consumers of sudo_debug_printf() to log that data
1740: without having to specify it manually.
1741: [7c94c4879208]
1742:
1743: * src/exec_pty.c:
1744: Make this compile after last change.
1745: [ee09034f3266]
1746:
1747: * src/exec_pty.c:
1748: Don't try to restore the terminal if we are not the foreground
1749: process. Otherwise, we may be stopped by SIGTTOU when we try to
1750: update the terminal settings when cleaning up.
1751: [c48b24335456]
1752:
1753: * src/exec.c:
1754: If select() return EBADF in the main event loop, one of the ttys
1755: must have gone away so perform any I/O we can and close the bad fds.
1756: [3bc8678c03ce]
1757:
1758: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
1759: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
1760: plugins/sudoers/toke.l:
1761: Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the
1762: function, file and line number in the debug log for warning() and
1763: error().
1764: [894cd131f11d]
1765:
1766: 2012-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
1767:
1768: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
1769: src/conversation.c:
1770: Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno.
1771: Use this flag when wrapping error() and warning() so the debug
1772: output includes the error string.
1773: [1e2c67adaf1f]
1774:
1775: 2012-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
1776:
1777: * NEWS:
1778: Update for sudo 1.8.5
1779: [7d2b62b823fe]
1780:
1781: * plugins/sudoers/po/sudoers.pot:
1782: regen
1783: [718ad9de92cd]
1784:
1785: * doc/CONTRIBUTORS:
1786: sync
1787: [f48013aea641]
1788:
1789: * plugins/sudoers/pwutil.c:
1790: Use ecalloc()
1791: [fabd23c1f271]
1792:
1793: * src/exec_pty.c:
1794: Don't need zero_bytes() after ecalloc()
1795: [1a9d95cd10ef]
1796:
1797: * config.h.in, configure, configure.in, src/sudo_noexec.c:
1798: Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to
1799: sudo_noexec.c.
1800: [cbaa1d4b0f8a]
1801:
1802: * src/utmp.c:
1803: Fix compat setutxent and endutxent macros for systems with
1804: setutent() but not setutxent(). From Gustavo Zacarias
1805: [d7ce622fc5f2]
1806:
1807: 2012-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
1808:
1809: * configure.in:
1810: Add ignore_result definition to AH_BOTTOM
1811: [8d4096838a98]
1812:
1813: * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c,
1814: plugins/sudoers/iolog.c, plugins/sudoers/toke.c,
1815: plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c,
1816: src/exec.c, src/exec_pty.c, src/tgetpass.c:
1817: Fix compiler warnings on some platforms and provide a better method
1818: of defeating gcc's warn_unused_result attribute.
1819: [9a8f804fcc75]
1820:
1821: * configure, configure.in:
1822: Fix building the builtin zlib from a build dir. When a zlib dir was
1823: specified, prepend its include path instead of appending so we get
1824: the right zlib headers.
1825: [5f61d591b186]
1826:
1827: * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h,
1828: zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c,
1829: zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h,
1830: zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in,
1831: zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
1832: Update zlib to version 1.2.6
1833: [173c4bc4d4fc]
1834:
1835: 2012-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
1836:
1837: * include/missing.h:
1838: g/c __unused which is no longer used
1839: [7ef3f23edcd6]
1840:
1841: * src/env_hooks.c:
1842: Fix compilation if RTLD_NEXT is not defined.
1843: [d5605f468b71]
1844:
1845: * src/po/sr.mo, src/po/sr.po:
1846: sync with translationproject.org
1847: [27d559f7985d]
1848:
1849: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
1850: doc/sudoers.man.in:
1851: regen
1852: [f9f63ce478b6]
1853:
1854: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1855: regen
1856: [59035d82d15a]
1857:
1858: * Makefile.in:
1859: Ignore Project-Id-Version when comparing pot files.
1860: [22feb9ede46b]
1861:
1862: * plugins/sudoers/bsm_audit.c:
1863: Use error() instead of log_fatal()
1864: [54130bda4b50]
1865:
1866: * plugins/sudoers/env.c:
1867: Fix signedness of didvar in env_update_didvar()
1868: [77048a80b3e4]
1869:
1870: * plugins/sudoers/iolog.c:
1871: Quiet a compiler warning on some platforms.
1872: [8fdcaece0400]
1873:
1874: * compat/fnmatch.c:
1875: cast ctype(3) function/macro arguments from char to unsigned char to
1876: avoid potential negative subscripting.
1877: [bdcf7eef21ef]
1878:
1879: * common/setgroups.c:
1880: Quiet a warning on systems where the gids array in setgroups() is
1881: not prototyped as being const, even though it really is.
1882: [fdd758c6302d]
1883:
1884: * src/env_hooks.c:
1885: Quiet a compiler warning on systems where the argument to putenv(3)
1886: is const.
1887: [51bae2193b53]
1888:
1889: * plugins/sudoers/sudoreplay.c:
1890: Undo an incorrect int -> bool conversion.
1891: [b9a4ce320f14]
1892:
1893: * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
1894: src/po/sv.mo, src/po/sv.po:
1895: Add Swedish sudo and sudoers translations from
1896: translationproject.org
1897: [f7ce1de9073f]
1898:
1899: * plugins/sudoers/env.c:
1900: No need to preserve ODMDIR on AIX now that we always read
1901: /etc/environment.
1902: [4aa04b2f0125]
1903:
1904: 2012-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
1905:
1906: * doc/sudoers.pod, plugins/sudoers/env.c:
1907: When initializing the environment for env_reset, start out with the
1908: contents of /etc/environment on AIX and login.conf on BSD.
1909: [5717bdc321e2]
1910:
1911: * doc/TROUBLESHOOTING, src/sudo.c:
1912: If we are not running with an effective uid of 0, try to give the
1913: user enough information to debug the problem.
1914: [fa4894896d8a]
1915:
1916: * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
1917: Quiet a clang-analyzer false positive.
1918: [c4c0c1b9c8b0]
1919:
1920: * src/tgetpass.c:
1921: If there is nothing to read from the askpass program, set errno to
1922: EINTR. This makes the cancel button behave like the user entered ^C
1923: at the password prompt when PAM is used.
1924: [594302cb9caf]
1925:
1926: * src/sudo.h, src/tgetpass.c:
1927: Fetch the value of "askpass" from the sudo conf struct.
1928: [4593ee8f1bd3]
1929:
1930: * common/sudo_conf.c:
1931: Fix matching of "Path askpass" and "Path noexec"
1932: [4df28d62afb9]
1933:
1934: 2012-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
1935:
1936: * plugins/sudoers/visudo.c:
1937: Quiet a clang-analyzer dead store warning.
1938: [dd90bf385a3f]
1939:
1940: * plugins/sudoers/sudoers.c:
1941: If the "timestampowner" user cannot be resolved, use ROOT_UID
1942: instead of exiting with a fatal error.
1943: [8d62aae99715]
1944:
1945: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
1946: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
1947: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c,
1948: plugins/sudoers/check.c, plugins/sudoers/env.c,
1949: plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
1950: plugins/sudoers/logging.h, plugins/sudoers/parse.c,
1951: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
1952: Remove the NO_EXIT flag to log_error() and add a log_fatal()
1953: function that exits and is marked no_return. Fixes false positives
1954: from static analyzers and is easier for humans to read too.
1955: [a0fe785c2a3d]
1956:
1957: 2012-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
1958:
1959: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
1960: src/po/eo.po:
1961: sync with translationproject.org
1962: [df5e8777de13]
1963:
1964: 2012-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
1965:
1966: * src/po/da.mo, src/po/da.po:
1967: sync with translationproject.org
1968: [629d99548b78]
1969:
1970: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
1971: sync with translationproject.org
1972: [9d122a2860d6]
1973:
1974: 2012-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
1975:
1976: * src/po/it.mo, src/po/it.po:
1977: sync with translationproject.org
1978: [6397593b15cf]
1979:
1980: * common/sudo_conf.c, plugins/sudoers/alias.c,
1981: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
1982: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1983: plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c,
1984: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
1985: plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c,
1986: src/load_plugins.c:
1987: Use ecalloc() when allocating structs.
1988: [8b5888868db2]
1989:
1990: * common/alloc.c, include/alloc.h:
1991: Add ecalloc() and commented out recalloc(). Use inline strnlen()
1992: instead of strlen() in estrndup().
1993: [7fb9aa46c1e0]
1994:
1995: 2012-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
1996:
1997: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
1998: plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
1999: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
2000: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
2001: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
2002: src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
2003: src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
2004: src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
2005: src/po/zh_CN.mo, src/po/zh_CN.po:
2006: sync with translationproject.org
2007: [45a032c37334]
2008:
2009: 2012-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
2010:
2011: * plugins/sudoers/set_perms.c:
2012: Remove unused label
2013: [2660bb0c1313]
2014:
2015: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
2016: Document what changed in each plugin API revision
2017: [59b30a6fc4d1]
2018:
2019: * plugins/sudoers/set_perms.c:
2020: Remove bogus optimization that could lead to a double free of the
2021: group list.
2022: [b0bfbd2a83a8]
2023:
2024: 2012-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
2025:
2026: * doc/TROUBLESHOOTING:
2027: Expand AIX /etc/security/privcmds entry.
2028: [9f3f072e034e]
2029:
2030: * NEWS:
2031: Update for sudo 1.8.5
2032: [086049011f25]
2033:
2034: * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat,
2035: doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
2036: doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat,
2037: doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h,
2038: include/sudo_plugin.h, src/load_plugins.c, src/sudo.c,
2039: src/sudo_plugin_int.h:
2040: Rename plugin "args" to "options"
2041: [f25624951bd2]
2042:
2043: * doc/CONTRIBUTORS:
2044: Add Lithuanian and Vietnamese translators
2045: [2b4c075b69e3]
2046:
2047: * Makefile.in:
2048: Ignore comments when comparing new and old pot files.
2049: [f872999347b3]
2050:
2051: * src/Makefile.in:
2052: regen
2053: [c8193b1b11c7]
2054:
2055: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in:
2056: regen
2057: [15e3c17e8a3a]
2058:
2059: * doc/sudo_plugin.pod, include/sudo_plugin.h,
2060: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
2061: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c,
2062: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c,
2063: src/sudo.c, src/sudo.h:
2064: Pass a pointer to user_env in to the init_session policy plugin
2065: function so session setup can modify the user environment as needed.
2066: For PAM authentication, merge the PAM environment with the user
2067: environment at init_session time. We no longer need to swap in the
2068: user_env for environ during session init, nor do we need to disable
2069: the env hooks at init_session time.
2070: [3f5277b359d8]
2071:
2072: * plugins/sample/sample_plugin.c:
2073: Add explicit NULL entries for init_session, register_hooks and
2074: deregister_hooks with appropriate comments.
2075: [727a57978b40]
2076:
2077: * compat/pw_dup.c:
2078: Quiet a gcc "used uninitialized in this function" false positive.
2079: [f14b68379ce9]
2080:
2081: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2082: We should always call warning() with a format string or a string
2083: literal. In this case, the argument (path) is not user-controlled.
2084: [e9ef51224024]
2085:
2086: 2012-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
2087:
2088: * src/selinux.c:
2089: Include sudo_exec.h for the sudo_execve() prototype.
2090: [769e58065edc]
2091:
2092: * config.h.in, configure, configure.in:
2093: Add check for pam_getenvlist()
2094: [36bde3f26c60]
2095:
2096: * common/sudo_conf.c:
2097: Set args to NULL in default plugin info struct when there is no
2098: Plugin line in sudo.conf.
2099: [93ec67708f01]
2100:
2101: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2102: regen
2103: [a9287677795c]
2104:
2105: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
2106: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
2107: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
2108: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
2109: regen
2110: [a242769d7962]
2111:
2112: * configure, configure.in:
2113: Bump version to 1.8.5
2114: [e8618f0c2505]
2115:
2116: * doc/sudo_plugin.pod:
2117: Document hooks API
2118: [e6ad07d27958]
2119:
2120: 2012-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
2121:
2122: * sudo.pp:
2123: Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris.
2124: [fd72340042d3]
2125:
2126: * include/sudo_plugin.h:
2127: Use sudo_hook_fn_t in struct sudo_hook.
2128: [938f93112d6e]
2129:
2130: * doc/TROUBLESHOOTING:
2131: If cross compiling, --host must include the OS in the tuple. E.g.
2132: --host powerpc-unknown-linux
2133: [b8c010070c1e]
2134:
2135: 2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
2136:
2137: * plugins/sudoers/parse.c:
2138: Fix bogus int -> bool conversion; tags can have a value of -1.
2139: [e63d6434a303]
2140:
2141: * plugins/sudoers/env.c:
2142: Add env_should_keep() and env_should_delete() wrapper functions to
2143: simplify things a bit and hide the fact that matches_env_check() is
2144: not bool.
2145: [7a03d7a12b50]
2146:
2147: * sudo.pp:
2148: Fix application of debian-specific sudoers mods when building
2149: packages as non-root.
2150: [34bf4c52c425]
2151:
2152: * plugins/sudoers/env.c:
2153: matches_env_check() returns int, not boolean
2154: [0ad915b8d5cb]
2155:
2156: * src/sudo_edit.c:
2157: Fix compilation when seteuid() is not available.
2158: [8a722f998000]
2159:
2160: * src/ttyname.c:
2161: Simply move the free of ki_proc outside the realloc() loop.
2162: [217b786da760]
2163:
2164: * src/ttyname.c:
2165: Bring back the erealloc() for the ENOMEM loop and just zero the
2166: pointer after we free it.
2167: [29a016e45127]
2168:
2169: * src/ttyname.c:
2170: Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
2171: [266e08844065]
2172:
2173: 2012-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
2174:
2175: * plugins/sudoers/set_perms.c:
2176: Use normal error path if unable to set sudoers gid.
2177: [01c816918c99]
2178:
2179: * plugins/sudoers/set_perms.c:
2180: Make this work again on systems w/o seteuid().
2181: [2e67f7421e97]
2182:
2183: 2012-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
2184:
2185: * plugins/sudoers/set_perms.c:
2186: Fix compilation if no seteuid/setreuid/setresuid available.
2187: [d0b3c1f88eb4]
2188:
2189: * plugins/sudoers/set_perms.c:
2190: Better error messages, and added debugging throughout. Fixed
2191: seteuid() version of set_perms()/restore_perms(). Fixed logic bug in
2192: AIX version of restore_perms(). Added checks to avoid changing
2193: uid/gid when we don't have to. Never set gid/uid state to -1, use
2194: the old value instead.
2195: [29188d469b5c]
2196:
2197: * src/exec_pty.c, src/ttyname.c:
2198: Fix format string warning on Solaris with gcc 3.4.3.
2199: [d1eeb6e1dd0f]
2200:
2201: * src/sudo.c:
2202: Always declare environ now that we swap it around unilaterally.
2203: [aaa3e92e7d0d]
2204:
2205: * src/Makefile.in:
2206: Honor LDFLAGS when linking sesh; from Vita Cizek
2207: [498b41438f6e]
2208:
2209: * src/sesh.c:
2210: Include alloc.h for estrdup() prototype; from Vita Cizek
2211: [93203655a320]
2212:
2213: 2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
2214:
2215: * plugins/sudoers/sudoers.c:
2216: Don't read /etc/environment on Linux when using PAM, PAM should set
2217: the environment variables as needed via pam_env.
2218: [b1ef62cb2d40]
2219:
2220: * INSTALL:
2221: Fix editor goof.
2222: [0c3dd3bb8b57]
2223:
2224: * src/hooks.c, src/sudo.c, src/sudo.h:
2225: Disable environment hooks after we get user_env back to make sure a
2226: plugin can't to modify user_env after we "own" it. This is kind of
2227: a hack but we don't want the init_session plugin function to modify
2228: user_env.
2229: [8e6d119452a5]
2230:
2231: * src/hooks.c, src/sudo.c:
2232: Add support for deregistering hooks. If an I/O log plugin fails to
2233: initialize, deregister its hooks (if any).
2234: [ac00c93900c5]
2235:
2236: 2012-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
2237:
2238: * plugins/sudoers/sudoers.c, src/sudo.c:
2239: Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook
2240: setenv.
2241: [e75469dd9908]
2242:
2243: * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in,
2244: compat/setenv.c, compat/unsetenv.c, config.h.in, configure,
2245: configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl,
2246: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c,
2247: plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c,
2248: plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c,
2249: src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h,
2250: src/sudo_plugin_int.h:
2251: Initial cut at a hooks implementation. The plugin can register
2252: hooks for getenv, putenv, setenv and unsetenv. This makes it
2253: possible for the plugin to trap changes to the environment made by
2254: authentication methods such as PAM or BSD auth so that such changes
2255: are reflected in the environment passed back to sudo for execve().
2256: [61cffa06f863]
2257:
2258: 2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
2259:
2260: * MANIFEST, src/po/vi.mo, src/po/vi.po:
2261: Add Vietnamese sudo translation from translationproject.org
2262: [96df426790d5]
2263:
2264: 2012-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
2265:
2266: * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod,
2267: doc/sudoers.pod:
2268: List sudo_noexec.so not noexec.so in the sample sudo.conf
2269: [53844e190ec5]
2270:
2271: * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
2272: doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h,
2273: include/sudo_plugin.h, plugins/sample/sample_plugin.c,
2274: plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
2275: plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c,
2276: src/sudo_plugin_int.h:
2277: Add support for plugin args at the end of a Plugin line in
2278: sudo.conf. Bump the minor number accordingly and update the
2279: documentation. A plugin must check the sudo front end's version
2280: before using the plugin_args parameter since it is only supported
2281: for API version 1.2 and higher.
2282: [587f1f819536]
2283:
2284: 2012-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
2285:
2286: * plugins/sudoers/Makefile.in:
2287: update depends
2288: [6d2da44e11e5]
2289:
2290: * MANIFEST:
2291: secure_path.c is in common, not compat
2292: [619c4a663dde]
2293:
2294: * configure, configure.in:
2295: Add check for variadic macro support in cpp.
2296: [756854caf675]
2297:
2298: 2012-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
2299:
2300: * common/secure_path.c, common/sudo_conf.c, include/secure_path.h,
2301: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2302: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
2303: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2304: Add type param to sudo_secure_path() and add sudo_secure_file() and
2305: sudo_secure_dir() wrappers which get by #includedir in sudoers.
2306: [2ec2d3d8df04]
2307:
2308: 2012-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
2309:
2310: * doc/visudo.pod, plugins/sudoers/visudo.c:
2311: Check the owner and mode in -c (check) mode unless the -f option is
2312: specified. Previously, the owner and mode were checked on the main
2313: sudoers file when the -s (strict) option was given, but this was not
2314: documented.
2315: [b2d6ee1e547a]
2316:
2317: * config.h.in, configure, configure.in, src/ttyname.c:
2318: Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some
2319: versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
2320: [159f6a50456a]
2321:
2322: 2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
2323:
2324: * doc/CONTRIBUTORS:
2325: Add Eric Lakin for patch in bug #538
2326: [490c29c234c6]
2327:
2328: * src/exec_pty.c:
2329: Fix typo in safe_close() made while converting to debug framework
2330: that prevented it from actually closing anything.
2331: [a66422a62afd]
2332:
2333: * src/exec_pty.c:
2334: Add some more debugging.
2335: [b5667947dda9]
2336:
2337: * common/Makefile.in, compat/Makefile.in, doc/Makefile.in,
2338: include/Makefile.in:
2339: We need sysconfdir in compat/Makfile to get the proper sudo.conf
2340: path. Add standard prefix and foodir expansion in all Makefiles to
2341: avoid this problem in the future.
2342: [62b6ce4ecae9]
2343:
2344: 2012-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
2345:
2346: * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po:
2347: New Lithuanian sudoers translation from translationproject.org
2348: [10436b649035]
2349:
2350: * plugins/sudoers/po/ja.po:
2351: Update from translationproject.org
2352: [acb8db5f8ef1]
2353:
2354: 2012-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
2355:
2356: * plugins/sudoers/ldap.c:
2357: When adding gids to the LDAP filter, only add the primary gid once.
2358: This is consistent with the space computation/allocation. From Eric
2359: Lakin
2360: [35d9d99c92c6]
2361:
2362: * doc/TROUBLESHOOTING:
2363: Add entry for AIX enhanced RBAC config.
2364: [5e10b6f8def7]
2365:
2366: * mkpkg:
2367: Target Mac OS X 10.5 when building packages.
2368: [06fce9bbebee]
2369:
2370: 2012-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
2371:
2372: * MANIFEST, common/Makefile.in, common/secure_path.c,
2373: common/sudo_conf.c, include/secure_path.h,
2374: plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c:
2375: Relax the user/group/mode checks on sudoers files. As long as the
2376: file is owned by the right user, not world-writable and not writable
2377: by a group other than the one specified at configure time (gid 0 by
2378: default), the file is considered OK. Note that visudo will still
2379: set the mode to the value specified at configure time.
2380: [241174babfcc]
2381:
2382: 2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
2383:
2384: * plugins/sudoers/set_perms.c:
2385: Add AIX-specific version of permission setting code to make sure
2386: that the saved uid gets restored properly.
2387: [9a6f5d22c301]
2388:
2389: * config.h.in, configure, configure.in, src/exec_common.c:
2390: Check for LD_PRELOAD variants in configure instead of checkign cpp
2391: symbols. In disable_execute(), compute the length of the new envp
2392: and allocate it once instead of reallocating on demand. Also append
2393: old value of LD_PRELOAD (if any) to the new value.
2394: [680266346917]
2395:
2396: * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
2397: Fix the description of noexec.
2398: [6a6d142f3c80]
2399:
2400: * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
2401: The "op" parameter to set_default() must be int, not bool since it
2402: is set to '+' or '-' for list add and subtract.
2403: [8da5b137bea2]
2404:
2405: * sudo.pp:
2406: Make sure sudoers is writable before calling ed script.
2407: [95352ab6336b]
2408:
2409: 2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
2410:
2411: * doc/CONTRIBUTORS, doc/contributors.pod:
2412: Update contributors. Now includes translators and authors of compat
2413: code.
2414: [4fb5b616b50a]
2415:
2416: 2012-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
2417:
2418: * src/po/sudo.pot:
2419: regen
2420: [2c86e2c328fe]
2421:
2422: * pp, sudo.pp:
2423: Build flat packages, not package bundles, on Mac OS X.
2424: [57bda3cd5520]
2425:
2426: 2012-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
2427:
2428: * sudo.pp:
2429: Move macos section to be with the other OS-specific sections.
2430: [51423bb2973a]
2431:
2432: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
2433: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
2434: Sync with translationproject.org
2435: [8ce41cbb8da0]
2436:
2437: * configure, configure.in:
2438: Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
2439: [fa979aa6fe7d]
2440:
2441: * sudo.pp:
2442: Add Mac OS X support, printing the latest chunk of the NEWS file and
2443: the license text in the installer.
2444: [ffeab72387c0]
2445:
2446: * sudo.pp:
2447: Add explicit file modes that match those used by "make install"
2448: [7eb37242c920]
2449:
2450: * pp:
2451: Sync with upstream for Mac OS X fixes.
2452: [97cba179041e]
2453:
2454: * plugins/sudoers/Makefile.in, src/Makefile.in:
2455: Got back to using "install-sh -M" for files installed as non-
2456: readable by owner. This fixes "make install" as non-root for
2457: package building.
2458: [967804ee77d6]
2459:
2460: 2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
2461:
2462: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
2463: plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
2464: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
2465: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
2466: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
2467: Sync with translationproject.org
2468: [0e53db12039a]
2469:
2470: * Makefile.in, doc/Makefile.in, include/Makefile.in,
2471: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
2472: plugins/sudoers/Makefile.in, src/Makefile.in:
2473: Use -m not -M for install-sh for everything except setuid. Install
2474: locale .mo files mode 0444, not 0644. If timedir parent doesn't
2475: exist, use default dir mode, not 0700.
2476: [8b6f64c92090]
2477:
2478: 2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
2479:
2480: * pp:
2481: Re-sync with upstream; no longer need a local patch.
2482: [97a2c7be5e59]
2483:
2484: * mkpkg:
2485: Add support for building Mac OS X packages.
2486: [94d49ac223a4]
2487:
2488: * pp:
2489: Sync with upstream
2490: [1c97654fc841]
2491:
2492: * src/Makefile.in:
2493: No longer need to define _PATH_SUDO_CONF here.
2494: [2560905b7482]
2495:
2496: * src/exec_common.c:
2497: Fix noexec for Mac OS X.
2498: [b7a744bca2c0]
2499:
2500: 2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
2501:
2502: * common/Makefile.in:
2503: Move _PATH_SUDO_CONF override to common to match sudo_debug.c
2504: [f0788972a63a]
2505:
2506: * plugins/sudoers/set_perms.c:
2507: More complete fix for LDR_PRELOAD on AIX. The addition of
2508: set_perm(PERM_ROOT) before calling the nss open functions (needed to
2509: avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
2510: and then real uid to 0 for PERM_ROOT works around the issue.
2511: [5888eda051af]
2512:
2513: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2514: regen
2515: [997fe403e219]
2516:
2517: * src/sudo.c:
2518: Set real uid to root before calling sudo_edit() or run_command() so
2519: that the monitor process is owned by root and not by the user.
2520: Otherwise, on AIX at least, the monitor process shows up in ps as
2521: belonging to the user (and can be killed by the user).
2522: [d4772d7d2fc5]
2523:
2524: * plugins/sudoers/set_perms.c:
2525: For PERM_ROOT when using setreuid(), only set the euid to 0 prior to
2526: the call to setuid(0) if the current euid is non-zero. This
2527: effectively restores the state of things prior to rev 7bfeb629fccb.
2528: Fixes a problem on AIX where LDR_PRELOAD was not being honored for
2529: the command being executed.
2530: [b9b40325b4dc]
2531:
2532: * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in,
2533: include/missing.h, src/sudo.c:
2534: Make a copy of the struct passwd in exec_setup() to make sure
2535: nothing in the policy init modifies it.
2536: [b721261c921f]
2537:
2538: 2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
2539:
2540: * doc/sudoers.pod:
2541: update copyright
2542: [f9d229d1f65e]
2543:
2544: * common/sudo_debug.c, include/sudo_debug.h:
2545: g/c now-unused debug subsystems
2546: [8f21726e698f]
2547:
2548: * doc/sudo.pod, doc/sudoers.pod:
2549: Enumerate the debug subsystems used by sudo and sudoers.
2550: [ac4f84293d14]
2551:
2552: 2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
2553:
2554: * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
2555: include/sudo_conf.h, src/sudo.c:
2556: Normally, sudo disables core dumps while it is running. This
2557: behavior can now be modified at run time with a line in sudo.conf
2558: like "Set disable_coredumps false"
2559: [ad14e0508b0d]
2560:
2561: * NEWS:
2562: Mention Spanish translation
2563: [600f3205bd6e]
2564:
2565: * common/sudo_debug.c:
2566: Make sure we don't try to fall back to using the conversation
2567: function for debugging in the main sudo process if we are unable to
2568: open the debug file.
2569: [ffa329aa908c]
2570:
2571: * MANIFEST, src/po/es.mo, src/po/es.po:
2572: Add sudo Spanish translation from translationproject.org
2573: [c1906654e740]
2574:
2575: 2012-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
2576:
2577: * plugins/sudoers/iolog.c:
2578: Better debug subsystem usage
2579: [1a31f115743c]
2580:
2581: * src/sudo.c:
2582: Remove duplicate function prototypes
2583: [ae04b00532eb]
2584:
2585: 2012-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
2586:
2587: * configure, configure.in:
2588: Error out if user specified --with-pam but we can't find the headers
2589: or library. Also throw an error if the headers are present but the
2590: library is not and vice versa.
2591: [d6bf3e3d0aae]
2592:
2593: 2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
2594:
2595: * plugins/sudoers/sudoers.c:
2596: Fix the sudoers permission check when the expected sudoers mode is
2597: owner-writable.
2598: [8b0b7e770a22]
2599:
2600: 2012-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
2601:
2602: * configure, configure.in:
2603: Verify that we can link executables built with -D_FORTIFY_SOURCE
2604: before using it.
2605: [7578215d1a95]
2606:
2607: * src/exec_common.c:
2608: Fix potential off-by-one when making a copy of the environment for
2609: LD_PRELOAD insertion. Fixes bug #534
2610: [cc699cd551b6]
2611:
2612: * configure, configure.in:
2613: Add rudimentary check for _FORTIFY_SOURCE support by checking for
2614: __sprintf_chk, one of the functions used by gcc to support it.
2615: [a992673d2ef8]
2616:
2617: * compat/stdbool.h, config.h.in, configure, configure.in:
2618: Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves.
2619: [8ba1370884b3]
2620:
2621: 2012-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
2622:
2623: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2624: regen
2625: [1e0b38397705]
2626:
2627: 2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
2628:
2629: * src/exec.c, src/sudo.c:
2630: The change in 818e82ecbbfc that caused to exit when the monitor dies
2631: created a race condition between the monitor exiting and the status
2632: being read. All we really want to do is make sure that select()
2633: notifies us that there is a status change when the monitor dies
2634: unexpectedly so shutdown the socketpair connected to the monitor for
2635: writing when it dies. That way we can still read the status that is
2636: pending on the socket and select() on Linux will tell us that the fd
2637: is ready.
2638: [7fb5b30ea48d]
2639:
2640: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
2641: src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h,
2642: src/sudo_exec.h:
2643: Refactor disable_execute() and my_execve() into exec_common.c for
2644: use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of
2645: disabling exec in exec_setup(), disable it immediately before
2646: executing the command. Adapted from a diff by Arno Schuring.
2647: [ec4d8b53db6b]
2648:
2649: 2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
2650:
2651: * aclocal.m4, configure, configure.in:
2652: Add custom version of AC_CHECK_LIB that uses the extra libs in the
2653: cache value name. With this we no longer need to rely on a modified
2654: version of autoconf.
2655: [1c3b1d482d6c]
2656:
2657: 2012-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
2658:
2659: * configure, configure.in:
2660: Better handling of network functions that need -lsocket -lnsl
2661: [cc386342ec2b]
2662:
2663: * src/sudo.c:
2664: When setting up the execution environment, set groups before
2665: gid/egid like sudo 1.7 did.
2666: [928e1c5fa6c1]
2667:
2668: * configure, configure.in:
2669: Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
2670: [84b23cdf138f]
2671:
2672: * plugins/sudoers/sudoers.c:
2673: For "sudo -g" prepend the specified group ID to the beginning of the
2674: groups list. This matches BSD convention where the effective gid is
2675: the first entry in the group list. This is required on newer
2676: FreeBSD where the effective gid is not tracked separately and thus
2677: setgroups() changes the egid if this convention is not followed.
2678: Fixes bug #532
2679: [782d6909108b]
2680:
2681: 2012-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
2682:
2683: * configure, configure.in:
2684: Fix sh warning; use "test" instead of "["
2685: [c6ee3407f65e]
2686:
2687: * src/exec.c:
2688: When not logging I/O, use a signal handler that only forwards
2689: SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
2690: Fixes a race in the non-I/O logging path where the command may
2691: receive two keyboard-generated signals; one from the kernel and one
2692: from the sudo process.
2693: [9638684e786a]
2694:
2695: * src/exec.c:
2696: Back out change that put the command in its own pgrp when not
2697: logging I/O. It causes problems with pipelines.
2698: [4fc9c6e1e770]
2699:
2700: 2012-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
2701:
2702: * compat/Makefile.in, configure, configure.in:
2703: Only run compat regress tests on compat objects we actually build.
2704: Fixes "make check" in the compat dir for systems that don't
2705: implement character classes in fnmatch() or glob(). Bug #531
2706: [a7addc305e83]
2707:
2708: 2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
2709:
2710: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
2711: Update po files from translationproject.org
2712: [5ea066af1356]
2713:
2714: 2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
2715:
2716: * sudo.pp:
2717: Include parent directories in case they don't already exist. This
2718: fixes a directory permissions problem with the AIX package when the
2719: /usr/local directories don't already exist.
2720: [a14f783dc827]
2721:
2722: * pp:
2723: sync with git version
2724: [2f79d0543661]
2725:
2726: * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
2727: regen dependencies
2728: [24c92ca6c64d]
2729:
2730: * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c:
2731: Move tty name lookup code to its own file.
2732: [58faf072cbf4]
2733:
2734: 2012-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
2735:
2736: * NEWS:
2737: Update with latest sudo 1.8.4 changes.
2738: [a4ffe4f42528]
2739:
2740: * config.h.in, configure, configure.in:
2741: Remove obsolete template for HAVE_TIMESPEC
2742: [75709007c906]
2743:
2744: * src/sudo.c:
2745: Add a check for devname() returning a fully-qualified pathname. None
2746: of the devname() implementations do this today but you never know
2747: when this might change.
2748: [16813ace38f9]
2749:
2750: 2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
2751:
2752: * plugins/sudoers/visudo.c:
2753: For "visudo -c" also list include files that were checked when
2754: everything is OK.
2755: [ad6f85b35c9c]
2756:
2757: * src/sudo.c:
2758: The device name returned by devname() does not include the /dev/
2759: prefix so we need to add it ourselves.
2760: [b55285abb7ed]
2761:
2762: * src/sudo.c:
2763: Add debug warning if KERN_PROC sysctl fails or devname() can't
2764: resolve the tty device to a name.
2765: [b5a23916ba3a]
2766:
2767: * common/sudo_debug.c:
2768: The result of writev() is never checked so just cast to NULL.
2769: [4be4e9b58d5b]
2770:
2771: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
2772: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
2773: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
2774: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
2775: Update Esperanto, Finnish, Polish and Ukrainian translations from
2776: translationproject.org.
2777: [bb91bc6ad7e9]
2778:
2779: 2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
2780:
2781: * config.h.in, configure, configure.in, src/sudo.c:
2782: Add support for determining tty via sysctl on other BSD variants.
2783: [fd15f63f719a]
2784:
2785: * configure, configure.in:
2786: Only check for struct kinfo_proc.ki_tdev on systems that support
2787: sysctl.
2788: [109b3f07a39d]
2789:
2790: * src/sudo.c:
2791: For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on
2792: ttyname() of std{in,out,err}.
2793: [95969b70bd68]
2794:
2795: 2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
2796:
2797: * config.h.in, configure, configure.in, src/sudo.c:
2798: On newer FreeBSD we can get the parent's tty name via sysctl().
2799: [3207290501ee]
2800:
2801: * plugins/sudoers/testsudoers.c:
2802: Include locale.h
2803: [a602cd0b8c2d]
2804:
2805: * src/sudo.c:
2806: Silence a gcc warning.
2807: [8c6d0e3cd534]
2808:
2809: * plugins/sudoers/bsm_audit.c:
2810: Need to include gettext.h and sudo_debug.h; from John Hein
2811: [447912aa7300]
2812:
2813: * plugins/sudoers/iolog.c:
2814: Initialize the debug framework from the I/O plugin too.
2815: [ce1bf44d96d2]
2816:
2817: 2012-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
2818:
2819: * plugins/sudoers/testsudoers.c:
2820: Enable debugging via sudo.conf.
2821: [d85669c749d0]
2822:
2823: 2012-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
2824:
2825: * plugins/sudoers/visudo.c:
2826: Use SUDO_DEBUG_ALIAS for alias checking functions.
2827: [fb84af30dc76]
2828:
2829: * configure, configure.in:
2830: More complete test for getaddrinfo() that doesn't rely on the
2831: network libraries already being added to LIBS.
2832: [cbaf2369f4f0]
2833:
2834: 2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
2835:
2836: * common/aix.c:
2837: Add debug support.
2838: [def1bdf24485]
2839:
2840: * configure, configure.in:
2841: Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
2842: [a2ea1c2eac61]
2843:
2844: * compat/getaddrinfo.c:
2845: Include errno.h and missing.h
2846: [7d15e17cc2f2]
2847:
2848: * .hgignore:
2849: ignore doc/varsub
2850: [417f9fc3231b]
2851:
2852: * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in,
2853: plugins/sudoers/gram.y, plugins/sudoers/match.c,
2854: plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c,
2855: src/parse_args.c, src/sudo.c, src/sudo.h:
2856: Update copyright year.
2857: [5d0ffc7dd567]
2858:
2859: * NEWS:
2860: Update for sudo 1.8.4
2861: [841e3eff9844]
2862:
2863: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2864: regen pot files
2865: [c509cb45b66a]
2866:
2867: * plugins/sudoers/sudoreplay.c:
2868: Enable debugging via sudo.conf.
2869: [5087aaee8484]
2870:
2871: * plugins/sudoers/visudo.c:
2872: Enable debugging via sudo.conf.
2873: [04b067c16ed3]
2874:
2875: * plugins/sudoers/visudo.c:
2876: Allow "visudo -c" to work when we only have read-only access to the
2877: sudoers include files.
2878: [d8c6713fe5c1]
2879:
2880: * doc/sudo.pod, doc/visudo.pod:
2881: Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add
2882: HISTORY section in sudo that points to HISTORY file.
2883: [d1f1bcb051c5]
2884:
2885: * doc/sudo.pod, doc/sudo_plugin.pod:
2886: Document Debug setting in sudo.conf and debug_flags in plugin.
2887: [acfc505aa4a9]
2888:
2889: 2012-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
2890:
2891: * plugins/sudoers/match.c:
2892: Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a
2893: bug where a pattern like "/usr/*" include /usr/bin/ in the results,
2894: which would be incorrectly be interpreted as if the sudoers file had
2895: specified a directory. From Vitezslav Cizek.
2896: [0cdb6252188c]
2897:
2898: * INSTALL, config.h.in, configure, configure.in,
2899: plugins/sudoers/auth/kerb5.c:
2900: Add --enable-kerb5-instance configure option to allow people using
2901: Kerberos V authentication to use a custom instance. Adapted from a
2902: diff by Michael E Burr.
2903: [e83af8bb7aa7]
2904:
2905: * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h:
2906: Remove -D debug_level option.
2907: [cbcd05094347]
2908:
2909: * doc/LICENSE:
2910: Update copyright year.
2911: [9f43dd7aa852]
2912:
2913: 2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
2914:
2915: * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
2916: plugins/sudoers/visudo.c:
2917: parse_error is now bool, not int
2918: [5ea7fb6fda38]
2919:
2920: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2921: plugins/sudoers/parse.c:
2922: Print a more sensible error if yyparse() returns non-zero but
2923: yyerror() was not called.
2924: [d44ec88f1183]
2925:
2926: * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
2927: plugins/sudoers/gram.c:
2928: Replace y.tab.c with the correct filename in #line directives.
2929: [3c84fcb7e959]
2930:
2931: 2012-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
2932:
2933: * src/sudo.c:
2934: When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2}
2935: if the main process's fds 0-2 are not hooked up to a tty. Adapted
2936: from a diff by Zdenek Behan.
2937: [b9dfce12af85]
2938:
2939: * src/exec.c:
2940: When not logging I/O, put command in its own pgrp and make that the
2941: controlling pgrp if the command is in the foreground. Fixes a race
2942: in the non-I/O logging path where the command may receive two
2943: keyboard-generated signals; one from the kernel and one from the
2944: sudo process.
2945: [d0e263ce496c]
2946:
2947: 2011-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
2948:
2949: * src/sudo_edit.c:
2950: Quiet a bogus gcc warning.
2951: [2009669e0608]
2952:
2953: * src/parse_args.c, src/sudo.h:
2954: Fix warnings related to sudo.conf accessors.
2955: [08ddc29ba50b]
2956:
2957: * common/sudo_conf.c, include/sudo_conf.h:
2958: Separate sudo.conf parsing from plugin loading and move the parse
2959: functions into the common lib so that visudo, etc. can use them.
2960: [f1fc659a8079]
2961:
2962: * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c,
2963: src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h:
2964: Separate sudo.conf parsing from plugin loading and move the parse
2965: functions into the common lib so that visudo, etc. can use them.
2966: [e1f2cf6bd57a]
2967:
2968: * doc/sudoers.pod, plugins/sudoers/def_data.c,
2969: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
2970: plugins/sudoers/sudoers.c, src/sudo.c:
2971: Remove support for noexec_file in sudoers and the plugin API
2972: [3e2fd58879b5]
2973:
2974: * plugins/sudoers/sudoers.c:
2975: Don't dump interfaces if there are none.
2976: [9081bb4d3e9e]
2977:
2978: * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
2979: Add missing %s printf escape to the group_plugin, iolog_dir and
2980: iolog_file descriptions.
2981: [7db03f2b737e]
2982:
2983: 2011-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
2984:
2985: * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c:
2986: Fix typo in visiblepw description; from Joel Pickett
2987: [2fb4b26d5c2c]
2988:
2989: 2011-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
2990:
2991: * MANIFEST, configure, configure.in, mkdep.pl,
2992: plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
2993: plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
2994: plugins/sudoers/sudoers.h, src/sudo.c:
2995: When running a login shell with a login_class specified, use
2996: LOGIN_SETENV instead of rolling our own login.conf setenv support
2997: since FreeBSD's login.conf has more than just setenv capabilities.
2998: This requires us to swap the plugin-provided envp for the global
2999: environ before calling setusercontext() and then stash the resulting
3000: environ pointer back into the command details, which is kind of a
3001: hack.
3002: [ad4f1190143b]
3003:
3004: * plugins/sudoers/Makefile.in:
3005: If srcdir is "." just use the basename of the yacc/lex file when
3006: generating the C version. This matches the generated files
3007: currently in the repo.
3008: [0b11c3df87a8]
3009:
3010: * doc/Makefile.in, plugins/sudoers/Makefile.in:
3011: Clean up the DEVEL noise
3012: [9de2afe457fd]
3013:
3014: * src/exec.c:
3015: Handle different Unix domain socket (actually socketpair) semantics
3016: in BSD vs. Linux. In BSD if one end of the socketpair goes away
3017: select() returns the fd as readable and the read will fail with
3018: ECONNRESET. This doesn't appear to happen on Linux so if we notice
3019: that the monitor process has died when I/O logging is enabled,
3020: behave like the command has exited. This means we log the wait
3021: status of the monitor, not the command, but there is nothing else we
3022: can do at that point. This should only be an issue if SIGKILL is
3023: sent to the monitor process.
3024: [818e82ecbbfc]
3025:
3026: * src/exec_pty.c:
3027: Catch common signals in the monitor process so they get passed to
3028: the command. Fixes a problem when the entire login session is
3029: killed when ssh is disconnected or the terminal window is closed.
3030: Previously, the monitor would exit and plugin's close method would
3031: not be called.
3032: [0e4658263138]
3033:
3034: * INSTALL, configure, configure.in:
3035: Mention how to configure pam_hpsec on HP-UX to play nicely with
3036: sudo.
3037: [a7294cd8ce98]
3038:
3039: 2011-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
3040:
3041: * plugins/sudoers/ldap.c:
3042: Escape values in the search expression as per RFC 4515.
3043: [c2adbc5db92b]
3044:
3045: * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
3046: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3047: src/Makefile.in:
3048: No need for install target to depend explicitly on install-dirs, the
3049: install-foo targets all depend on it.
3050: [62a36ed98279]
3051:
3052: 2011-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
3053:
3054: * .hgignore:
3055: ignore src/sesh
3056: [463d492f6782]
3057:
3058: * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl,
3059: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
3060: plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
3061: plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
3062: plugins/sudoers/sudoers.h, src/Makefile.in:
3063: Add support for setenv entries in login.conf. We can't use
3064: LOGIN_SETENV since the plugin sets up the envp the command is
3065: executed with. Also regen the Makefile.in files while here. Fixes
3066: bug #527
3067: [088d507926e2]
3068:
3069: 2011-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
3070:
3071: * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h,
3072: config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
3073: src/net_ifs.c:
3074: Add getaddrinfo() for those without it, written by Russ Allbery
3075: [4cf9ac831222]
3076:
3077: * doc/Makefile.in:
3078: Restore PACKAGE_TARNAME, it is used in docdir
3079: [9d65e893edb1]
3080:
3081: * MANIFEST, compat/stdbool.h:
3082: SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to
3083: the MANIFEST
3084: [e67700dc5621]
3085:
3086: * common/atobool.c, common/term.c, src/exec.c:
3087: Remove duplicate return statements.
3088: [48a20d5215fd]
3089:
3090: * plugins/sudoers/auth/bsdauth.c:
3091: Remove inaccurate comment
3092: [e7f0265cf657]
3093:
3094: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c:
3095: Fetch the login class for the user we authenticate specifically when
3096: using BSD authentication. That user may have a different login
3097: class than what we will use to run the command. When setting the
3098: login class for the command, use the target user's struct passwd,
3099: not the invoking user's. Fixes bug 526
3100: [21bf0af892f7]
3101:
3102: * compat/Makefile.in, configure, configure.in, doc/Makefile.in,
3103: plugins/sudoers/Makefile.in:
3104: Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1"
3105: [8ee6e0891f27]
3106:
3107: * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
3108: plugins/sudoers/regress/logging/check_wrap.c,
3109: plugins/sudoers/regress/parser/check_addr.c,
3110: plugins/sudoers/regress/parser/check_fill.c:
3111: Fix "make check" fallout from the sudo_conv changes in sudo_debug.
3112: [b0aaa63c9081]
3113:
3114: * common/fileops.c, common/sudo_debug.c, configure, configure.in,
3115: include/fileops.h, plugins/sample/Makefile.in,
3116: plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in,
3117: plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
3118: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
3119: plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
3120: plugins/sudoers/env.c, plugins/sudoers/find_path.c,
3121: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
3122: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
3123: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
3124: plugins/sudoers/ldap.c, plugins/sudoers/match.c,
3125: plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
3126: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
3127: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
3128: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
3129: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
3130: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
3131: plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c,
3132: src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h,
3133: src/sudo_plugin_int.h, src/utmp.c:
3134: Use stdbool.h instead of rolling our own TRUE/FALSE macros.
3135: [dcb0bbc42fc9]
3136:
3137: 2011-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
3138:
3139: * compat/stdbool.h, config.h.in, configure, configure.in:
3140: Add stdbool.h for systems without it.
3141: [18bd9dda1dcd]
3142:
3143: * aclocal.m4, config.h.in, configure, configure.in:
3144: No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
3145: includes have unistd.h in them. Add check for socklen_t for
3146: upcoming getaddrinfo compat.
3147: [d705465bef69]
3148:
3149: * common/fileops.c, compat/nanosleep.c, config.h.in, configure,
3150: configure.in, plugins/sudoers/interfaces.c,
3151: plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c,
3152: plugins/sudoers/sudoreplay.c, src/net_ifs.c:
3153: Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of
3154: HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
3155: [fa187c9bd2be]
3156:
3157: * src/sudo_noexec.c:
3158: No longer need to include time.h here as missing.h does not use
3159: time_t.
3160: [fa3a089bf5b1]
3161:
3162: 2011-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
3163:
3164: * plugins/sudoers/visudo.c:
3165: Fix mode on sudoers as needed when the -f option is not specified.
3166: [7a1c40b0dc03]
3167:
3168: * MANIFEST, src/po/sr.mo, src/po/sr.po:
3169: Add Serbian translation for sudo from translationproject.org
3170: [9a0c25e25cba]
3171:
3172: * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c,
3173: src/parse_args.c:
3174: No longer pass debug_file to plugin, plugins must now use
3175: CONV_DEBUG_MSG
3176: [810cda1abb0b]
3177:
3178: * mkpkg:
3179: Build PIE executables for newer Debian and Ubuntu
3180: [1c5f25f8904a]
3181:
3182: * common/sudo_debug.c:
3183: Include time.h for ctime() prototype.
3184: [10090cf3bca1]
3185:
3186: 2011-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
3187:
3188: * common/sudo_debug.c, include/sudo_debug.h, src/exec.c,
3189: src/exec_pty.c:
3190: Do not close error pipe or debug fd via closefrom() as we need them
3191: to report an exec error should one occur.
3192: [732f6587fafa]
3193:
3194: * doc/sudoers.ldap.pod:
3195: Document that a sudoUser may now be a group ID.
3196: [2fef46b9d3d3]
3197:
3198: * plugins/sudoers/ldap.c:
3199: Add support for permitting access by group ID in addition to group
3200: name.
3201: [b9450fdf1f69]
3202:
3203: * plugins/sudoers/ldap.c:
3204: Older Netscape LDAP SDKs don't prototype ldapssl_set_strength()
3205: [d62a1e7cff4f]
3206:
3207: * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE:
3208: Replace UCB fnmatch.c with a non-recursive version written by
3209: William A. Rowe Jr.
3210: [354d3384adb8]
3211:
3212: * plugins/sudoers/auth/pam.c:
3213: Fix typo, return_debug vs. debug_return
3214: [1b522efcbb0d]
3215:
3216: 2011-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
3217:
3218: * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
3219: Update Japanese sudoers translation from translationproject.org
3220: [ec0f2beaad36]
3221:
3222: * doc/sudoers.pod:
3223: Make the env_reset descriptions consistent.
3224: [41c056f02688]
3225:
3226: 2011-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
3227:
3228: * configure, configure.in:
3229: Do multiple expansion when expanding paths to the noexec file, sesh
3230: and the plugin directory. Adapted from a diff by Mike Frysinger
3231: [d7e16c876c66]
3232:
3233: * common/Makefile.in:
3234: regen
3235: [9d729e09c186]
3236:
3237: 2011-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
3238:
3239: * .hgignore:
3240: Add ignore file; from Mike Frysinger
3241: [1fa8d52425f8]
3242:
3243: * mkdep.pl:
3244: no longer save old Makefile.in to .old
3245: [378dd2395545]
3246:
3247: * plugins/sudoers/Makefile.in, src/Makefile.in:
3248: regen
3249: [769faf517720]
3250:
3251: * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4,
3252: m4/ltoptions.m4, m4/ltversion.m4:
3253: Update to libtool 2.4.2
3254: [9dac78d84b4f]
3255:
3256: 2011-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
3257:
3258: * plugins/sudoers/sudoers_version.h:
3259: Bump grammar version for #include and #includedir relative path
3260: support.
3261: [82a4f7cd8f71]
3262:
3263: 2011-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
3264:
3265: * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3266: Add support for relative paths in #include and #includedir
3267: [4d6e3bd0c24f]
3268:
3269: * plugins/sudoers/Makefile.in:
3270: Fix install-plugin when shared objects are unsupported or disabled.
3271: [cbdd770a7a1b]
3272:
3273: * plugins/sudoers/goodpath.c:
3274: Don't write to sbp if it is NULL
3275: [fc438f8e8570]
3276:
3277: 2011-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
3278:
3279: * Makefile.in:
3280: Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set,
3281: only install matching .mo files
3282: [c1dc30ab4ebc]
3283:
3284: 2011-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
3285:
3286: * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
3287: plugins/sudoers/sudoers.c, src/conversation.c:
3288: Fix non-dynamic (no dlopen) sudo build.
3289: [b0bd3fa925a3]
3290:
3291: * configure, configure.in:
3292: Don't error out if the user specified --disable-shared
3293: [cf035dd1e5cc]
3294:
3295: * common/sudo_debug.c, plugins/sudoers/sudoreplay.c,
3296: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
3297: src/conversation.c:
3298: Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to
3299: the debug file.
3300: [640c62f83251]
3301:
3302: * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
3303: plugins/sudoers/sudoers.h:
3304: Make sudo_goodpath() return value bolean
3305: [fea2d59a6e55]
3306:
3307: * INSTALL, MANIFEST, configure, configure.in, mkdep.pl,
3308: plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c:
3309: Remove obsolete securid auth method.
3310: [4e54f860214b]
3311:
3312: * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
3313: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
3314: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
3315: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
3316: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
3317: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
3318: plugins/sudoers/auth/sudo_auth.h:
3319: Prefix authentication functions with a "sudo_" prefix to avoid
3320: namespace problems.
3321: [581d74063ea1]
3322:
3323: * INSTALL, MANIFEST, config.h.in, configure, configure.in,
3324: doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in,
3325: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c,
3326: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c:
3327: Remove the old Kerberos IV support
3328: [2e4b4a44209d]
3329:
3330: 2011-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
3331:
3332: * plugins/sudoers/check.c:
3333: Don't print garbage at the end of the custom lecture.
3334: [44bb788fafaa]
3335:
3336: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3337: Add lexer tracing as debug@parser
3338: [d850f3f9d414]
3339:
3340: * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
3341: plugins/sudoers/defaults.h, plugins/sudoers/gram.c,
3342: plugins/sudoers/match.c, plugins/sudoers/parse.c,
3343: plugins/sudoers/regress/parser/check_fill.c,
3344: plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
3345: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
3346: plugins/sudoers/visudo.c:
3347: Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and
3348: <def_data.h> and not "def_data.h" when generating the parser in a
3349: build dir.
3350: [7da701def753]
3351:
3352: 2011-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
3353:
3354: * mkdep.pl, plugins/sudoers/Makefile.in:
3355: Better devdir support in mkdep.pl
3356: [7dcec57bd155]
3357:
3358: * plugins/sudoers/Makefile.in:
3359: Add devdir before srcdir in include path and fix up dependecies
3360: accordingly.
3361: [6e9958eca485]
3362:
3363: * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
3364: plugins/sudoers/defaults.h, plugins/sudoers/match.c,
3365: plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
3366: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
3367: plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
3368: #include "gram.h" not <gram.h> and "def_data.h" and not
3369: <def_data.h>.
3370: [003bdb078a15]
3371:
3372: * sudo.pp:
3373: Mark libexec files as optional. If we build without shared object
3374: support, libexec is not used.
3375: [4bffcf482219]
3376:
3377: * src/load_plugins.c:
3378: Change Debug sudo.conf setting to take a program name as the first
3379: argument. In the future, this will allow visudo and sudoreplay to
3380: use their own Debug entries.
3381: [cfb8f7e4867c]
3382:
3383: * src/sudo.c:
3384: fix sudo_debug_printf priority
3385: [dcb67e965609]
3386:
3387: * plugins/sudoers/sudoers.c:
3388: add missing debug_return_int
3389: [d88ec450c592]
3390:
3391: 2011-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
3392:
3393: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
3394: plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c:
3395: Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR
3396: [dcee8efc294f]
3397:
3398: * doc/UPGRADE:
3399: Add missing word in HOME security note.
3400: [fd844fdcc1ac]
3401:
3402: * plugins/sudoers/testsudoers.c:
3403: Prevent "testsudoers -d username" from trying to malloc(0).
3404: [839126e56e8c]
3405:
3406: 2011-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
3407:
3408: * plugins/sudoers/regress/sudoers/test10.in,
3409: plugins/sudoers/regress/sudoers/test10.out.ok,
3410: plugins/sudoers/regress/sudoers/test10.toke.ok,
3411: plugins/sudoers/regress/sudoers/test10.toke.out.ok,
3412: plugins/sudoers/regress/sudoers/test11.in,
3413: plugins/sudoers/regress/sudoers/test11.out.ok,
3414: plugins/sudoers/regress/sudoers/test11.toke.ok,
3415: plugins/sudoers/regress/sudoers/test11.toke.out.ok,
3416: plugins/sudoers/regress/sudoers/test12.in,
3417: plugins/sudoers/regress/sudoers/test12.out.ok,
3418: plugins/sudoers/regress/sudoers/test12.toke.ok,
3419: plugins/sudoers/regress/sudoers/test13.in,
3420: plugins/sudoers/regress/sudoers/test13.out.ok,
3421: plugins/sudoers/regress/sudoers/test13.toke.ok,
3422: plugins/sudoers/regress/sudoers/test9.in,
3423: plugins/sudoers/regress/sudoers/test9.out.ok,
3424: plugins/sudoers/regress/sudoers/test9.toke.ok,
3425: plugins/sudoers/regress/sudoers/test9.toke.out.ok:
3426: Tests for empty sudoers (should parse OK) and syntax errors within a
3427: line (should report correct line number) both with and without the
3428: trailing newline.
3429: [d57c879c4718]
3430:
3431: * plugins/sudoers/regress/sudoers/test4.out.ok,
3432: plugins/sudoers/regress/sudoers/test5.out.ok,
3433: plugins/sudoers/regress/sudoers/test7.out.ok,
3434: plugins/sudoers/regress/sudoers/test8.out.ok,
3435: plugins/sudoers/testsudoers.c:
3436: Print line number when there is a parser error.
3437: [5444ef6ac6dc]
3438:
3439: 2011-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
3440:
3441: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
3442: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3443: Keep track of the last token returned. On error, if the last token
3444: was COMMENT, decrement sudolineno since the error most likely
3445: occurred on the preceding line. Previously we always uses
3446: sudolineno-1 which will give the wrong line number for errors within
3447: a line.
3448: [d661a03a64da]
3449:
3450: 2011-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
3451:
3452: * NEWS:
3453: update with sudo 1.8.3p1 info
3454: [0f79ff31f602]
3455:
3456: * plugins/sudoers/sudoers.c:
3457: Fix crash when "sudo -g group -i" is run. Fixes bug 521
3458: [a3087ae337c4]
3459:
3460: 2011-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
3461:
3462: * plugins/sudoers/visudo.c:
3463: Make alias_remove_recursive() return TRUE/FALSE as its callers
3464: expect and remove two unused arguments. Fixes bug 519.
3465: [2ee3b2882844]
3466:
3467: * plugins/sudoers/regress/visudo/test1.out.ok,
3468: plugins/sudoers/regress/visudo/test1.sh:
3469: Add regress test for bugzilla 519
3470: [48000ebedf97]
3471:
3472: * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
3473: plugins/sudoers/regress/logging/check_wrap.c,
3474: plugins/sudoers/regress/parser/check_addr.c,
3475: plugins/sudoers/regress/parser/check_fill.c:
3476: Disable warning/error wrapping in regress tests.
3477: [373c589ba561]
3478:
3479: 2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
3480:
3481: * Makefile.in:
3482: Do compile-po as part of sync-po so that the .mo files get rebuild
3483: automatically when we sync with translationproject.org
3484: [83f3cbfc2f33]
3485:
3486: * plugins/sudoers/Makefile.in:
3487: check_addr needs to link with the network libraries on Solaris
3488: [322bd70e316e]
3489:
3490: * plugins/sudoers/match.c:
3491: When matching a RunasAlias for a runas group, pass the alias in as
3492: the group_list, not the user_list. From Daniel Kopecek.
3493: [766545edf141]
3494:
3495: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
3496: We need to init the auth system regardless of whether we need a
3497: password since we will be closing the PAM session in the monitor
3498: process. Fixes a crash in the monitor on Solaris; bugzilla #518
3499: [e82809f86fb3]
3500:
3501: 2011-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
3502:
3503: * src/exec.c:
3504: Get rid of done: label. If the child exits we still need to close
3505: the pty, update utmp and restore the SELinux tty context.
3506: [cc127bf48405]
3507:
3508: 2011-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
3509:
3510: * common/Makefile.in, common/atobool.c, common/fileops.c,
3511: common/fmt_string.c, common/lbuf.c, common/list.c,
3512: common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in,
3513: plugins/sudoers/alias.c, plugins/sudoers/audit.c,
3514: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
3515: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
3516: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
3517: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
3518: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
3519: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
3520: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
3521: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
3522: plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
3523: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
3524: plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
3525: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
3526: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
3527: plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
3528: plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
3529: plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
3530: plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
3531: plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
3532: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
3533: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
3534: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
3535: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
3536: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
3537: src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c,
3538: src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
3539: src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
3540: src/tgetpass.c, src/ttysize.c, src/utmp.c:
3541: Add debug_decl/debug_return (almost) everywhere. Remove old
3542: sudo_debug() and convert users to sudo_debug_printf().
3543: [8f3bbf907b67]
3544:
3545: * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c,
3546: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
3547: plugins/sudoers/visudo.c, src/error.c:
3548: Wrap error/errorx and warning/warningx functions with debug
3549: statements. Disable wrapping for standalone sudoers programs as well
3550: as memory allocation functions (to avoid infinite recursion).
3551: [562ed7b5ae8d]
3552:
3553: * README, config.h.in, configure, configure.in:
3554: Add checks for __func__ and __FUNCTION__ and mention that we now
3555: require a cpp that supports variadic macros.
3556: [314cfe4c5d23]
3557:
3558: * MANIFEST, common/Makefile.in, common/sudo_debug.c,
3559: include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c,
3560: src/load_plugins.c, src/parse_args.c, src/sudo.c,
3561: src/sudo_plugin_int.h:
3562: New debug framework for sudo and plugins using /etc/sudo.conf that
3563: also supports function call tracing.
3564: [cded741e9f10]
3565:
3566: 2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
3567:
3568: * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
3569: Update Japanese sudoers translation from translationproject.org
3570: [c24725775e32]
3571:
3572: 2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
3573:
3574: * configure, configure.in:
3575: Override and ignore the --disable-static option. Sudo already runs
3576: libtool with -tag=disable-static where applicable and we need non-
3577: PIC objects to build the executables.
3578: [aff1227b853a]
3579:
3580: 2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
3581:
3582: * NEWS:
3583: Add sudoedit fix
3584: [74655c7ccad1]
3585:
3586: * plugins/sudoers/po/sudoers.pot:
3587: regen pot files
3588: [28d89a831ed3]
3589:
3590: * plugins/sudoers/env.c:
3591: Ignore set_logname (which is now the default) for sudoedit since we
3592: want the LOGNAME, USER and USERNAME environment variables to refer
3593: to the calling user since that is who the editor runs as. This
3594: allows the editor to find the user's startup files. Fixes bugzilla
3595: #515
3596: [6c5dddf5ff05]
3597:
3598: * plugins/sudoers/pwutil.c:
3599: Instead of trying to grow the buffer in make_grlist_item(), simply
3600: increase the total length, free the old buffer and allocate a new
3601: one. This is less error prone and saves us from having to adjust
3602: all the pointers in the buffer. This code path is only taken when
3603: there are groups longer than the length of the user field in struct
3604: utmp or utmpx, which should be quite rare.
3605: [5587dc8cffaf]
3606:
3607: * src/po/it.mo:
3608: Add Italian translation for sudo from translationproject.org
3609: [1b3dd886e7e3]
3610:
3611: * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
3612: src/po/ja.mo, src/po/ja.po:
3613: Japanese translation for sudo and sudoers from
3614: translationproject.org
3615: [c06dd866be6e]
3616:
3617: 2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
3618:
3619: * plugins/sudoers/Makefile.in:
3620: sudoreplay depends on timestr.lo too; from Mike Frysinger
3621: [b9e73214b2f1]
3622:
3623: 2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
3624:
3625: * plugins/sudoers/po/sudoers.pot:
3626: Regen sudoers pot file.
3627: [019588bafdb3]
3628:
3629: * NEWS:
3630: Update with latest sudo 1.8.3 news
3631: [6868042a88e9]
3632:
3633: * plugins/sudoers/sudoers.c:
3634: It appears that LDAP or NSS may modify the euid so we need to be
3635: root for the open(). We restore the old perms at the end of
3636: sudoers_policy_open().
3637: [2da67a5497ef]
3638:
3639: * plugins/sudoers/set_perms.c:
3640: Better warning message on setuid() failure for the setreuid()
3641: version of set_perms().
3642: [07abcfe7bd9a]
3643:
3644: 2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
3645:
3646: * plugins/sudoers/check.c:
3647: Delref auth_pw at the end of check_user() instead of getting a ref
3648: twice.
3649: [cb665f55e6a5]
3650:
3651: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c:
3652: Make sudo_auth_{init,cleanup} return TRUE on success and check for
3653: sudo_auth_init() return value in check_user().
3654: [92631c919356]
3655:
3656: * plugins/sudoers/auth/sudo_auth.c:
3657: Do not return without restoring permissions.
3658: [59ef40b6696a]
3659:
3660: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
3661: regen pot files
3662: [9f320a340b7c]
3663:
3664: * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
3665: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
3666: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
3667: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
3668: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
3669: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
3670: plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
3671: plugins/sudoers/sudoers.h:
3672: Modify the authentication API such that the init and cleanup
3673: functions are always called, regardless of whether or not we are
3674: going to verify a password. This is needed for proper PAM session
3675: support.
3676: [19a53f3fb596]
3677:
3678: * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
3679: Add missing dependency for getspwuid.lo and regen other depends.
3680: [f7f70eae819a]
3681:
3682: * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
3683: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c:
3684: Fix a PAM_USER mismatch in session open/close. We update PAM_USER
3685: to the target user immediately before setting resource limits, which
3686: is after the monitor process has forked (so it has the old value).
3687: Also, if the user did not authenticate, there is no pamh in the
3688: monitor so we need to init pam here too. This means we end up
3689: calling pam_start() twice, which should be fixed, but at least the
3690: session is always properly closed now.
3691: [fbc063a2a872]
3692:
3693: * src/utmp.c:
3694: Add check for old being NULL in utmp_setid(); from Steven McDonald
3695: [e87126442f2e]
3696:
3697: 2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
3698:
3699: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
3700: plugins/sudoers/sudoers.h:
3701: If the invoking user cannot be resolved by uid fake the struct
3702: passwd and store it in the cache so we can delref it on exit.
3703: [a27e2f8b9f5e]
3704:
3705: 2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
3706:
3707: * plugins/sudoers/sudoers.c:
3708: Don't error out if the group plugin cannot be loaded, just warn.
3709: [0fbfcd381e33]
3710:
3711: 2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
3712:
3713: * plugins/sudoers/sudoers.c:
3714: Quiet a false positive found by several static analysis tools. These
3715: tools don't know that log_error() does not return (it longjmps to
3716: error_jmp which returns to the sudo front-end).
3717: [33d0469df21b]
3718:
3719: 2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
3720:
3721: * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo,
3722: plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
3723: plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po:
3724: Add Italian translation for sudo from translationproject.org Regen
3725: .mo files
3726: [c3c888a82be6]
3727:
3728: 2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
3729:
3730: * doc/TROUBLESHOOTING:
3731: Update to current reality and add bit about ssh auth
3732: [184a1e7c2eeb]
3733:
3734: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
3735: Make "verbose" static; fixes a namespace clash with
3736: pam_ssh_agent_auth (and it doesn't need to be extern these days).
3737: [cc38d2eb2f4c]
3738:
3739: * config.h.in, configure, configure.in, src/get_pty.c:
3740: FreeBSD has libutil.h not util.h
3741: [dab4c94b6d4f]
3742:
3743: * configure, configure.in:
3744: Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
3745: [41c362f0a92a]
3746:
3747: 2011-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
3748:
3749: * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po,
3750: plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po,
3751: plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po:
3752: Update po files from translationproject.org
3753: [1e99e147c7fa]
3754:
3755: 2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
3756:
3757: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
3758: Add support for DEREF in ldap.conf.
3759: [3c1937a98547]
3760:
3761: * Makefile.in:
3762: install target should depend on ChangeLog too, not just install-doc
3763: [1a7c83941175]
3764:
3765: * doc/sudoers.pod:
3766: Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
3767: [0eca47d60a2c]
3768:
3769: * NEWS:
3770: Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes.
3771: [0501415cc5ff]
3772:
3773: * doc/UPGRADE:
3774: Document group lookup change and possible side effects.
3775: [585743e1ebf7]
3776:
3777: * configure, configure.in:
3778: Fix some square brackets in case statements that needed to be
3779: doubled up. While here, use $OSMAJOR when it makes sense.
3780: [8973343f4696]
3781:
3782: * plugins/sudoers/pwutil.c:
3783: Fix a crash in make_grlist_item() on 64-bit machines with strict
3784: alignment.
3785: [c89508c73c46]
3786:
3787: * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
3788: Remove list_options() function that is no longer used now that "sudo
3789: -L" is gone.
3790: [fcc6a776c135]
3791:
3792: * configure, configure.in:
3793: Error message if user tries --with-CC
3794: [ec5b478f813a]
3795:
3796: * configure, configure.in:
3797: Check for -libmldap too when looking for ldap libs, which is the
3798: Tivoli Directory Server client library.
3799: [bb3007a97206]
3800:
3801: 2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
3802:
3803: * plugins/sudoers/parse.c:
3804: Honor NOPASSWD tag for denied commands too.
3805: [8dd92656db92]
3806:
3807: 2011-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
3808:
3809: * INSTALL, configure, configure.in:
3810: Remove --with-CC option; it doesn't work correctly now that we use
3811: libtool. Users can get the same effect by setting the CC
3812: environment variable when running configure.
3813: [ec22bd1a55e0]
3814:
3815: 2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
3816:
3817: * config.h.in, configure, configure.in, plugins/sudoers/visudo.c,
3818: src/sudo_edit.c:
3819: Assume all modern systems support fstat(2).
3820: [6a5a8985f6a0]
3821:
3822: 2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
3823:
3824: * compat/regress/glob/globtest.c, config.h.in, configure,
3825: configure.in, include/missing.h, plugins/sudoers/sudoers.h,
3826: src/sudo.h, src/sudo_noexec.c:
3827: Add configure test for missing errno declaration and only declare it
3828: ourselves if it is missing.
3829: [456e76c809a2]
3830:
3831: * plugins/sudoers/alias.c:
3832: Include errno.h before sudo.h to avoid conflicting with the system
3833: definition of errno.
3834: [d0b97e392512]
3835:
3836: 2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
3837:
3838: * plugins/sudoers/regress/parser/check_addr.c:
3839: Only print individual check status when there is a failure.
3840: [2ac704c91441]
3841:
3842: * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
3843: plugins/sudoers/regress/logging/check_wrap.c,
3844: plugins/sudoers/regress/parser/check_addr.c:
3845: Add calls to setprogname() for test programs.
3846: [a8d9b420e826]
3847:
3848: * configure, configure.in:
3849: Add -Wall and -Werror after all tests so they don't cause failures.
3850: [2661188ff3fa]
3851:
3852: * plugins/sudoers/Makefile.in:
3853: Actually run check_addr in the check target
3854: [0b2778bc86bf]
3855:
3856: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
3857: plugins/sudoers/match_addr.c,
3858: plugins/sudoers/regress/parser/check_addr.c,
3859: plugins/sudoers/regress/parser/check_addr.in:
3860: Split out address matching into its own file and add regression
3861: tests for it.
3862: [12b9a2bf8dba]
3863:
3864: 2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
3865:
3866: * plugins/sudoers/match.c:
3867: When matching an address with a netmask in sudoers, AND the mask and
3868: addr before checking against the local addresses.
3869: [9747bb6d7b1c]
3870:
3871: 2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
3872:
3873: * plugins/sudoers/match.c:
3874: Fix netmask matching.
3875: [a3c8f8cc1464]
3876:
3877: * plugins/sudoers/visudo.c:
3878: Don't assume all editors support the +linenumber command line
3879: argument, use a whitelist of known good editors.
3880: [21d43a91fd10]
3881:
3882: 2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
3883:
3884: * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c,
3885: src/exec_pty.c, src/sudo.c:
3886: Silence compiler warnings on Solaris with gcc 3.4.3
3887: [da620bae6fdb]
3888:
3889: * mkpkg:
3890: Fix building on RHEL 3
3891: [f3227fb2a252]
3892:
3893: * INSTALL, configure, configure.in:
3894: Add --enable-werror configure option.
3895: [fec2cdb95543]
3896:
3897: * common/setgroups.c:
3898: setgroups() proto lives in grp.h on RHEL4, perhaps others.
3899: [de91c0de5a98]
3900:
3901: * configure, configure.in:
3902: Use PAM by default on AIX 6 and higher.
3903: [e16493208e5f]
3904:
3905: 2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
3906:
3907: * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
3908: src/po/eo.mo, src/po/eo.po:
3909: Add new Esperanto translation from translationproject.org
3910: [0d9a59e04c64]
3911:
3912: 2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
3913:
3914: * plugins/sudoers/iolog_path.c:
3915: Quiet an innocuous valgrind warning.
3916: [0582b6027161]
3917:
3918: 2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
3919:
3920: * plugins/sudoers/iolog_path.c,
3921: plugins/sudoers/regress/iolog_path/data:
3922: Fix expansion of strftime() escapes in log_dir and add a regress
3923: test that exhibited the problem.
3924: [a5c7c1c4c589]
3925:
3926: * plugins/sudoers/Makefile.in:
3927: Fix "make check" return value.
3928: [33b58e175230]
3929:
3930: 2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
3931:
3932: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
3933: Regen pot files
3934: [063841aac19b]
3935:
3936: * Makefile.in:
3937: Fix logic inversion in pot file up to date check.
3938: [f6a8ca8654df]
3939:
3940: 2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
3941:
3942: * configure, configure.in:
3943: Add caching for gettext() checks.
3944: [01b7200f6105]
3945:
3946: * configure, configure.in:
3947: Better handling of libintl header and library mismatch.
3948: [9a49b1d4db69]
3949:
3950: 2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
3951:
3952: * plugins/sudoers/sudoers.c:
3953: Also check sudoers gid if sudoers is group writable.
3954: [23ef96ca0d33]
3955:
3956: 2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
3957:
3958: * configure, configure.in:
3959: If dlopen is present but libtool doesn't find it, error out since it
3960: probably means that libtool doesn't support the system.
3961: [a9da0a5f7941]
3962:
3963: * mkpkg:
3964: configure args on the command line should override builtin defaults.
3965: Disable NLS for non-Linux/Solaris unless explicitly enabled.
3966: [b2fb05614504]
3967:
3968: * plugins/sudoers/auth/aix_auth.c:
3969: Fix loop that calls authenticate(). If there was an error message
3970: from authenticate(), display it.
3971: [063a0c4f0b9a]
3972:
3973: 2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
3974:
3975: * m4/libtool.m4, m4/ltversion.m4:
3976: Update to autoconf 2.68 and libtool 2.4
3977: [5a912a6eb67b]
3978:
3979: * config.guess, config.sub, configure, configure.in, ltmain.sh:
3980: Update to autoconf 2.68 and libtool 2.4
3981: [931ab56aecf6]
3982:
3983: * doc/sudoers.pod:
3984: Fix typo; OPT should be OTP
3985: [e97bd2e46544]
3986:
3987: * plugins/sudoers/Makefile.in:
3988: Rename libsudoers convenience library to libparsesudoers to avoid
3989: libtool confusion.
3990: [2a89a613f537]
3991:
3992: 2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
3993:
3994: * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
3995: Add Danish sudoers translation from translationproject.org
3996: [27b96e85eb13]
3997:
3998: * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
3999: Add dedicated callback function for runas_default sudoers setting
4000: that only sets runas_pw if no runas user or group was specified by
4001: the user.
4002: [b8382d8eea34]
4003:
4004: 2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
4005:
4006: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
4007: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
4008: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo,
4009: src/po/ru.po:
4010: Update Finish, Polish, Russian and Ukrainian translations from
4011: translationproject.org.
4012: [f9339aff664e]
4013:
4014: * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c,
4015: plugins/sudoers/testsudoers.c:
4016: Go back to using a callback for runas_default to keep runas_pw in
4017: sync. This is needed to make per-entry runas_default settings work
4018: with LDAP-based sudoers. Instead of declaring it a callback in
4019: def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
4020: bit naughty, but avoids requiring stub functions in visudo and the
4021: tests.
4022: [9aaefb908415]
4023:
4024: 2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
4025:
4026: * Makefile.in:
4027: Add check for out of date message catalogs when doing "make dist".
4028: [e45a29b612f4]
4029:
4030: 2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
4031:
4032: * configure:
4033: regen
4034: [d6f9ad26774a]
4035:
4036: * configure.in:
4037: Make sure compiler supports static-libgcc before using it.
4038: [b01bd9566e50]
4039:
4040: 2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
4041:
4042: * src/Makefile.in:
4043: Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
4044: [c99c7ab3edef]
4045:
4046: 2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
4047:
4048: * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
4049: plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo,
4050: plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po,
4051: src/po/zh_CN.mo:
4052: Add new Russian sudo translation from translationproject.org and
4053: rebuild the other translation files.
4054: [e20015459056]
4055:
4056: 2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
4057:
4058: * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po:
4059: Update Finish and Polish translations from translationproject.org
4060: [4e3dbba4a1de]
4061:
4062: * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:
4063: Go back to escaping the command args for "sudo -i" and "sudo -s"
4064: before calling the plugin. Otherwise, spaces in the command args
4065: are not treated properly. The sudoers plugin will unescape non-
4066: spaces to make matching easier.
4067: [dfa2c4636f33]
4068:
4069: 2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
4070:
4071: * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c,
4072: plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
4073: plugins/sudoers/set_perms.c, plugins/sudoers/toke.c,
4074: plugins/sudoers/toke.l:
4075: Fix some potential problems found by the clang static analyzer, none
4076: serious.
4077: [ff64aa74aae6]
4078:
4079: * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po,
4080: src/po/zh_CN.po:
4081: Updated Ukranian and Chinese (simplified) po files from
4082: translationproject.org
4083: [ec792becb48e]
4084:
4085: 2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
4086:
4087: * plugins/sudoers/po/pl.po:
4088: Updated Polish translation from translationproject.org
4089: [a3af53cb649c]
4090:
4091: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
4092: Rebuild pot files
4093: [c650524c0f0a]
4094:
4095: * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c:
4096: Don't try to audit failure if the runas user does not exist. We
4097: don't have the user's command at this point so there is nothing to
4098: audit. Add a NULL check in audit_success() and audit_failure() just
4099: to be on the safe side.
4100: [2a0007c2022f]
4101:
4102: * mkpkg:
4103: Add -g to CFLAG for PIE builds.
4104: [32a0a9693c9c]
4105:
4106: 2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
4107:
4108: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
4109: plugins/sudoers/sudoers.h, src/sudo.c:
4110: Remove fallback to per-group lookup when matching groups in sudoers.
4111: The sudo front-end will now use getgrouplist() to get the user's
4112: list of groups if getgroups() fails or returns zero groups so we
4113: always have a list of the user's groups. For systems with
4114: mbr_check_membership() which support more that NGROUPS_MAX groups
4115: (Mac OS X), skip the call to getgroups() and use getgrouplist() so
4116: we get all the groups.
4117: [51b3ed8c600b]
4118:
4119: 2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
4120:
4121: * common/setgroups.c:
4122: Fix setgroups() fallback code on EINVAL.
4123: [2b6faecd56a4]
4124:
4125: * plugins/sudoers/set_perms.c:
4126: Fix two PERM_INITIAL cases that were still using user_gids.
4127: [9680bab0acc6]
4128:
4129: * MANIFEST:
4130: Add Polish sudo message catalog
4131: [8bb40c3ba576]
4132:
4133: * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
4134: user_group is no longer used, remove it
4135: [9acede0fe6c5]
4136:
4137: 2011-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
4138:
4139: * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po:
4140: Add Polish translation from translationproject.org
4141: [afac5c638573]
4142:
4143: * MANIFEST, common/Makefile.in, common/setgroups.c,
4144: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c,
4145: src/sudo.h, src/sudo_edit.c:
4146: Add a wrapper for setgroups() that trims off extra groups and
4147: retries if setgroups() fails. Also add some missing addrefs for
4148: PERM_USER and PERM_FULL_USER.
4149: [224dfd8aae5c]
4150:
4151: * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in,
4152: configure, configure.in, include/missing.h, mkdep.pl,
4153: plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
4154: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
4155: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c:
4156: Instead of keeping separate groups and gids arrays, create struct
4157: group_info and use it to store both, along with a count for each.
4158: Cache group info on a per-user basis using getgrouplist() to get the
4159: groups. We no longer need special to special case the user or list
4160: user for user_in_group() and thus no longer need to reset the groups
4161: list when listing another user.
4162: [0ad849a8b2d5]
4163:
4164: * src/preload.c:
4165: Don't rely on NULL since we don't include a header for it.
4166: [b40937f1890c]
4167:
4168: 2011-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
4169:
4170: * doc/sudoers.pod:
4171: Fix typo
4172: [c1035360e169]
4173:
4174: 2011-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
4175:
4176: * plugins/sudoers/sudoers.c:
4177: Do not shadow global sudo_mode with a local variable in set_cmnd()
4178: [0c72969503ad]
4179:
4180: 2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
4181:
4182: * plugins/sudoers/sudoers.c:
4183: bash 2.x doesd not support the -l flag and exits with an error if it
4184: is specified so use --login instead. This causes an error with bash
4185: 1.x (which uses -login instead) but this version is hopefully less
4186: used than 2.x.
4187: [5c4c296e30e6]
4188:
4189: * src/po/pl.mo, src/po/pl.po:
4190: Add Polish translation from translationproject.org
4191: [48592dd6edcf]
4192:
4193: 2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
4194:
4195: * plugins/sudoers/set_perms.c:
4196: Make error strings translatable.
4197: [414c5c484768]
4198:
4199: * mkpkg:
4200: Only run configure with --with-pam-login for RHEL 5 and above.
4201: [6c16e4de4026]
4202:
4203: * sudo.pp:
4204: Fix typo in summary
4205: [9ac618c9a749]
4206:
4207: 2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
4208:
4209: * plugins/sudoers/logwrap.c:
4210: Add missing logwrap.c
4211: [c12a413ecc1d]
4212:
4213: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
4214: plugins/sudoers/logging.h,
4215: plugins/sudoers/regress/logging/check_wrap.c,
4216: plugins/sudoers/regress/logging/check_wrap.in,
4217: plugins/sudoers/regress/logging/check_wrap.out.ok:
4218: Split out log file word wrap code into its own file and add unit
4219: tests. Fixes an off-by one in the word wrap when the log line
4220: length matches loglinelen.
4221: [52ed277f6690]
4222:
4223: 2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
4224:
4225: * mkpkg:
4226: For SuSE, only use /usr/lib64 as libexec if generating 64-bit
4227: binaries.
4228: [645ab903cf77]
4229:
4230: * src/load_plugins.c, src/sudo.c:
4231: Fix build error when --without-noexec configure option is used.
4232: [b994f7b0d8b4]
4233:
4234: * configure, configure.in:
4235: Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX
4236: 5.3 and above.
4237: [c2a6f9b472f3]
4238:
4239: 2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
4240:
4241: * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
4242: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
4243: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
4244: Resolve the list of gids passed in from the sudo frontend (the
4245: result of getgroups()) to names and store both the group names and
4246: ids in the sudo_user struct. When matching groups in the sudoers
4247: file, match based on the names in the groups list first and only do
4248: a gid-based match when we absolutely have to. By matching on the
4249: group name (as it is listed in sudoers) instead of id (which we
4250: would have to resolve) we save a lot of group lookups for sudoers
4251: files with a lot of groups in them.
4252: [8dc19353f148]
4253:
4254: 2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
4255:
4256: * plugins/sudoers/sudoers.c:
4257: Workaround for "sudo -i command" and newer versions of bash which
4258: don't go into login mode when -c is specified unless -l is too.
4259: [9393762b80f3]
4260:
4261: 2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
4262:
4263: * plugins/sudoers/logging.c:
4264: Rewrite logfile word wrapping code to be more straight-forward and
4265: actually wrap at the correct place.
4266: [f712a0c90f55]
4267:
4268: 2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
4269:
4270: * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c:
4271: Set use_pty=true in command details when use_pty is set in sudoers.
4272: From Ludwig Nussel
4273: [8d95a163dfc1]
4274:
4275: 2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
4276:
4277: * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
4278: src/po/zh_CN.mo, src/po/zh_CN.po:
4279: Sync Chinese (simplified) PO files from translationproject.org
4280: [acce8eb7be18]
4281:
4282: 2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
4283:
4284: * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
4285: plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo:
4286: Add Danish translation from translationproject.org and add missing
4287: Basque mo files.
4288: [0c22bb21b9c4]
4289:
4290: * Makefile.in, configure, configure.in:
4291: No longer need to specify LINGUAS in configure, "make install-nls"
4292: now just installs all the .mo files it finds.
4293: [fcd45cf04885]
4294:
4295: 2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
4296:
4297: * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod:
4298: Build CONTRIBUTORS from newly-added contributors.pod
4299: [8b192f2720f4]
4300:
4301: * doc/CONTRIBUTORS:
4302: Rework the wording in the leading paragraph
4303: [312044145cdd]
4304:
4305: 2011-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
4306:
4307: * MANIFEST, doc/CONTRIBUTORS:
4308: Add a CONTRIBUTORS file with the names of folks who have contributed
4309: code or patches to sudo since I started maintaining it (plus the
4310: original authors).
4311: [b8bdd8b59528]
4312:
4313: 2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
4314:
4315: * plugins/sudoers/env.c:
4316: Preserve SHELL variable for "sudo -s". Otherwise we can end up with
4317: a situation where the SHELL variable and the actual shell being run
4318: do not match.
4319: [b8b3974aee3e]
4320:
4321: 2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
4322:
4323: * configure, configure.in:
4324: Only enable Solaris project support when setproject() is present in
4325: libproject.
4326: [49ad7857ab89]
4327:
4328: * sudo.pp:
4329: Explicitly set mode and owner of /etc/sudoers instead of relying on
4330: "cp -p" to work in the postinstall script. On AIX 6.1 at least the
4331: postinstall script runs before the final file permissions are set.
4332: [e41ffc0212b2]
4333:
4334: 2011-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
4335:
4336: * doc/sudo.pod, doc/sudoers.pod:
4337: Refer the user to the "Command Environment" section in description
4338: of sudo's -i option.
4339: [263cc3be7eef]
4340:
4341: * doc/sudo.pod:
4342: Fix typo
4343: [35dfac450f4d]
4344:
4345: 2011-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
4346:
4347: * mkdep.pl:
4348: If there is no old dependency for an object file, use the MANIFEST
4349: to find its source.
4350: [d15e3b9899f9]
4351:
4352: * compat/Makefile.in:
4353: Remove dependency for getgrouplist.lo as we don't ship that source
4354: file.
4355: [312a6d5fe6b0]
4356:
4357: 2011-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
4358:
4359: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
4360: Do not declare yyparse() static as the actual function generated by
4361: yacc is extern.
4362: [9017b79dcf55]
4363:
4364: 2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
4365:
4366: * Makefile.in:
4367: Remove locale files in "make uninstall"
4368: [201ff261ecbe]
4369:
4370: * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
4371: plugins/sudoers/po/uk.po, src/po/eu.po:
4372: Add Basque translation and sync Finish and Ukranian translations.
4373: [66d2c78c8a13]
4374:
4375: * configure, configure.in:
4376: FreeBSD no longer needs the main sudo binary to link with -lpam now
4377: that plug-ins are loaded with RTLD_GLOBAL.
4378: [96c710df2457]
4379:
4380: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
4381: Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
4382: problems with pam modules not having access to symbols provided by
4383: libpam on some platforms. Affects FreeBSD and SLES 10 at least.
4384: [0d016983ec84]
4385:
4386: * Makefile.in:
4387: Move xgettext invocation out of update-po target into update-pot
4388: [19a73c6d017c]
4389:
4390: 2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
4391:
4392: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
4393: Regenerate .pot files for 1.8.2rc2
4394: [c3037f591dd8]
4395:
4396: * Makefile.in, common/Makefile.in, compat/Makefile.in,
4397: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
4398: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4399: src/Makefile.in, zlib/Makefile.in:
4400: Move nls targets to the top level Makefile so the paths in the pot
4401: file are saner
4402: [65b9285cd8d9]
4403:
4404: * src/po/fi.mo:
4405: Add compiled version of sudo Finish translation
4406: [8f2405384ea3]
4407:
4408: * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo:
4409: Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
4410: files
4411: [a165e70fa9ec]
4412:
4413: * configure, configure.in, plugins/sudoers/po/fi.po:
4414: Add Finish translation from translationproject.org
4415: [4466f8a96ceb]
4416:
4417: 2011-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
4418:
4419: * doc/sudoers.pod:
4420: The group named by exempt_group should not have a % prefix.
4421: [df084d6b32c8]
4422:
4423: 2011-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
4424:
4425: * doc/sudoers.pod:
4426: Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
4427: [5113699a3f8b]
4428:
4429: 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
4430:
4431: * src/exec.c, src/exec_pty.c:
4432: Fix compressed io log corruption in background mode by using _exit()
4433: instead of exit() to avoid flushing buffers twice.
4434:
4435: Improved background mode support. When not allocating a pty, the
4436: command is run in its own process group. This prevents write access
4437: to the tty. When running in a pty, stdin is not hooked up and we
4438: never read from /dev/tty, which results in similar behavior.
4439: [87c15149894c]
4440:
4441: * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
4442: Clean up regress files Generate proper dependencies for regress objs
4443: in compat
4444: [88bfc728c1e7]
4445:
4446: * plugins/sudoers/Makefile.in:
4447: Add missing dependency for check_fill.o.
4448: [0bd6362e3e17]
4449:
4450: 2011-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
4451:
4452: * INSTALL, configure, configure.in:
4453: Add support for --enable-nls[=location]
4454: [b90db44a050f]
4455:
4456: 2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
4457:
4458: * plugins/sudoers/linux_audit.c:
4459: Include gettext.h
4460: [7f909a6e48cb]
4461:
4462: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
4463: Quiet gcc warnings.
4464: [b41a6cdca583]
4465:
4466: * configure, configure.in:
4467: Don't install .mo files if gettext was not found.
4468: [1397b34cc165]
4469:
4470: 2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
4471:
4472: * src/exec.c:
4473: Always allocate a pty when running a command in the background but
4474: call setsid() after forking to make sure we don't end up with a
4475: controlling tty.
4476: [b6454ba172e8]
4477:
4478: * plugins/sudoers/iolog.c:
4479: Add missing space between command name and the first command line
4480: argument.
4481: [fe217f0a36d4]
4482:
4483: * plugins/sudoers/sudoreplay.c:
4484: Quiet a compiler warning on some platforms.
4485: [de9f2849f236]
4486:
4487: * plugins/sudoers/po/README, src/po/README:
4488: README file that directs people to translationproject.org
4489: [30c0fc323281]
4490:
4491: * plugins/sudoers/po/uk.po, src/po/fi.po:
4492: Sync translations with TP
4493: [1d7d64559cba]
4494:
4495: * Makefile.in:
4496: Add 'sync-po' target to top-level Makefile to rsync the po files
4497: from translationproject.org.
4498: [20508211aaa3]
4499:
4500: * plugins/sudoers/Makefile.in:
4501: install nls files from install target
4502: [5fc07b6cab38]
4503:
4504: * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp:
4505: Include .mo files in sudo binary packags.
4506: [278d4821a916]
4507:
4508: * configure, configure.in, plugins/sudoers/po/zh_CN.mo,
4509: plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po:
4510: Add simplified chinese translation
4511: [2b33ffc755b9]
4512:
4513: 2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
4514:
4515: * configure, configure.in, plugins/sudoers/po/uk.mo,
4516: plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po:
4517: Add ukranian translation
4518: [2d8102688e93]
4519:
4520: * compat/Makefile.in:
4521: refer to siglist.c, not ./siglist.c since not all makes will treat
4522: foo and ./foo the same.
4523: [6639d293ffba]
4524:
4525: * plugins/sudoers/sudoers.c:
4526: Set def_preserve_groups before searching for the command when the -P
4527: flag is specified.
4528: [0edc7942f875]
4529:
4530: * Makefile.in, compat/Makefile.in, mkdep.pl,
4531: plugins/sudoers/Makefile.in:
4532: Add dependency for siglist.lo in compat. This is a generated file
4533: so "make depend" needs to depend on it.
4534: [28d0932f8b50]
4535:
4536: * compat/Makefile.in:
4537: More dependency fixes.
4538: [aad0d05cd020]
4539:
4540: * compat/Makefile.in:
4541: Fix a few dependencies.
4542: [eb21aa35a032]
4543:
4544: * plugins/sudoers/Makefile.in, src/Makefile.in:
4545: Place compiled mo files in the src dir, not the build dir. When
4546: installing compiled mo files, display a status message.
4547: [e15634c29cd3]
4548:
4549: 2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
4550:
4551: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
4552: Tivoli Directory Server requires that seconds be present in a
4553: timestamp, even though RFC 4517 states that they are optional.
4554: [55fe23dd4ef9]
4555:
4556: * plugins/sudoers/sudo_nss.h:
4557: Add missing bit of copyright
4558: [d2eba3c364ca]
4559:
4560: * doc/visudo.pod:
4561: Mention cycle detection warnings
4562: [a76bef15ab67]
4563:
4564: * plugins/sudoers/visudo.c:
4565: When checking aliases, also check the contents of the alias in case
4566: there are problems with an alias that is referenced inside another.
4567: Replace the self reference check with real alias cycle detection.
4568: [a66c904cf53b]
4569:
4570: * plugins/sudoers/alias.c:
4571: Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
4572: ENOENT in alias_find() and alias_remove() if the entry could not be
4573: found.
4574: [b4f0b89e433c]
4575:
4576: * plugins/sudoers/visudo.c:
4577: Increment alias_seqno before calls to alias_remove_recursive() to
4578: avoid false positives with the alias loop detection. Fixes spurious
4579: warnings about unused aliases when they are nested.
4580: [a344483b8193]
4581:
4582: * MANIFEST:
4583: add mkdep.pl
4584: [86b7ed33eab2]
4585:
4586: * plugins/sudoers/Makefile.in:
4587: Add dependency on convenience libs to binaries
4588: [cd3078b3c997]
4589:
4590: * Makefile.in:
4591: mkdep.pl only works when run from the src dir
4592: [f35a5e47c944]
4593:
4594: * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl,
4595: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
4596: plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
4597: Auto-generate Makefile dependencies with a perl script.
4598: [a3e4afcd7975]
4599:
4600: 2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
4601:
4602: * plugins/sudoers/match.c:
4603: If the user specifies a runas group via sudo's -g option that
4604: matches the runas user's group in the passwd database and that group
4605: is not denied in the Runas_Spec, allow it. Thus, if user root's gid
4606: in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
4607: no groups are present in the Runas_Spec.
4608: [e3f9732dc564]
4609:
4610: 2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
4611:
4612: * plugins/sudoers/Makefile.in, src/Makefile.in:
4613: Add dependencies on gettext.h
4614: [a3a9dc51f78b]
4615:
4616: * plugins/sudoers/Makefile.in, src/Makefile.in:
4617: Fix install-nls target with HP-UX sh when gettext is not present.
4618: [0c6b9655cd41]
4619:
4620: 2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
4621:
4622: * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot,
4623: src/Makefile.in, src/po/sudo.pot:
4624: regenerate .pot files for lbuf changes
4625: [918ded125a0b]
4626:
4627: * configure, configure.in:
4628: Add missing "checking" message for gettext when using the cache.
4629: [9c21187ad1d2]
4630:
4631: * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c,
4632: plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c,
4633: src/parse_args.c:
4634: Add primitive format string support to the lbuf code to make
4635: translations simpler.
4636: [ee71c7ef5299]
4637:
4638: * MANIFEST, plugins/sudoers/Makefile.in,
4639: plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot:
4640: Add message catalog template files for sudo and the sudoers module.
4641: [f3f8acb1f014]
4642:
4643: * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c,
4644: config.h.in, configure.in, doc/Makefile.in, include/gettext.h,
4645: plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
4646: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4647: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
4648: src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h:
4649: Add gettext.h convenience header. This is similar to but distinct
4650: from the one included with the gettext package.
4651: [930a0591f73c]
4652:
4653: 2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
4654:
4655: * configure, configure.in:
4656: Add checks for nroff -c and -Tascii flags
4657: [19ca990b3149]
4658:
4659: * configure, configure.in:
4660: Add check for HP bundled C Compiler (which cannot create shared
4661: libs)
4662: [517716a7072d]
4663:
4664: * plugins/sudoers/sudoreplay.c:
4665: Fix C format warnings.
4666: [6514326013fa]
4667:
4668: * include/error.h:
4669: Add __printflike
4670: [e1749a30a406]
4671:
4672: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
4673: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c,
4674: plugins/sudoers/visudo.c, src/parse_args.c:
4675: Translate help / usage strings.
4676: [ee1cc9b1a8bd]
4677:
4678: * plugins/sudoers/Makefile.in, src/Makefile.in:
4679: Set --msgid-bugs-address to the bugzilla url
4680: [5a0aa250ca21]
4681:
4682: * Makefile.in, common/Makefile.in, compat/Makefile.in, configure,
4683: configure.in, doc/Makefile.in, include/Makefile.in,
4684: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
4685: plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
4686: Add scaffolding to update .po files and install .mo files.
4687: [f05f4eed1fe1]
4688:
4689: * doc/license.pod:
4690: update copyright year
4691: [fa0c62523875]
4692:
4693: * INSTALL, README:
4694: No need to include version number at the top of these files.
4695: [9f2981325351]
4696:
4697: 2011-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
4698:
4699: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c,
4700: plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
4701: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
4702: plugins/sudoers/visudo.c:
4703: Minor warning/error cleanup
4704: [9236dc85aeab]
4705:
4706: * config.h.in, configure.in:
4707: Emulate ngettext for the non-nls case
4708: [13571d63fa36]
4709:
4710: * plugins/sudoers/ldap.c:
4711: Do not mark untranslatable strings for translation
4712: [735f5d4413fe]
4713:
4714: * plugins/sudoers/check.c:
4715: Use ROOT_UID not 0.
4716: [09a268db8da4]
4717:
4718: * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
4719: plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c,
4720: src/load_plugins.c, src/sudo.c, src/sudo_edit.c:
4721: Minor warning/error message cleanup
4722: [3c7b1a7939b5]
4723:
4724: * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c,
4725: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
4726: plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
4727: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c,
4728: src/exec_pty.c, src/net_ifs.c, src/selinux.c:
4729: cannot -> "unable to" in warning/error messages
4730: [31c3897649e9]
4731:
4732: * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c,
4733: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
4734: plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c,
4735: src/sudo.c, src/utmp.c:
4736: can't -> "unable to" in warning/error messages
4737: [127b75f15291]
4738:
4739: * configure, configure.in:
4740: FreeBSD needs the main sudo executable to link with -lpam when
4741: loading dynaic pam modules for some reason.
4742: [944522cc9bef]
4743:
4744: 2011-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
4745:
4746: * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c:
4747: We don't want to translate debugging messages.
4748: [56a1a365815a]
4749:
4750: * configure, configure.in, plugins/sudoers/Makefile.in,
4751: plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
4752: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4753: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
4754: src/Makefile.in, src/sesh.c, src/sudo.c:
4755: Add calls to bindtextdomain() and textdomain() Currently there are
4756: two domains, one for the sudo front-end and one for the sudoers
4757: plugin and its associated utilities.
4758: [0426138f789e]
4759:
4760: * configure, configure.in:
4761: Fix caching of libc gettext check.
4762: [942142d2c43a]
4763:
4764: * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c,
4765: plugins/sudoers/mkdefaults:
4766: Mark defaults descriptions for translation
4767: [5b27f018e6cf]
4768:
4769: * NEWS:
4770: Update for sudo 1.8.1p2
4771: [747c4dee2ca7]
4772:
4773: 2011-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
4774:
4775: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4776: Quiet compiler warning when SELinux is enabled.
4777: [1fbf77dda240]
4778:
4779: * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
4780: src/error.c, src/net_ifs.c, src/sesh.c:
4781: Add missing includes of libintl.h.
4782: [bc1d66316082]
4783:
4784: * plugins/sudoers/auth/pam.c:
4785: Fix gettext marker.
4786: [a5cf4ed66c66]
4787:
4788: * common/aix.c, common/alloc.c, compat/strsignal.c,
4789: plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h:
4790: Include libint.h where needed.
4791: [2b0e5a663c7b]
4792:
4793: * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c,
4794: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
4795: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c,
4796: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
4797: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
4798: plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
4799: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
4800: plugins/sudoers/find_path.c, plugins/sudoers/gram.c,
4801: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
4802: plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
4803: plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
4804: plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
4805: plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c,
4806: plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
4807: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
4808: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4809: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
4810: plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
4811: Prepare sudoers module messages for translation.
4812: [7212ae1909c5]
4813:
4814: * plugins/sudoers/sudoers.c:
4815: Only check gid of sudoers file if it is group-readable.
4816: [50e3bc0cb242]
4817:
4818: * plugins/sudoers/auth/aix_auth.c:
4819: For AIX, keep calling authenticate() until reenter reaches 0.
4820: [e240815b74b1]
4821:
4822: 2011-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
4823:
4824: * configure, configure.in:
4825: Cache the status of the initial gettext() check.
4826: [32751ebe1704]
4827:
4828: * INSTALL, configure, configure.in:
4829: Add --disable-nls flag and improve checks for gettext.
4830: [c7e6b17052de]
4831:
4832: * configure, configure.in:
4833: When building with gcc on HP-UX, use -march=1.1 to produce portable
4834: binaries on a pa-risc2 host. Previously, the +Dportable option was
4835: used for the HP-UX C compiler but gcc always produced native
4836: binaries.
4837: [8f4c749324d7]
4838:
4839: 2011-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
4840:
4841: * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c,
4842: src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c,
4843: src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c,
4844: src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
4845: Prepare sudo front end messages for translation.
4846: [2fc2fabceccb]
4847:
4848: 2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
4849:
4850: * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c:
4851: Add initial scaffolding to support localization via gettext()
4852: [7d47b59fcf95]
4853:
4854: * compat/fnmatch.h, compat/glob.h:
4855: Don't let the fnmatch/glob macros expand the function prototype.
4856: [a9014aa0288e]
4857:
4858: 2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
4859:
4860: * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h:
4861: Resolve namespace collisions on HP-UX ia64 and possibly others by
4862: adding a rpl_ prefix to our fnmatch and glob replacements and
4863: #defining rpl_foo to foo in the header files.
4864: [caa9b690a15d]
4865:
4866: 2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
4867:
4868: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4869: Split ALL, ROLE and TYPE into their own actions. Since you can only
4870: have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
4871: the non-SELinux case. This is safe because the actions are in one
4872: big switch() statement.
4873: [7473fc2cfa2c]
4874:
4875: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4876: Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
4877: [9be3480c2865]
4878:
4879: 2011-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
4880:
4881: * doc/UPGRADE, doc/sudoers.pod:
4882: askpass moved from sudoers to sudo.conf in sudo 1.8.0
4883: [b2c2956cec4e]
4884:
4885: * doc/sudoers.pod:
4886: Remove obsolete warning about runas_default and ordering. Move
4887: syslog facility and priority lists into the section where the
4888: relevant options are described.
4889: [e57b8dc3f779]
4890:
4891: 2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
4892:
4893: * plugins/sudoers/auth/sia.c:
4894: Fix SIA support; we no longer have access to the real argc and argv
4895: so allocate space for a fake one and use the argv passed to the
4896: plugin with "sudo" for argv[0].
4897: [1c0552772ad2]
4898:
4899: 2011-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
4900:
4901: * src/net_ifs.c:
4902: Remove useless realloc when trying to get the buffer size right.
4903: [792225380a62]
4904:
4905: * plugins/sudoers/set_perms.c:
4906: Be explicit when setting euid to 0 before call to setreuid(0, 0)
4907: [7bfeb629fccb]
4908:
4909: 2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
4910:
4911: * configure, configure.in:
4912: Need to do checks for krb5_verify_user, krb5_init_secure_context and
4913: krb5_get_init_creds_opt_alloc regardless of whether or not
4914: krb5-config is present.
4915: [9d1b98ece1d3]
4916:
4917: 2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
4918:
4919: * plugins/sudoers/set_perms.c:
4920: Work around weird AIX saved uid semantics on setuid() and
4921: setreuid(). On AIX, setuid() will only set the saved uid if the euid
4922: is already 0.
4923: [069fc08150ca]
4924:
4925: 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
4926:
4927: * sudo.pp:
4928: update copyright year
4929: [1c42d579ba6e]
4930:
4931: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4932: Treat a missing includedir like an empty one and do not return an
4933: error.
4934: [92f71d8cbfd4]
4935:
4936: 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
4937:
4938: * pp:
4939: Fix ARCH setting in cross-compile Solaris packages.
4940: [b0de281cc889]
4941:
4942: * sudo.pp:
4943: Fix aix version setting.
4944: [98437dbfb085]
4945:
4946: * plugins/sudoers/ldap.c:
4947: Remove extraneous parens in LDAP filter when sudoers_search_filter
4948: is enabled that causes a search error. From Matthew Thomas.
4949: [1d75bf1fc8d9]
4950:
4951: 2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
4952:
4953: * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
4954: Correct sizeof() to fix test failure.
4955: [fd2f7c0c0572]
4956:
4957: * plugins/sudoers/Makefile.in:
4958: "install" target should depend on "install-dirs". Fixes "make -j"
4959: problem and closes bz #487. From Chris Coleman.
4960: [083902d38edb]
4961:
4962: 2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
4963:
4964: * config.h.in:
4965: Add HAVE_RFC1938_SKEYCHALLENGE
4966: [a94cb33758a8]
4967:
4968: 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
4969:
4970: * NEWS:
4971: Mention plugin loading and libgcc changes
4972: [e11b30b5026a]
4973:
4974: * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
4975: Load plugins after parsing arguments and potentially printing the
4976: version. That way, an error loading or initializing a plugin
4977: doesn't break "sudo -h" or "sudo -V".
4978: [1b76f2b096a2]
4979:
4980: * Makefile.in:
4981: When using a sub-shell to invoke the sub-make, exec make instead of
4982: running it inside the shell to avoid an extra process.
4983: [fd2c04a71fbf]
4984:
4985: * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c:
4986: Stop testing unspecified behavior in fnmatch Make glob test more
4987: portable
4988: [229803093725]
4989:
4990: * compat/Makefile.in:
4991: No need to add current dir to include path and having it breaks the
4992: test programs that expect to get the system glob.h and fnmatch.h
4993: [68085f624be4]
4994:
4995: * INSTALL, configure, configure.in:
4996: Fix and document --with-plugindir; partially from Diego Elio Petteno
4997: [07edc52ea89e]
4998:
4999: * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
5000: compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c,
5001: compat/regress/glob/globtest.in:
5002: Fix fnmatch and glob tests to not use hard-coded flag values in the
5003: input file. Link test programs with libreplace so we get our
5004: replacement verions as needed.
5005: [c2cca448f660]
5006:
5007: * Makefile.in:
5008: If make in a subdir fails, fail the target in the upper level
5009: Makefile too. Adapted from a patch from Diego Elio Petteno
5010: [76fc9a0d96fd]
5011:
5012: * configure, configure.in, plugins/sudoers/auth/rfc1938.c:
5013: Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
5014: has this. Adapted from a patch from Diego Elio Petteno
5015: [a97279a59b93]
5016:
5017: * plugins/sudoers/Makefile.in:
5018: Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
5019: directly.
5020: [47b884029b3b]
5021:
5022: * configure, configure.in:
5023: Fix warnings when -without-skey, --without-opie, --without-kerb4,
5024: --without-kerb5 or --without-SecurID were specified.
5025: [71ad150f4d24]
5026:
5027: * MANIFEST:
5028: Add plugins/sudoers/sudoers_version.h
5029: [7423966de440]
5030:
5031: * configure, configure.in, plugins/sample/Makefile.in,
5032: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
5033: Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
5034: now include LDFLAGS in the sudoers Makefile.in. Add missing settng
5035: of @LDFLAGS@ in plugin Makefile.in files.
5036: [b835826f889c]
5037:
5038: 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
5039:
5040: * NEWS:
5041: Mention %#gid support in User_List and Runas_List
5042: [5a983dff017a]
5043:
5044: * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h,
5045: plugins/sudoers/visudo.c:
5046: Keep track of sudoers grammar version and report it in the -V
5047: output.
5048: [52901a3c0296]
5049:
5050: * plugins/sudoers/sudo_nss.h:
5051: Add multiple inclusion guard
5052: [50853aed046e]
5053:
5054: * configure, configure.in, plugins/sample/Makefile.in,
5055: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
5056: The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
5057: LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
5058: set it to -Wc,-static-libgcc if not using GNU ld so we don't
5059: have a dependency on the shared libgcc in sudoers.so.
5060: [66ad8bc5e32d]
5061:
5062: * doc/sudoers.pod:
5063: Fix typo; from Petr Uzel
5064: [f9a7afd80892]
5065:
5066: 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
5067:
5068: * plugins/sudoers/testsudoers.c:
5069: In dump-only mode, use "root" as the default username instead of
5070: "nobody" as the latter may not be available on all systems.
5071: [0c48e6414337]
5072:
5073: 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
5074:
5075: * plugins/sudoers/testsudoers.c:
5076: Remove NewArgv/NewArgc, they are no longer needed.
5077: [16e18f734c7e]
5078:
5079: * plugins/sudoers/testsudoers.c:
5080: Fix setting of user_args
5081: [aa29e0d0a54a]
5082:
5083: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5084: Add '!' token to lex tracing
5085: [5227ad266235]
5086:
5087: * plugins/sudoers/regress/testsudoers/test1.sh:
5088: Use group bin in test, not wheel as most systems have the bin group
5089: but the same is no longer true of wheel.
5090: [718802b3b45e]
5091:
5092: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5093: Avoid using pre or post increment in a parameter to a ctype(3)
5094: function as it might be a macro that causes the increment to happen
5095: more than once.
5096: [78e281152c3a]
5097:
5098: 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
5099:
5100: * sudo.pp:
5101: Strip off the beta or release candidate version when building AIX
5102: packages.
5103: [28fe31668559]
5104:
5105: * configure, configure.in:
5106: We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
5107: structure checks for glibc which only has __e_termination visible
5108: when _GNU_SOURCE is *not* defined.
5109: [59ae1698911f]
5110:
5111: * common/aix.c:
5112: getuserattr(user, ...) will fall back to the "default" entry
5113: automatically, there's no need to check "default" manually.
5114: [3c7a47a61fdb]
5115:
5116: 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
5117:
5118: * doc/UPGRADE:
5119: Document parser changes.
5120: [ec415503308d]
5121:
5122: * Makefile.in, common/Makefile.in, compat/Makefile.in,
5123: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
5124: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5125: src/Makefile.in, zlib/Makefile.in:
5126: If there is an existing sudoers file, only install if it passes a
5127: syntax check.
5128: [37427c73e8cb]
5129:
5130: * plugins/sudoers/regress/sudoers/test6.out.ok,
5131: plugins/sudoers/testsudoers.c:
5132: Add runasgroup support to testsudoers
5133: [047ea5571f33]
5134:
5135: * plugins/sudoers/Makefile.in:
5136: For "make check", keep going even if a test fails.
5137: [ce6a0a73c372]
5138:
5139: * plugins/sudoers/testsudoers.c:
5140: More useful exit codes:
5141: * 0 - parsed OK and command matched.
5142: * 1 - parse error
5143: * 2 - command not matched
5144: * 3 - command denied
5145: [1d2ce1361903]
5146:
5147: * doc/sudoers.pod:
5148: Document %#gid, and %:#nonunix_gid syntax.
5149: [492d4f9696c4]
5150:
5151: * plugins/sudoers/pwutil.c:
5152: Add support to user_in_group() for treating group names that begin
5153: with a '#' as gids.
5154: [20240c94a134]
5155:
5156: * config.h.in, configure, configure.in, src/utmp.c:
5157: Add explicit check for struct utmpx.ut_exit.e_termination and struct
5158: utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
5159: ut_exit if we detect one or the other.
5160: [b4e8cab777e6]
5161:
5162: 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
5163:
5164: * plugins/sudoers/toke.c:
5165: Add back missing #include of config.h
5166: [9ab3897a1b2e]
5167:
5168: * plugins/sudoers/iolog_path.c,
5169: plugins/sudoers/regress/iolog_path/data:
5170: Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
5171: strftime() does.
5172: [93395762cdcd]
5173:
5174: * aclocal.m4:
5175: Quote first argument to AC_DEFUN(); from Elan Ruusamae
5176: [97f53ad31d77]
5177:
5178: 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
5179:
5180: * MANIFEST:
5181: add new sudoers tests
5182: [476af91b3da3]
5183:
5184: * plugins/sudoers/regress/sudoers/test8.in,
5185: plugins/sudoers/regress/sudoers/test8.out.ok,
5186: plugins/sudoers/regress/sudoers/test8.toke.ok:
5187: Add test for a newline in the middle of a string when no line
5188: continuation character is used.
5189: [de2394bc86ab]
5190:
5191: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5192: Use bitwise AND instead of modulus to check for length being odd. A
5193: newline in the middle of a string is an error unless a line
5194: continuation character is used.
5195: [bdb1d762a1d5]
5196:
5197: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5198: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5199: Move lexer globals initialization into init_lexer.
5200: [1ce62211aadb]
5201:
5202: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5203: Fix a potential crash when a non-regular file is present in an
5204: includedir. Fixes bz #452
5205: [1586760c3525]
5206:
5207: * pp:
5208: On some Linux systems, "uname -p" contains detailed processor info
5209: so check "uname -m" first and then "uname -p" if needed. Recognize
5210: PLD Linux.
5211: [b8535cb9012e]
5212:
5213: 2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
5214:
5215: * plugins/sudoers/redblack.c:
5216: Don't need all sudoers.h here.
5217: [8c0929f42dab]
5218:
5219: * src/sudo.c:
5220: Print sudo version early, in case policy plugin init fails.
5221: [47cddc4358bc]
5222:
5223: 2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
5224:
5225: * plugins/sudoers/regress/sudoers/test4.toke.ok:
5226: Update to match change in input.
5227: [4a3af8e68790]
5228:
5229: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5230: Make an empty group or netgroup a syntax error.
5231: [66f51ddc2ff6]
5232:
5233: * plugins/sudoers/regress/sudoers/test7.in,
5234: plugins/sudoers/regress/sudoers/test7.out.ok,
5235: plugins/sudoers/regress/sudoers/test7.toke.ok:
5236: An empty group or netgroup should be a syntax error.
5237: [bd5bf1e2edce]
5238:
5239: * plugins/sudoers/regress/sudoers/test6.in,
5240: plugins/sudoers/regress/sudoers/test6.out.ok,
5241: plugins/sudoers/regress/sudoers/test6.toke.ok:
5242: Check that uids work in per-user and per-runas Defaults Check that
5243: uids and gids work in a Command_Spec
5244: [c5e848e6082b]
5245:
5246: * plugins/sudoers/regress/sudoers/test5.in,
5247: plugins/sudoers/regress/sudoers/test5.out.ok,
5248: plugins/sudoers/regress/sudoers/test5.toke.ok:
5249: Test empty string in User_Alias and Command_Spec
5250: [3a084d777e03]
5251:
5252: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5253: Allow a group ID in the User_Spec.
5254: [bc2859eb71dc]
5255:
5256: 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
5257:
5258: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5259: Return an error for the empty string when a word is expected. Allow
5260: an ID for per-user or per-runas Defaults.
5261: [915c259b00ff]
5262:
5263: * plugins/sudoers/testsudoers.c:
5264: Fix printing "User_Alias FOO = ALL"
5265: [ba58c3d548b3]
5266:
5267: 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
5268:
5269: * src/parse_args.c:
5270: Better error message about invalid -C argument
5271: [c9a8d15bbf5d]
5272:
5273: * NEWS:
5274: fix typo
5275: [cdcfbafed013]
5276:
5277: * doc/sudoers.pod:
5278: Fix placement of equal size ('=') in user specification summary.
5279: [5ad7178b230d]
5280:
5281: 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
5282:
5283: * MANIFEST:
5284: update to match sudoers regress
5285: [e04db0648717]
5286:
5287: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5288: Restore ability to define TRACELEXER and have trace output go to
5289: stderr.
5290: [d9531e4d1b20]
5291:
5292: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5293: Restore old behavior of setting sawspace = TRUE for command line
5294: args when a line continuation character is hit to avoid causing
5295: problems for existing sudoers files.
5296: [fd930ad25550]
5297:
5298: * plugins/sudoers/regress/sudoers/test4.in,
5299: plugins/sudoers/regress/sudoers/test4.out.ok,
5300: plugins/sudoers/regress/sudoers/test4.toke.ok:
5301: Add test for line continuation and aliases
5302: [29ab538ca6bb]
5303:
5304: * plugins/sudoers/Makefile.in:
5305: Make test output line up nicely for parse vs. toke
5306: [257ef82c1434]
5307:
5308: * plugins/sudoers/Makefile.in,
5309: plugins/sudoers/regress/sudoers/test1.in,
5310: plugins/sudoers/regress/sudoers/test1.out.ok,
5311: plugins/sudoers/regress/sudoers/test1.toke.ok,
5312: plugins/sudoers/regress/sudoers/test2.in,
5313: plugins/sudoers/regress/sudoers/test2.out.ok,
5314: plugins/sudoers/regress/sudoers/test2.toke.ok,
5315: plugins/sudoers/regress/sudoers/test3.in,
5316: plugins/sudoers/regress/sudoers/test3.out.ok,
5317: plugins/sudoers/regress/sudoers/test3.toke.ok,
5318: plugins/sudoers/regress/testsudoers/test1.ok,
5319: plugins/sudoers/regress/testsudoers/test1.out.ok,
5320: plugins/sudoers/regress/testsudoers/test1.sh,
5321: plugins/sudoers/regress/testsudoers/test2.out,
5322: plugins/sudoers/regress/testsudoers/test2.sh,
5323: plugins/sudoers/regress/testsudoers/test3.ok,
5324: plugins/sudoers/regress/testsudoers/test3.sh,
5325: plugins/sudoers/regress/visudo/test1.ok,
5326: plugins/sudoers/regress/visudo/test1.sh:
5327: Move parser tests to sudoers directory and test the tokenizer output
5328: too.
5329: [44f529b3cdb6]
5330:
5331: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5332: If we match a rule anchored to the beginning of a line after parsing
5333: a line continuation character, return an ERROR token. It would be
5334: nicer to use REJECT instead but that substantially slows down the
5335: lexer.
5336: [355478293f8c]
5337:
5338: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5339: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
5340: plugins/sudoers/toke.l:
5341: Move LEXTRACE macro to toke.h so we can use it in yyerror().
5342: [72ee7a06d3ca]
5343:
5344: 2011-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
5345:
5346: * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
5347: plugins/sudoers/toke.l:
5348: Make lex tracing settable at run-time in testsudoers via the -t
5349: flag. Trace output goes to stderr. Will be used by regress tests
5350: to check lexer.
5351: [93bd53c413c8]
5352:
5353: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5354: Allow whitespace after the modifier in a Defaults entry. E.g.
5355: "Defaults: username set_home"
5356: [9dfcf8dd8a3a]
5357:
5358: 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
5359:
5360: * mkpkg:
5361: Don't set CC when cross-compiling.
5362: [4b95b0c04e1c]
5363:
5364: * NEWS:
5365: Credit Matthew Thomas for the sudoers_search_filter changes.
5366: [a65998ab09f7]
5367:
5368: * MANIFEST:
5369: Add the .sym files to the MANIFEST
5370: [f599225cc861]
5371:
5372: * NEWS:
5373: Update for sudo 1.8.1 beta
5374: [71021e854c49]
5375:
5376: * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c:
5377: user_shell -> run_shell to avoid confusion with the user's SHELL
5378: variable.
5379: [dc0ac6dafc21]
5380:
5381: * src/exec_pty.c:
5382: Save the controlling tty process group before suspending in pty
5383: mode. Previously, we assumed that the child pgrp == child pid
5384: (which is usually, but not always, the case).
5385: [10b2883b7875]
5386:
5387: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
5388: Add support for sudoers_search_filter setting in ldap.conf. This
5389: can be used to restrict the set of records returned by the LDAP
5390: query.
5391: [b0f1b721d102]
5392:
5393: 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
5394:
5395: * configure, configure.in:
5396: Remove the hack to disable -g in CFLAGS unless --with-devel
5397: [89822cf84ef4]
5398:
5399: * doc/sudoers.pod:
5400: The '@' character does not normally need to be quoted.
5401: [7823f5ed829a]
5402:
5403: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5404: We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
5405: if that whitespace is followed by a comma, we want to treat it as
5406: part of a list and not transition.
5407: [1ca6943e1824]
5408:
5409: * plugins/sudoers/regress/testsudoers/test3.ok,
5410: plugins/sudoers/regress/testsudoers/test3.sh:
5411: Add check for whitespace when a User_List is used for a per-user
5412: Defaults entry.
5413: [91f75e6dd19a]
5414:
5415: * plugins/sudoers/regress/testsudoers/test2.out,
5416: plugins/sudoers/regress/testsudoers/test2.sh:
5417: Expand quoted name checks to cover recent fixes.
5418: [ce4f76bca146]
5419:
5420: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5421: Fix parsing of double-quoted names in Defaultd and Aliases which was
5422: broken in 601d97ea8792.
5423: [424b0d6c1dc4]
5424:
5425: * plugins/sudoers/Makefile.in:
5426: toke_util.c lives in $(srcdir) not $(devdir)
5427: [94866bebee83]
5428:
5429: 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
5430:
5431: * configure, configure.in:
5432: Change trunk version to 1.8.x to distinguish from real 1.8.0.
5433: [a9781e61d064]
5434:
5435: * NEWS, doc/UPGRADE:
5436: Document major changes in 1.8.1 and add upgrade notes.
5437: [f2cf51b0d9ce]
5438:
5439: * plugins/sudoers/match.c:
5440: Be careful not to deref user_stat if it is NULL. This cannot
5441: currently happen in sudo but might in other programs using the
5442: parser.
5443: [06a2334dd674]
5444:
5445: * mkpkg:
5446: configure will not add -O2 to CFLAGS if it is already defined to add
5447: -O2 to the CFLAGS we pass in when PIE is being used.
5448: [1ce6481ece59]
5449:
5450: * doc/sudoers.pod:
5451: Warn about the dangers of log_input and mention iolog_file and
5452: iolog_dir in the log_input and log_output descriptions.
5453: [ae854ffb0768]
5454:
5455: * pp:
5456: sync with git version
5457: [a993e39ce3cb]
5458:
5459: * doc/sudoers.pod:
5460: It seems that h comes after i
5461: [0f621109220d]
5462:
5463: * doc/sudoers.pod:
5464: Move log_input and log_output to their proper, sorted, location.
5465: Document set_utmp and utmp_runas.
5466: [273b234b9c34]
5467:
5468: * src/exec.c:
5469: Save the controlling tty process group before suspending so we can
5470: restore it when we resume. Fixes job control problems on Linux
5471: caused by the previous attemp to fix resuming a shell when I/O
5472: logging not enabled.
5473: [f03a660315ee]
5474:
5475: * common/lbuf.c:
5476: Fix printing of the remainder after a newline. Fixes "sudo -l"
5477: output corruption that could occur in some cases.
5478: [25d83fb501fc]
5479:
5480: 2011-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
5481:
5482: * config.h.in, configure, configure.in, src/exec_pty.c,
5483: src/sudo_exec.h, src/utmp.c:
5484: Add support for ut_exit
5485: [b574c13f1bba]
5486:
5487: * doc/sudo_plugin.pod, plugins/sudoers/def_data.c,
5488: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
5489: plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c,
5490: src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c:
5491: Add support for controlling whether utmp is updated and which user
5492: is listed in the entry.
5493: [44a81632133f]
5494:
5495: * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h,
5496: plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults,
5497: plugins/sudoers/parse.c:
5498: Fix typo; tupple vs. tuple
5499: [697744acb710]
5500:
5501: * src/utmp.c:
5502: For legacy utmp, strip the /dev/ prefix before trying to determine
5503: slot since the ttys file does not include the /dev/ prefix.
5504: [7ad5b81ff90c]
5505:
5506: * aclocal.m4, configure, configure.in, pathnames.h.in:
5507: Add check for _PATH_UTMP
5508: [21e638029bfd]
5509:
5510: 2011-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
5511:
5512: * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
5513: Adapt check_iolog_path to sessid changes
5514: [728b5fe2be6f]
5515:
5516: * config.h.in, configure, configure.in, src/Makefile.in,
5517: src/exec_pty.c, src/sudo_exec.h, src/utmp.c:
5518: Redo utmp handling. If no getutent()/getutxent() is available,
5519: assume a ttyslot-based utmp. If getttyent() is available, use that
5520: directly instead of ttyslot() so we don't have to do the stdin dup2
5521: dance.
5522: [18aa455cd140]
5523:
5524: 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
5525:
5526: * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h,
5527: src/utmp.c:
5528: Move utmp handling into utmp.c
5529: [f6eae6c8e012]
5530:
5531: * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
5532: common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c,
5533: compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c,
5534: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
5535: compat/utimes.c, doc/sudo.pod, doc/visudo.pod,
5536: include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5537: plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
5538: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
5539: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
5540: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
5541: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
5542: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
5543: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
5544: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
5545: plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c,
5546: plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
5547: plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
5548: plugins/sudoers/logging.c, plugins/sudoers/parse.c,
5549: plugins/sudoers/parse.h, plugins/sudoers/redblack.c,
5550: plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c,
5551: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c,
5552: src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c,
5553: src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
5554: src/sudo_plugin_int.h, src/tgetpass.c:
5555: Update copyright years.
5556: [16aa39f9060a]
5557:
5558: * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c,
5559: plugins/sudoers/sudoers.h, src/parse_args.c:
5560: Add "user_shell" boolean as a way to indicate to the plugin that the
5561: -s flag was given.
5562: [fb1ef0897b32]
5563:
5564: * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
5565: plugins/sudoers/sudoers.h:
5566: Move sessid out of sudo_user.
5567: [ba298ddb57f4]
5568:
5569: * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
5570: plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
5571: plugins/sudoers/sudoers.h:
5572: Log the TSID even if it is not a simple session ID.
5573: [d7cc1b9c513c]
5574:
5575: * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod:
5576: Document noexec in sample.sudo.conf and add back noexec_file section
5577: in sudoers with a note that it is deprecated.
5578: [4a6e961e494d]
5579:
5580: * plugins/sudoers/set_perms.c:
5581: Fix running commands as non-root on systems where setreuid() changes
5582: the saved uid based on the effective uid we are changing to.
5583: [df0769b71b34]
5584:
5585: 2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
5586:
5587: * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c,
5588: src/sudo.h:
5589: Move noexec path into sudo.conf now that sudo itself handles noexec.
5590: Currently can be configured in sudoers too but is now undocumented
5591: and will be removed in a future release.
5592: [6fa8befdc110]
5593:
5594: * doc/sudo.pod, doc/sudoers.pod:
5595: Document "Path noexec ..." in sudo.conf. No longer document
5596: noexec_file in sudoers, it will be removed in a future release.
5597: [24eee3a0b3e5]
5598:
5599: * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
5600: plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
5601: Move noexec handling to sudo front-end where it is documented as
5602: being.
5603: [3ed4f10d7052]
5604:
5605: * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
5606: src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
5607: src/sudo_exec.h:
5608: Add support for disabling exec via solaris privileges. Includes
5609: preparation for moving noexec support out of sudoers and into front
5610: end as documented.
5611: [dec843ed553e]
5612:
5613: * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym,
5614: plugins/sample_group/Makefile.in,
5615: plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
5616: plugins/sudoers/sudoers.sym:
5617: Only export the symbols corresponding to the plugin structs.
5618: [8d8d03b0ca54]
5619:
5620: * configure, configure.in, plugins/sample/Makefile.in,
5621: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
5622: Install plugins manually instead of using libtool. This works
5623: around a problem on AIX where libtool will install a .a file
5624: containing the .so file instead of the .so file itself.
5625: [796971cfbddb]
5626:
5627: * Makefile.in:
5628: Move check into its own rule since some versions of make will run
5629: both targets as the default rule.
5630: [34d759979176]
5631:
5632: * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
5633: m4/ltversion.m4, m4/lt~obsolete.m4:
5634: Update to libtool 2.2.10
5635: [34c130de6af7]
5636:
5637: 2011-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
5638:
5639: * src/exec.c:
5640: In handle_signals(), restart the read() on EINTR to make sure we
5641: keep up with the signal pipe. Don't return -1 on EAGAIN, it just
5642: means we have emptied the pipe.
5643: [d5b9c8eb9000]
5644:
5645: * compat/mktemp.c:
5646: Reorder functions to quiet a compiler warning.
5647: [c9e9a23729f0]
5648:
5649: * mkpkg:
5650: Use the Sun Studio C compiler on Solaris if possible
5651: [11a86e27891e]
5652:
5653: 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
5654:
5655: * mkpkg:
5656: Fix default setting of osversion variable.
5657: [52e49ca1cedd]
5658:
5659: * doc/sudo_plugin.pod:
5660: Make two login_class entris consistent.
5661: [18ff1fa94a91]
5662:
5663: * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c,
5664: src/sudo_exec.h:
5665: Add support for adding a utmp entry when allocating a new pty.
5666: Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
5667: Currently only creates a new entry if the existing tty has a utmp
5668: entry.
5669: [32db72b81d80]
5670:
5671: * plugins/sudoers/boottime.c:
5672: Avoid pulling in headers we don't need on Linux For getutx?id(),
5673: call setutx?ent() first and always call endutx?ent().
5674: [5dad21e1ee1b]
5675:
5676: * configure, configure.in:
5677: Add some more libs to SUDOERS_LIBS instead of relying on them to be
5678: pulled in by SUDO_LIBS.
5679: [18a7c21c09a7]
5680:
5681: * plugins/sudoers/sudoers.c:
5682: Fix return value of "sudo -l command" when command is not allowed,
5683: broken in [c7097ea22111]. The default return value is now TRUE and
5684: a bad: label is used when permission is denied. Also fixed missing
5685: permissions restoration on certain errors. On error()/errorx(), the
5686: password and group files are now closed before returning.
5687: [4f2d0e869ae5]
5688:
5689: 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
5690:
5691: * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
5692: Fix passing of login class back to sudo front end.
5693: [6f70a784ce48]
5694:
5695: * mkpkg:
5696: Add --osversion flag to specify OS instead of running "pp
5697: --probeonly"
5698: [a8efdccb7bc1]
5699:
5700: * sudo.pp:
5701: Fix expr usage w/ GNU expr
5702: [48895599ee63]
5703:
5704: 2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
5705:
5706: * plugins/sudoers/sudoers.c:
5707: Fix exit value for validate and list mode.
5708: [c7097ea22111]
5709:
5710: * plugins/sudoers/sudoers.c:
5711: Fix non-interactive mode with sudoers plugin.
5712: [172f29597bd2]
5713:
5714: 2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
5715:
5716: * doc/sudoreplay.pod:
5717: sudoreplay can now find IDs other than %{seq} and display the
5718: session.
5719: [fc3dd3be67e9]
5720:
5721: 2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
5722:
5723: * plugins/sudoers/sudoreplay.c:
5724: Add support for replaying sessions when iolog_file is set to
5725: something other than %{seq}.
5726: [ca3131243874]
5727:
5728: * plugins/sudoers/visudo.c:
5729: If we are killed by a signal, display the name of the signal that
5730: got us.
5731: [994bb76a990e]
5732:
5733: * configure, configure.in:
5734: Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
5735: where they belong.
5736: [40f94b936fa4]
5737:
5738: * configure.in:
5739: Fix bug in skey/opie check that could cause a shell warning.
5740: [83c043072be5]
5741:
5742: * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
5743: No longer need sudo_getepw() stubs.
5744: [bbee15c36912]
5745:
5746: 2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
5747:
5748: * plugins/sudoers/sudo_nss.c:
5749: Fix exit value of "sudo -l command" in sudoers module.
5750: [a6541867521b]
5751:
5752: 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
5753:
5754: * compat/regress/glob/globtest.c:
5755: Use fgets() not fgetln() for portability.
5756: [df1bb67fb168]
5757:
5758: * sudo.pp:
5759: Don't use the beta or release candidate version as the rpm release.
5760: [d661ef78021a]
5761:
5762: 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
5763:
5764: * configure, configure.in:
5765: version 1.8.0
5766: [f6530d56f6ae] [SUDO_1_8_0]
5767:
5768: * NEWS:
5769: update sudo 1.8 section
5770: [f2ee2cf95d18]
5771:
5772: 2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
5773:
5774: * plugins/sudoers/regress/testsudoers/test2.sh:
5775: fix test description
5776: [cd5730fa9f09]
5777:
5778: * plugins/sudoers/regress/testsudoers/test2.out,
5779: plugins/sudoers/regress/testsudoers/test2.sh,
5780: plugins/sudoers/regress/visudo/test2.out,
5781: plugins/sudoers/regress/visudo/test2.sh:
5782: convert test2 to use testsudoers
5783: [b5ec3f0b69f1]
5784:
5785: * include/sudo_plugin.h, src/sudo_plugin_int.h:
5786: Move struct generic_plugin to sudo_plugin_int.h
5787: [6f7bc629329c]
5788:
5789: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5790: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
5791: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
5792: plugins/sudoers/sudoers.h:
5793: Allow sudoers file name, mode, uid and gid to be specified in the
5794: settings list. The sudo front end does not currently set these but
5795: may in the future.
5796: [22f38a0fda2a]
5797:
5798: 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
5799:
5800: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
5801: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
5802: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
5803: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
5804: doc/visudo.man.in:
5805: 1.8.0rc1
5806: [5d4588b9c057]
5807:
5808: * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
5809: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
5810: src/parse_args.c, src/sudo.h:
5811: add help text to sudo, visudo and sudoreplay for the -h option
5812: [52e7378d8476]
5813:
5814: 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
5815:
5816: * compat/snprintf.c:
5817: avoid using "howmany" for a parameter name since it is a select-
5818: related macro
5819: [a14d565401a1]
5820:
5821: * doc/sudoers.pod:
5822: mention group_plugin when describing nonunix_group
5823: [e0d1d0034b17]
5824:
5825: * doc/sudo_plugin.pod:
5826: Add missing period at end of sentence
5827: [6744d7e9056d]
5828:
5829: * Makefile.in, doc/Makefile.in, include/Makefile.in,
5830: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
5831: plugins/sudoers/Makefile.in, src/Makefile.in:
5832: add localstatedir; closes bug 471
5833: [7aefcab85088]
5834:
5835: * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
5836: src/exec.c, src/exec_pty.c:
5837: The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
5838: Bug 470
5839: [927ed6740f32]
5840:
5841: * configure.in:
5842: add missing AH_TEMPLATE for ENV_RESET
5843: [16300010c986]
5844:
5845: * src/exec.c:
5846: SVR5 systems return non-zero for success on socketpair(), check for
5847: -1 instead. Closes Bug 469
5848: [4d276494bf8e]
5849:
5850: 2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
5851:
5852: * configure, configure.in:
5853: 1.8.0b5
5854: [d611cd5d73d3]
5855:
5856: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
5857: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
5858: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
5859: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
5860: regen
5861: [85e96eeaed82]
5862:
5863: * doc/sudo.pod:
5864: Document that a sudo.conf file with no Pligin lines uses the default
5865: sudoers plugins.
5866: [88bd52da977f]
5867:
5868: * src/load_plugins.c:
5869: If sudo.conf contains no Plugin lines, use the default sudoers
5870: policy and I/O plugins.
5871: [fd8f4cb811ab]
5872:
5873: 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
5874:
5875: * plugins/sudoers/sudo_nss.c:
5876: Avoid printing empty "Runas and Command-specific defaults for user"
5877: line.
5878: [2dd330fe4f8b]
5879:
5880: * common/lbuf.c:
5881: Truncate the buffer at buf.len before printing in the non-wordwrap
5882: case.
5883: [901e9833f80d]
5884:
5885: * common/lbuf.c:
5886: Remove extra newline when the tty width is very small or unavailable
5887: [245c05506c0e]
5888:
5889: 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
5890:
5891: * plugins/sudoers/alias.c:
5892: Remove unneeded variable.
5893: [2c086d30b796]
5894:
5895: 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
5896:
5897: * configure, configure.in:
5898: Prefer getutxid over getutid
5899: [3f3322e9c93e]
5900:
5901: * plugins/sudoers/boottime.c:
5902: Include utmp.h / utmpx.h before missing.h as apparently including it
5903: afterwards causes a compilation problem on GNU Hurd.
5904: [a528029ae962]
5905:
5906: 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
5907:
5908: * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
5909: #include "foo.h", not <foo.h> for local includes.
5910: [f65ec693998e]
5911:
5912: * src/parse_args.c:
5913: remove bogus XXX
5914: [9136c17d53ce]
5915:
5916: * compat/mksiglist.c:
5917: Fix typo
5918: [1a3bb7b455c9]
5919:
5920: * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
5921: plugins/sudoers/match.c:
5922: return foo not return(foo)
5923: [5c9e0647359a]
5924:
5925: 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
5926:
5927: * src/exec.c:
5928: Remove duplicate FD_SET of signal_pipe[0]
5929: [3096527d2215]
5930:
5931: 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
5932:
5933: * compat/mksiglist.c:
5934: Use "missing.h" not <missing.h> in generated code.
5935: [d8e09cffbe09]
5936:
5937: 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
5938:
5939: * aclocal.m4, configure:
5940: fix --with-iologdir=no
5941: [a89699cb5f5f]
5942:
5943: * aclocal.m4, configure:
5944: fix typo that broke --with-iologdir
5945: [91b54eb22403]
5946:
5947: 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
5948:
5949: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
5950: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
5951: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
5952: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
5953: doc/visudo.man.in:
5954: Bump version to 1.8.0b4
5955: [e2b7f2cdc02e]
5956:
5957: * NEWS:
5958: sync
5959: [decf5a0a8a33]
5960:
5961: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
5962: Attempt to clarify how users and groups interact in Runas_Specs
5963: [e6fb3a2dbd77]
5964:
5965: * plugins/sudoers/regress/visudo/test2.out,
5966: plugins/sudoers/regress/visudo/test2.sh:
5967: Add test for quoted group that contains escaped double quotes
5968: [44596c48c629]
5969:
5970: * src/exec.c, src/exec_pty.c:
5971: Pass SIGUSR1/SIGUSR2 through to the child.
5972: [c3108a827b01]
5973:
5974: * src/exec_pty.c, src/sudo_exec.h:
5975: Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
5976: SIGUSR2 to indicate whether the child should be continued in the
5977: foreground or background.
5978: [35ca47cc6785]
5979:
5980: * src/exec.c:
5981: Use pid_t not int and check the return value of kill()
5982: [36ae7d37d7f9]
5983:
5984: 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
5985:
5986: * src/exec_pty.c:
5987: Remove obsolete comment
5988: [baebef4919f6]
5989:
5990: * src/exec.c:
5991: In non-pty mode before continuing the child, make it the foreground
5992: pgrp if possible. Fixes resuming a shell.
5993: [fef5b1d02ddb]
5994:
5995: * src/exec_pty.c:
5996: If we get a signal other than SIGCHLD in the monitor, pass it
5997: directly to the child.
5998: [b3ecb28163a0]
5999:
6000: * src/exec.c, src/exec_pty.c, src/sudo.h:
6001: Save signal state before changing handlers and restore before we
6002: execute the command.
6003: [faf7475dc4bf]
6004:
6005: 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
6006:
6007: * plugins/sudoers/iolog.c:
6008: Use a char array to map a number to a base36 digit.
6009: [257576c51f8b]
6010:
6011: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
6012: Be clear about what versions of sudo support new LDAP attributes.
6013: Fix up some formatting of attribute names. Minor other tweaks.
6014: [39f65df71f65]
6015:
6016: 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
6017:
6018: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
6019: match quoted strings the same way whether in a Defaults line or as a
6020: user/group/netgroup name. Fixes escaped double quotes in quoted
6021: user/group/netgroup names.
6022: [601d97ea8792]
6023:
6024: * plugins/sudoers/Makefile.in:
6025: 'make check' depends on visudo and testsudoers
6026: [127c5a24df8f]
6027:
6028: * plugins/sudoers/sudoers2ldif:
6029: Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
6030: [9029163a58c3]
6031:
6032: 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
6033:
6034: * doc/UPGRADE:
6035: Mention LDAP attribute compatibility status.
6036: [2c3595aaec63]
6037:
6038: 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
6039:
6040: * README.LDAP:
6041: Mention phpQLAdmin
6042: [9304c9064fbe]
6043:
6044: * INSTALL, NEWS, config.h.in, configure, configure.in,
6045: doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
6046: Add --disable-env-reset configure option.
6047: [8a753aa13a46]
6048:
6049: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6050: Document that sudoers_locale also affects logging and email.
6051: [998d6ac11277]
6052:
6053: * NEWS, config.h.in, configure, configure.in,
6054: plugins/sudoers/logging.c:
6055: Do logging and email sending in the locale specified by the
6056: "sudoers_locale" setting ("C" by default). Email send by sudo
6057: includes MIME headers when the sudoers locale is not "C".
6058: [cb7e55408400]
6059:
6060: 2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
6061:
6062: * plugins/sudoers/check.c:
6063: Fix indentation
6064: [65ae7e92b9e4]
6065:
6066: 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
6067:
6068: * NEWS, src/parse_args.c, src/sudo.c:
6069: Perform command escaping for "sudo -s" and "sudo -i" after
6070: validating sudoers so the sudoers entries don't need to have all the
6071: backslashes.
6072: [4e168c103f4b]
6073:
6074: 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
6075:
6076: * plugins/sudoers/logging.c:
6077: Prepend "list " to the command logged when "sudo -l command" is used
6078: to make it clear that the command was listed, not run.
6079: [f392a6056cd6]
6080:
6081: * plugins/sudoers/parse.c:
6082: cosmetic change
6083: [7c0951dbc2dd]
6084:
6085: * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
6086: common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
6087: compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
6088: compat/nanosleep.c, compat/regress/glob/globtest.c,
6089: compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
6090: compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
6091: plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
6092: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
6093: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
6094: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
6095: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
6096: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
6097: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
6098: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
6099: plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
6100: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
6101: plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
6102: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
6103: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
6104: plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
6105: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
6106: plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
6107: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
6108: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
6109: plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
6110: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
6111: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
6112: src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
6113: src/sudo_noexec.c, src/tgetpass.c:
6114: standardize on "return foo;" rather than "return(foo);" or "return
6115: (foo);"
6116: [32d76c5aaf8c]
6117:
6118: * plugins/sudoers/sudoers.c:
6119: Do not reject sudoers file just because it is root-writable.
6120: [0febc579185b]
6121:
6122: 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
6123:
6124: * NEWS:
6125: sync
6126: [1ab03f8278ff]
6127:
6128: * plugins/sudoers/sudo_nss.c:
6129: For "sudo -U user -l" if user is not authorized on the host, say so.
6130: [289afe6dd15c]
6131:
6132: * plugins/sudoers/ldap.c:
6133: In sudo_ldap_lookup(), always do the initial sudoers check as the
6134: invoking user. If we are listing another user's privs we will do a
6135: separate lookup using list_pw later.
6136: [e52bc15de76d]
6137:
6138: 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
6139:
6140: * MANIFEST:
6141: add parser fill tests
6142: [4f65140d3515]
6143:
6144: * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
6145: Don't test features not supported by the bundled glob()
6146: [8ec7ace11949]
6147:
6148: * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
6149: compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
6150: doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
6151: doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
6152: doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
6153: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6154: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
6155: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
6156: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
6157: plugins/sudoers/ldap.c, plugins/sudoers/match.c,
6158: plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
6159: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6160: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
6161: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
6162: plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
6163: Update copyright year to 2011
6164: [ac1b45cb1809]
6165:
6166: * plugins/sudoers/sudo_nss.c:
6167: When listing, use separate lbufs for the defaults and the privileges
6168: and only print something if the number of privileges is non-zero.
6169: Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
6170: [d0854d39f8ef]
6171:
6172: * plugins/sudoers/ldap.c:
6173: Stash pointer to user group vector in LDAP handle and only reuse the
6174: query if it has not changed. We always allocate a new buffer when
6175: we reset the group vector so a simple pointer check is sufficient.
6176: [88861d4eba69]
6177:
6178: * plugins/sudoers/sudo_nss.c:
6179: Check initgroups() return value.
6180: [3bdaf58408a7]
6181:
6182: * plugins/sudoers/Makefile.in,
6183: plugins/sudoers/regress/parser/check_fill.c:
6184: Add tests for the fill functions in toke_util.c
6185: [bca587ab4956]
6186:
6187: 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
6188:
6189: * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
6190: fix copyright year
6191: [e2038cdaf055]
6192:
6193: * NEWS:
6194: sync
6195: [56ca5d5eaebe]
6196:
6197: 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
6198:
6199: * common/term.c:
6200: Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
6201: [b91f266624ec]
6202:
6203: 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
6204:
6205: * mkpkg, sudo.pp:
6206: Add Requires line for audit-libs >= 1.4 for RHEL5+
6207: [6c02f976171b]
6208:
6209: * pp:
6210: sync with git version
6211: [d301c32d5865]
6212:
6213: 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
6214:
6215: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6216: fix typo
6217: [39353f92976f]
6218:
6219: 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
6220:
6221: * NEWS:
6222: Update for sudo 1.7.4p5
6223: [b444da76901f]
6224:
6225: * doc/schema.OpenLDAP, doc/schema.iPlanet:
6226: Add sudoNotBefore and sudoNotAfter attributes as optional attributes
6227: to the sudoRole object class. From Andreas Mueller
6228: [dacfad7e7a95]
6229:
6230: 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
6231:
6232: * NEWS:
6233: Mention "sudo -g group" password check fix.
6234: [1eb8fb14e53b]
6235:
6236: * plugins/sudoers/sudoers.c:
6237: Fix "sudo -g" support in the sudoers module.
6238: [07d1b0ce530e]
6239:
6240: * plugins/sudoers/check.c:
6241: If the user is running sudo as himself but as a different group we
6242: need to prompt for a password.
6243: [caf1fcc9a117]
6244:
6245: 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
6246:
6247: * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
6248: doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
6249: plugins/sudoers/ldap.c:
6250: Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
6251: LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
6252: derived LDAP SDKs but we can pass the timeout parameter to
6253: ldap_search_ext_s() or ldap_search_st() when possible.
6254: [5537049991f7]
6255:
6256: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
6257: regen
6258: [5b361c3c4324]
6259:
6260: * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
6261: Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
6262: with OpenLDAP ldap.conf files.
6263: [e97843bd16fb]
6264:
6265: * plugins/sudoers/pwutil.c:
6266: If user has no supplementary groups, fall back on checking the group
6267: file expliticly.
6268: [5223ad4eb690]
6269:
6270: 2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
6271:
6272: * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
6273: constify
6274: [6e132a4cca61]
6275:
6276: * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
6277: plugins/sudoers/toke.l:
6278: Move fill macro to toke.h
6279: [623d430798cf]
6280:
6281: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
6282: plugins/sudoers/toke.h, plugins/sudoers/toke.l,
6283: plugins/sudoers/toke_util.c:
6284: Split tokenizer utility functions out into toke_util.c
6285: [89a97bd51618]
6286:
6287: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
6288: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
6289: ANSIfy
6290: [ca0eba1dfaa9]
6291:
6292: 2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
6293:
6294: * MANIFEST:
6295: sync
6296: [a43f94064bb3]
6297:
6298: * plugins/sudoers/Makefile.in:
6299: Add visudo tests to check target
6300: [8c82fb4ed40f]
6301:
6302: * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
6303: compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
6304: compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
6305: Add my regress tests for fnmatch() and glob() from OpenBSD.
6306: [6e8c1f211723]
6307:
6308: * plugins/sudoers/regress/testsudoers/test1.sh,
6309: plugins/sudoers/regress/visudo/test1.ok,
6310: plugins/sudoers/regress/visudo/test1.sh:
6311: Add regress test for command tags using visudo -c
6312: [18b0ef207c0f]
6313:
6314: * plugins/sudoers/Makefile.in,
6315: plugins/sudoers/regress/testsudoers/test1.ok,
6316: plugins/sudoers/regress/testsudoers/test1.sh:
6317: Add support for regress tests using testsudoers
6318: [1fa94bd2671b]
6319:
6320: * plugins/sudoers/testsudoers.c:
6321: Need to set user_name explicitly due to internal changes made when
6322: converting sudoers to a plugin.
6323: [1fa54e86a364]
6324:
6325: 2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
6326:
6327: * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
6328: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
6329: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6330: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
6331: plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
6332: zlib/Makefile.in:
6333: Add regression tests for iolog_path()
6334: [afa4b416e559]
6335:
6336: * Makefile.in, common/Makefile.in, compat/Makefile.in,
6337: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
6338: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6339: src/Makefile.in, zlib/Makefile.in:
6340: Add support for "make Makefile" to regenerate Makefile from
6341: Makefile.in
6342: [98bd2dda3294]
6343:
6344: * plugins/sudoers/iolog_path.c:
6345: Quiest a bogus compiler warning.
6346: [5ff932a7ad67]
6347:
6348: 2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
6349:
6350: * plugins/sudoers/iolog_path.c:
6351: Protect call to setlocale() with HAVE_SETLOCALE
6352: [2c29ee3ccc81]
6353:
6354: 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
6355:
6356: * MANIFEST:
6357: mkstemps.c was renamed mktemp.c
6358: [ae299c3b1827]
6359:
6360: * NEWS:
6361: Update from 1.7 branch
6362: [20817d79717b]
6363:
6364: * Makefile.in:
6365: Use "mv -f" when regenerating ChangeLog
6366: [c163635206c6]
6367:
6368: * plugins/sudoers/match.c:
6369: Fix NULL dereference with "sudo -g group" when the sudoers rule has
6370: no runas user or group listed. Fixes RedHat bug Bug 667103.
6371: [41a6a1243d9e]
6372:
6373: 2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
6374:
6375: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6376: Correct the default sudo.conf example
6377: [4e791698cad1]
6378:
6379: 2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
6380:
6381: * plugins/sudoers/iolog_path.c:
6382: Reset slashp if we allocate a new buffer for strftime()
6383: [e491daa4203b]
6384:
6385: * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
6386: plugins/sudoers/sudoers.h:
6387: Add extra out parameter to expand_iolog_path() to allow the caller
6388: to split the path into dir and file components if needed.
6389: [88346bc5ae39]
6390:
6391: 2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
6392:
6393: * plugins/sudoers/iolog.c:
6394: mkdir_iopath() returns size_t now that it uses strlcpy() and not
6395: snprintf()
6396: [3c4c64d265eb]
6397:
6398: * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
6399: Trim leading slashes from iolog_file and trailing slashes from
6400: iolog_dir
6401: [a803b51f8948]
6402:
6403: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
6404: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
6405: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
6406: Pass a single I/O log file name in command_details instead of
6407: separate dir + file parameters.
6408: [d672a3e46e80]
6409:
6410: * plugins/sudoers/sudoreplay.c:
6411: change an error() to errorx()
6412: [8013dcfdd69d]
6413:
6414: * plugins/sudoers/iolog.c:
6415: Add missing cwd line to I/O log info file that got dropped when
6416: iolog_deserialize_info() was added
6417: [7cf84f208423]
6418:
6419: 2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
6420:
6421: * plugins/sudoers/iolog.c:
6422: Avoid relying on globals filled in by the sudoers policy module for
6423: the sudoers I/O log module. The I/O log open function now pulls the
6424: bits it needs out of user_info and command_info.
6425: [c02f6951b0cc]
6426:
6427: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
6428: plugins/sudoers/sudoers.h:
6429: If no iolog file is specified by the policy plugin, use io_nextid()
6430: to determine the next file in the sequence.
6431: [faa1130b1020]
6432:
6433: 2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
6434:
6435: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6436: Document iolog_compress in command_info
6437: [58895c7d12f5]
6438:
6439: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
6440: Add support for the iolog_compress variable in command_info.
6441: [36f13a2fd1c1]
6442:
6443: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
6444: Add sigsetjmp() calls to all plugin entry points just to be safe.
6445: [3fa482355bc4]
6446:
6447: * src/sudo.c, src/sudo.h:
6448: Don't need iolog variables in struct command_details, they are for
6449: the I/O log plugins to handle.
6450: [5111579ffd9d]
6451:
6452: 2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
6453:
6454: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6455: Document use of mkdtemp() for iolog path teplates
6456: [5db6101408a9]
6457:
6458: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
6459: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
6460: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
6461: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
6462: regen
6463: [1ee11fd6d4eb]
6464:
6465: * doc/sudo_plugin.pod, doc/sudoers.pod:
6466: Document iolog_file and supported escape sequences for sudoers.
6467: Clarify that iolog_file can contain directories.
6468: [da611dedcbdb]
6469:
6470: * compat/Makefile.in, configure, configure.in:
6471: Fix building of mkstemps/mkdtemp replacements.
6472: [793a5e303122]
6473:
6474: * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
6475: configure.in, include/missing.h:
6476: Provide mkdtemp() for systems without it.
6477: [b0527dfa965c]
6478:
6479: * plugins/sudoers/iolog_path.c:
6480: Fix typo
6481: [277f6c514cba]
6482:
6483: * plugins/sudoers/iolog.c:
6484: Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
6485: glibc mkdtemp() returns EINVAL.
6486: [2e7323b05579]
6487:
6488: * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
6489: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
6490: plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
6491: plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
6492: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
6493: Allow sudoers to specify the iolog file in addition to the iolog
6494: dir. Add escape sequence support to iolog file and dir: sequence
6495: number, user, group, runas_user, runas_group, hostname and
6496: command in addition to any escape sequence recognized by
6497: strftime(3).
6498: [75cd32ee0435]
6499:
6500: * plugins/sudoers/iolog.c:
6501: Add missing sigsetjmp() call in I/O plugin open function. Fixes a
6502: crash when the I/O plugin calls error(), errorx() or log_error().
6503: [1a6718bd817d]
6504:
6505: 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
6506:
6507: * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
6508: plugins/sudoers/sudoers.c:
6509: Give the policy module fine-grained control over what the I/O plugin
6510: logs.
6511: [d29784fd2a66]
6512:
6513: * common/term.c:
6514: Clear OPOST from c_oflag like we used to. Fixes screen-based
6515: editors such as vi.
6516: [506ad5ae9b4e]
6517:
6518: * doc/sudoers.pod:
6519: Clarify umask option description. From Reuben Thomas.
6520: [1294ac84222b]
6521:
6522: 2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
6523:
6524: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
6525: Pick last match in LDAP sudoers too
6526: [fbfd8e85703b]
6527:
6528: * doc/sudo_plugin.pod:
6529: Document iolog_file, iolog_dir and use_pty
6530: [26120a59c20e]
6531:
6532: * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
6533: plugins/sudoers/sudoers.c:
6534: Adapt plugins to version I/O logging ABI 1.1
6535: [880dd64bc1e8]
6536:
6537: * src/exec.c, src/sudo.h:
6538: Add use_pty command_info flag for policies to indicate that a pty
6539: should be allocated even if no I/O logging is performed.
6540: [e7b167f8a6e5]
6541:
6542: * src/sudo.c:
6543: Add remaining plugin convenience functions
6544: [ffeaf96da031]
6545:
6546: * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
6547: src/sudo_plugin_int.h:
6548: Change I/O log API to pass in command info to the I/O log open
6549: function. Add iolog_file and iolog_dir parameters to command info.
6550: This allows the policy plugin to specify the I/O log pathname. Add
6551: convenience functions for calling plugin functions that handle ABI
6552: backwards compatibility.
6553: [9b81dce76ce5]
6554:
6555: * compat/dlopen.c:
6556: Remove useless cast
6557: [7cecce969739]
6558:
6559: 2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
6560:
6561: * configure, configure.in:
6562: Bump version to 1.8.0b3
6563: [1dc9f040aae0]
6564:
6565: 2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
6566:
6567: * configure.in:
6568: Remove extraneous newline
6569: [71c94551eea5]
6570:
6571: 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
6572:
6573: * doc/sudoers.pod, plugins/sudoers/def_data.c,
6574: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
6575: plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
6576: Make I/O log dir configurable.
6577: [99b576667a38]
6578:
6579: * aclocal.m4, configure, configure.in, doc/sudoers.pod:
6580: Rename io_logdir to iolog_dir
6581: [0731662acc8d]
6582:
6583: 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
6584:
6585: * pp:
6586: Add missing '*' that prevented the generic ELF case from matching.
6587: [be77ca26bfb2]
6588:
6589: * pp:
6590: If file(1) can't identify the ELF binary type, try readelf(1).
6591: [38a18d32a9e3]
6592:
6593: 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
6594:
6595: * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
6596: plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
6597: plugins/sudoers/sudoers.c, src/sudo.c:
6598: Use %u to print uid/gid, not %lu and adjust casts to match.
6599: [03c43b8749cf]
6600:
6601: * doc/sudoers.ldap.pod:
6602: Clarify ordering of entries and attributes.
6603: [924e2a6bb603]
6604:
6605: * doc/sudoers.ldap.pod:
6606: Fix typo and editing goof.
6607: [79dc7ccd85a8]
6608:
6609: * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
6610: doc/sudoers.ldap.pod:
6611: Merge in ordered LDAP entry support from Andreas Mueller.
6612: [ea5885989bad]
6613:
6614: * plugins/sudoers/ldap.c:
6615: Make sure we don't dereference a NULL handle.
6616: [1a9f9ee15371]
6617:
6618: 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
6619:
6620: * pp:
6621: Add support for RHEL 6 file modes that include a trailing dot on
6622: files with an SELinux security context
6623: [dc09be959547]
6624:
6625: 2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
6626:
6627: * src/sudo.c:
6628: exec_setup() does not need to setuid(0), the Ubuntu issue was in the
6629: sudoers module.
6630: [d6dd99fc6062]
6631:
6632: * plugins/sudoers/sudoers.c:
6633: create_admin_success_flag() should use restore_perms() rather than
6634: set_perms() to restore the uid.
6635: [eba7a91c1f57]
6636:
6637: * src/sudo.c:
6638: In exec_setup() call setuid(0) to make certain the subsequent uid
6639: and gid changes will succeed. Fixes a problem on Ubuntu.
6640: [c5d32abf0645]
6641:
6642: * src/sudo_edit.c:
6643: Error out if we cannot change to root's uid so we catch the failure
6644: early.
6645: [7a2e7f8f2c80]
6646:
6647: 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
6648:
6649: * doc/sudoers.pod:
6650: fix typo; from Michael T Hunter
6651: [a574a9d0db5b]
6652:
6653: * plugins/sudoers/match.c:
6654: In sudoedit mode, assume command line arguments are paths and pass
6655: FNM_PATHNAME to fnmatch().
6656: [ce0abff8ce9f]
6657:
6658: 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
6659:
6660: * configure, configure.in:
6661: Add workaround for an error in sys/types.h on HP-UX 11.23 when large
6662: file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
6663: broken bits of the header file.
6664: [e337217f097a]
6665:
6666: * aclocal.m4:
6667: Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
6668: [fbbcee28961f]
6669:
6670: * sudo.pp:
6671: For Tru64, strip off beta version.
6672: [eeccd762df5e]
6673:
6674: * MANIFEST, plugins/sudoers/testsudoers.c,
6675: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
6676: Avoid conflicts with system definitions in grp.h and pwd.h
6677: [b219ffe1da09]
6678:
6679: * zlib/gzguts.h:
6680: Include stdio.h after zlib.h, not before. We need the large file
6681: defines to come first.
6682: [21d6df39790f]
6683:
6684: 2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
6685:
6686: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
6687: regen
6688: [3ff8750d0aac]
6689:
6690: * Makefile.in:
6691: Don't clean ChangeLog
6692: [ab0d30d289d4]
6693:
6694: * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
6695: Add prototype for cleanup()
6696: [75626fd3769a]
6697:
6698: 2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
6699:
6700: * plugins/sudoers/group_plugin.c:
6701: Avoid deferencing group_plugin if it is NULL in
6702: group_plugin_query(). This should not happen.
6703: [4f2933c8da7e]
6704:
6705: * plugins/sudoers/group_plugin.c:
6706: group plugin init function return TRUE when successful
6707: [198024477030]
6708:
6709: 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
6710:
6711: * plugins/sudoers/ldap.c:
6712: Enlarge the array of entry wrappers int blocks of 100 entries to
6713: save on allocation time. From Andreas Mueller
6714: [375c916bb03b]
6715:
6716: * plugins/sudoers/ldap.c:
6717: Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
6718: that was mistakenly dropped.
6719: [1555f5bc132d]
6720:
6721: 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
6722:
6723: * doc/TROUBLESHOOTING:
6724: Mention that sudo needs "ar" to build.
6725: [65582ace2d09]
6726:
6727: * configure, configure.in:
6728: Fail with a more useful error if "ar" is not found.
6729: [d1cb83719c17]
6730:
6731: 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
6732:
6733: * plugins/sudoers/ldap.c:
6734: Merge in ordered LDAP entry support from Andreas Mueller and add
6735: local changes from the 1.7 branch.
6736: [bca29e461618]
6737:
6738: 2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
6739:
6740: * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
6741: doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
6742: Add timed entry support from Andreas Mueller.
6743: [e18d1df46a8d]
6744:
6745: * plugins/sudoers/group_plugin.c:
6746: Don't try to unload if group_plugin is NULL. Don't call dlclose() if
6747: group_handle is NULL
6748: [de2273da37d5]
6749:
6750: * plugins/sudoers/sudoers.h:
6751: It is now plugin_cleanup(), not cleanup()
6752: [da62a4e1a78c]
6753:
6754: * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
6755: Call plugin_cleanup(), not cleanup()
6756: [e800ad8b33ad]
6757:
6758: 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
6759:
6760: * plugins/sudoers/ldap.c:
6761: Use efree() not free() and remove malloc.h include since we never
6762: directly call malloc() or free().
6763: [107fffd134bb]
6764:
6765: 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
6766:
6767: * sudo.pp:
6768: set PSTAMP for Solaris and move the backend-specific bits to their
6769: own %if [xxx] %endif blocks in %set.
6770: [a94ebe8920c1]
6771:
6772: * pp:
6773: sync with git repo
6774: [75ff509696b4]
6775:
6776: * configure, configure.in:
6777: Only substitute file zlib files when using the builtin zlib
6778: [6c8145b2deb4]
6779:
6780: * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
6781: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6782: src/Makefile.in, zlib/Makefile.in:
6783: Give up on using VPATH to find sources as it is implemented
6784: inconsistenly in different versions of make.
6785: [60517c69aaee]
6786:
6787: * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
6788: plugins/sudoers/gram.c, plugins/sudoers/toke.c:
6789: Include config.h before any other includes to make sure we get the
6790: right value for _FILE_OFFSET_BITS.
6791: [8fb007ca832e]
6792:
6793: * MANIFEST:
6794: Add zlib
6795: [04a3e23dfaa9]
6796:
6797: * zlib/Makefile.in:
6798: Add missing targets
6799: [40e45a177168]
6800:
6801: * src/Makefile.in:
6802: g/c unused $(GENERATED)
6803: [c8758068c1bc]
6804:
6805: 2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
6806:
6807: * plugins/sudoers/group_plugin.c:
6808: Zero out group_plugin on unload just to be safe.
6809: [0b10f4d101ca]
6810:
6811: * plugins/sudoers/group_plugin.c:
6812: Unload group plugin if its init function fails.
6813: [6552cdac4b7c]
6814:
6815: * src/sudo.c:
6816: Only chdir to cwd if it is different from the current cwd or there
6817: is a new root (chroot).
6818: [b8203e875e84]
6819:
6820: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
6821: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
6822: doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
6823: Bump version to 1.8.0b2
6824: [6dadeb75a878]
6825:
6826: 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
6827:
6828: * INSTALL:
6829: Better --enable-zlib description
6830: [e0da54fa59a6]
6831:
6832: * mkpkg:
6833: Use system zlib on Linux Let configure decide on Solaris For all
6834: others, use builtin zlib
6835: [3d52eddb523c]
6836:
6837: * zlib/zconf.h.in:
6838: Add large file support.
6839: [bec01215270d]
6840:
6841: * config.h.in:
6842: Add large file support.
6843: [244e95b034ec]
6844:
6845: * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
6846: zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
6847: zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
6848: zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
6849: zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
6850: zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
6851: zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
6852: zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
6853: Add local copy of zlib for systems that lack it.
6854: [7542ca465c5a]
6855:
6856: 2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
6857:
6858: * src/exec.c:
6859: If perform_io() fails, kill the child before exiting so it doesn't
6860: complain about connection reset. We can get an I/O error if, for
6861: example, and we get EIO reading from stdin.
6862: [e59a05fa729f]
6863:
6864: 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
6865:
6866: * plugins/sudoers/sudoers.c, src/sudo.c:
6867: Fix complilation on systems with set_auth_parameters() Sprinkle
6868: volatile to quiet warnings from gcc 2.8.0
6869: [a34c2b924ba7]
6870:
6871: * compat/dlfcn.h, compat/dlopen.c:
6872: Avoid potential namespace issues with dlopen() emulation.
6873: [aedfababd6ca]
6874:
6875: * MANIFEST:
6876: sync
6877: [6afb97e6d308]
6878:
6879: * plugins/sudoers/interfaces.c:
6880: Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
6881: exist).
6882: [ddfca5af1a36]
6883:
6884: * Makefile.in:
6885: Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
6886: [e9d04bfa4505]
6887:
6888: * configure, configure.in:
6889: HP-UX 10.20 libc has an incompatible getline
6890: [2e7bc202e78d]
6891:
6892: * plugins/sudoers/visudo.c:
6893: Quiet an HP-UX compiler warning.
6894: [55b9d587ac8c]
6895:
6896: * configure, configure.in:
6897: Check for vi even with --with-editor specified; the sample plugin
6898: needs it.
6899: [94dfc3643f76]
6900:
6901: 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
6902:
6903: * compat/dlopen.c:
6904: Fix remaining syntax errors.
6905: [9d729b5b577e]
6906:
6907: * src/Makefile.in:
6908: sudo binary depends on the libtool-generated libs
6909: [9e6148406adb]
6910:
6911: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
6912: Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
6913: include the local or system dlfcn.h
6914: [68cfe4c1089b]
6915:
6916: * pp:
6917: Don't use run_as_superuser=false on HP-UX
6918: [532242370b09]
6919:
6920: * src/net_ifs.c:
6921: Use memset() instead of zero_bytes() since we don't include
6922: sudoers.h
6923: [a187c18c2472]
6924:
6925: * plugins/sudoers/interfaces.c:
6926: Fix pasto; AF_INET not AF_INET6
6927: [2d2e9d7dc6f9]
6928:
6929: * compat/dlopen.c:
6930: Actually call shl_load()
6931: [ed8153b8a3cd]
6932:
6933: * pp:
6934: Update from git repo. Debian: version numbers now compliant with
6935: policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
6936: 10.20
6937: [ecf2692bceeb]
6938:
6939: * configure, configure.in:
6940: Fix dlopen() detection for systems where dlopen() is in a separate
6941: library.
6942: [fa6b175582b6]
6943:
6944: * plugins/sudoers/auth/pam.c:
6945: If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
6946: useful message and return AUTH_FATAL so sudo does not keep trying to
6947: validate the user.
6948: [1be8857e5291]
6949:
6950: * src/preload.c:
6951: sudo_preload_table is an array
6952: [b7704e72a9da]
6953:
6954: * compat/dlopen.c:
6955: Quiet a compiler warning and fix sudo_preload_table external
6956: definition.
6957: [8234987664cc]
6958:
6959: * compat/dlfcn.h:
6960: Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
6961: [8bab6a4053cc]
6962:
6963: * plugins/sudoers/group_plugin.c:
6964: Make this compile correctly when no dlopen is available.
6965: [57643879bd2b]
6966:
6967: 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
6968:
6969: * plugins/sudoers/check.c:
6970: Having a timestamp file defined is no longer indicative of tty
6971: tickets being enabled. Check def_tty_tickets directly.
6972: [efcc11ad157f]
6973:
6974: * src/exec_pty.c, src/sudo.h, src/ttysize.c:
6975: Fix TCGETWINSZ compat.
6976: [da3a8b17cf7a]
6977:
6978: 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
6979:
6980: * src/exec_pty.c, src/ttysize.c:
6981: Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
6982: [926492dd10a6]
6983:
6984: 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
6985:
6986: * plugins/sudoers/sudoers.c, src/sudo.c:
6987: Move set_project() from sudoers module into sudo proper.
6988: [beabafac03b4]
6989:
6990: * configure, configure.in:
6991: Fix typo and regenerate
6992: [4a3caf4234f3]
6993:
6994: * plugins/sudoers/ldap.c:
6995: When iterating over returned LDAP entries, keep looking at remaining
6996: matches even if we have a positive match. This catches negative
6997: matches that may exist in other entries and more closely match the
6998: sudoers file behavior.
6999: [f47db6e609b0]
7000:
7001: * pp:
7002: Add support for multiple package instances on Solaris.
7003: [7f2a8b942545]
7004:
7005: * src/exec.c:
7006: Add missing signal_pipe[0] to fdsr for the non-pty case.
7007: [79d01e11b19c]
7008:
7009: * mkpkg:
7010: Add --with-project for Solaris
7011: [ffa4c2bb93f7]
7012:
7013: * README:
7014: Need ar and ranlib too
7015: [5c2f679172ef]
7016:
7017: 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
7018:
7019: * plugins/sudoers/env.c:
7020: Preserve ODMDIR environment variable by default on AIX.
7021: [bd47cb1e804f]
7022:
7023: 2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
7024:
7025: * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
7026: config.h.in, configure, configure.in, plugins/sample/Makefile.in,
7027: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
7028: plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
7029: plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
7030: src/preload.c:
7031: Add dlopen() emulation for systems without it. For HP-UX 10, emulate
7032: using shl_load(). For others, link sudoers plugin statically and use
7033: a lookup table to emulate dlsym().
7034: [e92edfb3c642]
7035:
7036: 2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
7037:
7038: * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
7039: compat/nanosleep.c, compat/utimes.c:
7040: When including compat headers, use the compat dir as part of the
7041: path so we are sure to get the correct header.
7042: [6c2a45da6af5]
7043:
7044: 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
7045:
7046: * plugins/sudoers/linux_audit.c:
7047: Ignore ECONNREFUSED from audit_log_user_command() which will occur
7048: if auditd is not running.
7049: [d314fe4c8d03]
7050:
7051: 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
7052:
7053: * pp:
7054: Sync with git version
7055: [1c0357744222]
7056:
7057: 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
7058:
7059: * common/fileops.c, plugins/sudoers/defaults.c:
7060: Cast isblank argument to unsigned char.
7061: [c822dbb3ca54]
7062:
7063: 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
7064:
7065: * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
7066: doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
7067: Implement --with-umask-override configure flag.
7068: [863e3047df22]
7069:
7070: * plugins/sudoers/env.c:
7071: Take MODE_LOGIN_SHELL into account when initially setting reset_home
7072: instead of special-casing it later.
7073: [5d6b16480fd6]
7074:
7075: * plugins/sudoers/sudoers.c:
7076: In login mode, make a copy of the runas user's pw_shell for
7077: NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
7078: freed before exec.
7079: [1d1ccb568dfa]
7080:
7081: * plugins/sudoers/env.c:
7082: Reset HOME for "sudo -i" even if HOME was listed in env_keep.
7083: [c1c1c65a2d63]
7084:
7085: * src/sudo.c:
7086: Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
7087: [7443454e5f88]
7088:
7089: * src/sudo.c:
7090: Reset signal mask at sudo startup time; we need to be able to rely
7091: on normal signal delivery to control the child process.
7092: [95800163ff94]
7093:
7094: 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
7095:
7096: * install-sh:
7097: Use sed instead of expr to split a flag from its argument. Fixes a
7098: problem with expr interpreting its arguments as a flag when they
7099: start with a dash.
7100: [736065e14301]
7101:
7102: * common/lbuf.c:
7103: Do not need sys/time.h after all
7104: [91f6f668ccda]
7105:
7106: * common/lbuf.c:
7107: Include sys/time.h for utimes() and struct timeval. No longer need
7108: ioctl.h or termios.h
7109: [2d75273d3213]
7110:
7111: * compat/snprintf.c:
7112: Quiet bogus compiler warnings.
7113: [fe252e1968f5]
7114:
7115: * include/missing.h:
7116: Declare innetgr() for HP-UX which is missing a declaration. Declare
7117: domainname() for HP-UX and Solaris which are missing a declaration.
7118: [b37c50751138]
7119:
7120: * plugins/sudoers/bsm_audit.c:
7121: Use __sun for consistency with the rest of the sources.
7122: [6b086b61ccb6]
7123:
7124: * plugins/sudoers/group_plugin.c:
7125: Quiet a bogus compiler warning.
7126: [ebc069842c4a]
7127:
7128: * plugins/sudoers/pwutil.c:
7129: Don't try to delref a NULL group.
7130: [f6ff0838be21]
7131:
7132: * common/alloc.c, common/lbuf.c:
7133: Include memory.h on systems that need it.
7134: [4e676da81c6f]
7135:
7136: 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
7137:
7138: * src/exec.c:
7139: Quiet gcc warnings on glibc systems that use warn_unused_result for
7140: write(2).
7141: [0532da0b7cf7]
7142:
7143: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
7144: sudo_plugin is in section 8; from Ted Percival
7145: [b4506a0de87e]
7146:
7147: * plugins/sudoers/Makefile.in:
7148: testsudoers depends on libsudoers.la, not sudoreplay
7149: [cdb1cc3bf06a]
7150:
7151: 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
7152:
7153: * src/exec.c:
7154: Read as many signals on the signal pipe as we can before returning.
7155: [b181671da047]
7156:
7157: * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
7158: Instead of using a array to store received signals, open a pipe and
7159: have the signal handler write the signal number to one end and
7160: select() on the other end. This makes it possible to handle signals
7161: similar to I/O without race conditions.
7162: [ee84d65c16b6]
7163:
7164: 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
7165:
7166: * doc/visudo.pod, plugins/sudoers/visudo.c:
7167: Make "visudo -c -f -" check the standard input.
7168: [195a3d2a9a26]
7169:
7170: * doc/sudoers.pod:
7171: set_home and always_set_home have an effect if HOME is present in
7172: the env_keep list.
7173: [159d0b9dc5c8]
7174:
7175: * plugins/sudoers/env.c:
7176: Make -H flag work when HOME is listed in env_keep. Also makes
7177: "set_home" and "always_set_home" override override HOME in env_keep.
7178: [a3e5b966193f]
7179:
7180: 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
7181:
7182: * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
7183: plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
7184: plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
7185: plugins/sudoers/visudo.c, src/net_ifs.c:
7186: Convert sudoers plugin to use interface list passed in settings.
7187: [87d9b5f4f586]
7188:
7189: * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
7190: src/parse_args.c, src/sudo.h:
7191: Query local network interfaces in the main sudo driver and pass to
7192: the plugin as "network_addrs" in the settings list.
7193: [7f35bcfe77a7]
7194:
7195: * plugins/sudoers/bsm_audit.c:
7196: Solaris BSM audit return EINVAL when auditing is not enabled,
7197: whereas OpenBSM returns ENOSYS.
7198: [411b980ec58b]
7199:
7200: 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
7201:
7202: * compat/fnmatch.c:
7203: missing.h should come before most local includes
7204: [53921a7b8b5b]
7205:
7206: * plugins/sudoers/sudoreplay.c:
7207: missing.h should come before most local includes
7208: [e9abb0db1aac]
7209:
7210: * plugins/sudoers/sudoers.h:
7211: Make local includes consistent; use double quotes for local includes
7212: except for generated ones where we use angle brackets.
7213: [09de4faa9547]
7214:
7215: * plugins/sudoers/sudoers.c:
7216: Always fill in NewArgv for audit code.
7217: [7c3aca60519f]
7218:
7219: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7220: Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
7221: [007cf6560f92]
7222:
7223: * common/alloc.c, common/atobool.c, common/fileops.c,
7224: common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
7225: common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
7226: compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
7227: compat/getprogname.c, compat/glob.c, compat/isblank.c,
7228: compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
7229: compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
7230: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
7231: compat/unsetenv.c, compat/utimes.c, include/compat.h,
7232: plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
7233: plugins/sample_group/plugin_test.c,
7234: plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
7235: plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
7236: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
7237: plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
7238: plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
7239: plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
7240: src/sudo_noexec.c, src/ttysize.c:
7241: Make local includes consistent; use double quotes for local includes
7242: except for generated ones where we use angle brackets. Also g/c
7243: unused compat.h.
7244: [e57070dc8f04]
7245:
7246: 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
7247:
7248: * plugins/sudoers/match.c:
7249: When matching the runas user and runas group (-u and -g command line
7250: options), keep track of runas group and runas user matches
7251: separately. Only return a positive match if we have a match for
7252: both runas user and runas group (if specified).
7253: [815219e04cc8]
7254:
7255: 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
7256:
7257: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
7258: Add support for multiple URI lines by joining the contents and
7259: passing the result to ldap_initialize.
7260: [a47cae3b72e8]
7261:
7262: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
7263: Do not return -1 on error from the display functions; the caller
7264: expects a return value >= 0.
7265: [101456a7dd00]
7266:
7267: * plugins/sudoers/sudoers.c:
7268: Do not set both MODE_EDIT and MODE_RUN
7269: [8faa36694d54]
7270:
7271: 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
7272:
7273: * include/missing.h:
7274: Move includes to the top of the file.
7275: [a51436798e8c]
7276:
7277: 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
7278:
7279: * plugins/sudoers/Makefile.in:
7280: Add missing definition of timedir
7281: [458a749c2c5e]
7282:
7283: * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
7284: compat/mksiglist.c, compat/strsignal.c,
7285: plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
7286: Add #include of sys/types.h for .c files that include missing.h to
7287: be sure that size_t and ssize_t are defined.
7288: [08e3132dbf4f]
7289:
7290: * plugins/sudoers/Makefile.in:
7291: Install sudoers file from the build dir not hte src dir.
7292: [ca89e962dbf4]
7293:
7294: 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
7295:
7296: * plugins/sudoers/set_perms.c:
7297: If runas_pw changes, reset the stashed runas aux group vector.
7298: Otherwise, if runas_default is set in a per-command Defaults
7299: statement, the command runs with root's aux group vector (i.e. the
7300: one that was used when locating the command).
7301: [24f9107cedd2]
7302:
7303: * plugins/sudoers/Makefile.in:
7304: Add target to generate sudoers file Remove generated sudoers file as
7305: part of distclean
7306: [fb7422e90f03]
7307:
7308: 2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
7309:
7310: * src/exec.c:
7311: When not logging I/O install a handler for SIGCONT and deliver it to
7312: the command upon resume. Fixes bugzilla #431
7313: [495dce52a5aa]
7314:
7315: 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
7316:
7317: * plugins/sudoers/sudoers.h:
7318: g/c unused auth_pw extern definition
7319: [40eb7477ba17]
7320:
7321: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
7322: Move get_auth() into check.c where it is actually used.
7323: [e31db0ce3a61]
7324:
7325: 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
7326:
7327: * common/lbuf.c:
7328: Convert a remaining puts() and putchar() to use the output function.
7329: [d69e363a506b]
7330:
7331: * plugins/sudoers/plugin_error.c:
7332: Plug memory leak
7333: [68895469ea8d]
7334:
7335: 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
7336:
7337: * plugins/sudoers/env.c:
7338: Set dupcheck to TRUE when setting new HOME value if !env_reset but
7339: always_set_home is true. Prevents a duplicate HOME in the
7340: environment (old value plus the new one) introduced in f421f8827340.
7341: [9ca19183794f]
7342:
7343: * configure, configure.in, plugins/sudoers/sudoers,
7344: plugins/sudoers/sudoers.in:
7345: Substitute sysconfdir in the installed sudoers file to get the
7346: correct path for sudoers.d.
7347: [86072b6cd55d]
7348:
7349: 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
7350:
7351: * src/get_pty.c:
7352: Fix typo that prevented compilation on Irix; Friedrich Haubensak
7353: [b48be51b65fc]
7354:
7355: 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
7356:
7357: * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
7358: common/atobool.c, common/fileops.c, common/fmt_string.c,
7359: common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
7360: compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
7361: compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
7362: compat/getprogname.c, compat/glob.c, compat/isblank.c,
7363: compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
7364: compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
7365: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
7366: compat/unsetenv.c, compat/utimes.c, include/compat.h,
7367: include/missing.h, plugins/sample/sample_plugin.c,
7368: plugins/sample_group/getgrent.c,
7369: plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
7370: plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
7371: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
7372: plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
7373: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
7374: plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
7375: src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
7376: Merge compat.h and missing.h into missing.h
7377: [572909ae9716]
7378:
7379: 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
7380:
7381: * plugins/sudoers/auth/pam.c:
7382: If the user hits ^C while a password is being read, error out before
7383: reading any further passwords in the pam conversation function.
7384: Otherwise, if multiple PAM auth methods are required, the user will
7385: have to hit ^C for each one.
7386: [23782631748c]
7387:
7388: 2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
7389:
7390: * plugins/sudoers/check.c:
7391: Update comment
7392: [a5296cb3a20a]
7393:
7394: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
7395: Document sudo_conv_t function and sudo_printf_t return values.
7396: [745c0017814c]
7397:
7398: * src/conversation.c:
7399: Make _sudo_printf return the number of characters printed on success
7400: like printf(3).
7401: [8eeefe8d7e77]
7402:
7403: 2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
7404:
7405: * plugins/sudoers/sudoers.c:
7406: sudoers.h includes sudo_plugin.h for us
7407: [cabe68e07807]
7408:
7409: * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
7410: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
7411: src/sudo_edit.c:
7412: Use gettimeofday() directly instead of via the gettime() wrapper.
7413: [7490426c99ae]
7414:
7415: * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
7416: compat/strerror.c, config.h.in, configure, configure.in,
7417: include/compat.h, include/missing.h, plugins/sudoers/logging.c,
7418: plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
7419: Remove some obsolete configure tests, ancient Unix systems are no
7420: longer supported.
7421: [2be6218c3a36]
7422:
7423: 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
7424:
7425: * sudo.pp:
7426: Set pp_kit_version and strip off patch level
7427: [aacfda1b676d]
7428:
7429: * sudo.pp:
7430: Better handling of versions with a patchlevel. For rpm and deb, use
7431: the patchlevel+1 as the release. For AIX, use the patchlevel as the
7432: 4th version number. For the rest, just leave the patchlevel in the
7433: version string.
7434: [638bd35f2346]
7435:
7436: 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
7437:
7438: * plugins/sudoers/auth/sudo_auth.c:
7439: For non-standalone auth methods, stop reading the password if the
7440: user enters ^C at the prompt.
7441: [82c2911bb264]
7442:
7443: * configure, configure.in, plugins/sudoers/Makefile.in,
7444: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
7445: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
7446: plugins/sudoers/pwutil.c:
7447: No need to look up shadow password unless we are doing password-
7448: style authentication. This moves the shadow password lookup to the
7449: auth functions that need it.
7450: [ba9e3eba2b72]
7451:
7452: * plugins/sudoers/sudoers.c:
7453: Retain final passwd/group refs until the policy close() function.
7454: Note that this doesn't get called in all cases so putting this in a
7455: cleanup function is probably better.
7456: [bbe214cb4119]
7457:
7458: * plugins/sudoers/check.c:
7459: Fix mismerge
7460: [395115f89dd6]
7461:
7462: * plugins/sudoers/check.c:
7463: When removing/resetting the timestamp file ignore the tty ticket
7464: contents.
7465: [b709f5667a0b]
7466:
7467: * plugins/sudoers/sudoers.c:
7468: delref sudo_user.pw, runas_pw and runas_gr immediately before we
7469: return.
7470: [4d67d15dfd3b]
7471:
7472: 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
7473:
7474: * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
7475: plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
7476: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
7477: Reference count cached passwd and group structs. The cache holds
7478: one reference itself and another is added by sudo_getgr{gid,nam} and
7479: sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
7480: group structs are persistent for now.
7481: [e544685523c3]
7482:
7483: * doc/UPGRADE:
7484: fix typo
7485: [e32f2d35e6c9]
7486:
7487: 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
7488:
7489: * plugins/sudoers/check.c:
7490: Do not produce a warning for "sudo -k" if the ticket file does not
7491: exist.
7492: [1598f6061b75]
7493:
7494: * plugins/sudoers/pwutil.c:
7495: Instead of caching struct passwd and struct group in the red-black
7496: tree, store a struct cache_item which includes both the key and
7497: datum. This allows us to user the actual name that was looked up as
7498: the key instead of the contents of struct passwd or struct group.
7499: This matters because the name in the database may not match what we
7500: looked up, due either to case folding or truncation (historically at
7501: 8 characters). Also mark the disabled calls to sudo_freepwcache()
7502: and sudo_freegrcache() as broken since we use cached data for things
7503: like set_perms() and the logging functions. Fixing this would
7504: require making a copy of the structs for user and runas or adding a
7505: reference count (better).
7506: [225d4a22f60e]
7507:
7508: * plugins/sudoers/Makefile.in:
7509: Fix path to mkinstalldirs
7510: [b4968379b12d]
7511:
7512: * plugins/sudoers/check.c, plugins/sudoers/logging.c,
7513: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
7514: src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
7515: Quiet gcc warnings on glibc systems that use warn_unused_result for
7516: write(2) and others.
7517: [c99f138960e0]
7518:
7519: 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
7520:
7521: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7522: Add %option noinput
7523: [72b9cd49b4f1]
7524:
7525: * aclocal.m4, configure, configure.in:
7526: Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
7527: back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
7528: cross-compiling.
7529: [e385c176d0ee]
7530:
7531: 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
7532:
7533: * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
7534: Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
7535: and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
7536: [cf3e60d9c440]
7537:
7538: 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
7539:
7540: * pp:
7541: Update to latest version
7542: [32f93be33961]
7543:
7544: 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
7545:
7546: * sudo.pp:
7547: Let pp determine pp_aix_version itself.
7548: [7cf0245d84ed]
7549:
7550: * INSTALL, config.h.in, configure, configure.in, mkpkg,
7551: plugins/sudoers/sudoers.c:
7552: Add support for Ubuntu admin flag file and enable it when building
7553: Ubuntu packages.
7554: [00e27cff2dfb]
7555:
7556: * plugins/sudoers/sudoers, sudo.pp:
7557: Add commented out SuSE-like targetpw settings
7558: [4605d47b7413]
7559:
7560: * configure, configure.in:
7561: Only try to use +DAportable for non-GCC on hppa
7562: [75d0f284ccf7]
7563:
7564: * configure, configure.in:
7565: Prevent configure from adding the -g flag unless in devel mode
7566: [b1fd3f8d45c0]
7567:
7568: 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
7569:
7570: * sudo.pp:
7571: Go back to sudo-flavor to match existing packages and only use an
7572: underscore for those that need it.
7573: [d737069d1e1c]
7574:
7575: * sudo.pp:
7576: Use sudo_$flavor instead of sudo-$flavor since that causes the least
7577: amount of trouble for the various package managers.
7578: [71f547af35fc]
7579:
7580: * mkpkg:
7581: Fix handling of the ldap flavor Remove destdir unless --debug was
7582: specified Make distclean before running configure if there is a
7583: Makefile present
7584: [6316f08de7d3]
7585:
7586: * sudo.pp:
7587: Add back include file.
7588: [195627bf68b8]
7589:
7590: * mkpkg:
7591: Pass extra args on to configure on HP-UX, if we don't have the HP C
7592: compiler, disable zlib to prevent gcc from finding it in
7593: /usr/local/lib.
7594: [473efa0e2bac]
7595:
7596: * mkpkg:
7597: Use the HP ANSI C compiler on HP-UX if possible
7598: [fb249b6b175d]
7599:
7600: * plugins/sudoers/sudoreplay.c:
7601: Some getline() implementations (FreeBSD 8.0) do not ignore the
7602: length pointer when the line pointer is NULL as they should.
7603: [2410a1a3543c]
7604:
7605: * plugins/sudoers/sudoreplay.c:
7606: Don't need to check for *cp being non-zero, isdigit() will do that.
7607: [7df11ea8a487]
7608:
7609: * plugins/sudoers/sudoreplay.c:
7610: Add setlocale() so the command line arguments that use floating
7611: point work in different locales. Since sudo now logs the timing
7612: data in the C locale we must Parse the seconds in the timing file
7613: manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
7614: the number of seconds with the user's locale so if the decimal point
7615: is not '.' try using the locale-specific version.
7616: [4d385765f23b]
7617:
7618: * src/exec.c:
7619: Do I/O logging in the C locale so the floating point numbers in the
7620: timing file are not locale-dependent.
7621: [5961cec044ec]
7622:
7623: * plugins/sudoers/sudoreplay.c:
7624: Use errorx() not error() for thingsthat don't set errno.
7625: [0fe5e692af84]
7626:
7627: 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
7628:
7629: * pp:
7630: Better support for 1.2.3 style versions in Tru64 kits
7631: [997c549bb777]
7632:
7633: * sudo.pp:
7634: Add Tru64 kit support
7635: [e273a954f981]
7636:
7637: * pp:
7638: Remove apparently unnecessary use of sudo
7639: [be8840d85125]
7640:
7641: * Makefile.in, plugins/sudoers/Makefile.in:
7642: Create timedir as part of install-dirs target.
7643: [c736bc2fb14f]
7644:
7645: * src/exec_pty.c:
7646: Handle ENXIO from read/write which can occur when reading/writing a
7647: pty that has gone away.
7648: [fa2e8059879f]
7649:
7650: * plugins/sudoers/pwutil.c:
7651: sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
7652: [3a045475d5ee]
7653:
7654: * mkpkg:
7655: platform is a pp flag not a variable
7656: [12eba39a47c1]
7657:
7658: * Makefile.in, mkpkg, sudo.pp:
7659: Add simple arg parsing for mkpkg so we can set debug, flavor or
7660: platform.
7661: [ada839fe252d]
7662:
7663: * pp:
7664: Make rpm backend work on AIX 5.x
7665: [549a76d11393]
7666:
7667: 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
7668:
7669: * plugins/sudoers/sudoers:
7670: Add commented out Defaults entry for log_output
7671: [7e67d7588900]
7672:
7673: 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
7674:
7675: * doc/Makefile.in:
7676: Remove sudo docdir completely
7677: [dce8e82878ef]
7678:
7679: * doc/sample.sudo.conf:
7680: Add sample sudo.conf
7681: [aafdba3fc411]
7682:
7683: 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
7684:
7685: * plugins/sudoers/Makefile.in:
7686: Add PACKAGE_TARNAME for docdir
7687: [930c92b8f8f0]
7688:
7689: 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
7690:
7691: * src/Makefile.in:
7692: Pass install-sh -b~ here too.
7693: [c3f5eb446c38]
7694:
7695: * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
7696: plugins/sudoers/Makefile.in, src/Makefile.in:
7697: Install binary files with -b~ to make a backup. Fixes "text file
7698: busy" error on HP-UX during install.
7699: [81f306f54f8c]
7700:
7701: * install-sh:
7702: "mv -f" on HP-UX doesn't unlink the destination first so add an
7703: explicit rm before moving the temporary into place.
7704: [fb719a79582d]
7705:
7706: * configure, configure.in:
7707: Some more ${foo} -> $(foo) conversion for consistent Makefiles.
7708: [0aa098770074]
7709:
7710: * doc/Makefile.in, plugins/sudoers/Makefile.in:
7711: Install sudoers2ldif in the doc dir
7712: [33ac3b53d7f5]
7713:
7714: 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
7715:
7716: * pathnames.h.in:
7717: Add missing include of maillock.h for Solaris
7718: [5a58883be23a]
7719:
7720: * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
7721: doc/sample.syslog.conf, doc/sudoers.cat:
7722: Change the default syslog facility from local2 to authpriv (or auth
7723: if the operating system doesn't support authpriv).
7724: [3b70ba514f49]
7725:
7726: * Makefile.in, sudo.pp:
7727: Install sudoers as /etc/sudoers on RPM and debian systems where the
7728: package manager will not replace a user-modified configuration file.
7729: This fixes upgrades from the vendor sudo packages.
7730: [d886b6d60b5b]
7731:
7732: * pp:
7733: RPM: use %config(noreplace) instead of %config for volatile This
7734: results in the new file being installed with a .rpmnew suffix
7735: instead of the file being replaced and the old one renamed with a
7736: .rpmsave suffix.
7737: [58be2119f8e8]
7738:
7739: 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
7740:
7741: * compat/mkstemps.c, plugins/sudoers/boottime.c:
7742: Include time.h for struct timeval
7743: [ddf8b04f0276]
7744:
7745: * src/exec_pty.c:
7746: The return value of strsignal() may be const and should be treated
7747: as const regardless.
7748: [620074ae1e77]
7749:
7750: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
7751: Mention that 127.0.0.1 will not match, nor will localhost unless
7752: that is the actual host name.
7753: [8b574122eb8f]
7754:
7755: * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
7756: Rename WHATSNEW -> NEWS
7757: [d1a2c8c47d89]
7758:
7759: * pp:
7760: Updated pp with latest patches
7761: [98e16b9b8f62]
7762:
7763: * WHATSNEW:
7764: Sync with 1.7.4
7765: [65ac4dafeef7]
7766:
7767: * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
7768: plugins/sudoers/sudoers:
7769: Add commented out line to add HOME to env_keep and add a warning to
7770: the note about the HOME change in UPGRADE.
7771: [0d6a775bb6c8]
7772:
7773: 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
7774:
7775: * plugins/sudoers/sudoreplay.c:
7776: Add LINE_MAX define for those without it.
7777: [446d9dbe7859]
7778:
7779: * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
7780: doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
7781: plugins/sudoers/defaults.c:
7782: The tty_tickets option is now on by default.
7783: [a01c48206d80]
7784:
7785: * WHATSNEW:
7786: Mention that AIX authdb support has been fixed.
7787: [87bd7f4eba6a]
7788:
7789: * common/aix.c:
7790: setauthdb() only sets the "old" registry if it was set by a previous
7791: call to setauthdb(). To restore the original value, passing NULL
7792: (or an empty string) to setauthdb() is sufficient.
7793: [470da190a254]
7794:
7795: 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
7796:
7797: * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
7798: doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
7799: plugins/sudoers/env.c:
7800: Reset HOME when env_reset is enabled unless it is in env_keep
7801: [f421f8827340]
7802:
7803: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
7804: The default for set_logname has been "true" for some time now.
7805: [f489da5674c3]
7806:
7807: * plugins/sudoers/boottime.c:
7808: Add missing include of time.h
7809: [624d7014932f]
7810:
7811: * plugins/sudoers/logging.c:
7812: Fix check for dup2() return value.
7813: [140ea2d50d20]
7814:
7815: * plugins/sudoers/env.c:
7816: Add PYTHONUSERBASE to initial_badenv_table
7817: [3149aae5b12c]
7818:
7819: * plugins/sudoers/visudo.c:
7820: Treat an unknown defaults entry as a parse error.
7821: [b3ebad73efb2]
7822:
7823: * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
7824: Check return value of setdefs() but don't stop setting defaults if
7825: we hit an unknown one.
7826: [945e752239ab]
7827:
7828: * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
7829: doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
7830: doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
7831: plugins/sudoers/env.c:
7832: If env_reset is enabled, set the MAIL environment variable based on
7833: the target user unless MAIL is explicitly preserved in sudoers.
7834: [a1b03e2e0e96]
7835:
7836: 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
7837:
7838: * pp:
7839: decode debian code names
7840: [8741280d9960]
7841:
7842: * WHATSNEW:
7843: fix typo
7844: [a8a19451110b]
7845:
7846: 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
7847:
7848: * WHATSNEW:
7849: Merge with 1.7.4
7850: [9348fa7e15b8]
7851:
7852: * src/sudo.c:
7853: Restore RLIMIT_NPROC after the uid switch if it appears that
7854: runas_setup() did not do it for us. Fixes a bash script problem on
7855: SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
7856: [786fb272e5fd]
7857:
7858: 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
7859:
7860: * mkpkg, pp, sudo.pp:
7861: Restore the dot removal in the os version reported by polypkg. Adapt
7862: mkpkg and sudo.pp to the change.
7863: [dcafdd53b88f]
7864:
7865: 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
7866:
7867: * INSTALL:
7868: document --with-pam-login
7869: [ea93e4c6873c]
7870:
7871: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
7872: The tag is NOSETENV, not UNSETENV. From Petr Uzel.
7873: [2ac90d8de36e]
7874:
7875: 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
7876:
7877: * sudo.pp:
7878: Include flavor in solaris package name
7879: [e605f6364c9f]
7880:
7881: * mkpkg:
7882: Older shells don't support IFS= so set explictly to space, tab,
7883: newline.
7884: [7773960bc8a0]
7885:
7886: * mkpkg:
7887: Use '=' not '==' in test
7888: [c99d42bc48e6]
7889:
7890: * mkpkg:
7891: Fix typo that prevented debian from matching
7892: [84421078fcb7]
7893:
7894: * mkpkg:
7895: Add missing prefix setting for debian
7896: [6466f23de4aa]
7897:
7898: * sudo.pp:
7899: Use tab indents to reduce the chance of problem with <<- Fix the
7900: debian %set section, pp does not set pp_deb_distro Uncomment %sudo
7901: line in sudoers for debian Uncomment some env_keep lines for RHEL,
7902: SLES and debian to more closely match the vendor sudoers files.
7903: Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
7904: debian for ldap flavor
7905: [c5b49feb1a0c]
7906:
7907: * plugins/sudoers/sudoers:
7908: Add commented out env_keep entries, sample Aliases and a %sudo line
7909: for debian.
7910: [387719e52d0f]
7911:
7912: * configure, configure.in:
7913: Move zlib check later on in the script to avoid a strange shell
7914: problem on SLES11.
7915: [1a3153bb1291]
7916:
7917: * configure.in:
7918: Remove check for egrep; configure has its own
7919: [a3b9d98cb5d2]
7920:
7921: 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
7922:
7923: * mkpkg:
7924: Enable zlib for linux distros
7925: [8fa51a1405a4]
7926:
7927: * mkpkg:
7928: Add ldap flavor to default build
7929: [97644f5a555f]
7930:
7931: * mkpkg, sudo.pp:
7932: Simplify rpm linux distro settings
7933: [b9dcf10cdf20]
7934:
7935: * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
7936: Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
7937: [2c549c1acde9]
7938:
7939: * Makefile.in:
7940: Fix ChangeLog creation from build dir
7941: [3d0c7904f173]
7942:
7943: * plugins/sudoers/sudoers.c:
7944: Handle getcwd() failure.
7945: [aef7bef87394]
7946:
7947: * doc/Makefile.in, mkpkg, sudo.pp:
7948: Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
7949: environment variable.
7950: [be6ed611b7a8]
7951:
7952: * sudo.pp:
7953: Create sudo group on debian
7954: [6ed6c032042e]
7955:
7956: * mkpkg, sudo.pp:
7957: Add debian 4/5/6 and use the dot when doing version matches
7958: [6bcb664d1f4f]
7959:
7960: * aclocal.m4, configure:
7961: Use a loop when searching for mv, sendmail and sh
7962: [d5e9369f8d13]
7963:
7964: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
7965: Remove spurious "and"; from debian
7966: [a21e6f7c5b99]
7967:
7968: * aclocal.m4, configure, configure.in, doc/sudoers.cat,
7969: doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
7970: doc/visudo.man.in, doc/visudo.pod:
7971: Substitute the value of EDITOR into the sudoers and visudo manuals.
7972: [cd79e587dd7f]
7973:
7974: 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
7975:
7976: * mkpkg, pp, sudo.pp:
7977: Initial support for debian 4.0
7978: [ac6707915fa8]
7979:
7980: * mkpkg:
7981: Some platforms need -fPIE instead of -fpie
7982: [fd6be19e5bc2]
7983:
7984: * plugins/sudoers/auth/pam.c:
7985: Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
7986: On Linux it causes a DNS lookup via libaudit.
7987: [1e10105ade5b]
7988:
7989: * MANIFEST:
7990: Update MANIFEST to match packaging changes
7991: [ef86ee557b5b]
7992:
7993: * sudo.psf:
7994: We now use pp to generate HP-UX packages
7995: [f7aa8da7844e]
7996:
7997: * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
7998: Remove vestiges of old binary package bits.
7999: [afffd005452f]
8000:
8001: * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
8002: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
8003: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
8004: src/Makefile.in:
8005: install-man -> install-doc
8006: [99b5fa05567c]
8007:
8008: * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
8009: plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
8010: Use http://rc.quest.com/topics/polypkg/ for packaging
8011: [5ca8eb75b223]
8012:
8013: * install-sh:
8014: Just ignore the -c option, it is the default Add support for -d
8015: option
8016: [a8b6b0a131e8]
8017:
8018: 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
8019:
8020: * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
8021: Use _PATH_STDPATH instead of _PATH_DEFPATH
8022: [137fa911908e]
8023:
8024: * plugins/sudoers/Makefile.in, src/Makefile.in:
8025: Do not strip binaries.
8026: [20166e287176]
8027:
8028: * INSTALL, configure, configure.in:
8029: Add --insults=disabled configure option to allow people to build in
8030: insult support but have the insults disabled unless explicitly
8031: enabled in sudoers.
8032: [523b8c552e90]
8033:
8034: * compat/mkstemps.c:
8035: Add prototype for gettime()
8036: [275eee40473b]
8037:
8038: * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
8039: plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
8040: plugins/sudoers/sudoers.h:
8041: Add support for a sudo-i pam.d file to be used for "sudo -i".
8042: Adapted from a RedHat patch.
8043: [06d34f16520b]
8044:
8045: 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
8046:
8047: * include/missing.h:
8048: Fix mkstemps() prototype
8049: [2421841e815b]
8050:
8051: * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
8052: config.h.in, configure, configure.in, include/missing.h,
8053: src/sudo_edit.c:
8054: Use mkstemps() instead of mkstemp() in sudoedit. This allows
8055: sudoedit to preserve the file extension (if any) which may be used
8056: by the editor (like emacs) to choose the editing mode.
8057: [d33172d2c086]
8058:
8059: 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
8060:
8061: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
8062: plugins/sudoers/ldap.c:
8063: TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
8064: TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
8065: code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
8066: should avoid disabling TLS_CHECKPEER is possible.
8067: [196622436212]
8068:
8069: 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
8070:
8071: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8072: Make sudo_plugin format a bit more like a man page
8073: [048d596e32da]
8074:
8075: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8076: Add suport for negated user/host/command lists in a Defaults entry.
8077: E.g. Defaults:!baduser noexec
8078: [d41112cf0342]
8079:
8080: * Makefile.in, common/Makefile.in, compat/Makefile.in,
8081: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
8082: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
8083: src/Makefile.in:
8084: Add uninstall target
8085: [fea66ebf136a]
8086:
8087: * common/Makefile.in, compat/Makefile.in:
8088: Remove unused AR, SED and RANLIB variables
8089: [2ff9928bfdb3]
8090:
8091: * Makefile.in:
8092: Do not install sample plugins
8093: [5443b87bd1c3]
8094:
8095: 2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
8096:
8097: * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
8098: configure.in, plugins/sudoers/env.c:
8099: Now that sudoers is a dynamically loaded module we cannot override
8100: the libc environment functions because the symbols may already have
8101: been resolved via libc. Remove getenv/putenv/setenv/unsetenv
8102: replacements from sudoers and add replacements for setenv/unsetenv
8103: for systems that lack them.
8104: [3f2b43cb8851]
8105:
8106: * configure, configure.in, plugins/sudoers/Makefile.in:
8107: Link testsudoers with -ldl when needed
8108: [f79606f9fcd7]
8109:
8110: * plugins/sample_group/plugin_test.c:
8111: Remove unused time.h and add limits.h for PATH_MAX
8112: [3f5d0074d621]
8113:
8114: * doc/sudoers.ldap.pod:
8115: Fix typo.
8116: [bc855fd57397]
8117:
8118: 2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
8119:
8120: * plugins/sample_group/plugin_test.c:
8121: Do not depend on strlcpy/strlcat
8122: [6e7e2b5af051]
8123:
8124: * plugins/sample_group/plugin_test.c:
8125: Standalone test driver for sudoers group plugin.
8126: [eb1235fc3b8e]
8127:
8128: 2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
8129:
8130: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
8131: Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
8132: aid.
8133: [2a34e616229b]
8134:
8135: * plugins/sample_group/sample_group.c:
8136: Fix style nit in function declarations
8137: [ab87c7c76bf9]
8138:
8139: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8140: Document group_plugin syntax.
8141: [ed1faf72ddcb]
8142:
8143: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8144: Document the sudoers group plugin.
8145: [f19a62dc8cfc]
8146:
8147: * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
8148: configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
8149: plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
8150: plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
8151: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
8152: plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
8153: plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
8154: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
8155: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
8156: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
8157: Replace built-in non-unix group support with a sudoers group plugin.
8158: Include a sample plugin that can read Unix-format group files.
8159: [8fc58ce0b1a8]
8160:
8161: * configure, configure.in, src/load_plugins.c:
8162: Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
8163: [5c491dddb8ef]
8164:
8165: 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
8166:
8167: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
8168: doc/sudoers.man.in, doc/sudoers.pod:
8169: Move sudoers-specific bits out of sudo(8) and into sudoers(5)
8170: [e8a5a5830cfe]
8171:
8172: * aclocal.m4, configure, configure.in:
8173: Substitute @io_logdir@ for the sudoers I/O log directory.
8174: [21a75ca7b0ab]
8175:
8176: 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
8177:
8178: * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
8179: common/atobool.c, common/fileops.c, common/fmt_string.c,
8180: common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
8181: compat/getgrouplist.c, compat/getline.c, compat/glob.c,
8182: compat/snprintf.c, config.h.in, configure, configure.in,
8183: include/fileops.h, plugins/sample/sample_plugin.c,
8184: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
8185: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
8186: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
8187: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
8188: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
8189: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
8190: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
8191: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
8192: plugins/sudoers/boottime.c, plugins/sudoers/check.c,
8193: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
8194: plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
8195: plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
8196: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
8197: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
8198: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
8199: plugins/sudoers/logging.c, plugins/sudoers/match.c,
8200: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
8201: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
8202: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
8203: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
8204: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
8205: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
8206: src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
8207: src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
8208: src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
8209: Set usrinfo for AIX Set adminstrative domain for the process when
8210: looking up user's password or group info and when preparing for
8211: execve(). Include strings.h even if string.h exists since they may
8212: define different things. Fixes warnings on AIX and others.
8213: [cf8b93e872c9]
8214:
8215: * Makefile.in:
8216: Add a separate all target for AIX make which was using the entire
8217: LHS (not just the first entry) of the first target as the implicit
8218: target.
8219: [a45b980a01ef]
8220:
8221: * plugins/sudoers/env.c:
8222: Do not rely on env.env_len when unsetting a variable, just use the
8223: NULL terminator.
8224: [ca6eb239c829]
8225:
8226: * plugins/sudoers/env.c:
8227: In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
8228: [7046ba7caa4e]
8229:
8230: 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
8231:
8232: * plugins/sudoers/vasgroups.c:
8233: Use warningx() instead of log_error() since the latter is not
8234: available to visudo or testsudoers. This does mean that they don't
8235: end up in syslog.
8236: [152b7c50f426]
8237:
8238: * plugins/sudoers/sudoers.c:
8239: Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
8240: closed the sudoers sources. From Quest sudo.
8241: [c1cd573bab94]
8242:
8243: * plugins/sudoers/pwutil.c:
8244: Ignore case when matching user/group names in the cache. From Quest
8245: sudo.
8246: [2aa4ecc7d7f5]
8247:
8248: 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
8249:
8250: * config.h.in, configure, configure.in, src/selinux.c:
8251: Add check for setkeycreatecon() when --with-selinux is specified.
8252: [affae247b4e0]
8253:
8254: * configure, configure.in:
8255: Error out if libaudit.h is missing or ununable when --with-linux-
8256: audit was specified
8257: [d82e743fac04]
8258:
8259: * doc/HISTORY, doc/history.pod:
8260: Add =head3 entries, mostly for the html version
8261: [ee93112d0308]
8262:
8263: 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
8264:
8265: * doc/HISTORY, doc/history.pod:
8266: Mention when LDAP was incorporate.
8267: [2923dc17f79c]
8268:
8269: 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
8270:
8271: * configure, configure.in:
8272: Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
8273: not covered by _ALL_SOURCE.
8274: [c92fd69809d0]
8275:
8276: 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
8277:
8278: * plugins/sudoers/iolog.c:
8279: Add a cast to quiet a compiler warning.
8280: [a200e07ee1bc]
8281:
8282: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
8283: Quiet a compiler warning.
8284: [c9acfc927cea]
8285:
8286: * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
8287: Call set_fqdn() after sudoers has parsed instead of inline as a
8288: callback.
8289: [5f4e5d075f2d]
8290:
8291: * WHATSNEW, plugins/sudoers/sudoers.c:
8292: Do not call set_fqdn() until sudoers parses (where is gets run as a
8293: callback).
8294: [09040fca6d40]
8295:
8296: * WHATSNEW:
8297: mention the change in tty ticket behavior when there is no tty
8298: [575a1fd98f05]
8299:
8300: * plugins/sudoers/check.c:
8301: Do not update tty ticket if there is no tty.
8302: [63f9c33ce6a7]
8303:
8304: * doc/LICENSE, doc/license.pod:
8305: Update copyright year
8306: [0722ab5d404b]
8307:
8308: * doc/Makefile.in:
8309: Do not rely on BSD make's $>
8310: [936a86398bd9]
8311:
8312: * configure, configure.in:
8313: Set timedir to /var/db/sudo for darwin to match Apple sudo's
8314: location
8315: [d5b9b03096f1]
8316:
8317: 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
8318:
8319: * plugins/sudoers/sudoers.h:
8320: Add stub declarations for struct stat and struct timeval
8321: [f6d90551a4fd]
8322:
8323: * MANIFEST:
8324: Remove compat/sigaction.c
8325: [d0ed6d9a770e]
8326:
8327: * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
8328: plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
8329: Check for zlib.h in addition to libz.
8330: [6e191b4a6065]
8331:
8332: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
8333: src/sudo_exec.h:
8334: Move functions and symbols shared between exec.c and exec_pty.c into
8335: sudo_exec.h.
8336: [14ae63403544]
8337:
8338: * doc/Makefile.in:
8339: Comment out rules to build .man.in and .cat files unless --with-
8340: devel
8341: [3cf7e5606a85]
8342:
8343: * doc/Makefile.in:
8344: Comment out rules to build .man.in and .cat files unless --with-
8345: devel
8346: [d30495b0e29e]
8347:
8348: * src/parse_args.c:
8349: Quote any non-alphanumeric characters other than '_' or '-' when
8350: passing a command to be run via the shell for the -s and -i options.
8351: [d633f74fe2d9]
8352:
8353: * doc/Makefile.in:
8354: Add back .man suffix
8355: [6e63b60a2739]
8356:
8357: * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
8358: plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
8359: plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
8360: plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
8361: src/selinux.c:
8362: Add Linux audit support.
8363: [5a2f445e0bd4]
8364:
8365: 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
8366:
8367: * plugins/sudoers/iolog.c:
8368: Remove an XXX
8369: [a170cbe651d1]
8370:
8371: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
8372: plugins/sudoers/sudoreplay.c:
8373: Add -f (filter) option to sudoreplay to allow certain streams to be
8374: replayed and others ignored.
8375: [62e51b432ea1]
8376:
8377: * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
8378: src/tgetpass.c:
8379: Fix -A flag when askpass is specified in sudo.conf or if sudo
8380: doesn't need to read a password.
8381: [2e401e4a00e3]
8382:
8383: * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
8384: src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
8385: Clean up some XXXs
8386: [689f0b002d3d]
8387:
8388: * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
8389: doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
8390: Add support for multiple sudoers_base entries in ldap.conf. From
8391: Joachim Henke
8392: [e3e4a3c2bd5b]
8393:
8394: * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
8395: src/exec_pty.c:
8396: remove setsid check, we require a POSIX system
8397: [cc73cb9e22c0]
8398:
8399: * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
8400: src/sudo.c, src/tgetpass.c:
8401: Check for dup2() failure.
8402: [5d46d66794f5]
8403:
8404: * config.h.in, configure, configure.in:
8405: Remove dup2() check, it is not optional.
8406: [5f1d56de4384]
8407:
8408: 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
8409:
8410: * WHATSNEW:
8411: sync with sudo 1.7.3
8412: [88e5c0bd6d59]
8413:
8414: * INSTALL:
8415: SunOS does not ship with an ANSI compiler
8416: [f13c85c67069]
8417:
8418: * INSTALL:
8419: Update OS specific notes. Delete some really ancient ones and move
8420: older ones to the end of the list.
8421: [59ce592c4c52]
8422:
8423: * README:
8424: Sudo can be downloaded from the web site too Mention "OS dependent
8425: notes" section in INSTALL
8426: [191871538984]
8427:
8428: * src/exec_pty.c, src/selinux.c:
8429: Call selinux_restore_tty() as part of cleanup() so it gets called
8430: from error()/errorx()
8431: [bb017da6b6da]
8432:
8433: * MANIFEST, doc/PORTING:
8434: Remove obsolete porting guide
8435: [321e35591344]
8436:
8437: * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
8438: Move union sudo_in_addr_un into interfaces.h
8439: [b2c8b19ee094]
8440:
8441: * doc/Makefile.in:
8442: Remove useless circular dependencies
8443: [5682181b59cf]
8444:
8445: * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
8446: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
8447: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
8448: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
8449: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
8450: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
8451: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
8452: Convert to ANSI C function declarations
8453: [a4f76927d034]
8454:
8455: * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
8456: common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
8457: compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
8458: compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
8459: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
8460: compat/strlcpy.c, compat/timespec.h, compat/utime.h,
8461: compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
8462: include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
8463: include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
8464: plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
8465: plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
8466: plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
8467: plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
8468: plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
8469: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
8470: plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
8471: plugins/sudoers/logging.h, plugins/sudoers/match.c,
8472: plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
8473: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
8474: plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
8475: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
8476: plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
8477: plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
8478: src/conversation.c, src/error.c, src/load_plugins.c,
8479: src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
8480: src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
8481: Update copyright year
8482: [26ac7991f7d8]
8483:
8484: * doc/Makefile.in:
8485: Fix commented DEVDOCS when not in devel mode.
8486: [e0a97eaf3793]
8487:
8488: * plugins/sudoers/match.c:
8489: Quiet a compiler warning.
8490: [b2a17ebd5d38]
8491:
8492: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
8493: Quiet a compiler warning.
8494: [687843bc593d]
8495:
8496: * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
8497: Make all functions in ldap.c static
8498: [b2111e89eeba]
8499:
8500: * doc/schema.ActiveDirectory:
8501: Updates from Alain Roy to provide better examples for importing the
8502: schema and to fix problems caused by Windows validating attributes
8503: which have not yet been added before committing the changes.
8504: [69f4c5ccaf89]
8505:
8506: 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
8507:
8508: * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
8509: doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
8510: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
8511: doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
8512: doc/visudo.cat, doc/visudo.man.in:
8513: Leave rules to build .man.in and .cat files uncommented but only
8514: make them part of the "all" rule in devel mode. Generate .cat files
8515: directly from .man.in instead of .man using default values in
8516: configure.in
8517: [c3054a44f6a5]
8518:
8519: * configure, configure.in:
8520: Bump sudo version to 1.8.0b1
8521: [8f79c85135e1]
8522:
8523: * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
8524: Print configure args with verbose version information.
8525: [1ce690660ed2]
8526:
8527: * TODO, plugins/sudoers/visudo.c:
8528: Remove tfd from struct sudoersfile; it is not used. Add prev pointer
8529: to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
8530: Use tq_append to append sudoers entries to the tail queue.
8531: [1743f9a286e4]
8532:
8533: 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
8534:
8535: * WHATSNEW:
8536: Describe tty timestamp improvements
8537: [e214e863a313]
8538:
8539: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8540: A comment character may not be part of a command line argument
8541: unless it is quoted with a backslash. Fixes parsing of:
8542: testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
8543: [ea2e990f85ed]
8544:
8545: * doc/sudoers.pod:
8546: Make this read a little bit better when passwd_timeout is 0.
8547: [39d362757f31]
8548:
8549: * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
8550: Attempt to handle a default password prompt timeout of zero more
8551: gracefully.
8552: [ea47d43acf5b]
8553:
8554: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8555: Do not override value of keepopen global, instead restore it to the
8556: value we pushed onto the stack when popping.
8557: [fe282e5a3402]
8558:
8559: * plugins/sudoers/Makefile.in:
8560: Add dependency for utility programs on libreplace and libcommon
8561: [2339aba64928]
8562:
8563: * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
8564: plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
8565: src/exec.c, src/exec_pty.c, src/tgetpass.c:
8566: Remove sigaction emulation Use SA_INTERRUPT in sa_flags
8567: [7dd61f1bd8d2]
8568:
8569: * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
8570: We don't use getgrouplist() at the moment so there's no need to
8571: provide a compat version.
8572: [1597536fbada]
8573:
8574: * TODO:
8575: sync with reality
8576: [9e1a874e7885]
8577:
8578: * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
8579: src/conversation.c, src/sudo.h, src/tgetpass.c:
8580: Fix visiblepw sudoers option; the plugin API portion still needs
8581: documenting
8582: [60b6933ef5e0]
8583:
8584: * src/sudo.c:
8585: Print sudo version as well.
8586: [987ed459b459]
8587:
8588: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
8589: Use sudo_printf for I/O log version Clarify policy plugin version
8590: string
8591: [5a58b7e8c80b]
8592:
8593: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
8594: plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
8595: Silence some compiler warnings
8596: [afb1eba90915]
8597:
8598: * src/load_plugins.c, src/tgetpass.c:
8599: Store askpass path in a global instead of uses setenv() which many
8600: systems lack.
8601: [b440bcc0e660]
8602:
8603: 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
8604:
8605: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
8606: doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8607: plugins/sudoers/check.c, plugins/sudoers/def_data.c,
8608: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
8609: plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
8610: plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
8611: src/tgetpass.c:
8612: Move askpass path specification from sudoers to sudo.conf.
8613: [5507ab867c26]
8614:
8615: * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
8616: Use a flag bit in struct command_details for selinux instead of a
8617: separate field.
8618: [c59ca4acded9]
8619:
8620: * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
8621: Implement background mode. If I/O logging we use pipes instead of a
8622: pty.
8623: [c07a4b356cbd]
8624:
8625: * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
8626: src/exec.c, src/exec_pty.c, src/tgetpass.c:
8627: Move compat definition of NSIG to compat.h
8628: [ab0385467f25]
8629:
8630: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
8631: doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8632: Mention plugins in the sudo manual and add some missing path
8633: substitution in the sudo_plugin manual.
8634: [570f831f47a3]
8635:
8636: * src/Makefile.in:
8637: Set _PATH_SUDO_CONF based on $(sysconfdir)
8638: [fde51869cf07]
8639:
8640: * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
8641: src/exec.c, src/exec_pty.c, src/ttysize.c:
8642: Require POSIX termios to build sudo
8643: [9ec6b41f3f95]
8644:
8645: * src/tgetpass.c:
8646: Ignore SIGPIPE for "sudo -S"
8647: [7ad27fde0c06]
8648:
8649: * src/tgetpass.c:
8650: Fix uninitialized variable in TGP_ECHO case and print a newline if
8651: the user interrupted password input.
8652: [ce19204d8dd4]
8653:
8654: * src/tgetpass.c:
8655: Make TGP_ECHO override TGP_MASK and don't try to restore the
8656: terminal if we didn't modify it.
8657: [a7e11abfe7e4]
8658:
8659: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8660: include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
8661: src/conversation.c, src/sudo.h, src/tgetpass.c:
8662: Add SUDO_CONV_PROMPT_MASK define which corresponds to the
8663: "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
8664: set.
8665: [e0550590cabe]
8666:
8667: * src/exec_pty.c:
8668: Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
8669: [762448182fe3]
8670:
8671: 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
8672:
8673: * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
8674: Add selinux_enabled flag into struct command_details and set it in
8675: command_info_to_details(). Return an error from selinux_setup()
8676: instead of exiting. Call selinux_setup() from exec_setup().
8677: [011bea23a5a0]
8678:
8679: 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
8680:
8681: * src/exec_pty.c:
8682: Remove commented out copy of old sudo_execve() function.
8683: [9c5e21380472]
8684:
8685: 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
8686:
8687: * plugins/sudoers/sudoers.c:
8688: Fix setting selinux type on command line.
8689: [814b20a0b3be]
8690:
8691: * plugins/sudoers/iolog.c:
8692: In sudoers_io_close(), skip NULL io_fds[] elements.
8693: [4011ff7d4daf]
8694:
8695: * include/compat.h:
8696: No longer need NGROUPS_MAX define
8697: [cae4c49d7077]
8698:
8699: * compat/nanosleep.c, config.h.in, configure, configure.in,
8700: include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
8701: plugins/sudoers/visudo.c, src/sudo_edit.c:
8702: Replace timerfoo macros with timevalfoo since the timer macros are
8703: known to be busted on some systems.
8704: [4f97d79f2d41]
8705:
8706: * src/exec_pty.c:
8707: Remove duplicate call to selinux_setup().
8708: [82bd52764e21]
8709:
8710: * plugins/sudoers/auth/pam.c:
8711: If pam_open_session() fails, pass its status to pam_end.
8712: [1d8de4cf8ff3]
8713:
8714: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8715: If a file in a #includedir has improper permissions or owner just
8716: skip it. This prevents packages that incorrectly install a file
8717: into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
8718: #includedir files still result in a parse error (for now).
8719: [ade99a4549a4]
8720:
8721: * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
8722: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
8723: plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
8724: Add use_pty sudoers option to force use of a pty even when not
8725: logging I/O.
8726: [b280a8972a79]
8727:
8728: * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
8729: Make env_init() void as it never fails.
8730: [d3890e55daa7]
8731:
8732: * plugins/sudoers/env.c:
8733: No longer use _NSGetEnviron so don't need crt_externs.h
8734: [9b4e0e139881]
8735:
8736: * plugins/sudoers/env.c:
8737: Remove unused VNULL define
8738: [a42cacb263e3]
8739:
8740: 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
8741:
8742: * plugins/sudoers/iolog.c:
8743: Add #define for maximum session id
8744: [9e18c17a28c2]
8745:
8746: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
8747: Split exec.c into exec.c and exec_pty.c
8748: [d52376327332]
8749:
8750: * MANIFEST:
8751: Sync with source file moves.
8752: [4a62c6c9e846]
8753:
8754: * src/Makefile.in, src/get_pty.c, src/pty.c:
8755: Rename pty.c -> get_pty.c
8756: [5696a12bd29b]
8757:
8758: 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
8759:
8760: * plugins/sudoers/iolog.c:
8761: Only use I/O input log file if def_log_input is set and output file
8762: if def_log_output is set.
8763: [d866992f1681]
8764:
8765: 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
8766:
8767: * compat/strsignal.c:
8768: Update copyright year
8769: [a96f2593fd4e]
8770:
8771: * src/pty.c:
8772: uid -> ttyuid
8773: [c3454d74ebcb]
8774:
8775: * plugins/sudoers/sudoers.c:
8776: For sudoedit, make a local copy of editor string si become part of
8777: argv. If no editor environment variable, split def_editor on ':'
8778: since it may be a colon-delimited path.
8779: [2ee298506a6e]
8780:
8781: * src/sudo_edit.c:
8782: Remove unneeded endpwent()/endgrent()
8783: [623f6743d101]
8784:
8785: * doc/Makefile.in:
8786: Use value of nroff from configure
8787: [b2ce649125ab]
8788:
8789: * src/exec.c:
8790: Add missing const to I/O log action function
8791: [d764a3955e04]
8792:
8793: * plugins/sudoers/check.c:
8794: Update copyright year and fix whitespace
8795: [e648c35b16be]
8796:
8797: * configure, configure.in:
8798: Fix typo
8799: [8e0bdfc47da4]
8800:
8801: * plugins/sudoers/iolog.c:
8802: Remove redundant tty signal blocking in log function.
8803: [f17f575dabd4]
8804:
8805: 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
8806:
8807: * plugins/sudoers/iolog.c:
8808: Place static keyword where it belongs
8809: [b01aec7c86b4]
8810:
8811: * plugins/sudoers/logging.c:
8812: Always use a printf format string for send_mail()
8813: [13b1ada644c9]
8814:
8815: * common/atobool.c, plugins/sudoers/ldap.c:
8816: Extend atobool() so we can use it in the LDAP code.
8817: [73f8e6807044]
8818:
8819: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
8820: Sudo now stashes tty ctime for tty_tickets on Solaris too.
8821: [e82df13ad3fd]
8822:
8823: * plugins/sudoers/boottime.c:
8824: Fix dummy version of get_boottime()
8825: [01d69c06013b]
8826:
8827: 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
8828:
8829: * plugins/sudoers/check.c:
8830: Enable tty_is_devpts() support for Solaris with the "devices"
8831: filesystem.
8832: [237c6b25fa84]
8833:
8834: * src/exec.c:
8835: Unbreak the non-io logging case.
8836: [4822b9f709fb]
8837:
8838: * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
8839: Fix symbol name conflict with sudo_printf.
8840: [0d44eab0a8f6]
8841:
8842: * plugins/sudoers/auth/pam.c:
8843: Fix OpenPAM detection for newer versions.
8844: [1b2abed232d8]
8845:
8846: * plugins/sudoers/vasgroups.c:
8847: Sync with Quest sudo git repo
8848: [f1d98b3cba02]
8849:
8850: * aclocal.m4, configure, configure.in:
8851: HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
8852: Add missing template for ENV_DEBUG Adapted from Quest sudo
8853: [695dbd7b28f4]
8854:
8855: * README.LDAP:
8856: Fix typos; from Quest Sudo
8857: [4eba9da33b8e]
8858:
8859: 2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
8860:
8861: * plugins/sudoers/Makefile.in:
8862: Add back -I$(top_srcdir); we need it for including compat/foo.h
8863: since we cannot rely on "foo.h" being found relative to the source
8864: file when the cwd is different.
8865: [bbf24695f325]
8866:
8867: * src/exec.c:
8868: Fix a bug where we could treat EAGAIN as a permanent error. Also set
8869: cstat if perform_io() returns an error.
8870: [200475c4326f]
8871:
8872: * common/alloc.c, plugins/sudoers/boottime.c,
8873: plugins/sudoers/sudoers.c:
8874: Add casts to quiet compiler warnings.
8875: [85eb1c336697]
8876:
8877: * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
8878: plugins/sudoers/visudo.c:
8879: Fix typo in ternary operator usage.
8880: [6492ac1450e2]
8881:
8882: 2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
8883:
8884: * INSTALL, configure, configure.in:
8885: Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
8886: [92121d693b30]
8887:
8888: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
8889: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
8890: Update docs to match sudoers I/O logging changes
8891: [18d651989e49]
8892:
8893: * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
8894: pathnames.h.in, plugins/sudoers/def_data.c,
8895: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
8896: plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
8897: plugins/sudoers/gram.h, plugins/sudoers/gram.y,
8898: plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
8899: plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
8900: plugins/sudoers/sudoreplay.c:
8901: Break sudoers transcript feature up into log_input and log_output.
8902: [db3c1248d2ad]
8903:
8904: * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
8905: plugins/sudoers/visudo.c:
8906: Use setprogname() as needed.
8907: [6beee63a4553]
8908:
8909: * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
8910: Adapt sudoreplay to iolog changes.
8911: [581f52c05f0f]
8912:
8913: 2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
8914:
8915: * plugins/sudoers/iolog.c:
8916: Log all input and output into separate files and store a number on
8917: each timing file line to indicate which file the data is in.
8918: [fb460c5273dd]
8919:
8920: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
8921: plugins/sudoers/sudoers.h:
8922: Make sudoers_io functions static to iolog.c
8923: [b2df3cc3eecb]
8924:
8925: 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
8926:
8927: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
8928: src/sudo_usage.h.in:
8929: Completely remove the -L flag from the sudo front end.
8930: [3d220030b720]
8931:
8932: * plugins/sudoers/sudoreplay.c:
8933: Fix EAGAIN handling when writing to stdout.
8934: [4766d77cea49]
8935:
8936: * plugins/sudoers/sudoers.c:
8937: Eliminate unused variables
8938: [83bd711e79c4]
8939:
8940: * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
8941: Re-enable cleanup functions in sudoers plugin and sudo driver for
8942: error()/errorx().
8943: [43093f937dd8]
8944:
8945: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
8946: plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
8947: plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
8948: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
8949: Use sudo_printf to display verbose version information.
8950: [435cc9f8d4a2]
8951:
8952: * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
8953: plugins/sudoers/Makefile.in, src/Makefile.in:
8954: Minor Makefile cleanup: fix a typo, change the removal order in the
8955: clean targets, and remove a superfluous include path for the sudoers
8956: plugin.
8957: [6e3b2d6b4437]
8958:
8959: * plugins/sudoers/env.c:
8960: Handle duplicate variables in the environment. For unsetenv(), keep
8961: looking even after remove the first instance. For sudo_putenv(),
8962: check for and remove dupes after we replace an existing value.
8963: [c1bbb88d0435]
8964:
8965: 2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
8966:
8967: * plugins/sudoers/Makefile.in:
8968: Use explicit path to source file instead of $< for files that live
8969: in devdir and top_srcdir.
8970: [358ab7f6cc64]
8971:
8972: * plugins/sudoers/Makefile.in:
8973: Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
8974: ending LIBSUDOERS_OBJS with a backslash
8975: [481a5c96d47e]
8976:
8977: * plugins/sudoers/Makefile.in, src/Makefile.in:
8978: Link libcommon before libreplace since libcommon may use functions
8979: only present in libreplace.
8980: [1847c496ff5b]
8981:
8982: * common/Makefile.in:
8983: Move code common to sudo and the sudoers plugin to a convenience
8984: library, libcommon. Removes the need to make links in the sudoers
8985: plugin dir and reduces re-compilation of duplicate object files.
8986: [4c8986352937]
8987:
8988: * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
8989: common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
8990: common/term.c, common/zero_bytes.c, configure, configure.in,
8991: plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
8992: src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
8993: src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
8994: src/zero_bytes.c:
8995: Move code common to sudo and the sudoers plugin to a convenience
8996: library, libcommon. Removes the need to make links in the sudoers
8997: plugin dir and reduces re-compilation of duplicate object files.
8998: [1d1d98bd55b9]
8999:
9000: * src/exec.c, src/sudo.c, src/sudo.h:
9001: Rename script_execve to sudo_execve and rename script_foo in exec.c
9002: [a35ec80de96a]
9003:
9004: * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
9005: rename script.c exec.c and fix up the MANIFEST file
9006: [36bc3bff9578]
9007:
9008: * src/script.c, src/sudo.c, src/sudo.h:
9009: Rename script_setup() to pty_setup() and call from script_execve()
9010: directly.
9011: [899b0fb2a14d]
9012:
9013: * configure, configure.in:
9014: bump version to 1.8.0a2
9015: [0b1c1ca9d4e5]
9016:
9017: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9018: Document init_session
9019: [b5324785a406]
9020:
9021: * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
9022: plugins/sudoers/auth/sudo_auth.h:
9023: Clean up the sudoers auth API a bit and update the docs.
9024: [c40fd4cb6e68]
9025:
9026: * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
9027: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
9028: plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
9029: Add init_session function to struct policy_plugin that gets called
9030: before the uid/gid/etc changes. A struct passwd pointer is passed
9031: in,which may be NULL if the user does not exist in the passwd
9032: database.The sudoers module uses init_session to open the pam
9033: session as needed.
9034: [d71723320ee8]
9035:
9036: 2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
9037:
9038: * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
9039: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
9040: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
9041: Add open/close session to sudo auth, only used by PAM. This allows
9042: us to open (and close) the PAM session from sudoers.
9043: [2665e2920d0d]
9044:
9045: * plugins/sudoers/Makefile.in:
9046: Add explicit rule to build getdate.o for HP-UX make.
9047: [7f049e989956]
9048:
9049: * plugins/sudoers/Makefile.in:
9050: Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
9051: rules as an alternate way to prevent HP-UX make (and others) from
9052: trying to rebuild the parser in non-dev mode.
9053: [f84badad98c5]
9054:
9055: * plugins/sudoers/sudoers.c:
9056: Re-enable PATH_MAX check for command
9057: [40d8a50da136]
9058:
9059: * Makefile.in:
9060: For distclean, clean the main directory last since the subdirs need
9061: to be able to run libtool to clean things.
9062: [8949a9861634]
9063:
9064: * compat/Makefile.in:
9065: Fix generation of mksiglist.h
9066: [b7cdc9b36650]
9067:
9068: * src/script.c:
9069: Now that we defer sending cstat until the end of script_child() we
9070: cannot reuse cstat when reading command status from parent.
9071: [25c882643466]
9072:
9073: 2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
9074:
9075: * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
9076: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
9077: doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
9078: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
9079: Use numeric registers to handle conditionals instead of trying to do
9080: it all with text processing.
9081: [478079c3fd4b]
9082:
9083: * doc/sudoers.pod:
9084: Document per-command SELinux settings
9085: [13840d566805]
9086:
9087: * plugins/sudoers/sudoers.c:
9088: Repair "sudo -l -U username"
9089: [10a0dcdf2ddf]
9090:
9091: * plugins/sudoers/sudoers.c:
9092: Set selinux role and type in command details.
9093: [8ae6d35a126d]
9094:
9095: * src/script.c, src/selinux.c, src/sudo.h:
9096: Rework SELinux support.
9097: [83279cc94bf2]
9098:
9099: 2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
9100:
9101: * src/script.c, src/selinux.c, src/sudo.h:
9102: Make SELinux support compile again. Needs more work to be complete.
9103: [3d3addebcf82]
9104:
9105: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
9106: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
9107: src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
9108: src/sudo.h:
9109: Bring back closefrom settings.
9110: [b1c6257d4bbb]
9111:
9112: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
9113: plugins/sudoers/sudoers.h:
9114: If running a command or sudoedit in transcript mode, call
9115: io_nextid() before log_allowed() so the session id is logged.
9116: [c42f3ae40150]
9117:
9118: * configure, configure.in:
9119: Use mandoc(1) if nroff(1) is not present.
9120: [daad4bbd04af]
9121:
9122: * doc/Makefile.in:
9123: Use the --file argument to config.status instead of setting
9124: CONFIG_FILES in the environment.
9125: [c89411a8bf70]
9126:
9127: * plugins/sudoers/Makefile.in:
9128: We cannot conditionally update gram.h or the dependency ordering
9129: gets messed up in devel mode.
9130: [c938953231d9]
9131:
9132: 2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
9133:
9134: * Makefile.in, compat/Makefile.in, configure, configure.in,
9135: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
9136: plugins/sudoers/Makefile.in, src/Makefile.in:
9137: Substitute @SHELL@ into Makefiles
9138: [36aa6a095335]
9139:
9140: * config.sub:
9141: Fix typo
9142: [16d294d26b58]
9143:
9144: * config.guess, config.sub, configure, configure.in:
9145: Update to autoconf 2.65
9146: [4fa6ea8caea3]
9147:
9148: * Makefile.in:
9149: Fix libtool target (space vs. tabs)
9150: [755cf3892618]
9151:
9152: * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
9153: Remove use of RETSIGTYPE; all modern systems have signal handlers
9154: that return void.
9155: [42b4e3aee668]
9156:
9157: * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
9158: ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
9159: m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
9160: plugins/sudoers/Makefile.in, src/Makefile.in:
9161: Update to libtool-2.2.6b. I haven't made any local modifications
9162: this time, which should be OK since we install sudo_noexec.so by
9163: hand now.
9164: [6f79ced593bb]
9165:
9166: * compat/Makefile.in, plugins/sample/Makefile.in,
9167: plugins/sudoers/Makefile.in, src/Makefile.in:
9168: Use libtool to clean objects
9169: [1581057d6472]
9170:
9171: * include/Makefile.in:
9172: Install sudo_plugin.h as part of "make install" and make other
9173: install targets callable from the top-level Makefile
9174: [aaaeb027d774]
9175:
9176: * configure, configure.in:
9177: regen with autoupdate to eliminate AC_TRY_LINK
9178: [5d5541c230f5]
9179:
9180: * Makefile.in, compat/Makefile.in, configure, configure.in,
9181: doc/Makefile.in, plugins/sample/Makefile.in,
9182: plugins/sudoers/Makefile.in, src/Makefile.in:
9183: Install sudo_plugin.h as part of "make install" and make other
9184: install targets callable from the top-level Makefile
9185: [b258b8401b1c]
9186:
9187: * plugins/sample/sample_plugin.c:
9188: The sample plugin doesn't support being run with no args so return a
9189: usage error in this case.
9190: [473b3cf965be]
9191:
9192: * plugins/sudoers/iolog.c:
9193: Set close on exec flag for descriptors used for I/O logging so they
9194: are not present in the command being run.
9195: [2c7e8708df76]
9196:
9197: * plugins/sudoers/tsgetgrpw.c:
9198: Set close on exec flag in private versions of setpwent() and
9199: setgrent().
9200: [64fef78cb833]
9201:
9202: * src/script.c:
9203: Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
9204: Fixes extra fds being present in the command when it is part of a
9205: pipeline.
9206: [060451617713]
9207:
9208: * plugins/sudoers/sudoers.c:
9209: Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
9210: is used when logging). Note that user_ttypath will still be NULL if
9211: there is no tty.
9212: [31b69a6ecda7]
9213:
9214: * src/script.c, src/sudo.h:
9215: Cosmetic changes: add comments, remove orphaned prototype and
9216: make a global static.
9217: [f7851af0143e]
9218:
9219: 2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
9220:
9221: * src/script.c:
9222: Move check for maxfd == -1 to flush_output where it belongs.
9223: [b826a95b4491]
9224:
9225: * src/script.c:
9226: Break out of select loop if all the fds we want to select on are -1.
9227: [f5b387024238]
9228:
9229: * src/sudo.c:
9230: Avoid possible malloc(0) if plugin returns an empty groups list.
9231: [9765a8fe5ce7]
9232:
9233: * src/sudo.c:
9234: Add debugging info when calling plugin close function
9235: [95a273c7ff66]
9236:
9237: * src/script.c:
9238: Avoid closing stdin/stdout/stderr when we are piping output.
9239: [330e76423caf]
9240:
9241: * src/script.c:
9242: When execve() of the command fails, it is possible to receive
9243: SIGCHLD before we've read the error status from the pipe. Re-order
9244: things such that we send the final status at the very end and prefer
9245: error status over wait status.
9246: [b0dcf825244f]
9247:
9248: 2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
9249:
9250: * plugins/sudoers/auth/sudo_auth.c:
9251: Fix compilation for non PAM/BSD auth/AIX auth
9252: [e382b39d2e4f]
9253:
9254: 2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
9255:
9256: * src/script.c:
9257: Additional checks to make sure we don't close /dev/tty by mistake.
9258: When flushing, sleep in select as long as we have buffers that need
9259: to be written out.
9260: [8139cbd3dd54]
9261:
9262: * src/script.c:
9263: Now that we can use pipes for stdin/stdout/stderr there is no longer
9264: a need to error out when there is no tty. We just need to make sure
9265: we don't try to use the tty fd if it is -1.
9266: [666621635d26]
9267:
9268: 2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
9269:
9270: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
9271: include/sudo_plugin.h, plugins/sample/sample_plugin.c,
9272: plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
9273: Add argc and argv to I/O logger open function.
9274: [0d7faa007d27]
9275:
9276: * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
9277: plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
9278: src/parse_args.c, src/sudo.c, src/sudo_edit.c:
9279: Remove check_sudoedit function pointer in struct sudo_policy.
9280: Instead, sudo will set sudoedit=true in the settings array. The
9281: plugin should check for this and modify argv_out as appropriate in
9282: check_policy.
9283: [c0328e3276b8]
9284:
9285: 2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
9286:
9287: * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
9288: src/sudo_edit.c:
9289: If plugin sets "sudoedit=true" in the command info, enable sudoedit
9290: mode even if not invoked as sudoedit. This allows a plugin to
9291: enable sudoedit when the user runs an editor.
9292: [96d67b99e42e]
9293:
9294: 2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
9295:
9296: * plugins/sudoers/Makefile.in:
9297: gram.h must not depend on gram.y if we want to avoid unnecessary
9298: rebuilding of targets dependent on gram.h when gram.y changes.
9299: [9db4b767fdca]
9300:
9301: * plugins/sample/sample_plugin.c:
9302: Refactor common bits of check_policy and check_edit
9303: [ac4d366a04cf]
9304:
9305: * plugins/sample/sample_plugin.c:
9306: Add sudoedit support
9307: [a1a6cc4c0cef]
9308:
9309: 2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
9310:
9311: * plugins/sudoers/Makefile.in:
9312: Rely more on VPATH; fixes a dependency issue with the parser.
9313: [45e406ebdea2]
9314:
9315: * include/compat.h:
9316: Fix typo introduced in last commit
9317: [3ccb0f853d11]
9318:
9319: * include/compat.h:
9320: Emulate seteuid using setreuid() or setresuid() as needed. There are
9321: still a few places that call seteuid() directly.
9322: [36e8efa3a99d]
9323:
9324: * src/parse_args.c, src/sudo_edit.c:
9325: Attempt to fix building on systems that only have setuid.
9326: [8e9ba4083318]
9327:
9328: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9329: Clarify sudoedit a tad.
9330: [d39dfaa14ade]
9331:
9332: 2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
9333:
9334: * src/sudo_edit.c:
9335: Fix compilation on HP-UX
9336: [f6e47843d139]
9337:
9338: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9339: Document sudoedit
9340: [4cbf5196d993]
9341:
9342: * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
9343: Change how we handle the sudoedit argv. We now require that there
9344: be a "--" in argv to separate the editor and any command line
9345: arguments from the files to be edited.
9346: [20623d549a3c]
9347:
9348: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
9349: plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
9350: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
9351: src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
9352: src/sudo.h, src/sudo_edit.c:
9353: Work in progress support for sudoedit. The actual interface used by
9354: the plugin for sudoedit is likely to change.
9355: [c31262a31997]
9356:
9357: * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
9358: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
9359: Make find_path() a little more generic by not checking def_foo
9360: variables inside it. Instead, pass in ignore_dot as a function
9361: argument.
9362: [9c23101a094d]
9363:
9364: * plugins/sudoers/env.c:
9365: Add version of getenv(3) that uses our own environ pointer.
9366: [0e3783e63534]
9367:
9368: 2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
9369:
9370: * src/script.c:
9371: Avoid a potential race condition if SIGCHLD is received immediately
9372: before we call select().
9373: [99adc5ea7f0a]
9374:
9375: * plugins/sudoers/sudoers.c:
9376: Call env_init() before we open the sudoers sources as those may call
9377: our setenv() replacement.
9378: [5f82601f5ab0]
9379:
9380: * plugins/sudoers/env.c:
9381: Initialize env_len in env_init()
9382: [7ae02b3029b5]
9383:
9384: 2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
9385:
9386: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
9387: Document time stamp shortcomings under SECURITY NOTES Use "time
9388: stamp" instead of timestamp.
9389: [2b86120815b2]
9390:
9391: * doc/Makefile.in:
9392: Make sed substitution of mansectsu and mansectform global.
9393: [94588632dba0]
9394:
9395: * plugins/sudoers/check.c:
9396: If the tty lives on a devpts filesystem, stash the ctime in the tty
9397: ticket file, as it is not updated when the tty is written to. This
9398: helps us determine when a tty has been reused without the user
9399: authenticating again with sudo.
9400: [0e62a31bceb0]
9401:
9402: * src/tgetpass.c:
9403: Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
9404: is what our compat checks set.
9405: [df50f0a040c9]
9406:
9407: * configure, configure.in:
9408: Add check for whether sudo need to link with -ldl to get dlopen().
9409: This is a bit of a hack that will get reworked when libtool is
9410: updated.
9411: [63bdcf579533]
9412:
9413: * plugins/sudoers/check.c:
9414: Fix timestamp removal with -k/-K
9415: [6b4639fef973]
9416:
9417: * plugins/sudoers/Makefile.in:
9418: audit.c is now private to the sudoers plugin
9419: [1974f342ae0b]
9420:
9421: * configure, configure.in:
9422: Link with -lpthread on HP-UX since a plugin may be linked with
9423: -lpthread and dlopen() will fail if the shared object has a
9424: dependency on -lpthread but the main program is not linked with it.
9425: [d42139391263]
9426:
9427: * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
9428: Add separate test for getresuid() since HP-UX has setresuid() but no
9429: getresuid().
9430: [910fe727a374]
9431:
9432: * doc/Makefile.in:
9433: Remove errant backslash
9434: [dd5464257c69]
9435:
9436: * src/script.c:
9437: Fix SIGPIPE handling. Now that we use may use pipes for
9438: stdin/stdout we need to pass any SIGPIPE we receive to the running
9439: command.
9440: [3f6b1991f4fd]
9441:
9442: * src/script.c:
9443: Also start the command in the background if stdin is not a tty.
9444: [d93bc33a3740]
9445:
9446: 2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
9447:
9448: * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
9449: No need to use pseudo-cbreak mode now that we use pipes when stdout
9450: is not a tty. Instead, check whether stdin is a tty and if not,
9451: delay setting the tty to raw mode until the command tries to access
9452: it itself (and receives SIGTTIN or SIGTTOU).
9453: [e68315cf8c6b]
9454:
9455: * src/tgetpass.c:
9456: Use an array for signals received instead of a single variable so we
9457: don't lose any when there are multiple different signals.
9458: [2ac726dac864]
9459:
9460: * src/tgetpass.c:
9461: Do signal setup after turning off echo, not before. If we are using
9462: a tty but are not the foreground pgrp this will generate SIGTTOU so
9463: we want the default action to be taken (suspend process).
9464: [bebb6209c795]
9465:
9466: 2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
9467:
9468: * src/script.c:
9469: Flush the iobufs on suspend or child exit using the same logic as
9470: the main event loop.
9471: [c627feee1035]
9472:
9473: * src/script.c:
9474: Free memory after we are done with it.
9475: [8db9b611b45a]
9476:
9477: 2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
9478:
9479: * doc/HISTORY:
9480: Quest now sponsors Sudo development
9481: [6cc490083bc7]
9482:
9483: 2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
9484:
9485: * doc/Makefile.in:
9486: Install sudo_plugin man page.
9487: [c253729790b2]
9488:
9489: * src/script.c:
9490: Go back to reseting io_buffer offset and length (and now also the
9491: EOF handling) in the loop we do the FD_SET, not after we drain the
9492: buffer after write() since we don't know what order reads and writes
9493: will occur in.
9494: [5f38bfa8497f]
9495:
9496: * MANIFEST:
9497: audit files moved to sudoers plugin directory
9498: [b1ead182428e]
9499:
9500: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9501: Document plugin_printf and new logging functions.
9502: [fe9430b60ab5]
9503:
9504: * src/script.c:
9505: Add support for logging stdin when it is not a tty. There is still a
9506: bug where "cat | sudo cat" has problems because both cat and sudo
9507: are trying to read from the tty.
9508: [04c9c59fcfba]
9509:
9510: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
9511: plugins/sudoers/sudoers.c, src/script.c:
9512: Add separate I/O logging functions for tty in/out and
9513: stdin/stdout/stderr. NOTE: stdin logging does not currently work and
9514: is disabled for now.
9515: [a36dfd4ca935]
9516:
9517: 2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
9518:
9519: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
9520: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
9521: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
9522: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
9523: src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
9524: Add pointer to a printf like function to plugin open functon. This
9525: can be used instead of the conversation function to display info and
9526: error messages.
9527: [98734eea8ef1]
9528:
9529: * Makefile.in:
9530: Stop if make in a subdir fails
9531: [228bb3ad2dbc]
9532:
9533: * src/script.c:
9534: Only set user's tty to blocking mode when doing the final flush.
9535: Flush pipes as well as pty master when the process is done.
9536: [20ff67218666]
9537:
9538: 2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
9539:
9540: * plugins/sudoers/ldap.c:
9541: Use print_error() when displaying ldap config info in debugging
9542: mode.
9543: [d142e0cacb22]
9544:
9545: * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
9546: No longer need strdup() or strndup() replacements.
9547: [df53697174ec]
9548:
9549: * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
9550: plugins/sudoers/sudoers.h:
9551: Add print_error() function that uses the conversation function to
9552: print a variable number of error strings and use it in log_error().
9553: [b1fa2861b575]
9554:
9555: * src/script.c, src/sudo.h, src/term.c:
9556: Do not need the opost flag to term_copy() now that we use pipes for
9557: stdout/stderr when they are not a tty.
9558: [f42811f70a19]
9559:
9560: * src/script.c:
9561: Use pipes to the sudo process if stdout or stderr is not a tty.
9562: Still needs some polishing and a decision as to whether it is
9563: desirable to add additonal entry points for logging
9564: stdout/stderr/stdin when they are not ttys. That would allow a
9565: replay program to keep things separate and to know whether the
9566: terminal needs to be in raw mode at replay time.
9567: [1a945e0ab2da]
9568:
9569: 2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
9570:
9571: * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
9572: plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
9573: src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
9574: Move audit sources into the sudoers plugin dir; the driver does not
9575: use them.
9576: [50ec36422cd0]
9577:
9578: * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
9579: compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
9580: plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
9581: plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
9582: plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
9583: src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
9584: src/term.c, src/ttysize.c:
9585: Use angle brackets when including headers that can only be found
9586: when an -I flag is specified. The files in the compat dir could get
9587: away with double quotes here but I've converted all the source files
9588: to use angle brackets for consistency.
9589: [9e30a8fc6d4b]
9590:
9591: * plugins/sudoers/Makefile.in:
9592: Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
9593: dir can be found when building outside the source tree.
9594: [1150934b79dd]
9595:
9596: * plugins/sudoers/Makefile.in:
9597: Clean up links in distclean
9598: [78595028be8b]
9599:
9600: * plugins/sudoers/Makefile.in:
9601: Hack around VPATH semantic differences by symlinking files we need
9602: from ../../src into the current directory and build those. A better
9603: fix would be to either make a .a or .la file with those files in it
9604: or simply use a single, flat, Makefile instead of per-subdirs
9605: Makefiles.
9606: [892c332d3f05]
9607:
9608: * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
9609: fmt_string is used by the sudoers plugin too so do not include
9610: sudo.h (which is not really needed here anyway)
9611: [231c35e3941f]
9612:
9613: * compat/Makefile.in, plugins/sample/Makefile.in,
9614: plugins/sudoers/Makefile.in, src/Makefile.in:
9615: Fix building with non-BSD versions of make such as GNU make.
9616: Requires VPATH support, which should be in any non-neolithic make.
9617: [dc174f135919]
9618:
9619: * configure, configure.in, plugins/sudoers/Makefile.in,
9620: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
9621: src/Makefile.in:
9622: Re-enable bsm audit. Currently auditing is done within the sudoers
9623: plugin itself. If possible, this should really be done in the main
9624: driver but we don't presently have the needed data to do that. This
9625: will be re-evaluated when Linux audit support is added.
9626: [1d05a3236bfe]
9627:
9628: * compat/Makefile.in, plugins/sample/Makefile.in,
9629: plugins/sudoers/Makefile.in, src/Makefile.in:
9630: Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
9631: of explicit rules in the dependency.
9632: [88f80efd25f0]
9633:
9634: * plugins/sudoers/visudo.c:
9635: Fix mismerge; alias_remove_recursive() now returns int
9636: [6257a4849641]
9637:
9638: 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
9639:
9640: * plugins/sudoers/visudo.c:
9641: Fix a crash when checking a sudoers file that has aliases that
9642: reference themselves. Based on a diff from David Wood.
9643: [545d194484a7]
9644:
9645: * src/script.c:
9646: Print signal info after restoring the tty mode, not before.
9647: [a68618e67435]
9648:
9649: * src/script.c:
9650: Defer call to alarm() until after we fork the child. Pass correct
9651: pid to terminate_child() If the command exits due to signal, set
9652: alive to false like we do when it exits normally. Add missing
9653: check for errpipe[0] != -1 before using it in FD_ISSET
9654: [22f0a1549391]
9655:
9656: 2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
9657:
9658: * plugins/sudoers/boottime.c:
9659: Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
9660: [0e627170c6e8]
9661:
9662: 2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
9663:
9664: * src/Makefile.in:
9665: Simplify dependencies by using .c.o and .c.lo rules.
9666: [6abcaef5d1ac]
9667:
9668: * configure, configure.in, plugins/sudoers/Makefile.in,
9669: src/Makefile.in:
9670: Substitute in @PROGS@ into src/Makefile to add sesh
9671: [cc46d3b6208f]
9672:
9673: 2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
9674:
9675: * plugins/sudoers/sudoers.c:
9676: Add back calls to log_denial() if sudoers does not allow the
9677: command.
9678: [9783316207f0]
9679:
9680: * plugins/sudoers/sudoers.c:
9681: Pass in correct pwflag for list and validate.
9682: [973dd56d4b81]
9683:
9684: * plugins/sudoers/env.c:
9685: Add missing check for NULL in validate_env_vars
9686: [1d6eb6957824]
9687:
9688: * src/Makefile.in:
9689: Add sudo_noexec.la to "all" target, otherwise it only gets built at
9690: install time.
9691: [644a9694d2ef]
9692:
9693: * plugins/sudoers/sudoers.c:
9694: Only set sudo_user.env_vars if the env_add list is empty.
9695: [fccdf6f0e0e2]
9696:
9697: * plugins/sudoers/sudoers.c:
9698: Set sudo_user.env_vars so that environment variables specified on
9699: the command line get logged correctly.
9700: [9b51012c491e]
9701:
9702: * plugins/sudoers/env.c, plugins/sudoers/logging.c,
9703: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
9704: Re-enable environment files and setting environment variables on the
9705: command line.
9706: [5662d5645dbd]
9707:
9708: 2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
9709:
9710: * plugins/sudoers/check.c:
9711: Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
9712: a pointer to time_t as tv_sec in struct timeval may be long.
9713: [4de0c46e788e]
9714:
9715: * plugins/sudoers/check.c:
9716: Don't stash ctime in on-disk tty ticket info for now; on many
9717: (most?) systems the ctime is updated when the tty is written to.
9718: Once I have a better idea of what systems do not update ctime on
9719: ttys (and have a way to test for this) the ctime stash will be
9720: conditionally re-enabled.
9721: [a90eeec0f648]
9722:
9723: 2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
9724:
9725: * MANIFEST, Makefile.in:
9726: Add back "dist" target, this time using a MANIFEST file
9727: [29277c05499f]
9728:
9729: * Makefile.in:
9730: Remove Makefile in distclean target
9731: [83d695f4f450]
9732:
9733: * Makefile.in, src/Makefile.in:
9734: Update clean and cleandir targets
9735: [ad7b2afeb9c1]
9736:
9737: * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
9738: src/sudo.h:
9739: Move fileops.c defines and prototypes to filesops.h
9740: [4545e9b6892d]
9741:
9742: * plugins/sudoers/check.c:
9743: Lock the tty timestamp when writing. We shouldn't have to lock when
9744: reading since the file is updated via a single write system call.
9745: [0c7276f02696]
9746:
9747: 2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
9748:
9749: * plugins/sudoers/alias.c, plugins/sudoers/check.c,
9750: plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
9751: plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
9752: plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
9753: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
9754: plugins/sudoers/logging.c, plugins/sudoers/match.c,
9755: plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
9756: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
9757: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
9758: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
9759: plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
9760: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
9761: Convert to ANSI C function declarations
9762: [9c45def57cf7]
9763:
9764: * plugins/sudoers/sudoers.h:
9765: Remove extraneous bits and classify by source file.
9766: [e8ea9f109ebb]
9767:
9768: * include/compat.h:
9769: Add timercmp macro for systems without it
9770: [d3bf87b1d08e]
9771:
9772: * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
9773: plugins/sudoers/sudoers.h:
9774: get_boottime() now fills in a timeval struct
9775: [3573c3f44e11]
9776:
9777: * plugins/sudoers/check.c:
9778: Store info from stat(2)ing the tty in the tty ticket when tty
9779: tickets are in use. On most systems, this closes the loophole
9780: whereby a user can log out of a tty, log back in and still have the
9781: timestamp be valid.
9782: [53380f9f5242]
9783:
9784: * config.h.in, configure.in:
9785: Add timespec2timeval and use it when getting ctime/mtime
9786: [4cb7f7caec2c]
9787:
9788: 2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
9789:
9790: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
9791: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
9792: plugins/sudoers/testsudoers.c:
9793: Convert perm setting to push/pop model; still needs some work Use
9794: the stashed runas groups instead of using getgrouplist() Reset perms
9795: to the initial value on error
9796: [09c072ebde8b]
9797:
9798: * config.h.in, configure.in:
9799: fix ctim_get and mtim_get macros
9800: [58773dc1e360]
9801:
9802: * config.h.in, configure, configure.in, include/compat.h,
9803: plugins/sudoers/check.c, plugins/sudoers/gettime.c,
9804: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
9805: Use timeval directly instead of converting to timespec when dealing
9806: with file times and time of day.
9807: [a0ce1ae00a67]
9808:
9809: * plugins/sudoers/Makefile.in:
9810: Don't like sudoreplay with libsudoers.la due to a yacc symbol
9811: conflict.
9812: [f1a59cc63a15]
9813:
9814: 2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
9815:
9816: * configure, configure.in:
9817: Darwin >= 9.x has real setreuid(2)
9818: [7ec942a64275]
9819:
9820: 2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
9821:
9822: * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
9823: Ansify env.c
9824: [f58551bad10a]
9825:
9826: * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
9827: plugins/sudoers/sudoers.h:
9828: Remove remaining references to the environ pointer.
9829: [96faa530816a]
9830:
9831: 2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
9832:
9833: * config.h.in, configure, configure.in, plugins/sudoers/env.c:
9834: Don't change the environ directly in the sudoers plugin
9835: [6db48ed3f7e0]
9836:
9837: 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
9838:
9839: * plugins/sudoers/sudoers.c:
9840: Fix typo
9841: [4aa452b07f8f]
9842:
9843: * plugins/sudoers/alias.c:
9844: Fix use after free in error message when a duplicate alias exists.
9845: [ce1d2812ee34]
9846:
9847: 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
9848:
9849: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
9850: src/parse_args.c:
9851: Add a "noninteractive" boolean to the settings passed in to the
9852: plugin's open function that is set when the user specifies the -n
9853: flag.
9854: [68f8d9d6d4d0]
9855:
9856: * config.h.in, configure, configure.in, plugins/sudoers/env.c:
9857: Add workaround for the lack of the environ pointer on Mac OS X in
9858: dlopen()ed modules. Use of environ in the sudoers plugin should
9859: ultimately be removed but this will do for the moment.
9860: [80c61647434f]
9861:
9862: * plugins/sudoers/visudo.c:
9863: Set errorfile to the sudoers path if we set parse_error manually.
9864: This prevents a NULL dereference in printf() when checking a sudoers
9865: file in strict mode when alias errors are present.
9866: [45e249ca99f7]
9867:
9868: * plugins/sudoers/sudoers.c:
9869: Main sudo no longer print "unable to execute" on exec failure so do
9870: it here.
9871: [50aaf62b43b5]
9872:
9873: 2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
9874:
9875: * src/script.c:
9876: Use a pipe to pass back errno to the parent if execve() fails. If we
9877: get an error in script_child(), kill the command and exit.
9878: [dc3bf870f91b]
9879:
9880: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
9881: src/parse_args.c, src/sudo.c:
9882: Handle plugin's open function returning -2 (usage error).
9883: [aadf900c1de8]
9884:
9885: * src/script.c:
9886: If execve() fails, leave it to the plugin to print an error string.
9887: [e25748f2d5b9]
9888:
9889: * src/script.c:
9890: If execve fails in logging mode, pass the errno directly to the
9891: grandparent on the backchannel and exit. The immediate parent will
9892: get SIGCHLD and try to report that status but its parent will no
9893: longer be listening. It would probably be cleaner to pass this over
9894: a pipe in script_child().
9895: [cb122acc81a8]
9896:
9897: * plugins/sudoers/sudoers.c:
9898: Don't override rval with results of check_user() unless it failed.
9899: [46fb7e87ac7d]
9900:
9901: 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
9902:
9903: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
9904: Fix typo
9905: [ccd0b693f3da]
9906:
9907: * src/parse_args.c:
9908: NULL-terminate env_add
9909: [2c534368a0c3]
9910:
9911: 2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
9912:
9913: * src/sudo.c:
9914: Call the I/O log open function before the I/O version function.
9915: [e88bf898990b]
9916:
9917: * plugins/sudoers/iolog.c:
9918: Remove io_conv and just use sudo_conv
9919: [a280052468eb]
9920:
9921: * plugins/sudoers/set_perms.c:
9922: Fix set/restore perms for systems w/o setresuid
9923: [4160517f6666]
9924:
9925: 2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
9926:
9927: * plugins/sudoers/check.c, plugins/sudoers/logging.c,
9928: plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
9929: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
9930: Primitive set/restore permissions. Will be replaced by a push/pop
9931: model.
9932: [aae102290866]
9933:
9934: * src/script.c:
9935: Only need to take action on SIGCHLD in parent if no I/O logger. If
9936: there is an I/O logger we will receive ECONNRESET or EPIPE when we
9937: try to read from the socketpair.
9938: [e1e4560401f6]
9939:
9940: 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
9941:
9942: * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
9943: doc/sudoers.pod, plugins/sudoers/find_path.c:
9944: Merge fb4d571495fa from the 1.7 branch to trunk.
9945: [c8fb424ad4d2]
9946:
9947: 2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
9948:
9949: * src/script.c:
9950: Don't set SA_RESTART when registering SIGALRM handler. Do set
9951: SA_RESTART when registering SIGWINCH handler.
9952: [173472b76525]
9953:
9954: * doc/Makefile.in:
9955: Add dev targets for *.man.in and *.cat that don't specfify the
9956: $(srcdir) prefix.
9957: [b62f425da2e4]
9958:
9959: * src/script.c:
9960: If log_input or log_output returns false, terminate the command.
9961: [074f4c0c34a0]
9962:
9963: * src/script.c:
9964: Better signal handling. Instead of using a single variable to store
9965: the received signal, use an array so we can't lose a signal when
9966: multiple are sent. Fix process termination by SIGALRM in non-I/O
9967: logger mode. Fix relaying terminal signals to the child in non-I/O
9968: logger mode.
9969: [7a4723aca99d]
9970:
9971: * src/script.c:
9972: Fix a race between when we get the child pid in the parent and when
9973: the child process exits. The problem exhibited as a hang after a
9974: short-lived process, e.g. "sudo id" when no IO logger was enabled.
9975: [80bcc0aca70b]
9976:
9977: 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
9978:
9979: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
9980: Add a note about the security implications of the fast_glob option.
9981: [c37a92ab7c93]
9982:
9983: 2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
9984:
9985: * config.h.in, configure, configure.in:
9986: Fix up some AC_DEFINE descriptions and regen config.h.in
9987: [f4655adc0db3]
9988:
9989: 2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
9990:
9991: * include/missing.h:
9992: No longer check for strdup or strndup for LIBOBJ replacement.
9993: [fdc764ee8109]
9994:
9995: * src/script.c:
9996: Avoid installing signal handlers that are io-logger specific. Fixes
9997: job control when no io logger is enabled.
9998: [0853dd0906d4]
9999:
10000: * doc/Makefile.in:
10001: Only regen man pages from pod when configured with --with-devel
10002: [ab1995f8103d]
10003:
10004: 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
10005:
10006: * Makefile, Makefile.in, configure, configure.in:
10007: Top-level Makefile.in. Nothing is currently substituted but this is
10008: needed for separate build dirs.
10009: [e80873cbd201]
10010:
10011: * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
10012: plugins/sudoers/Makefile.in, src/Makefile.in:
10013: Fix out-of-tree builds
10014: [59a35bef07b8]
10015:
10016: * Merge
10017: [386b848047e9]
10018:
10019: * doc/Makefile.in:
10020: We always install sudoreplay in 1.8
10021: [ce52ba6617c9]
10022:
10023: 2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
10024:
10025: * compat/siglist.in:
10026: SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
10027: [6d69e1b05faf]
10028:
10029: 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
10030:
10031: * configure, configure.in:
10032: No need to provide strdup() or strndup(), sudo uses estrdup() and
10033: estrndup()
10034: [57ec23b72958]
10035:
10036: 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
10037:
10038: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
10039: Free str after using it in the version method. Use sudo_conv, not
10040: io_conv since we don't have the IO conversation function pointer in
10041: the I/O version method anymore now that io_open is delayed.
10042: [f2ed132adeb0]
10043:
10044: 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
10045:
10046: * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
10047: compat/siglist.in:
10048: Add license to mksiglist.c and note that the bits from pdksh are
10049: public domain
10050: [d8121a2467e8]
10051:
10052: * compat/Makefile.in:
10053: Fix LIBOBJDIR vs. srcdir wrt the siglist bits
10054: [164160148421]
10055:
10056: * plugins/sudoers/Makefile.in:
10057: Add sudoreplay testsudoers and visudo to clean target
10058: [138a17e51c0c]
10059:
10060: * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
10061: compat/siglist.in, compat/strsignal.c, configure, configure.in,
10062: include/missing.h, src/script.c:
10063: Create our own sys_siglist for systems without it for use by
10064: strsignal()
10065: [2e5da011ebc3]
10066:
10067: * compat/Makefile.in:
10068: Remove duplicate $(LIBOBJDIR)
10069: [adf9abc9432f]
10070:
10071: 2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
10072:
10073: * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
10074: Main sudo should not block signals; the plugin should do this in
10075: check_policy.
10076: [3f3736a7c5ed]
10077:
10078: 2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
10079:
10080: * src/script.c:
10081: Fix a sizeof(ptr) vs. sizeof(*ptr)
10082: [aa1bcf5afcce]
10083:
10084: * src/script.c:
10085: Unlike most operating systems, HP-UX select() is not interrupted by
10086: SIGCHLD when the signal is registered with SA_RESTART. If we clear
10087: SA_RESTART when calling sigaction() for SIGCHLD we get the expected
10088: behavior and the code in the select() loops already handles EINTR
10089: correctly.
10090: [9eba0115e35a]
10091:
10092: * compat/getprogname.c:
10093: progname should be const
10094: [130228f062b7]
10095:
10096: * plugins/sudoers/Makefile.in:
10097: Move --tag=disable-static to when we link sudoers.la, not when we
10098: install.
10099: [ceb5e6c3b78b]
10100:
10101: * src/load_plugins.c:
10102: Load the sudoers I/O plugin by default too now that it is hooked up.
10103: [ea38befd0742]
10104:
10105: 2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
10106:
10107: * src/pty.c:
10108: It looks like AIX doesn't need to push STREAMS modules for ptys.
10109: [22da618ba0a1]
10110:
10111: 2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
10112:
10113: * src/parse_args.c, src/sudo.c:
10114: Delay calling the I/O plugin open function until the policy plugin
10115: returns success.
10116: [f3297c325b48]
10117:
10118: 2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
10119:
10120: * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
10121: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
10122: plugins/sudoers/sudoers.h:
10123: Add back io logging (transcript) support. Currently, the open
10124: function runs too early and it is not possible to use the io module
10125: independently of the policy module.
10126: [9bd932f66226]
10127:
10128: * plugins/sudoers/set_perms.c:
10129: Comment out dead code; will be removed when set_perms is rewritten.
10130: [af7a995284f8]
10131:
10132: 2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
10133:
10134: * plugins/sudoers/sudoers.c:
10135: Fix off by one error when allocating user_groups.
10136: [6281fcf9c3bb]
10137:
10138: 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
10139:
10140: * configure, configure.in, plugins/sudoers/Makefile.in:
10141: Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
10142: [fbce3e9eda3a]
10143:
10144: * plugins/sudoers/sudoers.c:
10145: Fix typo in preserve groups case
10146: [1fd72024fb5a]
10147:
10148: * plugins/sudoers/sudoers.c:
10149: In command_info it is "runas_groups" not "groups".
10150: [5c64dce4f285]
10151:
10152: * src/sudo.c:
10153: Fix iteration over runas_groups list.
10154: [b3c45a0cd643]
10155:
10156: * configure, configure.in, plugins/sudoers/env.c,
10157: plugins/sudoers/match.c, src/script.c:
10158: Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
10159: [a8108a0776c2]
10160:
10161: * compat/getgrouplist.c:
10162: getgrouplist(3) for those without it
10163: [4ab4d21e3b16]
10164:
10165: * plugins/sudoers/sudoers.c:
10166: Set preserve_groups or groups list in command_info
10167: [1266119ad654]
10168:
10169: * src/sudo.c:
10170: Fix setting of groups list
10171: [e75315e40bd4]
10172:
10173: * config.h.in, configure, configure.in, include/compat.h,
10174: include/missing.h:
10175: Add checks for getgrset and getgrouplist and use replacement
10176: getgrouplist if the system doesn't support it.
10177: [a62b8ba50863]
10178:
10179: * src/parse_args.c:
10180: Pass in preserve_groups when the -P flag is specified as per the
10181: design
10182: [7420c5d15474]
10183:
10184: * plugins/sudoers/sudoers.c:
10185: Check preserve_groups and ignore_ticket args with atobool instead of
10186: assuming they are true if present.
10187: [71c905702697]
10188:
10189: 2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
10190:
10191: * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
10192: plugins/sudoers/plugin_error.c:
10193: Rename plugin-specific error.c to plugin_error.c Wire up visudo,
10194: sudoreplay and testsudoers in the build
10195: [9d581d5fa4d4]
10196:
10197: * src/Makefile.in, src/term.c:
10198: term.c does not needto include sudo.h
10199: [f6683cdcd2dd]
10200:
10201: * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
10202: doc/sudo_plugin.pod:
10203: Document the -2 return in the check_policy section too
10204: [e9cb4c34bbcf]
10205:
10206: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
10207: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
10208: src/parse_args.c, src/sudo.c, src/sudo.h:
10209: Fix the -s and -i flags and add support for the "implied_shell"
10210: option. If the user does not specify a command, sudo will now pass
10211: in the path to the user's shell and set impied_shell=true. The
10212: plugin can them either check the command normally or return -2 to
10213: cause sudo to print a usage message and exit.
10214: [bf889c38f229]
10215:
10216: 2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
10217:
10218: * config.h.in, configure, configure.in, src/load_plugins.c:
10219: Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
10220: Darwin where libraries end in .dylib but modules end in .so
10221: [2c56aaa38e21]
10222:
10223: * plugins/sudoers/parse.c:
10224: Better prefix determination now that we can't rely on len==0 to tell
10225: the beginning on an entry.
10226: [622bf18179e9]
10227:
10228: * plugins/sudoers/ldap.c:
10229: display_bound_defaults() stub should return 0, not 1 since it is a
10230: count, not a boolean.
10231: [0327a6c3d55d]
10232:
10233: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
10234: Document progname in settings
10235: [42031d56a2e3]
10236:
10237: * compat/getprogname.c, include/compat.h,
10238: plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
10239: src/parse_args.c, src/sudo.c:
10240: Rewrite compat/getprogname.c and add setprogname(). The progname is
10241: now passed to the plugin via the settings array.
10242: [25d8663e6006]
10243:
10244: * configure, configure.in, plugins/sudoers/Makefile.in:
10245: Fix --with-ldap
10246: [b64b633f426d]
10247:
10248: * plugins/sudoers/sudo_nss.c:
10249: Add missing whitespace for Runas and Command-specific defaults
10250: [65f4ddf5545e]
10251:
10252: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
10253: plugins/sudoers/sudo_nss.c:
10254: Use embedded newlines in lbuf instead of multiple calls to
10255: lbuf_print.
10256: [eed3af9cc3e1]
10257:
10258: * src/lbuf.c:
10259: Add support for embedded newlines.
10260: [e11f79b18deb]
10261:
10262: 2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
10263:
10264: * compat/getprogname.c:
10265: If system doesn't support getprogname or __programe and we are
10266: building a shared object don't bother with Argc/Argv, just return
10267: "sudo"
10268: [aebde9062be7]
10269:
10270: * config.h.in, configure, configure.in, src/load_plugins.c:
10271: Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
10272: appears to always install a shared object with the .so suffix.
10273: [f9bbd0c0e9d3]
10274:
10275: * compat/Makefile.in, configure, configure.in,
10276: plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
10277: src/Makefile.in:
10278: Play more nicely with libtool and let it build libreplace (was
10279: libmissing) for us.
10280: [a4c6ebb2495c]
10281:
10282: * include/missing.h:
10283: Include stdarg.h for va_list rather than requiring all consumers of
10284: missing.h to include stdarg.h themselves.
10285: [37382df948de]
10286:
10287: * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
10288: plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
10289: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
10290: src/parse_args.c:
10291: Pass in output function to lbuf_init() instead of writing to stdout.
10292: A side effect is that the usage info can now go to stderr as it
10293: should.
10294: [6d261261a072]
10295:
10296: 2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
10297:
10298: * include/lbuf.h, plugins/sudoers/sudo_nss.c,
10299: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
10300: src/parse_args.c, src/sudo.c:
10301: Use number of tty columns that is passed in user_info instead of
10302: getting it directly in the lbuf code.
10303: [8a16635c2638]
10304:
10305: * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
10306: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
10307: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
10308: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
10309: plugins/sudoers/defaults.h, plugins/sudoers/env.c,
10310: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
10311: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
10312: plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
10313: plugins/sudoers/logging.h, plugins/sudoers/match.c,
10314: plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
10315: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
10316: plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
10317: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
10318: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
10319: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
10320: plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
10321: plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
10322: plugins/sudoers/visudo.c:
10323: Kill __P in sudoers
10324: [63601e6cb171]
10325:
10326: * config.h.in, configure, configure.in, src/load_plugins.c:
10327: Set the sudoers plugin name in configure so we get the extension
10328: right.
10329: [edad89924cd1]
10330:
10331: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
10332: Document lines/cols in user_info
10333: [a808872394f3]
10334:
10335: * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
10336: Add tty size to user info
10337: [23f3d27e77a7]
10338:
10339: * src/script.c:
10340: Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
10341: [a2208dd09051]
10342:
10343: 2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
10344:
10345: * plugins/sudoers/sudoers.c:
10346: Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
10347: out if we fail to lookup the user's name that is passed in
10348: [e4e3728ed482]
10349:
10350: * plugins/sudoers/error.c:
10351: Pass the error value back via siglongjmp.
10352: [667b8ad575ce]
10353:
10354: * plugins/sudoers/check.c:
10355: Use conversation function for lecture.
10356: [1ab4719f509b]
10357:
10358: * plugins/sudoers/check.c:
10359: Don't update ticket file if verify_user returns FALSE.
10360: [2bbc46a39a2b]
10361:
10362: 2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
10363:
10364: * plugins/sudoers/sudoers.c, src/sudo.c:
10365: Wire up invalidate and validate methods for sudoers
10366: [c0630c7bca47]
10367:
10368: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
10369: plugins/sudoers/sudoers.h:
10370: Add support for -k flag with a command.
10371: [edad239b098b]
10372:
10373: * src/parse_args.c:
10374: Allow -k to be specified with a command.
10375: [43a45add9974]
10376:
10377: * plugins/sudoers/sudoers.c:
10378: Wire up policy_list
10379: [27cc35699eca]
10380:
10381: * plugins/sudoers/error.c:
10382: Add newline at the end of message and space after the colon in
10383: warning message
10384: [5a591aa8e744]
10385:
10386: * plugins/sudoers/auth/sudo_auth.c:
10387: Add missing newline after pass password warning
10388: [337dba3870a7]
10389:
10390: * plugins/sudoers/sudoers.c:
10391: Set user_groups and user_ngroups based on user_info
10392: [61bee85128c8]
10393:
10394: * plugins/sudoers/error.c:
10395: Make this compile
10396: [7041c441e1c8]
10397:
10398: * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
10399: Make _warning in error.c use the conversation function and remove
10400: commented out warning/warningx in sudoers.c.
10401: [7c9b09024b63]
10402:
10403: * plugins/sudoers/logging.c:
10404: Use siglongjmp() in log_error for fatal errors
10405: [b50e26f1c73f]
10406:
10407: * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
10408: Quiet a libtool warning
10409: [b2331fb006bc]
10410:
10411: * Makefile:
10412: Build sudoers plugin
10413: [5cdf06e66978]
10414:
10415: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
10416: Use warningx in yyerror() so the conversation function gets used
10417: when built as part of sudoers.
10418: [85f964215eef]
10419:
10420: 2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
10421:
10422: * plugins/sudoers/auth/pam.c:
10423: Rename sudo_conv to conversation to avoid a namespace conflict.
10424: [1ad359d36be9]
10425:
10426: * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
10427: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
10428: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
10429: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
10430: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
10431: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
10432: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
10433: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
10434: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
10435: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
10436: plugins/sudoers/env.c, plugins/sudoers/error.c,
10437: plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
10438: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
10439: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
10440: plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
10441: plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
10442: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
10443: plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
10444: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
10445: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
10446: plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
10447: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
10448: Initial bits of sudoers plugin; still needs work.
10449: [af2a2c59a952]
10450:
10451: * config.h.in:
10452: Add HAVE_STRDUP and HAVE_STRNDUP
10453: [50a3c0dd510f]
10454:
10455: * compat/Makefile.in, configure, configure.in:
10456: Build libmissing in two flavors (one PIC one non-PIC) and link with
10457: the appropriate one.
10458: [b62f411a4c18]
10459:
10460: * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
10461: compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
10462: Build libmissing in two flavors (one PIC one non-PIC) and link with
10463: the appropriate one.
10464: [e1e04972b5fe]
10465:
10466: 2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
10467:
10468: * include/missing.h:
10469: Add strdup and strndup and fix strsignal
10470: [c159babe2896]
10471:
10472: 2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
10473:
10474: * compat/strdup.c, compat/strndup.c, configure, configure.in,
10475: plugins/sample/Makefile.in, src/Makefile.in:
10476: Add strdup and strndup to compat
10477: [25c9fd399a4d]
10478:
10479: * plugins/sample/sample_plugin.c:
10480: Need to include compat.h before missing.h
10481: [c94f7aad380f]
10482:
10483: * compat/strsignal.c:
10484: Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
10485: it doesn't exist configure will set it to 0.
10486: [384580566389]
10487:
10488: * compat/glob.c:
10489: Fix botched ANSI C coversion of globexp2()
10490: [4a344b8cbe49]
10491:
10492: * configure, configure.in:
10493: Remove redundant getgroups check
10494: [0b16ec210c81]
10495:
10496: * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
10497: Require either termios or termio, no more sgtty.
10498: [9b2fa2f17a1c]
10499:
10500: * compat/strsignal.c, config.h.in, configure, configure.in:
10501: Change the sys_siglist check to use AC_CHECK_DECLS and also check
10502: for _sys_siglist and__sys_siglist
10503: [2e078fed2408]
10504:
10505: 2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
10506:
10507: * configure, configure.in, src/Makefile.in:
10508: Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
10509: use SUDO_OBJS for the main driver as part of OBJS.
10510: [9ae4a80a5ade]
10511:
10512: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
10513: Mention in the conversation function section that a newline is not
10514: implicit.
10515: [04a233b6c491]
10516:
10517: * include/compat.h:
10518: Add definition of WCOREDUMP for systems without it. This is known
10519: to work on AIX and SunOS 4, but may be incorrect on other systems
10520: that lack WCOREDUMP.
10521: [c85b3ce6b77d]
10522:
10523: 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
10524:
10525: * plugins/sample/sample_plugin.c, src/conversation.c:
10526: conversation function no longer puts a newline at the end of info or
10527: error messages.
10528: [c534cae1ac4a]
10529:
10530: 2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
10531:
10532: * src/script.c:
10533: Use parent process group id instead of parent process id when
10534: checking foreground status and suspending parent. Fixes an issue
10535: when running commands under /usr/bin/time and others.
10536: [564f528c3bb7]
10537:
10538: 2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
10539:
10540: * aclocal.m4:
10541: transcript option is now --with not --enable
10542: [0646fac4cf93]
10543:
10544: * plugins/sample/sample_plugin.c:
10545: Add support to -u and -g flags Check fmt_string retval Add timeout
10546: for debugging purposes
10547: [cfefa4fa60b5]
10548:
10549: * src/script.c, src/sudo.c:
10550: Wire up SIGALRM handler Set close on exec flag for child side of the
10551: socketpair Fix signal handling when not doing I/O logging
10552: [379581ec7272]
10553:
10554: * src/sudo.c:
10555: g/c unused SIGCHLD handler
10556: [0afa03912dce]
10557:
10558: * src/fmt_string.c, src/parse_args.c, src/sudo.c:
10559: Don't use emalloc() in fmt_string(); we want to be able to use it
10560: from a plugin.
10561: [ade64d368147]
10562:
10563: * include/list.h:
10564: tq_remove not list_remove
10565: [0e0e1fd5c31c]
10566:
10567: * configure, configure.in:
10568: AUTH_OBJS should contain .lo files not .o files.
10569: [c64c82c9d5a2]
10570:
10571: 2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
10572:
10573: * src/parse_args.c:
10574: Simplify conversion of command line args to name=value pairs.
10575: [75ab127c6a94]
10576:
10577: * plugins/sample/sample_plugin.c:
10578: Handle NULL reply from conversation function
10579: [6ce09b6cb204]
10580:
10581: * compat/getline.c:
10582: Don't depend on emalloc/erealloc
10583: [73df09e2109f]
10584:
10585: * plugins/sample/Makefile.in:
10586: Use $(OBJS) instead of sample_plugin.lo
10587: [2d995db9aa99]
10588:
10589: * plugins/sample/sample_plugin.c:
10590: runas_user is in settings not user_info
10591: [7ee12068bc57]
10592:
10593: * src/parse_args.c:
10594: Fix a mismatch between sudo_settings and settings_pairs that causes
10595: some settings to get the wrong values.
10596: [b1bc6d81a65f]
10597:
10598: 2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
10599:
10600: * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
10601: src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
10602: src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
10603: Convert to ANSI C
10604: [d03b6e4a3b75]
10605:
10606: * src/load_plugins.c:
10607: Fix strlcpy() return value check.
10608: [7cd66999a374]
10609:
10610: * INSTALL, configure, configure.in:
10611: No longer need to substitute in script.o and pty.o; I/O logging
10612: support is always built.
10613: [45250024c5dc]
10614:
10615: 2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
10616:
10617: * src/script.c:
10618: Add fallback to /bin/sh when execve() fails with ENOEXEC.
10619: [7684a15a1352]
10620:
10621: * include/alloc.h, src/alloc.c:
10622: Add estrndup()
10623: [47621c83bed9]
10624:
10625: 2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
10626:
10627: * src/script.c, src/sudo.c:
10628: Refactor script_execve() a bit so that it can be used in non-script
10629: mode. Needs more cleanup.
10630: [f09e022d547c]
10631:
10632: * src/sudo.c:
10633: Ignore empty entries in command_info list
10634: [1eea9a8de21c]
10635:
10636: * include/list.h, src/list.c:
10637: Add tq_remove
10638: [40908a617cb2]
10639:
10640: * src/conversation.c:
10641: Pass timeout to tgetpass()
10642: [9e66c918b771]
10643:
10644: * Makefile:
10645: Add ChangeLog target
10646: [da4a39150838]
10647:
10648: * README, WHATSNEW:
10649: Bump version and update things slightly for sudo 1.8.0
10650: [4b73cc45e2d4]
10651:
10652: * configure, configure.in:
10653: Sudo now requires an ANSI/ISO C compiler
10654: [1e51f72e6964]
10655:
10656: * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
10657: src/sudo_noexec.c:
10658: Convert to ANSI C
10659: [5cbd315dbde8]
10660:
10661: * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
10662: include/list.h, include/missing.h:
10663: Convert to ANSI C
10664: [3f5016ff64f4]
10665:
10666: * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
10667: compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
10668: compat/getprogname.c, compat/glob.c, compat/glob.h,
10669: compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
10670: compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
10671: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
10672: compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
10673: compat/utimes.c:
10674: Convert to ANSI C
10675: [0d635c85461c]
10676:
10677: 2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
10678:
10679: * src/sudo.c, src/tgetpass.c:
10680: Make user_details extern so tgetpass can get at the uid and gid. Set
10681: uid/gid to user before executing askpass program. Check environment
10682: for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
10683: set the askpass program itself
10684: [d33606396176]
10685:
10686: * src/sudo.c:
10687: No longer need sudo_usage.h in sudo.c
10688: [063e2946c382]
10689:
10690: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
10691: doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
10692: src/sudo_usage.h.in:
10693: Document -D level command line flag which maps to the debug_level
10694: setting.
10695: [61f1e2ab3ac1]
10696:
10697: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
10698: Document debug_level in plugin doc. Still need to document the -D
10699: flag in sudo itself.
10700: [8c62daea3e9b]
10701:
10702: 2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
10703:
10704: * plugins/sample/sample_plugin.c:
10705: include missing,h for vasprintf
10706: [92503de49b39]
10707:
10708: * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
10709: doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
10710: Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
10711: [14cfb4775238]
10712:
10713: * plugins/sample/sample_plugin.c:
10714: Need to include limits.h
10715: [bda7f74343d2]
10716:
10717: * compat/glob.c:
10718: No more sudo_getpw*
10719: [232e52907634]
10720:
10721: * plugins/sample/Makefile.in, src/Makefile.in:
10722: Add missing compat bits
10723: [4843dd000e08]
10724:
10725: * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
10726: compat files should not include sudo.h wire up compat in sample
10727: plugin
10728: [a175b8185e0f]
10729:
10730: * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
10731: Fix up compat dependencies. Fix distclean target in doc/Makefile.in
10732: [57e49bc20857]
10733:
10734: * configure, configure.in:
10735: Fix typo
10736: [333655e3d5fe]
10737:
10738: * plugins/sample/sample_plugin.c:
10739: Log input and output to temp files for proof of concept.
10740: [ae1dfc34f7d6]
10741:
10742: * Makefile, configure, configure.in, doc/Makefile.in:
10743: Add doc Makefile.in and wire it up
10744: [6a310443c87d]
10745:
10746: * src/script.c:
10747: Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
10748: suspending a shell with the "suspend" builtint.
10749: [3d65f182819a]
10750:
10751: * src/script.c:
10752: In child, handle parent side of the pipe going away.
10753: [a29c14d78cd9]
10754:
10755: * src/script.c:
10756: No longer need to check for explicit death of the child (process #2)
10757: since if it dies we will get EPIPE from the socketpair. Fix a
10758: sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
10759: sudo_debug.
10760: [24c55dd4ff60]
10761:
10762: * src/sudo.c:
10763: Make sudo_debug do a single vfprintf() which will result in a single
10764: write call on most systems. Avoids problems with interleaved debug
10765: printf from different processes. Also remove an extraneous error
10766: case since recv() can't return a short read and add some more XXX.
10767: [b37a8533ef1e]
10768:
10769: 2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
10770:
10771: * src/script.c:
10772: Fix uninitialized variable.
10773: [e012a0a30890]
10774:
10775: * src/Makefile.in:
10776: Fix sudo install target
10777: [1417fa4b4ab9]
10778:
10779: * src/parse_args.c, src/sudo.c, src/sudo.h:
10780: Wire up debug_level
10781: [144fab289c73]
10782:
10783: * src/Makefile.in:
10784: Fix dependencies
10785: [5170940af2ce]
10786:
10787: * configure, configure.in:
10788: Fix setting of plugin dir
10789: [144eda170a72]
10790:
10791: * Makefile:
10792: add clean targets
10793: [d53f6f6f5c3a]
10794:
10795: * src/atobool.c:
10796: Add missing source for sudo front end
10797: [42487de9c489]
10798:
10799: * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
10800: Sample plugin demonstrating the sudo plugin API
10801: [f1fd62d7644f]
10802:
10803: * Makefile, configure, configure.in, install-sh, pathnames.h.in,
10804: plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
10805: src/fileops.c, src/fmt_string.c, src/load_plugins.c,
10806: src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
10807: src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
10808: sudo_usage.h.in:
10809: Modular sudo front-end which loads policy and I/O plugins that do
10810: most the actual work. Currently relies on dynamic loading using
10811: dlopen(). See doc/plugin.pod for the plugin API.
10812: [924f6eb2fbba]
10813:
10814: * doc/plugin.pod, include/sudo_plugin.h:
10815: Sudo plugin API
10816: [374ccbbd24ae]
10817:
10818: * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
10819: compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
10820: plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
10821: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
10822: src/fileops.c, src/sudo_edit.c:
10823: Replace emul/include.h with compat/include.h to match new source
10824: tree layout.
10825: [7eccd10449a1]
10826:
10827: * src/lbuf.c:
10828: Include missing.h for memrchr() proto
10829: [03abd63a8a33]
10830:
10831: * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
10832: TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
10833: alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
10834: auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
10835: auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
10836: auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
10837: auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
10838: closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
10839: compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
10840: compat/getline.c, compat/getprogname.c, compat/glob.c,
10841: compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
10842: compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
10843: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
10844: compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
10845: compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
10846: def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
10847: doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
10848: doc/license.pod, doc/sample.pam, doc/sample.sudoers,
10849: doc/sample.syslog.conf, doc/schema.ActiveDirectory,
10850: doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
10851: doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
10852: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
10853: doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
10854: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
10855: doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
10856: emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
10857: error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
10858: getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
10859: gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
10860: include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
10861: include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
10862: ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
10863: interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
10864: list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
10865: mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
10866: nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
10867: plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
10868: plugins/sudoers/alias.c, plugins/sudoers/auth/API,
10869: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
10870: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
10871: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
10872: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
10873: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
10874: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
10875: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
10876: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
10877: plugins/sudoers/boottime.c, plugins/sudoers/check.c,
10878: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
10879: plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
10880: plugins/sudoers/defaults.h, plugins/sudoers/env.c,
10881: plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
10882: plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
10883: plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
10884: plugins/sudoers/gram.c, plugins/sudoers/gram.h,
10885: plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
10886: plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
10887: plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
10888: plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
10889: plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
10890: plugins/sudoers/logging.c, plugins/sudoers/logging.h,
10891: plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
10892: plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
10893: plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
10894: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
10895: plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
10896: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
10897: plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
10898: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
10899: plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
10900: plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
10901: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
10902: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
10903: plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
10904: sample.pam, sample.sudoers, sample.syslog.conf,
10905: schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
10906: selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
10907: src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
10908: src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
10909: src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
10910: src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
10911: strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
10912: sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
10913: sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
10914: sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
10915: sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
10916: sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
10917: term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
10918: tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
10919: visudo.man.in, visudo.pod, zero_bytes.c:
10920: Rework source layout in preparation for modular sudo.
10921: [7fc1978c6ad5]
10922:
10923: 2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
10924:
10925: * Avoid a duplicate fclose() of the sudoers file.
10926: [5dba851088c1]
10927:
10928: * Fix size arg when realloc()ing include stack. From Daniel Kopecek
10929: [0a2935061e33]
10930:
10931: * Use setrlimit64(), if available, instead of setrlimit() when setting
10932: AIX resource limits since rlim_t is 32bits.
10933: [353db89bac61]
10934:
10935: * Fix use after free when sending error messages. From Timo Juhani
10936: Lindfors
10937: [e50dbd902382]
10938:
10939: * ChangeLog, Makefile.in:
10940: Generate the ChangeLog as part of "make dist" instead of having it
10941: in the repo.
10942: [251b70964673]
10943:
10944: 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
10945:
10946: * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
10947: auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
10948: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
10949: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
10950: auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
10951: closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
10952: emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
10953: fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
10954: gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
10955: ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
10956: isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
10957: logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
10958: mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
10959: pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
10960: sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
10961: sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
10962: strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
10963: sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
10964: sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
10965: sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
10966: term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
10967: utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
10968: Remove CVS $Sudo$ tags.
10969: [de683a8b31f5]
10970:
10971: 2010-01-18 convert-repo <convert-repo>
10972:
10973: * .hgtags:
10974: update tags
10975: [9b7aa44ae436]
10976:
10977: 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
10978:
10979: * sudo_usage.h.in:
10980: make this match sudoers SYNOPSIS
10981: [c74ba66944c2]
10982:
10983: * lbuf.c, parse.c:
10984: Print a newline between Runas and Command-specific defaults in sudo
10985: -l.
10986: [b5bdfcc9ce4b]
10987:
10988: * term.c:
10989: Use SET and CLR macros in term_raw
10990: [50ca42609d6c]
10991:
10992: * sudoreplay.c:
10993: Set stdin to non-blocking mode early instead of in check_input. Use
10994: term_raw instead of term_cbreak since the data we get has already
10995: been expanded via OPOST.
10996: [51c47e803d62]
10997:
10998: 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
10999:
11000: * script.c, term.c:
11001: Enable/disable all postprocessing instead of just nl->crnl
11002: processing since things like tab expansion matter too. However, if
11003: stdout is a tty leave postprocessing on in the pty since we run into
11004: problems doing it only on the real stdout with .e.g nvi.
11005: [62666e309673]
11006:
11007: 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
11008:
11009: * check.c:
11010: If tty_tickets is enabled and there is no tty, prompt for a
11011: password. Do not lecture user for "sudo -k command" if user has a
11012: timestamp.
11013: [5880200c5f6b]
11014:
11015: * INSTALL:
11016: Document missing options: --with-efence and --with-bsm-audit
11017: [d83afcdf9ff3]
11018:
11019: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
11020: sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
11021: sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
11022: visudo.man.in, visudo.pod:
11023: username -> user name groupname -> group name hostname -> host name
11024: [10c85646f45d]
11025:
11026: * INSTALL, README.LDAP, sudoers.pod:
11027: filename -> file name like the rest of the docs
11028: [1ef8ab5a9018]
11029:
11030: 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
11031:
11032: * parse.c:
11033: Fix printing of entries with multiple host entries on a single line.
11034: [226ceaf91d8d]
11035:
11036: 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
11037:
11038: * sudoers.pod:
11039: Mention that targetpw affects the timestamp file name.
11040: [a26e22e4f72e]
11041:
11042: * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
11043: sudoers.pod:
11044: Add compress_transcript option.
11045: [6e94f8cb9dfb]
11046:
11047: 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
11048:
11049: * configure, configure.in:
11050: bump to 1.7.3b2
11051: [906d7e347d15]
11052:
11053: * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
11054: Better split of membership vs. traditional group check in
11055: user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
11056: [6ebc55d4716b]
11057:
11058: 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
11059:
11060: * pwutil.c:
11061: Fix pasto and add default return value.
11062: [7973b5e4599c]
11063:
11064: * check.c, match.c, pwutil.c, sudo.h:
11065: refactor group member checking into user_in_group()
11066: [48ca8c2eddf8]
11067:
11068: * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
11069: sudo.h:
11070: Add support for mbr_check_membership() as present in darwin.
11071: [5501aed02b9f]
11072:
11073: 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
11074:
11075: * match.c:
11076: Rename label to be accurate
11077: [3af17dd960f7]
11078:
11079: * Makefile.in, boottime.c, check.c, config.h.in, configure,
11080: configure.in, sudo.h:
11081: Treat timestamp files from before we booted as old. Idea from and
11082: Apple patch.
11083: [5c96e484c05a]
11084:
11085: 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
11086:
11087: * sudo.c, sudo.pod, sudo_usage.h.in:
11088: Allow the -u flag to be used in conjunction with the -v flag as per
11089: older versions of sudo.
11090: [591e9fc13c1a]
11091:
11092: * logging.c:
11093: fix typo in last commit
11094: [4fd0c692dcf0]
11095:
11096: 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
11097:
11098: * logging.c:
11099: Convert fmt_first and fmt_confd into macros.
11100: [32e870158b29]
11101:
11102: * sudoers.pod:
11103: timeouts can be floats now
11104: [89de639a9679]
11105:
11106: * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
11107: defaults.h, mkdefaults:
11108: Add support for floating point timeout values (e.g. 2.5 minutes).
11109: [210ffa291733]
11110:
11111: 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
11112:
11113: * sudo.pod:
11114: The -L flag will be removed in sudo 1.7.4
11115: [ffd026084333]
11116:
11117: 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
11118:
11119: * sudoreplay.c:
11120: Fix a bug due to order of operators.
11121: [938d34464283]
11122:
11123: 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
11124:
11125: * match.c:
11126: cmnd_matches() already deals with negation so _cmndlist_matches()
11127: does not need to do so itself. Fixes a bug with negated entries in
11128: a Cmnd_List.
11129: [71c845f6ce73]
11130:
11131: 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
11132:
11133: * sudo.c:
11134: Don't exit() from open_sudoers, just return NULL for all errors.
11135: [8cfa832f972a]
11136:
11137: * script.c:
11138: Can't rely on the shell sending us SIGCONT when transitioning from
11139: backgroup to foreground process.
11140: [3c6c5b6cb4b3]
11141:
11142: * toke.c, toke.l:
11143: Add missing extern def for parse_error
11144: [45b7b59d03b7]
11145:
11146: 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
11147:
11148: * toke.c, toke.l:
11149: Avoid a parse error when #includedir doesn't find any files. Closes
11150: bug #375
11151: [1ce1b850e9e6]
11152:
11153: * Makefile.in:
11154: Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
11155: [6a22e32da108]
11156:
11157: 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
11158:
11159: * script.c:
11160: Start command out in foreground mode if stdout is a tty. Works
11161: around issues with some curses-based programs that don't handle
11162: tcsetattr getting interrupted by a signal. Still allows us to avoid
11163: hogging the tty if the command is part of a pipeline.
11164: [1c32f2b94769]
11165:
11166: * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
11167: Use a socketpair to pass signals from parent to child. Child will
11168: now pass command status change info back via the socketpair. This
11169: allows the parent to distinguish between signals it has been sent
11170: directly and signals the command has received. It also means the
11171: parent can once again print the signal notifications to the tty so
11172: all writes to the pty master occur in the parent. The command is
11173: now always started in background mode with tty signals handled by
11174: the parent.
11175: [c6790b82986d]
11176:
11177: 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
11178:
11179: * configure, configure.in:
11180: Fix a few typos in the descriptions; from Jeff Makey Only do the
11181: check for krb5_get_init_creds_opt_free() taking two arguments if we
11182: find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
11183: positive when using our own krb5_get_init_creds_opt_free which takes
11184: only a single argument.
11185: [845a9ff6f93d]
11186:
11187: 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
11188:
11189: * configure, configure.in:
11190: Remove a spurious comma in the kerb5 bits.
11191: [3433eab083db]
11192:
11193: * auth/kerb5.c:
11194: Call krb5_get_init_creds_opt_init() in our emulated
11195: krb5_get_init_creds_opt_alloc() for MIT kerberos.
11196: [7ffb40bf43e9]
11197:
11198: 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
11199:
11200: * config.h.in:
11201: Add HAVE_ZLIB
11202: [9297bde61ecc]
11203:
11204: * script.c:
11205: Need to ignore SIGTT{IN,OU} in child when running the command in the
11206: background. Also some minor cleanup.
11207: [dc208d982319]
11208:
11209: 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
11210:
11211: * script.c:
11212: Instead of calling sigsuspend when waiting for SIGUSR[12] from
11213: parent, install the signal handlers w/o SA_RESTART and let them
11214: interrupt waitpid().
11215: [759c7d18203b]
11216:
11217: * script.c:
11218: Pass along SIGHUP and SIGTERM from parent to child.
11219: [035b0e254568]
11220:
11221: * script.c:
11222: Close unused bits of script_fds in processes that don't need them.
11223: Restore default SIGCONT handler in child.
11224: [e037378ab0c1]
11225:
11226: * script.c:
11227: Update foreground/background status in SIGCONT handler in parent
11228: process.
11229: [3f7f91333264]
11230:
11231: 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
11232:
11233: * script.c:
11234: Defer setting terminal into raw mode until just before we fork() and
11235: only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
11236: and sudo is already in the foreground be sure to set raw mode before
11237: continuing the child.
11238: [1102ef40832c]
11239:
11240: 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
11241:
11242: * script.c:
11243: Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
11244: give the command the controlling tty if the main sudo process is the
11245: foreground process.
11246: [cf3a91cb5682]
11247:
11248: * script.c:
11249: Don't bother with sudo_waitpid() here for now.
11250: [9086de480c2d]
11251:
11252: * script.c:
11253: fix non-zlib case
11254: [a258bff0f9a6]
11255:
11256: 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
11257:
11258: * script.c:
11259: Remove non-wroking code that crept into rev 1.55
11260: [2802dd55cff5]
11261:
11262: 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
11263:
11264: * INSTALL, configure, configure.in, script.c, sudoreplay.c:
11265: First pass at zlib support for transcript data files
11266: [5d10260807da]
11267:
11268: * Makefile.in:
11269: remove vestiges of ZLDFLAGS
11270: [1fa0caf1c0fb]
11271:
11272: * script.c:
11273: Add missing variable declaration for when TIOCSCTTY is not defined.
11274: Need to include sys/termio.h for TIOCSCTTY on some systems.
11275: [ee7f41ac2709]
11276:
11277: * script.c:
11278: when resuming command, send SIGCONT to its pgrp not just pid
11279: [5cd63c1d565b]
11280:
11281: * selinux.c:
11282: remove unused variable
11283: [df67df4be228]
11284:
11285: * script.c:
11286: include selinux.h for is_selinux_enabled() proto
11287: [85ebaa880cc1]
11288:
11289: * script.c:
11290: Don't use log_error() in the child process.
11291: [def65fe2a433]
11292:
11293: * script.c:
11294: Do I/O in parent instead of child since the parent can have both
11295: /dev/tty as well as the pty fds open. The child just sets things up
11296: and waits for its grandchild and writes the signal description to
11297: the pty master if the command was killed by a signal.
11298: [95e473208982]
11299:
11300: 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
11301:
11302: * missing.h, sudo.h:
11303: Move two struct forward declarations from sudo.h to missing.h
11304: [90ad28294a8c]
11305:
11306: * script.c:
11307: Make comment at the top of script_exec() match reality.
11308: [c5042d27dbe0]
11309:
11310: * sudo.c:
11311: if neither stdin nor stdout is a tty, check stderr
11312: [c532ff20c8d8]
11313:
11314: * Makefile.in:
11315: Add back dependecy of gram.h on gram.y
11316: [c58382b7fcca]
11317:
11318: * script.c:
11319: Make transcript mode work as long as we can figure out our tty, even
11320: if it is not stdin. We'd like to use /dev/tty but that won't be
11321: valid after the setsid().
11322: [7b8bba8d99e7]
11323:
11324: 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
11325:
11326: * config.h.in, configure, configure.in, pty.c:
11327: Add support for IRIX-style dynamic ptys
11328: [bedc9bac44c1]
11329:
11330: * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
11331: Move alloc.c protos into alloc.h
11332: [b6a90649617d]
11333:
11334: * missing.h:
11335: Move prototypes for missing libc functions to missing.h
11336: [dda9ae1ccaf8]
11337:
11338: * Makefile.in, sudo.h, sudoreplay.c:
11339: Move prototypes for missing libc functions to missing.h
11340: [7483166b577b]
11341:
11342: 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
11343:
11344: * config.h.in, configure, configure.in:
11345: Disable transcript support if no tcsetpgrp until we support older
11346: BSD-style job control.
11347: [27ac1d8163df]
11348:
11349: * configure, configure.in, pty.c, script.c:
11350: Break out pty code into pty.c
11351: [e85509b25d41]
11352:
11353: * compat.h, config.h.in, configure, configure.in:
11354: add killpg macro if no killpg function
11355: [3a125f4a51f0]
11356:
11357: * config.h.in, configure, configure.in, script.c:
11358: Push ptem and ldterm for STERAMS-based systems when allocating a
11359: pty.
11360: [36bb39b30ff2]
11361:
11362: 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
11363:
11364: * script.c:
11365: Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
11366: [d94bd5c9bf4e]
11367:
11368: * script.c:
11369: Call tcgetpgrp() in the parent, not the child and have the child
11370: spin until it is granted. Fixes a race on darwin.
11371: [6e8d435339ce]
11372:
11373: * script.c:
11374: Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
11375: reopen slave.
11376: [0bdc63c019ca]
11377:
11378: 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
11379:
11380: * script.c:
11381: In script mode, if the command is killed by a signal, print the
11382: signal description as well as a core dump notification like the
11383: shell does.
11384: [9df61738df07]
11385:
11386: * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
11387: sudo.h:
11388: Add check for strsignal() and a simple implementation if it is not
11389: there but sys_siglist is
11390: [61421a188ef4]
11391:
11392: * script.c:
11393: Add missing WUNTRACED and store the signal that stopped the
11394: grandchild in suspended, not signo.
11395: [df65042b200e]
11396:
11397: * script.c:
11398: g/c unused code
11399: [40d8cb5c9203]
11400:
11401: * script.c:
11402: Associate the grandchild's pgrp with the tty instead of the child's
11403: and just get suspend notifications via SIGCHLD instead of directly.
11404: This fixes a hang with programs that try to set terminal attributes
11405: and is more consistent with how the shell handles things.
11406: [6865abff7e94]
11407:
11408: 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
11409:
11410: * script.c:
11411: Move setpgid() of child into the parent side of the fork() where it
11412: belongs.
11413: [3defa782777c]
11414:
11415: 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
11416:
11417: * script.c:
11418: fix typo
11419: [b6a612b3622c]
11420:
11421: * script.c:
11422: Run command in its own pgrp (like the shell does) for easier
11423: signalling. No need to relay SIGINT or SIGQUIT to parent, just send
11424: to grandchild. Don't want grandchild stopped events in the child
11425: (only termination). Flush output after suspending grandchild before
11426: signalling parent.
11427: [db556bf2176f]
11428:
11429: * script.c:
11430: Back out revision 1.34; the problem lies elsewhere.
11431: [85f590a03275]
11432:
11433: * script.c:
11434: Don't set stdout to blocking mode when flushing remaining output.
11435: It can cause us to hang when trying to exit. Need to investigate
11436: why.
11437: [6f803a3e33ca]
11438:
11439: * script.c:
11440: Handle SIGTTOU and remove some debugging.
11441: [52d17279053e]
11442:
11443: * term.c:
11444: Back out revision 1.10 as the signal that interrupts us may be
11445: SIGTTOU or SIGTTIN which the caller must handle.
11446: [7e2fa9107975]
11447:
11448: * script.c:
11449: Apparently we need to send SIGSTOP to the command as well as ourself
11450: when we get SIGTSTP, the kernel doesn't automatically stop the
11451: process for us.
11452: [1a936e9309c4]
11453:
11454: * script.c:
11455: Use an extra process to act as the glue bewteen the sessions
11456: associated with the user's controlling tty (what the shell uses) and
11457: the tty that sudo is using to do its logging. Basically, this means
11458: that if we get, e.g. SIGTSTP from the process sudo is running, we
11459: relay the signal to the parent so it's shell can do the job control.
11460: [6dd296988060]
11461:
11462: * term.c:
11463: Handle getting/setting terminal attributes when the fd is in non-
11464: blocking mode.
11465: [ae5ae535ea7b]
11466:
11467: 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
11468:
11469: * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
11470: Add support for pausing and changing the speed in interactive mode.
11471: [72a2063780a7]
11472:
11473: * script.c:
11474: Already define O_NOCTTY in compat.h, don't need it here
11475: [b5d80ed3e5ce]
11476:
11477: 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
11478:
11479: * sudoreplay.c:
11480: Add missing protos
11481: [c4cb4e7f4d8a]
11482:
11483: 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
11484:
11485: * sudo_edit.c:
11486: Always update the stashed mtime of the temp file instead of using
11487: what we have for the original because the time resolution of the
11488: filesystem the temporary is on may not match that of the filesystem
11489: that holds the original. Should fix bz #371 found by Philippe Levan.
11490: [c86ca4bec60c]
11491:
11492: * sudoreplay.c:
11493: Use cbreak mode instead of raw mode and add signal handlers to
11494: restore the tty on interrupt.
11495: [84dd283da41c]
11496:
11497: * script.c, sudo.h, term.c:
11498: Retain NL to NLCR conversion on the real tty and skip it on the pty
11499: we allocate. That way, if stdout is not a pty there are no extra
11500: carriage returns.
11501: [32e4f570414e]
11502:
11503: * script.c:
11504: Fix log_output(); just pass in a string and a length.
11505: [ca980cc0a3fb]
11506:
11507: 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
11508:
11509: * script.c:
11510: do not use errno when complaining out lack of a tty
11511: [8f9b8c55ab8e]
11512:
11513: 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
11514:
11515: * Makefile.in, sudoreplay.c, term.c:
11516: Instead of messing with line endings, just set terminal to raw mode
11517: in sudoreplay.
11518: [90943fa87acb]
11519:
11520: * term.c:
11521: When copying the terminal attributes to the pty, be sure not to set
11522: ONLCR. This prevents extra carriage returns from ending up in the
11523: script output file.
11524: [e6b5475ac2aa]
11525:
11526: * script.c:
11527: Convert a do {} while into a while
11528: [e461310d2c77]
11529:
11530: * Makefile.in:
11531: Use if then instead of test && when installing binaries that may not
11532: exist.
11533: [ad4f9490d971]
11534:
11535: * script.c:
11536: Add O_NOCTTY when opening a tty device. Explicitly disconnect from
11537: old tty before associatng with new one.
11538: [0e0ca634b80c]
11539:
11540: * script.c, selinux.c, sudo.c, sudo.h:
11541: First cut at refactoring some of the selinux code so it can be used
11542: in conjunction with sudo's transcript support.
11543: [779b0d8f9d29]
11544:
11545: 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
11546:
11547: * aclocal.m4, configure, configure.in:
11548: Fix default case of transcript_enabled being unset.
11549: [f8aa96186e6b]
11550:
11551: * script.c, sudoreplay.c:
11552: Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
11553: [2844a7a851fa]
11554:
11555: * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
11556: Hook up --disable-transcript and --enable-transcript=DIR
11557: [b3fa7e6b2480]
11558:
11559: 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
11560:
11561: * aclocal.m4, configure, configure.in, pathnames.h.in:
11562: _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
11563: transcript=DIR option to specify the directory
11564: [b0bb76d43cda]
11565:
11566: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
11567: regen
11568: [c7a8a0a9027c]
11569:
11570: * configure, configure.in, sudoers.man.pl, sudoers.pod:
11571: Substitute in default value for secure_path
11572: [c8f9ac6dbf93]
11573:
11574: * sudo.pod:
11575: Mention that the password must be followed by a newline with the -S
11576: option.
11577: [2fc589a3ee7e]
11578:
11579: 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
11580:
11581: * script.c:
11582: Go back to dropping out of the select() loop when the process dies;
11583: Linux ptys apparently don't behave the same as BSD in regards to
11584: select(). No need to flush remaining output to the transcript, only
11585: to stdout. Add back code to check the master pty for additional data
11586: when we exit the main select loop.
11587: [abed9a9cbc6b]
11588:
11589: 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
11590:
11591: * Makefile.in:
11592: Add getline.o to COMMON_OBJS
11593: [04ef7643cbc2]
11594:
11595: * Makefile.in:
11596: sudoreplay depends on libsudo.a
11597: [142bd0472631]
11598:
11599: * Makefile.in:
11600: More pwutil.o into COMMON_OBJS
11601: [4a016b933629]
11602:
11603: * pwutil.c, testsudoers.c, tsgetgrpw.c:
11604: Remove my_* redirection in pwutil.c for testsudoers and just use the
11605: normal libc get{pw,gr}* names.
11606: [9b76d637d86b]
11607:
11608: * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
11609: More time and date examples
11610: [c6ee0175ec56]
11611:
11612: * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
11613: Move nanosleep() emulation into its own file Check librt.a for
11614: nanosleep if we don't find it in libc
11615: [4da0cc26aad7]
11616:
11617: * Makefile.in, configure, configure.in:
11618: Build libsudo with the common bits and link things against that.
11619: [2b53bc0b081a]
11620:
11621: * script.c:
11622: Fix final flush.
11623: [6da287d833da]
11624:
11625: * script.c:
11626: Keep reading from the pty master -> log file until read returns <=
11627: 0. Do our best to write everything to stdout when flushing any
11628: remaining bits.
11629: [2a45d4ae280c]
11630:
11631: * sudoreplay.c:
11632: Use unbuffered I/O when writing to stdout and make sure we write the
11633: entire buffer.
11634: [f39ef9844a47]
11635:
11636: 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
11637:
11638: * sudoreplay.c:
11639: Only use max_wait if it is non-zero
11640: [f6c10604d2e8]
11641:
11642: * getdate.c, getdate.y, getline.c:
11643: Need compat.h here
11644: [5d6722e225a0]
11645:
11646: * sudoreplay.c:
11647: Fix nanosleep emulation
11648: [34e5e5d72a76]
11649:
11650: * script.c:
11651: Fix comment after #endif
11652: [bd1347718b25]
11653:
11654: * sudoreplay.c:
11655: Add protos for missing libc bits
11656: [644f496427a2]
11657:
11658: * configure, configure.in:
11659: add missing line continuation char
11660: [db13c0d402cd]
11661:
11662: * config.h.in, configure, configure.in, getline.c:
11663: Implement getline() in terms of fgetln() if we have it.
11664: [3ab786eaadc5]
11665:
11666: * sudoreplay.c:
11667: Print year when formatting log line
11668: [90be669e3443]
11669:
11670: * sudoreplay.pod:
11671: Document cwd, attempt to document time/date formats.
11672: [6290fb9b65c6]
11673:
11674: * sudoreplay.c:
11675: Fix getline return value check.
11676: [d696d6657261]
11677:
11678: * Makefile.in, config.h.in, configure, configure.in, getline.c,
11679: sudoreplay.c:
11680: Use getline() if the system has it, else use provide our own for
11681: sudoreplay.
11682: [afca1d6fbe5e]
11683:
11684: * script.c:
11685: Refactor code to update output and timing files.
11686: [361491332b1a]
11687:
11688: 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
11689:
11690: * sudoreplay.c:
11691: Make sudo_getln() behave more like glibc getline.
11692: [40c9f2ea29e6]
11693:
11694: * script.c:
11695: When flushing remaining output, also update timing file.
11696: [5a9a5a627549]
11697:
11698: * sudoreplay.c:
11699: Use get_timestr() and make the -l output look like the regular sudo
11700: log.
11701: [452ba9d436c9]
11702:
11703: * logging.c, sudo.h, timestr.c:
11704: Make get_timestr() take a time_t so we can use it properly in
11705: sudoreplay.
11706: [82e67cc53c9c]
11707:
11708: * script.c:
11709: Create session dir earlier now that we update the seq number early.
11710: [797fe8d6dc61]
11711:
11712: 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
11713:
11714: * sudoreplay.c:
11715: Use fromdate and todate as the keywords instead of from and to; the
11716: short forms will still be accepted.
11717: [d14d9b116df4]
11718:
11719: * sudoreplay.c:
11720: Fix reading long liensin sudo_getln()
11721: [58dadd74118c]
11722:
11723: * script.c, sudoreplay.c:
11724: Log the cwd in the script log file. Add sudo_getln() to read
11725: arbitrarily long lines.
11726: [faceb802ab8f]
11727:
11728: * Makefile.in, logging.c, sudo.h, timestr.c:
11729: Move get_timestr() into its own source file so sudoreplay can use
11730: it.
11731: [99b054bfa20a]
11732:
11733: 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
11734:
11735: * sudoreplay.c:
11736: Add to and from perdicates (date ranges); needs documentation
11737: [1d629174dcf4]
11738:
11739: 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
11740:
11741: * Makefile.in, getdate.c, getdate.y:
11742: Fix warning and add generated getdate.c
11743: [b877a86b5a03]
11744:
11745: * Makefile.in, getdate.y:
11746: Add getdate.y to be used for sudoreplay date parsing.
11747: [b8e26fbb7a40]
11748:
11749: 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
11750:
11751: * sudoreplay.c:
11752: Check more than just the first character of a predicate
11753: [4fe53728adb1]
11754:
11755: * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
11756: Add examples, sort predicates
11757: [70f8075cbccc]
11758:
11759: * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
11760: sudoreplay.pod:
11761: Implement search expressions in sudoreplay similar in concept to
11762: what find or tcpdump uses. TODO: date ranges
11763: [f7ce4fb4cf3a]
11764:
11765: 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
11766:
11767: * script.c:
11768: Remove vhangup as it was hanging up the wrong tty. Should really
11769: vhangup in the child after it as set its tty.
11770: [2eed9df73010]
11771:
11772: * sudoers.pod:
11773: Fix cut at documenting transcript support.
11774: [e6c533a5568a]
11775:
11776: * logging.c:
11777: ID= -> TSID= for transcript ID
11778: [1bf755a35333]
11779:
11780: 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
11781:
11782: * sudoers.pod:
11783: Move fast_glob description to where it belongs in sorted order
11784: [5901cfb0d25f]
11785:
11786: * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
11787: parse.c, parse.h, sudo.c:
11788: Rename script -> transcript
11789: [e06cf823122c]
11790:
11791: 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
11792:
11793: * compat.h:
11794: Add timeradd and timersub for those without them
11795: [929f8aa06c2b]
11796:
11797: * script.c:
11798: Sanity check sessid before using it.
11799: [aa8ca5211d43]
11800:
11801: * sudo.c:
11802: Only set the session id if we are running a command or editing a
11803: file.
11804: [7205d717c098]
11805:
11806: * script.c:
11807: Actually. qsort is fine since most versions fal back to a cheaper
11808: sort when the number of elements to sort is small (like in our
11809: case).
11810: [d11c7cd352fe]
11811:
11812: * config.h.in, configure, configure.in, script.c:
11813: Check for dup2 and use dup instead if we don't have it.
11814: [98bd89830f8a]
11815:
11816: * script.c, sudo.c, sudo.h:
11817: Move the code to dup2 the script fds to low numbered descriptors
11818: into script_duplow() and fix the fd sorting.
11819: [9453fdc5fba6]
11820:
11821: * script.c, sudo.c, sudo.h:
11822: Move script_setup() back to immediately before we drop privs and
11823: call the new script_nextid() in its place, which will set
11824: sudo_user.sessid for the logging functions.
11825: [8434d0c8ff08]
11826:
11827: 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
11828:
11829: * Makefile.in:
11830: Install sudoreplay
11831: [6acf2cdb4d3f]
11832:
11833: * sudoreplay.c:
11834: remove unused variable
11835: [2316360bb992]
11836:
11837: 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
11838:
11839: * logging.c, script.c, sudo.c, sudo.h:
11840: Log the session ID, if there is one. Currently logs ID=XXXXXX,
11841: perhaps should be SESSIONID or SESSID.
11842: [53976905b0a6]
11843:
11844: * Makefile.in, configure, configure.in, sudoreplay.cat,
11845: sudoreplay.man.in, sudoreplay.pod:
11846: Add sudoreplay docs
11847: [da4f14f0e64c]
11848:
11849: * sudoreplay.c:
11850: add -V (version) flag
11851: [b5e743639ee3]
11852:
11853: * sudoreplay.c:
11854: Hook up max_wait.
11855: [2ec5697a92ba]
11856:
11857: * script.c, sudoreplay.c:
11858: Use base36 number for the ID and store script files with paths like
11859: /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
11860: (2,176,782,336) unique IDs.
11861: [6aab019d07aa]
11862:
11863: 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
11864:
11865: * config.h.in, configure.in:
11866: Add check for regcomp
11867: [44c3ebd7ff34]
11868:
11869: * sudoreplay.c:
11870: Add support for selecting by pattern and tty when listing.
11871: [66189f840c52]
11872:
11873: 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
11874:
11875: * sudoreplay.c:
11876: The beginnings of a list mode.
11877: [8d0150b4a52c]
11878:
11879: 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
11880:
11881: * Makefile.in:
11882: fix pasto
11883: [616b4640b8a8]
11884:
11885: * Makefile.in, config.h.in, configure.in:
11886: Add scaffolding for building sudoreplay
11887: [a32958505dbe]
11888:
11889: * sudoreplay.c:
11890: include error.h first arg to nanotime is const
11891: [fe5a7bb31bc5]
11892:
11893: * sudoreplay.c:
11894: Initial cut at sudoreplay; replay a sudo session.
11895: [f149fba372bd]
11896:
11897: 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
11898:
11899: * script.c:
11900: Fix wait() usage and use correct wait status.
11901: [f4745ed7ad05]
11902:
11903: * sudo.c, sudo.h, tgetpass.c:
11904: Add protos for term_* to sudo.h
11905: [14fe1abd7e7b]
11906:
11907: * script.c:
11908: Fix detection of the child process exiting. Since the child is in
11909: its own session we should only ever get SIGCHLD for that process but
11910: better safe than sorry.
11911: [7edfdadd8505]
11912:
11913: * config.h.in:
11914: Add UNIX98 pty support.
11915: [82f4b53a0e8f]
11916:
11917: * configure, configure.in, script.c:
11918: Add UNIX98 pty support.
11919: [795b8bb0a3a1]
11920:
11921: 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
11922:
11923: * term.c:
11924: For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
11925: if it is defined.
11926: [40f8b83baf69]
11927:
11928: * auth/pam.c:
11929: Set PAM_RUSER and PAM_RHOST early so they can be used during
11930: authentication. Based on a patch from Jamie Beverly.
11931: [3d567b453a6a]
11932:
11933: * match.c:
11934: Close dir before returning if strlcpy() reports overflow. From
11935: Martynas Venckus.
11936: [6a82f96473e5]
11937:
11938: * config.h.in, configure, configure.in, script.c:
11939: On Linux, the openpty proto libes in pty.h
11940: [98643a018d1c]
11941:
11942: * script.c:
11943: Call vhangup on exit if the system has it Use setpgrp() if no
11944: setsid()
11945: [3a9e13149829]
11946:
11947: 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
11948:
11949: * config.h.in, configure, configure.in:
11950: Add checks for revoke and vhangup if we don't have openpty
11951: [fcb04572e994]
11952:
11953: * script.c:
11954: Session logging guts that got forgotten in the previous commit.
11955: [c2af08a63ea9]
11956:
11957: * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
11958: configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
11959: gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
11960: tgetpass.c:
11961: First cut at session logging for sudo. Still need to write
11962: get_pty() for Unix 98 and old-style BSD ptys. Also needs
11963: documentation and general cleanup.
11964: [77e3f5e25738]
11965:
11966: 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
11967:
11968: * sudo.c, sudo_edit.c:
11969: Fix a bug introduced with def_closefrom. The value of def_closefrom
11970: already includes the +1.
11971: [7291c136300d]
11972:
11973: 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
11974:
11975: * Makefile.in:
11976: Generate sudo distributions with pax in ustar mode. No longer need
11977: to use a temp file or have the source dir name match the version.
11978: [9778177a8272]
11979:
11980: 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
11981:
11982: * toke.c, toke.l:
11983: Fix expansion of %h in #include names. Fixes bugzilla 363
11984: [6e346879ba24]
11985:
11986: 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
11987:
11988: * mkdefaults:
11989: If no arg assume def_data.in
11990: [c1dd28c0e675]
11991:
11992: * README, WHATSNEW:
11993: Update for 1.7.2
11994: [f5ad45f69f05] [SUDO_1_7_2]
11995:
11996: * ChangeLog:
11997: sync
11998: [6283549396ff]
11999:
12000: 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
12001:
12002: * sudoers.cat, sudoers.man.in, sudoers.pod:
12003: Add missing single quotes around a colon in Runas_Spec definition.
12004: From Elias Benali.
12005: [ccc6ee4fca83]
12006:
12007: 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
12008:
12009: * sudo.man.in, sudoers.man.in:
12010: regen
12011: [546e75304ebf]
12012:
12013: * redblack.c:
12014: In rbrepair, re-color the root or the first non-block node we find
12015: to be black. Re-coloring the root is probably not needed but won't
12016: hurt.
12017: [34d01ebe241b]
12018:
12019: * sudo.cat, sudoers.cat:
12020: regen
12021: [bebf5a39f54f]
12022:
12023: 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
12024:
12025: * redblack.c:
12026: When repairing the tree, don't touch the root node.
12027: [9841f0d5d789]
12028:
12029: 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
12030:
12031: * set_perms.c:
12032: Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
12033: Reported by Josef Schmid.
12034: [ed044b1eb879]
12035:
12036: 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
12037:
12038: * sudoers.pod:
12039: Document that we accept env_pam-style environment files
12040: [e3b545456352]
12041:
12042: * env.c:
12043: Adapt to accept pam_env-style /etc/environment which allows shell-
12044: style lines such as: export EDITOR="/usr/bin/vi"
12045: [752eb75bf007]
12046:
12047: * sudoers.pod:
12048: Make it clear that env_delete only works when !env_reset. From Lo??c
12049: Minier
12050: [3bd3f8e351ba]
12051:
12052: 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
12053:
12054: * sudo.pod, sudoers.pod:
12055: Add non-unix group bits, adapted from Quest
12056: [8ce427de8dea]
12057:
12058: * Makefile.in:
12059: build the .cat page in the current working dir, not the src dir
12060: [00e87a307674]
12061:
12062: * env.c:
12063: Return EINVAL in setenv() if var is NULL or the empty string to
12064: match glibc behavior.
12065: [23fd7c247142]
12066:
12067: 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
12068:
12069: * configure, configure.in:
12070: Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
12071: [fedd4a3e2a85]
12072:
12073: 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
12074:
12075: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
12076: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
12077: regen
12078: [7b9f461a40b3]
12079:
12080: 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
12081:
12082: * INSTALL:
12083: Document --with-libvas and --with-libvas-rpath
12084: [a071e6d96c89]
12085:
12086: 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
12087:
12088: * ldap.c, sudoers.ldap.pod:
12089: For netscape-derived LDAP SDKs the cert and key paths may be a
12090: directory or a file. However, version 5.0 of the SDK only seems to
12091: support using a directory. If ldapssl_clientauth_init fails and the
12092: cert or key paths look like they could be files, strip off the last
12093: path element and try again.
12094: [ac4e49d83043]
12095:
12096: * Makefile.in:
12097: Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
12098: [4547cc1a335f]
12099:
12100: 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
12101:
12102: * configure, configure.in, match.c, sudo.c, vasgroups.c:
12103: Update non-Unix group support from Quest, as reworked by me.
12104: [1abafce29dc6]
12105:
12106: * toke.c:
12107: regen
12108: [01bfca9148b7]
12109:
12110: * toke.l:
12111: Add support for escaped hex chars in names, e.g. \x20 for space.
12112: [3c7be8e58a39]
12113:
12114: 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
12115:
12116: * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
12117: auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
12118: fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
12119: logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
12120: set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
12121: sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
12122: tgetpass.c, toke.l, visudo.c:
12123: Update copyright years.
12124: [e615f676c764]
12125:
12126: 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
12127:
12128: * interfaces.c, lbuf.c:
12129: Minor fixes for Minix-3
12130: [898c510d23f9]
12131:
12132: 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
12133:
12134: * set_perms.c:
12135: Handle getgroups() returning 0. Also add missing check for
12136: HAVE_GETGROUPS.
12137: [d73b958f9ffd]
12138:
12139: 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
12140:
12141: * Makefile.in, config.h.in, configure, configure.in, sudo.c,
12142: version.h, visudo.c:
12143: Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
12144: [5050579a264d]
12145:
12146: 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
12147:
12148: * set_perms.c:
12149: Remove group setting code in setusercontext case, we will do it
12150: ourselves later on in runas_setup. Set the gid after
12151: initgroups/setgroups is called, since on Mac OS X it seems to change
12152: the egid.
12153: [09dc21d8b42d]
12154:
12155: 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
12156:
12157: * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
12158: vasgroups.c:
12159: Initial bits of non-unix group support using Quest Authentication
12160: Services
12161: [1eecab0ff27e]
12162:
12163: * toke.c, toke.l:
12164: Accept %:foo as a non-Unix group
12165: [4c4b5dd899a6]
12166:
12167: * toke.c, toke.l:
12168: Allow user/group to be double quoted in the case of non-Unix groups
12169: which contain spaces.
12170: [47a3d568b7e8]
12171:
12172: 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
12173:
12174: * match.c:
12175: Don't allow the user to specify the default runas user if their
12176: sudoers entry only allows them to run as a group.
12177: [4d726177227c]
12178:
12179: 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
12180:
12181: * sudo.c:
12182: Must call audit_success before we change uids.
12183: [04a9e6ce6e55]
12184:
12185: * logging.c, set_perms.c, sudo.h, testsudoers.c:
12186: Add option for set_perm to not exit on failure and use this in the
12187: logging routines.
12188: [833dce7b7f42]
12189:
12190: * parse.c:
12191: In -l mode, if the user is only allowed to run as a group, display
12192: the user's name, not root's before the allowed group.
12193: [ef92ff99d265]
12194:
12195: * sudo.c:
12196: Fix -g mode, broken by rev 1.503 which had the side effect of
12197: setting the runas user to root unilaterally.
12198: [50a2f7df4385]
12199:
12200: 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
12201:
12202: * fileops.c:
12203: When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
12204: [30fbe832dcf3]
12205:
12206: * pwutil.c:
12207: Only cache by the method we fetched for pwd and grp lookups.
12208: Previously we cached both by namd and id but this can cause problems
12209: for entries that share the same id. Also add more info in the error
12210: message in case the insert fails (which should now be impossible).
12211: [ef95a4f0bab5]
12212:
12213: 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
12214:
12215: * sudoers.pod:
12216: Add a clarification from Nick Sieger
12217: [1eadad329561]
12218:
12219: 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
12220:
12221: * env.c:
12222: Inline the setting of the environment string.
12223: [9515d11c6295]
12224:
12225: 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
12226:
12227: * env.c:
12228: setenv(3) in Linux treats a NUL value as the empty string setenv(3)
12229: in BSD doesn't return an error if the name has '=' in it, it just
12230: treats the '=' as end of string.
12231: [941260bf94d2]
12232:
12233: 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
12234:
12235: * toke.c, toke.l:
12236: Not all systems have d_namlen
12237: [e377b18d8e2d]
12238:
12239: 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
12240:
12241: * sudoers.pod:
12242: Fix up some pod2html issues.
12243: [823a1f10ab60]
12244:
12245: 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
12246:
12247: * interfaces.c:
12248: Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
12249: Quest Software.
12250: [73de36653131]
12251:
12252: * sudoers.pod:
12253: Ignore files ending in '~' in sudo.d (emacs backup files)
12254: [7871fad702db]
12255:
12256: * toke.c, toke.l:
12257: Ignore files ending in '~' in sudo.d (emacs backup files)
12258: [53fded2a469f]
12259:
12260: 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
12261:
12262: * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
12263: For #includedir, ignore any file containing a dot
12264: [a7daa1bce6c2]
12265:
12266: * Makefile.in, version.h:
12267: Bump version
12268: [ef60f14ffc44]
12269:
12270: * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
12271: sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
12272: visudo.c:
12273: Implement #includedir directive. Files in an includedir are not
12274: edited by visudo unless they contain a syntax error.
12275: [3923d85a6c79]
12276:
12277: * ChangeLog:
12278: sync
12279: [8741ed61a78b] [SUDO_1_7_1]
12280:
12281: * WHATSNEW:
12282: Forgot umask_override
12283: [7c86a21a5504]
12284:
12285: * ChangeLog, TODO:
12286: sync
12287: [57339ca6bccf]
12288:
12289: 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
12290:
12291: * visudo.c:
12292: Rewind stream if we fdopen sudoers since it may not be at the
12293: beginning. Set the keepopen flag on already-open files too so the
12294: lexer doesn't close them out from under us.
12295: [61292d819aff]
12296:
12297: * visudo.c:
12298: Print the proper file name when there is a parse error in an include
12299: file.
12300: [b0e85d4aedde]
12301:
12302: 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
12303:
12304: * WHATSNEW:
12305: Sync
12306: [997e5d485ea3]
12307:
12308: 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
12309:
12310: * configure, configure.in:
12311: Fix a warning when --without-ldap is specified.
12312: [d91fd9481b30]
12313:
12314: 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
12315:
12316: * alias.c, parse.h, visudo.c:
12317: Store aliases that we remove during check_aliases in a freelist and
12318: free them at the end so we don't leak memory.
12319: [805e2272f6a3]
12320:
12321: 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
12322:
12323: * visudo.c:
12324: Check aliases in -c mode too.
12325: [9199e188d9f2]
12326:
12327: * alias.c, parse.h, visudo.c:
12328: Make alias_remove return the alias struct instead of freeing it
12329: directly. Fixes a use after free in alias_remove_recursive, the only
12330: consumer.
12331: [a04b61804800]
12332:
12333: * alias.c, match.c, parse.c, parse.h, visudo.c:
12334: Rename find_alias -> alias_find for consistency.
12335: [48b0a82924f3]
12336:
12337: 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
12338:
12339: * visudo.c:
12340: When checking for unused aliases, recurse if the alias points to
12341: another alias.
12342: [2d4d1a7f3a41]
12343:
12344: 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
12345:
12346: * ldap.c:
12347: Back out rev 1.105 for now. Real ldapux_client.conf support will be
12348: done later after some refactoring.
12349: [8ad72e69b277]
12350:
12351: 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
12352:
12353: * ldap.c:
12354: Treat ldap_hostport the same as "host" for ldapux.
12355: [3281dcc66da8]
12356:
12357: * configure, configure.in:
12358: Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
12359: Fixes compilation with ldapux.
12360: [ca1ed585ef0e]
12361:
12362: 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
12363:
12364: * fileops.c:
12365: fix char subscript
12366: [41e51f080d00]
12367:
12368: 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
12369:
12370: * Makefile.in:
12371: remove errant carriage returns
12372: [e9e258a31c7b]
12373:
12374: * audit.c, env.c:
12375: fix K&R compilation
12376: [d182e8920f13]
12377:
12378: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
12379: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
12380: regen
12381: [791a5cbf04e5]
12382:
12383: 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
12384:
12385: * config.h.in:
12386: Add missing HAVE_BSM_AUDIT
12387: [49ad1bb96f04]
12388:
12389: * WHATSNEW:
12390: Add 1.7.1 features
12391: [f107f1604c61]
12392:
12393: * INSTALL:
12394: Mention --with-netsvc
12395: [d1e90d147795]
12396:
12397: * sudoers.ldap.pod:
12398: Document netsvc.conf support
12399: [e78f8abce6af]
12400:
12401: * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
12402: sudo_nss.h:
12403: Add support for AIX netsvc.conf (like nsswitch.conf).
12404: [1df56a84dee5]
12405:
12406: 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
12407:
12408: * config.h.in, configure, configure.in, env.c:
12409: Add --enable-env-debug flag to enable environment sanity checks.
12410: [128cdd8832e7]
12411:
12412: * sudoers.ldap.pod, sudoers.pod:
12413: Work around some pod2html issue.
12414: [e733b9609bd2]
12415:
12416: 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
12417:
12418: * env.c:
12419: Only sync environ for putenv, setenv, and unsetenv. We need to make
12420: sure that sudo_putenv and sudo_setenv only modify env.envp, not
12421: environ.
12422: [be3ac732243c]
12423:
12424: 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
12425:
12426: * env.c:
12427: Really fix UNSETENV_VOID
12428: [08ab7e882507]
12429:
12430: * env.c:
12431: Fix unsetenv when UNSETENV_VOID
12432: [d3038b3f2f15]
12433:
12434: * aclocal.m4, configure:
12435: Fix SUDO_FUNC_PUTENV_CONST
12436: [de35569c572b]
12437:
12438: * ldap.c:
12439: tivoli-based ldap does not have ldapssl_err2string
12440: [c63fd90d5e99]
12441:
12442: * configure:
12443: regen
12444: [f38f1ee828ad]
12445:
12446: 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
12447:
12448: * config.h.in, configure, configure.in, ldap.c:
12449: Add support for Tivoli-based LDAP start TLS as seen in AIX.
12450: Untested.
12451: [8f8771829f85]
12452:
12453: * env.c:
12454: Add sanity checks for setenv/unsetenv
12455: [adbd1d95856b]
12456:
12457: * Makefile.in:
12458: Include bsm_audit.h in the tarball
12459: [4a4aa02b2c32]
12460:
12461: * Makefile.in, version.h:
12462: bump version for sudo 1.7.1
12463: [362c71d21595]
12464:
12465: * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
12466: env.c, ldap.c, sudo.h:
12467: Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
12468: provide our own setenv/unsetenv/putenv that operates on own env
12469: pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
12470: [276edcd23032]
12471:
12472: 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
12473:
12474: * sudo.c:
12475: Make "sudoedit -h" work as expected
12476: [2bcbbb45d389]
12477:
12478: * auth/pam.c:
12479: Make sure def_prompt is always defined. This is a workaround for
12480: pam configs that prompt for a password in the session but don't have
12481: an auth line. A better fix is to expand the sudo prompt earlier and
12482: set def_prompt to that when initializing.
12483: [ee073c04aec3]
12484:
12485: * sudo.pod:
12486: Mention that the helper for -A may be graphical.
12487: [b64a940c4082]
12488:
12489: * TROUBLESHOOTING:
12490: Document what happens if there is no tty.
12491: [313d58a856a5]
12492:
12493: * sudo.c:
12494: cosmetic changes
12495: [894f5e3b0c3e]
12496:
12497: * term.c:
12498: Fix term_restore
12499: [6c6315ff14bc]
12500:
12501: * sudo.c:
12502: Fix "sudo -k" with no other args
12503: [59e94dc419c6]
12504:
12505: 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
12506:
12507: * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
12508: Allow the -k flag to be specified in conjunction with a command or
12509: another option that may require authentication.
12510: [5960ff20355d]
12511:
12512: 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
12513:
12514: * configure, configure.in:
12515: Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
12516: [e86ab69c4a57]
12517:
12518: * Makefile.in:
12519: Parallel make fix. From Diego E. 'Flameeyes'
12520: [1289d7ee27db]
12521:
12522: 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
12523:
12524: * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
12525: Implement umask_override
12526: [8b87a3f7c5aa]
12527:
12528: * toke.c:
12529: regen
12530: [79d7ca9ac873]
12531:
12532: * sudoers.pod, toke.l, visudo.c:
12533: Implement %h escape in sudoers include filenames.
12534: [a7f288dd64f0]
12535:
12536: * audit.c:
12537: Need to include compat.h
12538: [c0dc07ce2f70]
12539:
12540: * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
12541: Make audit_success and audit_failure generic functions in
12542: preparation for integrating linux audit support.
12543: [7df020a8fd6f]
12544:
12545: * term.c:
12546: remove duplicate include
12547: [1dfcd01a7e46]
12548:
12549: 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
12550:
12551: * bsm_audit.c:
12552: Add missing include
12553: [fb56e08c37ee]
12554:
12555: * sudo.c:
12556: May need to update the runas user after parsing command-based
12557: defaults.
12558: [246f130d7802]
12559:
12560: 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
12561:
12562: * glob.c:
12563: Add missing pair of braces introduced with character class support.
12564: [0e2afa2e03e9]
12565:
12566: 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
12567:
12568: * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
12569: Rename pwstars to pwfeedback
12570: [a9f85a57ebac]
12571:
12572: 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
12573:
12574: * bsm_audit.c, bsm_audit.h:
12575: Add const to make MacOS happy.
12576: [4274432d6627]
12577:
12578: * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
12579: configure.in, sudo.c:
12580: Add bsm audit support from Christian S.J. Peron
12581: [bef61cd8693d]
12582:
12583: * term.c:
12584: This is new code, no DARPA notice.
12585: [ec6ad09b9c23]
12586:
12587: 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
12588:
12589: * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
12590: Rename simple_glob -> fast_glob
12591: [68d9ed803cc1]
12592:
12593: * match.c:
12594: g/c unused var
12595: [693fa0464eb6]
12596:
12597: * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
12598: Add simple_glob option to use fnmatch() instead of glob(). This is
12599: useful when you need to specify patterns that reference network file
12600: systems.
12601: [77ba634f6949]
12602:
12603: * tgetpass.c:
12604: add term_* proto
12605: [520f5149d073]
12606:
12607: * sudoers.pod:
12608: mention glob()
12609: [ddaab8e03c52]
12610:
12611: 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
12612:
12613: * tgetpass.c:
12614: Delete any pwstars we wrote after the user hits return. That way
12615: there is no record on screen as to the user's password length.
12616: [fae25cda762b]
12617:
12618: 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
12619:
12620: * term.c:
12621: Move terminal setting bits from tgetpass.c to term.c
12622: [03d43325ee99]
12623:
12624: * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
12625: tgetpass.c:
12626: Add pwstars sudoers option that causes sudo to print a star every
12627: time the user presses a key.
12628: [7aab417e184d]
12629:
12630: 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
12631:
12632: * Makefile.in:
12633: Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
12634: [64f70e879816]
12635:
12636: 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
12637:
12638: * ldap.c:
12639: For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
12640: indicate no limit. From Mark Janssen.
12641: [e2c5732d54f5]
12642:
12643: 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
12644:
12645: * toke.c, toke.l:
12646: Comments that begin with #- should not be parsed as uids.
12647: [a72a50f12f41]
12648:
12649: 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
12650:
12651: * sudo.c:
12652: Do not try to set the close on exec flag if we didn't actually open
12653: sudoers.
12654: [ece3ca256904]
12655:
12656: 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
12657:
12658: * ChangeLog:
12659: regen
12660: [e11f0e4c1bdd] [SUDO_1_7_0]
12661:
12662: 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
12663:
12664: * TODO:
12665: sync
12666: [5b8954462bb3]
12667:
12668: 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
12669:
12670: * auth/pam.c:
12671: Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
12672: password prompt.
12673: [8563601cb3de]
12674:
12675: * configure, configure.in:
12676: Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
12677: as it cannot generate shared objects.
12678: [6d4262ef9669]
12679:
12680: * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
12681: K&R compilation fixes
12682: [77921678d17c]
12683:
12684: * parse.c:
12685: Use tq_foreach_fwd when checking pseudo-commands to make it clear
12686: that we are not short-circuiting on last match. When pwcheck is
12687: 'all', initialize nopass to TRUE and override it with the first non-
12688: TRUE entry.
12689: [96b209f4778f]
12690:
12691: 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
12692:
12693: * parse.c:
12694: Do not short circuit pseudo commands when we get a match since,
12695: depending on the settings, we may need to examine all commands for
12696: tags.
12697: [fdbaf89d6f35]
12698:
12699: 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
12700:
12701: * sudoers.cat, sudoers.man.in:
12702: regen
12703: [1ecce7c1b841]
12704:
12705: * sudoers.pod:
12706: hostnames may also contain wildcards
12707: [82b76695601c]
12708:
12709: * Makefile.in:
12710: remove stamp-* files and linux core files in clean target
12711: [22003f091467]
12712:
12713: 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
12714:
12715: * auth/sudo_auth.h, config.h.in, configure, configure.in:
12716: Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
12717: [6905bede8410]
12718:
12719: 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
12720:
12721: * configure, configure.in:
12722: correctly enable SIA on Digital UNIX
12723: [a51881d13995]
12724:
12725: * TODO:
12726: checkpoint
12727: [af0fe8d94d42]
12728:
12729: * ChangeLog:
12730: sync
12731: [831f623cf99c]
12732:
12733: 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
12734:
12735: * check.c, sudo.h, tgetpass.c:
12736: Even if neither stdin nor stdout are ttys we may still have /dev/tty
12737: available to us.
12738: [20f306ba883b]
12739:
12740: 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
12741:
12742: * sudoers.cat, sudoers.man.in:
12743: regen
12744: [76d97c4c318f]
12745:
12746: * sudoers.pod:
12747: fix typos; Markus Lude
12748: [bff8bc1e2066]
12749:
12750: * ChangeLog:
12751: sync
12752: [f108552531cd]
12753:
12754: * toke.c:
12755: regen
12756: [de828413c67e]
12757:
12758: * toke.l:
12759: Fix matching of a line that only consists of a comment char
12760: [09c953d8d5ca]
12761:
12762: 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
12763:
12764: * auth/pam.c:
12765: MacOS pam will retry conversation function if it fails so just treat
12766: ^C as an empty password.
12767: [d056058930bc]
12768:
12769: * visudo.c:
12770: When checking for alias use, also check defaults bindings.
12771: [2647f82c7dbd]
12772:
12773: * redblack.c:
12774: unused var
12775: [b7ff71c17c18]
12776:
12777: * redblack.c:
12778: Replace my rbdelete with Emin's version (which actually works ;-)
12779: [21b133dd0c72]
12780:
12781: 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
12782:
12783: * testsudoers.c:
12784: malloc debugging
12785: [0fb446fa3279]
12786:
12787: * visudo.c:
12788: malloc options in devel mode for visudo too
12789: [98d06c6afeef]
12790:
12791: 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
12792:
12793: * sudo.c:
12794: fix compilation on non-C99; from Theo
12795: [7c304e16c536]
12796:
12797: * visudo.c:
12798: fix check_aliases
12799: [83f30a3b1765]
12800:
12801: * alias.c:
12802: when destroying an alias, free the correct data pointer
12803: [6e1a8bd86c01]
12804:
12805: * auth/sudo_auth.h:
12806: add proto for aixauth_cleanup; from Dale King
12807: [eba94ffc8f63]
12808:
12809: 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
12810:
12811: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
12812: visudo.man.in:
12813: regen
12814: [409fa57fff83]
12815:
12816: * sudo.pod, sudoers.pod, visudo.pod:
12817: standardize on the term 'option' for command line options (not flag)
12818: [228caefc2e36]
12819:
12820: 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
12821:
12822: * INSTALL:
12823: Add note on configuring HP-UX pam
12824: [f7674a581baf]
12825:
12826: 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
12827:
12828: * check.c, sudo.c:
12829: Move tty checks into check_user() so we only do them if we actually
12830: need a password.
12831: [7d997d7106d6]
12832:
12833: * sudo.c:
12834: Don't error out if no tty or askpass unless we actually need to
12835: authenticate.
12836: [9f23b83ed66c]
12837:
12838: 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
12839:
12840: * ChangeLog:
12841: regen
12842: [23f9aef32da6]
12843:
12844: * pathnames.h.in, sudo.c:
12845: s/overriden/overridden/; from Tobias Stoeckmann
12846: [9f7459a8fac5]
12847:
12848: 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
12849:
12850: * WHATSNEW, visudo.c:
12851: check sudoers owner and mode in strict mode
12852: [a3468c5ac1c4]
12853:
12854: * gram.c, toke.c:
12855: regen
12856: [7d6b515a5443]
12857:
12858: * sudo.man.in, sudoers.man.in, visudo.man.in:
12859: Update copyright years.
12860: [52d340cb8cba]
12861:
12862: * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
12863: auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
12864: auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
12865: closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
12866: gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
12867: interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
12868: parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
12869: sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
12870: testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
12871: visudo.pod, zero_bytes.c:
12872: Update copyright years.
12873: [b4e6bf2beafa]
12874:
12875: * emul/charclass.h, fnmatch.c, glob.c:
12876: add my copyright
12877: [28681385014a]
12878:
12879: 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
12880:
12881: * toke.c, toke.l:
12882: The loop in fill_cmnd() was going one byte too far past the end,
12883: resulting in a NUL being written immediately after the buffer end.
12884: [a5a49d603cd7]
12885:
12886: * UPGRADE, WHATSNEW:
12887: add sections on tgetpass changes
12888: [2e6929b6a102]
12889:
12890: * tgetpass.c:
12891: Treat EOF w/o newline as an error.
12892: [aa02b1db9240]
12893:
12894: 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
12895:
12896: * parse.c:
12897: Fix "sudo -v" when NOPASSWD is set.
12898: [f4914711ea80]
12899:
12900: * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
12901: auth/sudo_auth.h:
12902: No longer treat an empty password at the prompt as special. To quit
12903: out of sudo you now need to hit ^C at the password prompt.
12904: [980f760ad419]
12905:
12906: * sudoers.cat, sudoers.man.in:
12907: regen
12908: [6ca21a2cd869]
12909:
12910: * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
12911: Sudo will now refuse to run if no tty is present unless the new
12912: visiblepw sudoers flag is set.
12913: [0cc56943252e]
12914:
12915: 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
12916:
12917: * aix.c:
12918: just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
12919: defined
12920: [24fc6f712d5c]
12921:
12922: * aix.c:
12923: fix fallback value for RLIM_SAVED_MAX
12924: [e09e04e1af89]
12925:
12926: * auth/aix_auth.c, auth/sudo_auth.h:
12927: Move clearing of AUTHSTATE into aixauth_cleanup.
12928: [e14ae7bd259c]
12929:
12930: * auth/aix_auth.c, env.c:
12931: Unset AUTHSTATE after calling authenticate() as it may not be
12932: correct for the user we are running the command as.
12933: [d14f68f1b0ab]
12934:
12935: * isblank.c:
12936: Add isblank() function for systems without it. Needed for POSIX
12937: character class matching in fnmatch.c and glob.c.
12938: [16cba30b283f]
12939:
12940: 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
12941:
12942: * TROUBLESHOOTING:
12943: expound on sudo and cd
12944: [8e0fa9033637]
12945:
12946: 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
12947:
12948: * ChangeLog:
12949: regen
12950: [40cf320a10fc]
12951:
12952: * sudoers.cat, sudoers.man.in:
12953: regen
12954: [7cac761ae2c6]
12955:
12956: * sudoers.pod:
12957: mention defauts parse order
12958: [4e2ce86d1394]
12959:
12960: 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
12961:
12962: * Makefile.in, aclocal.m4, compat.h, configure:
12963: Add isblank() function for systems without it. Needed for POSIX
12964: character class matching in fnmatch.c and glob.c.
12965: [a1ab55da8424]
12966:
12967: * Makefile.in:
12968: add emul/charclass.h to HDRS
12969: [7e8a019dcaa4]
12970:
12971: 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
12972:
12973: * TODO:
12974: checkpoint
12975: [afeb9bc1baed]
12976:
12977: * defaults.c, parse.c, testsudoers.c, visudo.c:
12978: Move update_defaults into defaults.c and call it properly from
12979: visudo and testsudoers.
12980: [f4dbb369461f]
12981:
12982: * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
12983: tsgetgrpw.c:
12984: use zero_bytes() instead of memset() for consistency
12985: [4cee0465f4a8]
12986:
12987: * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
12988: visudo.c:
12989: Zero out sigaction_t before use in case it has non-standard entries.
12990: [120092225459]
12991:
12992: * match.c:
12993: quiet gcc
12994: [098a1df49b23]
12995:
12996: * match.c:
12997: Short circuit glob() checks if basename(pattern) !=
12998: basename(command). Refactor code that checks for a command in a
12999: directory and use it in the glob case if the resolved pattern ends
13000: in a '/'.
13001: [3c46fd317acb]
13002:
13003: 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
13004:
13005: * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
13006: Defer setting runas defaults until after runaspw/gr is setup.
13007: [12e75ee49c0c]
13008:
13009: 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
13010:
13011: * match.c, sudo.c, testsudoers.c:
13012: Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
13013: systems do not include space for the NUL in the size. Also manually
13014: NUL-terminate buffer from gethostname() since POSIX is wishy-washy
13015: on this.
13016: [7266ab3296a3]
13017:
13018: 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
13019:
13020: * sudo.c, sudoers.pod:
13021: When setting the umask, use the union of the user's umask and the
13022: default value set in sudoers so that we never lower the user's umask
13023: when running a command.
13024: [4e804b004e38]
13025:
13026: * sudo.c:
13027: Don't try to read from a zero-length sudoers file. Remove the bogus
13028: Solaris work-around for EAGAIN. Since we now use fgetc() it should
13029: not be a problem.
13030: [bb8e5f68d944]
13031:
13032: 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
13033:
13034: * parse.c:
13035: In update_defaults() check the return value of user*_matches against
13036: ALLOW so we don't inadvertantly match on UNSPEC.
13037: [4e422fa1527e]
13038:
13039: 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
13040:
13041: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
13042: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
13043: regen man pages; no more hyphenation
13044: [15de4fe2fe01]
13045:
13046: * sudo.c:
13047: Don't error out on a zero-length sudoers file. With the advent of
13048: #include the user could create a situation where sudo is unusable.
13049: [6eb461319fa5]
13050:
13051: 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
13052:
13053: * auth/kerb5.c, config.h.in, configure, configure.in:
13054: Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
13055: krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
13056: all. Add configure tests to handle all the cases.
13057: [4b554a98470d]
13058:
13059: 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
13060:
13061: * sudo.pod:
13062: resort ENVIRONMENT
13063: [f4f20f40653e]
13064:
13065: * sudoers.pod:
13066: document sudoers_locale
13067: [0bffd2dbe806]
13068:
13069: * sudo.pod, sudo_edit.c:
13070: add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
13071: or EDITOR
13072: [0ef8cb248cee]
13073:
13074: * toke.c, toke.l:
13075: In fill_cmnd(), collapse any escaped sudo-specific characters.
13076: Allows character classes to be used in pathnames.
13077: [5685244c8e44]
13078:
13079: 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
13080:
13081: * lbuf.c:
13082: fix typo in non-C89 function declaration
13083: [99a7113b3a05]
13084:
13085: * sudoers.pod:
13086: Mention POSIX characters classes now that out fnmatch() and glob()
13087: support them.
13088: [9c916f1230c3]
13089:
13090: * sample.sudoers, sudoers.pod:
13091: Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
13092: locale agnostic.
13093: [a60a62bec244]
13094:
13095: * parse.h:
13096: use __signed char if we are going to assign a negative value since
13097: on Power, char is unsigned by default
13098: [2877b319df17]
13099:
13100: * config.h.in, configure, configure.in:
13101: Add tests for __signed char and signed char.
13102: [5eb874fdf1d4]
13103:
13104: * aix.c:
13105: Fix AIX limit setting. getuserattr() returns values in disk blocks
13106: rather than bytes. The default hard stack size in newer AIX is
13107: RLIM_SAVED_MAX. From Dale King.
13108: [3db67415ecc3]
13109:
13110: 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
13111:
13112: * emul/charclass.h, fnmatch.c, glob.c:
13113: Add character class support to included glob(3) and fnmatch(3).
13114: [6b5b4ad77899]
13115:
13116: 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
13117:
13118: * emul/fnmatch.h:
13119: Remove UCB advertising clause and some compatibility defines.
13120: [2ade7bee74e1]
13121:
13122: 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
13123:
13124: * sudo_edit.c:
13125: Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
13126: or sudo. This allows one to set EDITOR to sudoedit without getting
13127: into an infinite loop of sudoedit running itself until the path gets
13128: too big.
13129: [aa49ab68f82d]
13130:
13131: * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
13132: Add sudoers_locale Defaults option to override the default sudoers
13133: locale of "C".
13134: [0639886a35bf]
13135:
13136: 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
13137:
13138: * sudo.c:
13139: Set locale to system default except for during sudoers parse.
13140: [016dd2736728]
13141:
13142: 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
13143:
13144: * match.c:
13145: Redo change in 1.34 to use pointer arithmetic.
13146: [f9e7b63bb450]
13147:
13148: 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
13149:
13150: * match.c:
13151: Fix a dereference (read) of a freed pointer. Reported by Patrick
13152: Williams.
13153: [69877b633753]
13154:
13155: 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
13156:
13157: * sudo.c:
13158: Set locale to "C" to avoid interpretation issues with character
13159: ranges in sudoers. May want to make the locale a sudoers option in
13160: the future.
13161: [098a95de1746]
13162:
13163: 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
13164:
13165: * config.h.in:
13166: we no longer use setproctitle
13167: [c7f20fb747ea]
13168:
13169: * sudo.h:
13170: remove #if 1
13171: [a368ee6816c6]
13172:
13173: * LICENSE, mkstemp.c:
13174: Use my replacement mkstemp() from the mktemp package.
13175: [d07c2beb0f9e]
13176:
13177: 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
13178:
13179: * gram.c:
13180: regen with yacc skeleton bug fixed
13181: [24784571cbb8]
13182:
13183: * sudoers.pod:
13184: Remove duplicate "as root". From Martin Toft.
13185: [97241acfee5e]
13186:
13187: 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
13188:
13189: * pwutil.c, sudo.c, sudo.h, testsudoers.c:
13190: Flesh out the fake passwd entry used for running commands as a uid
13191: not listed in the passwd database. Fixes an issue with some PAM
13192: modules.
13193: [a6648227f3f2]
13194:
13195: 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
13196:
13197: * sudo.c:
13198: Error out in -i mode if the user has no shell. This can happen when
13199: running commands as a uid with no password entry.
13200: [0c174bef36ff]
13201:
13202: 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
13203:
13204: * toke.c, toke.l:
13205: Better fix for line continuation inside double quotes. Now accepts
13206: whitespace between the backslash and the newline like the main
13207: lexer.
13208: [64efcdf86d31]
13209:
13210: 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
13211:
13212: * toke.c, toke.l:
13213: Fix line continuation in strings. It was only being honored if
13214: preceded by whitespace.
13215: [96c21271a3e4]
13216:
13217: 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
13218:
13219: * config.h.in, configure, configure.in, logging.c:
13220: Replace the double fork with a fork + daemonize.
13221: [328505441e67]
13222:
13223: 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
13224:
13225: * env.c, sudo.c:
13226: The -i flag should imply env_reset. This got broken in sudo 1.6.9.
13227: [3caedfeaec87]
13228:
13229: * logging.c, sudo.c, sudo_edit.c, visudo.c:
13230: Change how the mailer is waited for. Instead of having a SIGCHLD
13231: handler, use the double fork trick to orphan the child that opens
13232: the pipe to sendmail. Fixes a problem running su on some Linux
13233: distros.
13234: [b59ce60a393d]
13235:
13236: 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
13237:
13238: * configure, configure.in:
13239: Fix configure test for dirfd() on Linux where DIR is opaque.
13240: [b8f729cdfecc]
13241:
13242: 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
13243:
13244: * tgetpass.c:
13245: Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
13246: this problem we'll need to revisit this again.
13247: [c17fee8ad530]
13248:
13249: 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
13250:
13251: * logging.c:
13252: Ignore SIGPIPE instead of blocking it when piping to the mailer. If
13253: we only block the signal it may be delivered later when we unblock.
13254: Also, there is no need to block SIGCHLD since we no longer do the
13255: double fork. The normal SIGCHLD handler is sufficient.
13256: [e94a49e992e5]
13257:
13258: 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
13259:
13260: * configure, configure.in:
13261: Add description for NO_PAM_SESSION, from a redhat patch.
13262: [b9e4c939ec09]
13263:
13264: 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
13265:
13266: * sudo.cat, sudo.man.in, sudo.pod:
13267: Fix typos in -i usage
13268: [2d7ce5de0235]
13269:
13270: 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
13271:
13272: * configure, configure.in:
13273: Redo the test for dgettext() in a way that hopefully will work
13274: around the libintl_dgettext() undefined problem.
13275: [d27beb0cf85e]
13276:
13277: 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
13278:
13279: * schema.ActiveDirectory:
13280: change filename in comment
13281: [733da4ee9ac5]
13282:
13283: 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
13284:
13285: * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
13286: sudoers.ldap.pod:
13287: Reference schema.ActiveDirectory
13288: [d6aec537800e]
13289:
13290: 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
13291:
13292: * schema.OpenLDAP, schema.iPlanet:
13293: Mark sudoRunAs as deprecated.
13294: [00c50df807af]
13295:
13296: * schema.ActiveDirectory:
13297: add sudoRunAsUser and sudoRunAsGroup
13298: [19bcce6f72fb]
13299:
13300: * schema.ActiveDirectory:
13301: Active Directory schema by Chantal Paradis and Eric Paquet
13302: [06a09c92c6a5]
13303:
13304: 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
13305:
13306: * parse.c:
13307: remove an XXX that was fixed
13308: [b88038062fa2]
13309:
13310: * ChangeLog:
13311: sync
13312: [8fc27c17270e]
13313:
13314: * parse.c:
13315: Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
13316: fixes a problem where the tag value printed was influenced by
13317: defaults set in the first pass through the parser.
13318: [588ccd630367]
13319:
13320: 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
13321:
13322: * Makefile.in, sudo.psf:
13323: No point in packaging the TODO file
13324: [9590248fffe1]
13325:
13326: * ChangeLog:
13327: sync
13328: [152acf4c6813]
13329:
13330: 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
13331:
13332: * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
13333: sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
13334: Add env_file Defaults option that is similar to /etc/environment on
13335: some systems.
13336: [1daf53d51e18]
13337:
13338: 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
13339:
13340: * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
13341: sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
13342: version.h, visudo.cat, visudo.man.in:
13343: change version to 1.7.0
13344: [d41d126b9bd8]
13345:
13346: * UPGRADE:
13347: initial valgrind pass done
13348: [c59c3876d8ca]
13349:
13350: 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
13351:
13352: * ldap.c:
13353: Fix typo/think in sudo_ldap_read_secret() when storing the secret.
13354: [830d246c09b0]
13355:
13356: 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
13357:
13358: * ldap.c:
13359: define LDAPS_PORT if the system headers do not
13360: [247b12325701]
13361:
13362: 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
13363:
13364: * gram.c, gram.y:
13365: Fix another memory leak in init_parser().
13366: [7bba47deba11]
13367:
13368: * configure, configure.in:
13369: There was a missing space before the ldap libs in SUDO_LIBS for some
13370: configurations.
13371: [7524cfc93759]
13372:
13373: * alias.c, gram.c, gram.y, toke.c, toke.l:
13374: Clean up some memory leaks pointed out by valgrind.
13375: [a965866ece1a]
13376:
13377: 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
13378:
13379: * sudo.c:
13380: fix "sudo -s" broken by mode/flags breakout
13381: [acffe984d408]
13382:
13383: * configure, configure.in:
13384: remove duplicate check for dgettext
13385: [58145529133c]
13386:
13387: 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
13388:
13389: * aix.c:
13390: Fall back to default stanza if no user-specific limit is found.
13391: [7b8cb29123ee]
13392:
13393: 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
13394:
13395: * snprintf.c:
13396: include stdint.h if present
13397: [f0ec38529306]
13398:
13399: * snprintf.c:
13400: Use LLONG_MAX, not the old QUAD_MAX
13401: [01041ce508fb]
13402:
13403: 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
13404:
13405: * sudoers.ldap.pod:
13406: fix cut and pasto
13407: [34240fdef5ab]
13408:
13409: 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
13410:
13411: * pwutil.c:
13412: Add #ifdef PURITY
13413: [ce1b571ad526]
13414:
13415: 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
13416:
13417: * auth/bsdauth.c:
13418: remove useless cast
13419: [494f8a862e1d]
13420:
13421: 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
13422:
13423: * ChangeLog:
13424: sync
13425: [f5c97ffaabcc]
13426:
13427: * TODO:
13428: sync
13429: [96ff1c44c182]
13430:
13431: * sudo.h:
13432: Split MODE_* defines into primary and flags.
13433: [c02ee3027cb9]
13434:
13435: 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
13436:
13437: * aix.c:
13438: It turns out the logic for getting AIX limits is more convoluted
13439: than I realized and differs depending on whether the soft and/or
13440: hard limits are defined.
13441: [cf8d3f85d395]
13442:
13443: 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
13444:
13445: * Makefile.in, configure, configure.in:
13446: Back out AIX-specific change to set the sudo_noexec path to the .a
13447: file, we do really want to use the .so file. Since libtool doesn't
13448: do that correctly, just install the .so file ourselves in the
13449: Makefile.
13450: [05c6f33177d9]
13451:
13452: * install-sh:
13453: If the file given to install is a path, only use the basename of the
13454: file when building the destination path.
13455: [695ba4e429ce]
13456:
13457: 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
13458:
13459: * sudo.c:
13460: parse_args() cleanup: Sort command line options in the getopt()
13461: switch The -U option requires a parameter Normalize a few ISSET
13462: calls Split mode into mode and flags and retire the now-obsolete
13463: excl variable
13464: [0d156835f861]
13465:
13466: * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
13467: sudo_usage.h.in:
13468: Add -n (non-interactive) flag.
13469: [e3e50400d32d]
13470:
13471: * sudo.c:
13472: Move version printing, etc. into a separate function.
13473: [18c91b476e2c]
13474:
13475: * sudo.c:
13476: Don't try to cleanup nsswitch if it has not been initialized.
13477: [aeb1ca1b399d]
13478:
13479: 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
13480:
13481: * logging.c:
13482: Block SIGPIPE in send_mail() so sudo is not killed by a problem
13483: executing the mailer.
13484: [f130e7924cca]
13485:
13486: 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
13487:
13488: * configure, configure.in:
13489: AIX shared libs end in .a, not .so.
13490: [a5deb07020d8]
13491:
13492: 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
13493:
13494: * env.c:
13495: Preserve HOME by default too. Matches documentation and previous
13496: behavior.
13497: [c16f17f1047c]
13498:
13499: 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
13500:
13501: * sudo.c:
13502: Use getopt() to parse the command line. We need to be able to
13503: intersperse env variables and options yet still honor "--"" which
13504: complicates things slightly.
13505: [60f271ce5c16]
13506:
13507: 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
13508:
13509: * ChangeLog:
13510: sync
13511: [685e67964eda]
13512:
13513: * acsite.m4, configure, ltmain.sh:
13514: update to libtool-1.5.26
13515: [4c9a8c3d3b40]
13516:
13517: * config.guess, config.sub:
13518: update from libtool-1.5.26 distribution
13519: [c6641aef2527]
13520:
13521: * aix.c, sudo.h:
13522: attempt to fix compilation errors on AIX
13523: [edb13e5b2184]
13524:
13525: * Makefile.in:
13526: fix typo in last commit
13527: [25ba7f7ceae4]
13528:
13529: * Makefile.in:
13530: Add WHATSNEW file to the distribution
13531: [213f4115de8f]
13532:
13533: * visudo.c:
13534: use warningx instead of fprintf(stderr, ...)
13535: [a3494b8ccb19]
13536:
13537: * list.c:
13538: add DEBUG to list2tq
13539: [115d24a3000c]
13540:
13541: * ChangeLog, TODO:
13542: sync
13543: [60e6f4d1fac0]
13544:
13545: * WHATSNEW:
13546: mention mailfrom
13547: [e2498f9e18d6]
13548:
13549: * Makefile.in, aix.c, config.h.in, configure, configure.in,
13550: set_perms.c, sudo.h:
13551: Add aix_setlimits() to set resource limits on AIX using a
13552: combination of getuserattr() and setrlimit(). Currently untested.
13553: [9b1441fd89ca]
13554:
13555: 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
13556:
13557: * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
13558: sudoers.man.in, sudoers.pod:
13559: Add mailfrom Defaults option that sets the value of the From: field
13560: in the warning/error mail. If unset the login name of the invoking
13561: user is used.
13562: [029b9f05d3d9]
13563:
13564: * defaults.c:
13565: store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
13566: [a90e407d5e00]
13567:
13568: * gram.c, gram.y:
13569: When adding a default, only call list2tq() once to do the list to tq
13570: conversion. It is not legal to call list2tq multiple times on the
13571: same list since list2tq consumes and modifies the list argument.
13572: [fbc25d245c4a]
13573:
13574: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
13575: comment out XXXs for now
13576: [595a1d43309d]
13577:
13578: * WHATSNEW:
13579: mention askpass
13580: [b993e0837c22]
13581:
13582: 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
13583:
13584: * sudo.c:
13585: Error out if both -A and -S are specified Error out if -A is
13586: specified but no askpass is configured
13587: [24f1df2638f6]
13588:
13589: * configure, configure.in:
13590: we are not going to ship a sudo-specific askpass
13591: [61949e7a3943]
13592:
13593: 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
13594:
13595: * sudo.h:
13596: fix definition of TGP_ASKPASS
13597: [0447c57ba4c3]
13598:
13599: * def_data.c, def_data.in:
13600: make askpass boolean-capable
13601: [e0885893a325]
13602:
13603: * INSTALL:
13604: document --with-askpass
13605: [c76e15ba97cf]
13606:
13607: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
13608: sudoers.man.in, visudo.cat:
13609: regen
13610: [8d16242980b7]
13611:
13612: 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
13613:
13614: * sudo.pod, sudo_usage.h.in, sudoers.pod:
13615: document -A and askpass
13616: [02c07505a78c]
13617:
13618: * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
13619: def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
13620: sudo_usage.h.in, tgetpass.c:
13621: Add support for running a helper program to read the password when
13622: no tty is present (or when specified with the -A flag). TODO: docs.
13623: [05780f5f71fd]
13624:
13625: * def_data.c, def_data.in:
13626: add missing printf format to SELinux role and type strings
13627: [2b32774715e7]
13628:
13629: 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
13630:
13631: * INSTALL, configure, configure.in:
13632: Disable use of gss_krb5_ccache_name() by default and add
13633: --enable-gss-krb5-ccache-name configure option to enable it. It
13634: seems that gss_krb5_ccache_name() doesn't work properly with some
13635: combinations of Heimdal and OpenLDAP.
13636: [f61ebd3b19bd]
13637:
13638: 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
13639:
13640: * selinux.c:
13641: Ignore setexeccon() failing in permissive mode. Also add a call to
13642: setkeycreatecon() (though this is probably insufficient). From Dan
13643: Walsh.
13644: [52564fc1c069]
13645:
13646: * auth/pam.c:
13647: Only set std_prompt for the PAM_PROMPT_* cases. The conversation
13648: function may be called for non-password reading purposes so we must
13649: be careful not to use def_prompt in cases where it may not be set.
13650: [29d88ca575ba]
13651:
13652: 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
13653:
13654: * selinux.c:
13655: Don't free the new tty context, we need to keep it around when we
13656: restore the tty context after the command completes
13657: [5b4bd39b6ea8]
13658:
13659: 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
13660:
13661: * selinux.c:
13662: s/newrole/sudo/
13663: [21b8a96ff8df]
13664:
13665: * sudo.man.pl, sudo.pod:
13666: Only put login_cap(3) in SEE ALSO section if we have login.conf
13667: support
13668: [05250ddff2c0]
13669:
13670: 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
13671:
13672: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
13673: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
13674: regen
13675: [301e5c5ccdbe]
13676:
13677: * sudoers.pod:
13678: Substitute in comment characters for lines partaining to login.conf,
13679: BSD auth and SELinux and only enable them if pertinent.
13680: [c1c98fa163ce]
13681:
13682: * sudoers.man.pl:
13683: Substitute in comment characters for lines partaining to login.conf,
13684: BSD auth and SELinux and only enable them if pertinent.
13685: [6c88f30b878a]
13686:
13687: * sudo.pod:
13688: Substitute in comment characters for lines partaining to login.conf,
13689: BSD auth and SELinux and only enable them if pertinent.
13690: [acdbdfd24e1d]
13691:
13692: * sudo.man.pl:
13693: Substitute in comment characters for lines partaining to login.conf,
13694: BSD auth and SELinux and only enable them if pertinent.
13695: [0c56d4750ac3]
13696:
13697: * Makefile.in, configure, configure.in:
13698: Substitute in comment characters for lines partaining to login.conf,
13699: BSD auth and SELinux and only enable them if pertinent.
13700: [9a02bd6a6658]
13701:
13702: * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
13703: Remove the =cut on the first line (above the copyright notice) to
13704: quiet pod2man. Also remove the hackery in the FILES section and
13705: just deal with the fact that there will a newline between each
13706: pathname.
13707: [2ac1ab191835]
13708:
13709: 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
13710:
13711: * Makefile.in:
13712: run sudo.man.pl when generating sudo.man.in
13713: [859727369168]
13714:
13715: * configure, configure.in, sudo.man.pl:
13716: comment out SELinux manual bits unless --with-selinux was specified
13717: [97ff4212b649]
13718:
13719: * sudoers.pod:
13720: document role and type defaults for SELinux
13721: [870f303366b3]
13722:
13723: * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
13724: Document "sudo -ll" and make "sudo -l -l" be equivalent.
13725: [3ce6dc429ea3]
13726:
13727: 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
13728:
13729: * configure, configure.in:
13730: Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
13731: Debian GNU/kFreeBSD.
13732: [c4efa567a328]
13733:
13734: 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
13735:
13736: * auth/kerb5.c:
13737: Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
13738: verify_krb_v5_tgt()
13739: [f80538e5a6fa]
13740:
13741: * logging.c, logging.h, sudo.c:
13742: Remove dependence on VALIDATE_NOT_OK in logging functions. Split
13743: log_auth() into log_allowed() and log_denial() Replace mail_auth()
13744: with should_mail() and a call to send_mail()
13745: [58aac9997557]
13746:
13747: 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
13748:
13749: * ldap.c:
13750: Add debugging so we can tell if the krb5 ccache is accessible
13751: [c679322527bb]
13752:
13753: * INSTALL:
13754: mention --with-selinux
13755: [9efbe0b52194]
13756:
13757: 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
13758:
13759: * configure:
13760: regen
13761: [467a834f867c]
13762:
13763: * selinux.c:
13764: add Sudo tag
13765: [d004ee669bed]
13766:
13767: * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
13768: sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
13769: testsudoers.c, toke.c, toke.l:
13770: Add support for SELinux RBAC. Sudoers entries may specify a role
13771: and type. There are also role and type defaults that may be used.
13772: To make sure a transition occurs, when using RBAC commands are
13773: executed via the new sesh binary. Based on initial changes from Dan
13774: Walsh.
13775: [1d4abfe2c004]
13776:
13777: * sesh.c:
13778: Add support for SELinux RBAC. Sudoers entries may specify a role
13779: and type. There are also role and type defaults that may be used.
13780: To make sure a transition occurs, when using RBAC commands are
13781: executed via the new sesh binary. Based on initial changes from Dan
13782: Walsh.
13783: [1e3b395ce049]
13784:
13785: * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
13786: def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
13787: pathnames.h.in, selinux.c:
13788: Add support for SELinux RBAC. Sudoers entries may specify a role
13789: and type. There are also role and type defaults that may be used.
13790: To make sure a transition occurs, when using RBAC commands are
13791: executed via the new sesh binary. Based on initial changes from Dan
13792: Walsh.
13793: [6b421948286e]
13794:
13795: 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
13796:
13797: * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
13798: Add long list (sudo -ll) support for printing verbose LDAP and
13799: sudoers file entries. Still need to update manual.
13800: [2875be37935c]
13801:
13802: 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
13803:
13804: * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
13805: Unify the -l output for file and ldap based sudoers and use lbufs
13806: for both. The ldap output does not currently include options that
13807: cannot be represented as tags. This will be remedied in a long list
13808: output mode to come.
13809: [b2e429456596]
13810:
13811: 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
13812:
13813: * set_perms.c:
13814: Use a specific error message for errno == EAGAIN when setuid() et al
13815: fails. On Linux systems setuid() will fail with errno set to EAGAIN
13816: if changing to the new uid would result in a resource limit
13817: violation.
13818: [08d0aecd9f03]
13819:
13820: * sudo.c:
13821: Unlimit nproc on Linux systems where calling the setuid() family of
13822: syscalls causes the nroc resource limit to be checked. The limits
13823: will be reset by pam_limits.so when PAM is used. In the non-PAM
13824: case the nproc limit will remain unlimited but there doesn't seem to
13825: be a way around that other than having sudo parse
13826: /etc/security/limits.conf directly.
13827: [df024b415a8d]
13828:
13829: * env.c, sudo.c, sudo.pod:
13830: Only read /etc/environment on Linux and AIX
13831: [90669e2aefdb]
13832:
13833: 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
13834:
13835: * configure, configure.in:
13836: Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
13837: ldap.conf and ldap.secret paths from going into config.h. Avoid
13838: single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
13839: since in some versions of bash they will end up literally in the
13840: resulting define.
13841: [25390f3ef10a]
13842:
13843: 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
13844:
13845: * README.LDAP:
13846: mention --with-nsswitch=no
13847: [c509df927263]
13848:
13849: * configure, configure.in:
13850: ldap_ssl.h depends on ldap.h being included first
13851: [d96d90e9b21f]
13852:
13853: * config.h.in, configure, configure.in, ldap.c:
13854: Include ldap_ssl.h if we can find it. Needed for the
13855: ldapssl_set_strength defines on HP-UX at least.
13856: [9e530470948a]
13857:
13858: * sudoers.ldap.pod:
13859: sync
13860: [b9d101f4673a]
13861:
13862: * TODO:
13863: sync
13864: [2ce951b2ecd0]
13865:
13866: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
13867: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
13868: regen
13869: [b61d793987e0]
13870:
13871: * Makefile.in:
13872: Use 78n line length when formatting cat pages.
13873: [761bee9d5759]
13874:
13875: * README.LDAP:
13876: Remove redundant info that is now in sudoers.ldap.pod
13877: [01828dcce59e]
13878:
13879: 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
13880:
13881: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
13882: Reorganize the first section a bit. Substitute the proper path for
13883: /etc/sudoers.
13884: [11ae165e065d]
13885:
13886: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
13887: Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
13888: schema into EXAMPLES
13889: [ab6509d1dde7]
13890:
13891: * configure, configure.in:
13892: Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
13893: sudoers.ldap.man.
13894: [6e689972f465]
13895:
13896: * configure, configure.in:
13897: substitute for sudoers.ldap.man
13898: [5a4a25766dee]
13899:
13900: * Makefile.in:
13901: Fix cut & pasto introduced when adding sudoers.ldap man page.
13902: [a7b069af8894]
13903:
13904: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
13905: Fill in some of the missing pieces. Still needs some reorganization
13906: and editing.
13907: [5e7331722166]
13908:
13909: 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
13910:
13911: * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
13912: sudoers.ldap.pod:
13913: Beginnings of a sudoers.ldap man page. Currently, much of the
13914: information is adapted from README.LDAP.
13915: [aad28c8a922d]
13916:
13917: 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
13918:
13919: * pwutil.c:
13920: When copying gr_mem we must guarantee that the storage space for
13921: gr_mem is properly aligned. The simplest way to do this is to
13922: simply store gr_mem directly after struct group. This is not a
13923: problem for gr_passwd or gr_name as they are simple strings.
13924: [af58fc76f1ed]
13925:
13926: * ldap.c:
13927: Fix a typo/thinko in one of the calls to
13928: sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
13929: [70b2eb8097f5]
13930:
13931: 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
13932:
13933: * config.h.in, configure, configure.in, ldap.c:
13934: include <mps/ldap_ssl.h> in ldap.c if available
13935: [34346206ef16]
13936:
13937: 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
13938:
13939: * gram.c, gram.y:
13940: Make sure we define SIZE_MAX for yacc's skeleton.c
13941: [d8a45c7a3c42]
13942:
13943: * tgetpass.c:
13944: Use TCSAFLUSH when restoring terminal settings (and echo) to
13945: guarantee that any pending output is discarded
13946: [549a184479e5]
13947:
13948: 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
13949:
13950: * sudoers:
13951: no longer need to specify SETENV when user has sudo ALL
13952: [3051b41f8032]
13953:
13954: * testsudoers.c:
13955: sync user_args size calculation with sudo.c Add -g group option,
13956: renaming old -g to -G Add set_runasgr() and set_runaspw() and use
13957: them
13958: [0850325180f0]
13959:
13960: * sudo.c, sudo.h:
13961: Make set_runaspw static void
13962: [5d44d7a340ce]
13963:
13964: * testsudoers.c, visudo.c:
13965: g/c set_runaspw stub
13966: [79ebb5e2cc38]
13967:
13968: * configure, configure.in:
13969: Don't add -llber twice.
13970: [4356d302eef4]
13971:
13972: 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
13973:
13974: * ldap.c:
13975: fix typo
13976: [249cecc557e9]
13977:
13978: 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
13979:
13980: * gram.c:
13981: regen
13982: [2f94ea375b67]
13983:
13984: * configure, configure.in:
13985: Fix check that determines whether -llber is required.
13986: [6afa99523379]
13987:
13988: * README.LDAP, config.h.in, configure, configure.in, ldap.c:
13989: For netscape-based LDAP, use ldapssl_set_strength() to implement the
13990: checkpeer ldap.conf option.
13991: [16ae24d73795]
13992:
13993: * auth/kerb5.c:
13994: Delay krb5_cc_initialize() until we actually need to use the cred
13995: cache, which is what krb5_verify_user() does. Better cleanup on
13996: failure.
13997: [d12e5f1695b8]
13998:
13999: 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
14000:
14001: * auth/kerb5.c:
14002: Rewrite verify_krb_v5_tgt() based on what heimdal's
14003: krb5_verify_user() does.
14004: [05b5815f86c9]
14005:
14006: 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
14007:
14008: * gram.c:
14009: The U suffix on constants is an ANSI feature
14010: [c6dfce3167f1]
14011:
14012: * configure, configure.in:
14013: Add check for ber_set_option() in -llber
14014: [43d0c0566074]
14015:
14016: 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
14017:
14018: * README.LDAP:
14019: default if no nsswitch.conf is files only
14020: [c13001d9c998]
14021:
14022: 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
14023:
14024: * README.LDAP:
14025: don't tell people to mail aaron about LDAP stuff
14026: [8165ec1ef0c6]
14027:
14028: * README.LDAP:
14029: timelimit and bind_timelimit
14030: [44f74cbed167]
14031:
14032: * ChangeLog:
14033: sync
14034: [aba1a0ab02bd]
14035:
14036: * ldap.c:
14037: Move ldap.secret reading into a separate function.
14038: [1948acc9f7a4]
14039:
14040: * check.c:
14041: user_runas -> runas_pw
14042: [334490fc2bae]
14043:
14044: 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
14045:
14046: * TODO:
14047: sync
14048: [c7b165cc47c6]
14049:
14050: * check.c, sudo.pod, sudoers.pod:
14051: Add and document the %p escape in the password prompt. Based on a
14052: patch from Patrick Schoenfeld.
14053: [3972d4f31ffa]
14054:
14055: * ldap.c:
14056: Check strlcpy() return values.
14057: [9b42f3ae8ff1]
14058:
14059: * ldap.c:
14060: refactor ldap binding code into sudo_ldap_bind_s()
14061: [cb0c66a4d955]
14062:
14063: * README.LDAP:
14064: Make it clear that host and uri can take multiple parameters. URI is
14065: now supported for more than just openldap nsswitch.conf does't
14066: accept "compat"
14067: [f610dea656d6]
14068:
14069: * sudo.c:
14070: comment cleanup and update (c) year
14071: [6cd69c810ca5]
14072:
14073: * parse.c, sudo_nss.c:
14074: Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
14075: This should make it possible to build an LDAP-only sudo binary.
14076: [61c3f27066a0]
14077:
14078: * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
14079: Improve chaining of multiple sudoers sources by passing in the
14080: previous return value to the next in the chain
14081: [2c0b722b1b2d]
14082:
14083: * gram.y:
14084: Free up parser data structures in sudo_file_close().
14085: [2251531d4519]
14086:
14087: * gram.c, parse.c:
14088: Free up parser data structures in sudo_file_close().
14089: [8371f130f401]
14090:
14091: * ldap.c:
14092: Parse uri ourself if no ldap_initialize() is present Use
14093: ldap_create() instead of deprecated ldap_init() Use
14094: ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
14095: [85d3825b1953]
14096:
14097: * config.h.in, configure, configure.in:
14098: Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
14099: CFLAGS
14100: [240524512bc5]
14101:
14102: 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
14103:
14104: * config.h.in, configure, configure.in:
14105: add check for ldap_create
14106: [3089badd73b8]
14107:
14108: 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
14109:
14110: * config.h.in, configure, configure.in, ldap.c:
14111: Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
14112: dn using the mechanism appropriate for the LDAP SDK in use. Use
14113: ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
14114: ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
14115: [6deeca3d00cc]
14116:
14117: * lbuf.c:
14118: include unistd.h
14119: [8419ed0bae7f]
14120:
14121: * config.h.in, configure.in:
14122: fix typo in mtim_getnsec
14123: [2d5f21230a60]
14124:
14125: 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
14126:
14127: * config.h.in, configure, configure.in:
14128: add check for st__tim in struct stat as used by SCO
14129: [587060ea2a89]
14130:
14131: * ldap.c:
14132: use ldap_search_ext_s instead of deprecated ldap_search_s
14133: [5fc44fe3b44c]
14134:
14135: * Makefile.in, TODO, sudo.cat, sudo.man.in:
14136: add sudo_nss.h to HDRS
14137: [86f01a70ff29]
14138:
14139: * ldap.c:
14140: Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
14141: ldap_rdn2str().
14142: [aa217002cfae]
14143:
14144: 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
14145:
14146: * ldap.c:
14147: Use ldap_get_values_len()/ldap_value_free_len() instead of the
14148: deprecated ldap_get_values()/ldap_value_free().
14149: [e22dceb85e57]
14150:
14151: * ChangeLog:
14152: sync
14153: [adad27b36107]
14154:
14155: * TODO:
14156: sync
14157: [c449eb47e0ef]
14158:
14159: * gettime.c, sudo.c:
14160: Remove some already fixed XXXs
14161: [532788d0e6da]
14162:
14163: * ldap.c:
14164: Same return value as non-existent sudoers if LDAP was unable to
14165: connect.
14166: [5819810e8e4e]
14167:
14168: * sudo.pod:
14169: mention /etc/environment
14170: [ea8e6102f853]
14171:
14172: * README.LDAP, UPGRADE, WHATSNEW:
14173: Update to reflect recent developments.
14174: [ed1fb026fe77]
14175:
14176: * sudo.c:
14177: Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
14178: [55b68a58260d]
14179:
14180: * ldap.c:
14181: When building up a query don't list groups in the aux group vector
14182: that are the same as the passwd file group. On most systems the
14183: first gid in the group vector is the same as the passwd entry gid.
14184: [4bb51e297e0d]
14185:
14186: * env.c, ldap.c:
14187: Define LDAPNOINIT before calling ldap_init(), etc. to disable user
14188: ldaprc and system defaults that could affect how LDAP works.
14189: [ce5036440db2]
14190:
14191: * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
14192: sudo_nss.c, sudo_nss.h:
14193: Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
14194: to specify nsswitch.conf path or disable it. If --with-nsswitch=no
14195: but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
14196: file and --with-ldap-secret-file
14197: [ea5d7704381f]
14198:
14199: * parse.c:
14200: Honor def_ignore_local_sudoers
14201: [f38e1121fae1]
14202:
14203: 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
14204:
14205: * ldap.c:
14206: no longer need to check def_ignore_local_sudoers here
14207: [fce2a72f96fb]
14208:
14209: * parse.c:
14210: Refactor group vector resetting into a function and also call it
14211: from display_cmnd. Stop after the first sucessful match in
14212: display_cmnd. Print a newline between each display_privs method.
14213: [981b37b5adff]
14214:
14215: * parse.c:
14216: fix double free introduced in rev 1.218
14217: [c574b02d8747]
14218:
14219: * ldap.c:
14220: belt and suspenders; zero out result after freeing it
14221: [7732988d4620]
14222:
14223: * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
14224: Refactor line reading into a separate function, sudo_parseln(),
14225: which removes comments, leading/trailing whitespace and newlines.
14226: May want to rethink the use of sudo_parseln() for /etc/ldap.secret
14227: [61d9068f0645]
14228:
14229: * parse.c, sudo.c:
14230: Make the inability to read the sudoers file a non-fatal error if
14231: there are other sudoers sources available. sudoers_file_lookup now
14232: returns "not OK" if sudoers was not present
14233: [643babf597a8]
14234:
14235: * ldap.c:
14236: make it clear that the global options are from LDAP
14237: [9ff950349463]
14238:
14239: * logging.c:
14240: allocate proper amount of space for error string
14241: [8bebb7d46d19]
14242:
14243: * sudo_nss.c, sudo_nss.h:
14244: actual sudo nss code
14245: [5bd7d52d7738]
14246:
14247: * ldap.c, parse.c, sudo.c, sudo.h:
14248: nss-ify display_privs and display_cmnd.
14249: [cccfdd3253f2]
14250:
14251: * defaults.c, parse.c, testsudoers.c, visudo.c:
14252: move update_defaults() to parse.c
14253: [ace144b958a9]
14254:
14255: * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
14256: Use nsswitch to hide some sudoers vs. ldap implementation details
14257: and reduce the number of #ifdef LDAP TODO: fix display routines and
14258: error handling
14259: [6225edde89a6]
14260:
14261: 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
14262:
14263: * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
14264: First cut at nsswitch.conf support. Further reorganizaton and
14265: related changes are forthcoming.
14266: [717f59d0790b]
14267:
14268: 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
14269:
14270: * env.c, pathnames.h.in, sudo.c, sudo.h:
14271: Add support for reading and /etc/environment file. Still needs to
14272: be documented and should probably only applies to OSes that have it
14273: (AIX and Linux, maybe others).
14274: [15d3edae27e4]
14275:
14276: * ldap.c:
14277: include limits.h
14278: [e19875ef0f82]
14279:
14280: 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
14281:
14282: * WHATSNEW:
14283: reword LDAP SASL
14284: [7ec3c4ec31b5]
14285:
14286: 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
14287:
14288: * TODO:
14289: sync
14290: [87c5a7aea7bf]
14291:
14292: * README.LDAP:
14293: Add an example sudoRole, clarify netscape vs. openldap a bit more
14294: [6f96c0ca8107]
14295:
14296: * README.LDAP:
14297: Be clear on what is OpenLDAP vs. Netscape-derived
14298: [a33c8314dec5]
14299:
14300: * config.h.in, configure, configure.in, ldap.c:
14301: Use ldapssl_init() for ldaps support instead of trying to do it
14302: manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
14303: and tls_key for cert7.db and key3.db respectively. Don't print
14304: debugging info for options that are not set. Add warning if
14305: start_tls specified when not supported.
14306: [abb62dc7e4a3]
14307:
14308: * ldap.c:
14309: fix compilation on solaris
14310: [03d449684e80]
14311:
14312: * Makefile.in:
14313: add missing .h and .c files for missing lib objs
14314: [8b37825bdfc7]
14315:
14316: 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
14317:
14318: * ldap.c:
14319: fix LDAP_OPT_NETWORK_TIMEOUT setting
14320: [226eba89c0ad]
14321:
14322: * ldap.c:
14323: fix compilation on Solaris
14324: [917d47639eb6]
14325:
14326: 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
14327:
14328: * configure, configure.in:
14329: fix typo
14330: [009d5c81b225]
14331:
14332: * README.LDAP:
14333: try to clear up which variables are for OpenLDAP and which are for
14334: netscape-derived SDKs
14335: [f8d9823ee73c]
14336:
14337: * config.h.in, configure, configure.in, ldap.c:
14338: Add support for "ssl on" in both netscape and openldap flavors. Only
14339: the OpenLDAP flavor has been tested.
14340: [952745829ec5]
14341:
14342: * logging.c, sudo.c, sudo.h:
14343: Call cleanup() before exit in log_error() instead of calling
14344: sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
14345: [da02d1b67a2c]
14346:
14347: * sudo.c:
14348: ld -> ldap_conn
14349: [01afa6d927cc]
14350:
14351: 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
14352:
14353: * logging.c, sudo.c, sudo.h:
14354: Better ldap cleanup.
14355: [25b9abe2d617]
14356:
14357: * ldap.c:
14358: Distinguish between LDAP conf settings that are connection-specific
14359: (which take an ld pointer) and those that are default settings
14360: (which do not).
14361: [d48dc6c9c3b4]
14362:
14363: 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
14364:
14365: * ldap.c:
14366: Improved warnings on error.
14367: [c8dce7b4feb4]
14368:
14369: * ldap.c:
14370: Make ldap config table driven and set the config *after* we open the
14371: connection.
14372: [d9698b5a2681]
14373:
14374: 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
14375:
14376: * ldap.c:
14377: fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
14378: [598c6df06660]
14379:
14380: * configure, configure.in:
14381: some operating systems need to link with -lkrb5support when using
14382: krb5
14383: [8896365dde9e]
14384:
14385: 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
14386:
14387: * WHATSNEW:
14388: minor update
14389: [acfeeb7f4886]
14390:
14391: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
14392: regen
14393: [a3c6699674f9]
14394:
14395: 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
14396:
14397: * ChangeLog, TODO:
14398: sync
14399: [138e99b925ee]
14400:
14401: * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
14402: add -g support for LDAP
14403: [8fc27dbe9287]
14404:
14405: 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
14406:
14407: * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
14408: The -i and -s flags can now take an optional command.
14409: [6afec104ee77]
14410:
14411: 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
14412:
14413: * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
14414: sudoers.pod:
14415: Add passprompt_override flag to sudoers that will cause the prompt
14416: to be overridden in all cases. This flag is also set when the user
14417: specifies the -p flag.
14418: [e4c5402131a6]
14419:
14420: * sudo.c:
14421: Move setting of login class until after sudoers has been parsed. Set
14422: NewArgv[0] for -i after runas_pw has been set.
14423: [62a48c8c56fa]
14424:
14425: * configure, configure.in:
14426: Move the dgettext check.
14427: [5fd8a4712d1c]
14428:
14429: 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
14430:
14431: * auth/pam.c, config.h.in, configure, configure.in:
14432: Add basic support for looking up the string "Password: " in the PAM
14433: localized text db. This allows us to determine whether the PAM
14434: prompt is the default "Password: " one even if it has been
14435: localized.
14436:
14437: TODO: concatenate non-std PAM prompts and user-specified sudo
14438: prompts.
14439: [81c25a415d41]
14440:
14441: 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
14442:
14443: * Makefile.in, config.h.in, configure, configure.in, parse.c,
14444: set_perms.c, sudo.c, sudo.h:
14445: Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
14446: insufficient.
14447: [1cce6ec1a91e]
14448:
14449: * acsite.m4, configure, interfaces.c, memrchr.c:
14450: Fix typos; Martynas Venckus
14451: [be1233cca11a]
14452:
14453: 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
14454:
14455: * set_perms.c:
14456: Don't assume runas_pw is set; it may not be in the -g case.
14457: [aa11bd2193ac]
14458:
14459: 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
14460:
14461: * logging.c, set_perms.c:
14462: Set aux group vector for PERM_RUNAS and restore group vector for
14463: PERM_ROOT if we previously changed it. Stash the runas group vector
14464: so we don't have to call initgroups more than once. Also add no-op
14465: check to check_perms.
14466: [53837fc755f7]
14467:
14468: 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
14469:
14470: * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
14471: ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
14472: pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
14473: sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
14474: testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
14475: Add support for runas groups. This allows the user to run a command
14476: with a different effective group. If the -g option is specified
14477: without -u the command will be run as the current user (only the
14478: group will change). the -g and -u options may be used together.
14479: TODO: implement runas group for ldap improve runas group
14480: documentation add testsudoers support
14481: [9019309df6d0]
14482:
14483: * configure, configure.in:
14484: fix setting of mandir
14485: [2c60f269399f]
14486:
14487: * sudo.pod, sudoers.pod:
14488: document that ALL implies SETENV
14489: [bcc8e5b703b9]
14490:
14491: * ldap.c:
14492: s/setenv_ok/setenv_implied/g
14493: [f005df2c2eea]
14494:
14495: * ldap.c:
14496: hostname_matches() returns TRUE on match in sudo 1.7.
14497: [c3d4377b6e8b]
14498:
14499: * ldap.c:
14500: use strcmp, not strcasecmp when comparing ALL
14501: [e486024574a1]
14502:
14503: * ldap.c:
14504: Make sudo ALL imply setenv. Note that unlike with file-based
14505: sudoers this does affect all the commands in the sudoRole.
14506: [bc12f54321d1]
14507:
14508: * gram.c, gram.y, parse.c, parse.h:
14509: sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
14510: it is not passed on to other commands in the list.
14511: [026e2cb40680]
14512:
14513: * visudo.c:
14514: Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
14515: sudo_getpwuid() instead of getpwuid().
14516: [86f30a8fbd49]
14517:
14518: 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
14519:
14520: * sudoers:
14521: Expand on the dangers of not using visudo to edit sudoers.
14522: [e434e8057d02]
14523:
14524: 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
14525:
14526: * parse.c:
14527: Don't quote *?[]! on output since the lexer does not strip off the
14528: backslash when reading those in.
14529: [561da4a13afa]
14530:
14531: 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
14532:
14533: * glob.c:
14534: expand "u_foo" types to "unsigned foo" to avoid compatibility
14535: issues.
14536: [b0d7c64d78c3]
14537:
14538: 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
14539:
14540: * logging.c:
14541: Refactor log line generation in to new_logline().
14542: [6a9b9730615d]
14543:
14544: 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
14545:
14546: * TROUBLESHOOTING:
14547: fix typo
14548: [9e19d4f86e47]
14549:
14550: 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
14551:
14552: * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
14553: match.c:
14554: Add configure check for struct in6_addr instead of relying on
14555: AF_INET6 since some systems define AF_INET6 but do not include IPv6
14556: support.
14557: [e24082c416bd]
14558:
14559: 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
14560:
14561: * configure, configure.in:
14562: Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
14563: use.
14564: [76a9df4a63be]
14565:
14566: 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
14567:
14568: * configure, configure.in:
14569: POSIX states that struct timespec be declared in time.h so check
14570: there regardless of the value of TIME_WITH_SYS_TIME.
14571: [e42c55ec9daf]
14572:
14573: 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
14574:
14575: * tgetpass.c:
14576: Instead of defining a macro to call the appropriate method for
14577: turning on/off echo, just define tc[gs]etattr() and the related
14578: defines that use the correct terminal ioctls if needed. Also go back
14579: to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
14580: [5dfb2379d995]
14581:
14582: 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
14583:
14584: * Makefile.in:
14585: g/c @ALLOCA@
14586: [e6946c2e3820]
14587:
14588: * configure:
14589: regen
14590: [9bac7159a138]
14591:
14592: * INSTALL, auth/pam.c, config.h.in, configure.in:
14593: Add --disable-pam-session configure option to disable calling
14594: pam_{open,close}_session. May work around bugs in some PAM
14595: implementations.
14596: [273d0fdb4a9d]
14597:
14598: 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
14599:
14600: * tgetpass.c:
14601: quiet gcc warnings
14602: [325565c5a579]
14603:
14604: * tgetpass.c:
14605: Avoid printing the prompt if we are already backgrounded. E.g. if
14606: the user runs "sudo foo &" from the shell. In this case, the call
14607: to tcsetattr() will cause SIGTTOU to be delivered.
14608: [db2139a8d8b8]
14609:
14610: 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
14611:
14612: * def_data.c, def_data.h, def_data.in:
14613: Reorder things such that the definition of env_reset come right
14614: before the env variable lists.
14615: [e0d8e22a581a]
14616:
14617: * parse.h:
14618: Shrink type and seqno in struct alias from int to u_short
14619: [9425263dd565]
14620:
14621: * alias.c, match.c, parse.c, parse.h:
14622: Add a sequence number in the aliases for loop detection. If we find
14623: an alias with the seqno already set to the current (global) value we
14624: know we've visited it before so ignore it.
14625: [301a0548ffff]
14626:
14627: 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
14628:
14629: * TODO, auth/pam.c, sudo.c, sudo.h:
14630: PAM wants the full tty path so add user_ttypath which holds the full
14631: path to the tty or is NULL if no tty was present.
14632: [c7c1dd4b36c8]
14633:
14634: * auth/pam.c:
14635: Set PAM_RHOST to work around a bug in Solaris 7 and lower that
14636: results in a segv.
14637: [3a8865b3a357]
14638:
14639: 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
14640:
14641: * gram.c:
14642: regen
14643: [5647be127950]
14644:
14645: * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
14646: parse.h, testsudoers.c, visudo.c:
14647: rename lh_ -> tq_
14648: [8f500c542c4a]
14649:
14650: 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
14651:
14652: * alloc.c:
14653: remove some useless casts
14654: [409a448b23f5]
14655:
14656: * alloc.c:
14657: pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
14658: predates the final C99 spec and the standard specifies that it shall
14659: include stdint.h anyway
14660: [ae478fdef61a]
14661:
14662: 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
14663:
14664: * Makefile.in, alloca.c, configure.in:
14665: Since we ship with a pre-generated parser there is no need to ship a
14666: bogus alloca implementation.
14667: [3f611a7cc0e5]
14668:
14669: * configure:
14670: regen
14671: [771eccf5269c]
14672:
14673: * configure.in:
14674: remove initial setting of CHECKSIA, we require that it be unset if
14675: not used
14676: [a2e91adc5aa2]
14677:
14678: * Makefile.in:
14679: add list.c to SRCS
14680: [7db0e56cf5b9]
14681:
14682: * configure:
14683: regen
14684: [3716ec30172e]
14685:
14686: * configure.in:
14687: only do SIA checks on Digital Unix
14688: [6a96e1af2597]
14689:
14690: 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
14691:
14692: * sudoers.cat, sudoers.man.in:
14693: regen
14694: [ac1dc29de72b]
14695:
14696: * ChangeLog, TODO:
14697: sync
14698: [781effce0a2d]
14699:
14700: * auth/kerb5.c:
14701: Remove call to krb5_cc_register() as it is not needed for modern
14702: kerb5.
14703: [351b8b764f16]
14704:
14705: * configure:
14706: regen
14707: [ac21dbcc9c2c]
14708:
14709: * aclocal.m4, configure.in:
14710: New method for setting the default authentication type and avoiding
14711: conflicts in auth types.
14712: [5fb15be11f78]
14713:
14714: * match.c, parse.c, testsudoers.c:
14715: Each entry in a cmndlist now has an associated runaslist so no need
14716: to keep track of the most recent non-NULL one.
14717: [582e015786b0]
14718:
14719: 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
14720:
14721: * ldap.c:
14722: back out partial ldaps support mistakenly committed
14723: [357703e94b2d]
14724:
14725: * ldap.c:
14726: Add support for unix groups and netgroups in sudoRunas
14727: [2f04eb91c6d0]
14728:
14729: 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
14730:
14731: * sudo_edit.c:
14732: Fix sudoedit of a non-existent file. From Tilo Stritzky.
14733: [a5488a03bddd]
14734:
14735: 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
14736:
14737: * configure:
14738: regen
14739: [541177376ee1]
14740:
14741: * INSTALL:
14742: update --passprompt escape info
14743: [6d57db4cd538]
14744:
14745: * configure.in:
14746: remove now-bogus comment and update copyright date
14747: [6a4af45fa331]
14748:
14749: * configure.in:
14750: Fix up use of with_passwd
14751: [7c79d8640f77]
14752:
14753: * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
14754: Update to autoconf-2.61 andf libtool-1.5.24
14755: [045259b0b439]
14756:
14757: * Makefile.in:
14758: "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
14759: [f5b6a7afb817]
14760:
14761: 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
14762:
14763: * gram.c:
14764: regen
14765: [b5b78e71d2cb]
14766:
14767: * gram.y:
14768: move tags and runaslist propagation to be earlier
14769: [94f7805f4489]
14770:
14771: * visudo.c:
14772: If -f flag given use the permissions of the original file as a
14773: template
14774: [9303d22bddb0]
14775:
14776: * gram.y:
14777: prevent a double free() when re-initing the parser
14778: [5b3907c4de5a]
14779:
14780: 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
14781:
14782: * configure:
14783: regen
14784: [49a90b19a17d]
14785:
14786: * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
14787: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
14788: auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
14789: configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
14790: parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
14791: sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
14792: Remove support for compilers that don't support void *
14793: [35e1d01ae197]
14794:
14795: * gram.c:
14796: regen
14797: [70ce412a458a]
14798:
14799: * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
14800: parse.c, parse.h, testsudoers.c, visudo.c:
14801: Move list manipulation macros to list.h and create C versions of the
14802: more complex ones in list.c. The names have been down-cased so they
14803: appear more like normal functions.
14804: [9cea0e281148]
14805:
14806: * Makefile.in:
14807: Fix cmp command when regenerating parser. Make gram.o the first
14808: dependency for all programs so gram.h will be generated before
14809: anything that needs it.
14810: [429ea065abf1]
14811:
14812: * gram.y, parse.h:
14813: Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
14814: [2f3433833589]
14815:
14816: * match.c, parse.c, testsudoers.c:
14817: Use LH_FOREACH_REV when checking permission and short-circuit on the
14818: first non-UNSPEC hit we get for the command. This means that
14819: instead of cycling through the all the parsed sudoers entries we
14820: start at the end and work backwards and quit after the first
14821: positive or negative match.
14822: [881474532f3e]
14823:
14824: * gram.c:
14825: regen
14826: [9152a19d4188]
14827:
14828: * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
14829: Change list head macros to take a pointer, not a struct.
14830: [054f1dcce4cc]
14831:
14832: * gram.c:
14833: regen
14834: [be154aae6235]
14835:
14836: * gram.y:
14837: Propagate the runasspec from one command to the next in a cmndspec.
14838: [4957b1cb03a3]
14839:
14840: 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
14841:
14842: * match.c:
14843: Replace has_meta() with a macro that calls strpbrk().
14844: [a2e58846a542]
14845:
14846: * regen
14847: [5a932a5c9451]
14848:
14849: * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
14850: testsudoers.c, visudo.c:
14851: Use a list head struct when storing the semi-circular lists and
14852: convert to tail queues in the process. This will allow us to
14853: reverse foreach loops more easily and it makes it clearer which
14854: functions expect a list as opposed to a single member.
14855:
14856: Add macros for manipulating lists. Some of these should become
14857: functions.
14858:
14859: When freeing up a list, just pop off the last item in the queue
14860: instead of going from head to tail. This is simpler since we don't
14861: have to stash a pointer to the next member, we always just use the
14862: last one in the queue until the queue is empty.
14863:
14864: Rename match functions that take a list to have list in the name.
14865: Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
14866: [7c37b271607a]
14867:
14868: * parse.c:
14869: Fix pasto, append "!" not negated (which is an int) for sudo -l
14870: output.
14871: [93a444c3997f]
14872:
14873: * Makefile.in:
14874: Remove the dependency of gram .h on gram.y, the .c dependency is
14875: enough. Only move y.tab.h to gram.h if it is different; avoids
14876: needless rebuilding.
14877: [67bf4ea2a2e5]
14878:
14879: 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
14880:
14881: * sudoers.pod:
14882: Defaults lines may be associated with lists of users, hosts,
14883: commands and runas users, not just single entries.
14884: [795effacb6be]
14885:
14886: 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
14887:
14888: * Makefile.in:
14889: Revert the "cmp" portion of the last diff, it doesn't make sense.
14890: [26f34bf4e2e3]
14891:
14892: * Makefile.in:
14893: Remove *.lo for clean: When generating the parser, only move the
14894: generated files into place if they differ from the existing ones.
14895: [84673fea371b]
14896:
14897: 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
14898:
14899: * toke.c, toke.l:
14900: Replace IPV6 regexp with a much simpler (readable) one and add an
14901: extra check when it matches to make sure we have a valid address.
14902: [592e9f690556]
14903:
14904: * match.c:
14905: Fix thinko introduced when merging IPV6 support.
14906: [da38cd5eb8c7]
14907:
14908: 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
14909:
14910: * HISTORY, LICENSE:
14911: regen
14912: [0d7b27b90634]
14913:
14914: * license.pod:
14915: add 2007
14916: [510e5048ae1a]
14917:
14918: * UPGRADE:
14919: mention #uid vs. comment pitfall
14920: [4d2861898bcc]
14921:
14922: * acsite.m4:
14923: Merge in a patch from the libtool cvs that fixes a problem with the
14924: latest autoconf. From Stepan Kasal.
14925: [0c279ae7df3e]
14926:
14927: * parse.h:
14928: Back out he XOR swap trick, it is slower than a temp variable on
14929: modern CPUs.
14930: [91c4b024e317]
14931:
14932: * gram.c:
14933: regen
14934: [cb6d4106fb74]
14935:
14936: * gram.y, parse.h:
14937: Convert the tail queue to a semi-circle queue and use the XOR swap
14938: trick to swap the prev pointers during append.
14939: [8bf4d9fbee58]
14940:
14941: 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
14942:
14943: * parse.h:
14944: remove useless statement
14945: [421ec1dd73e6]
14946:
14947: * toke.c, toke.l:
14948: Refactor #include parsing into a separate function and return
14949: unparsed chars (such as newline or comment) back to the lexer.
14950: [64166917aa3d]
14951:
14952: 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
14953:
14954: * WHATSNEW:
14955: mention better uid support
14956: [56f510e7f2ec]
14957:
14958: * sudoers.pod:
14959: Users may now consist of a uid.
14960: [5fd31b2c55ed]
14961:
14962: * gram.c, gram.h, toke.c:
14963: regen
14964: [599e58af6dc1]
14965:
14966: * parse.c:
14967: Use lbuf_append_quoted() for sudo -l output to quote characters that
14968: would require quoting in sudoers.
14969: [3132d05c990a]
14970:
14971: * lbuf.c, lbuf.h:
14972: Add lbuf_append_quoted() which takes a set of characters which
14973: should be quoted with a backslash when displayed.
14974: [ab09bebb1d65]
14975:
14976: * toke.l:
14977: Require that the first character after a comment not be a digit or a
14978: dash. This allows us to remove the GOTRUNAS state and treat
14979: uid/gids similar to other words. It also means that we can now
14980: specify uids in User_Lists and a User_Spec may now contain a uid.
14981: [461fe01f8392]
14982:
14983: * gram.y, toke.l:
14984: Replace RUNAS token with '(' and ')' tokens to make the runas
14985: portion of the grammar more natural.
14986: [e0c383b4684d]
14987:
14988: * BUGS:
14989: The BUGS file is history
14990: [4d9a809585c7]
14991:
14992: * Makefile.in, README:
14993: The BUGS file is history
14994: [d9500e261172]
14995:
14996: 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
14997:
14998: * toke.c, toke.l:
14999: Allow comments after a RunasAlias as long as the character after the
15000: pound sign isn't a digit or a dash.
15001: [d7f3bd94eeda]
15002:
15003: * WHATSNEW:
15004: Glob support was back-ported to 1.6.9
15005: [d1d5cfd46228]
15006:
15007: 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
15008:
15009: * Makefile.in:
15010: remove sudo_usage.h in distclean
15011: [df05ce9c4127]
15012:
15013: * parse.c:
15014: If a Defaults value contains a blank, double-quote the string.
15015: [9057a910daad]
15016:
15017: * toke.c, toke.l:
15018: Properly deal with Defaults double-quoted strings that span multiple
15019: lines using the line continuation char. Previously, the entire
15020: thing, including the continuation char, newline, and spaces was
15021: stored as-is.
15022: [4a4e8eacefe6]
15023:
15024: * sudo.c:
15025: Be consistent when using single quotes and backticks.
15026: [d010b83a0fa1]
15027:
15028: 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
15029:
15030: * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
15031: sudo.c, sudo_usage.h.in:
15032: Add new linebuf code to do appends of dynamically allocated strings
15033: and word-wrapped output. Currently used for sudo's usage() and sudo
15034: -l output. Sudo usage strings are now in sudo_usage.h which is
15035: generated at configure time.
15036: [4dfd0ee8d961]
15037:
15038: 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
15039:
15040: * parse.c, sudo.c, sudo.h:
15041: Fix line wrapping in usage() and use the actual tty width instead of
15042: assuming 80.
15043: [700eab37c5a6]
15044:
15045: 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
15046:
15047: * history.pod:
15048: some more info
15049: [8140112a8ae1]
15050:
15051: * history.pod:
15052: Mentioned Chris Jepeway's parser and also the new one that is in
15053: sudo 1.7.
15054: [2132d00f0597]
15055:
15056: 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
15057:
15058: * sudo.pod, visudo.pod:
15059: For the options list, add flag args where appropriate and increase
15060: the indent level so there is room for them.
15061: [2b60fb572e12]
15062:
15063: 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
15064:
15065: * parse.c:
15066: Fix some spacing in "sudo -l" and add a comment about some bogosity
15067: in the line wrapping.
15068: [b59b056f5ee2]
15069:
15070: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
15071: visudo.man.in:
15072: regen
15073: [5fb719f18ebc]
15074:
15075: * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
15076: def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
15077: parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
15078: testsudoers.c, toke.c, toke.l:
15079: Remove monitor support until there is a versino of systrace that
15080: uses a lookaside buffer (or we have a better mechanism to use).
15081: [61ff76878e4a]
15082:
15083: * config.h.in, configure, configure.in, sudo.c:
15084: use getaddrinfo() instead of gethostbyname() if it is available
15085: [cc33c136aa6a]
15086:
15087: 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
15088:
15089: * parse.c, sudo.c:
15090: Deal with OSes where sizeof(gid_t) < sizeof(int).
15091: [130a89cbdfba]
15092:
15093: * interfaces.c:
15094: repair non-getifaddrs() code after ipv6 integration
15095: [7ae7a89e2236]
15096:
15097: * sudo.c:
15098: If we can open sudoers but fail to read the first byte, close the
15099: file stream before trying again.
15100: [6f31272fae7b]
15101:
15102: 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
15103:
15104: * toke.c:
15105: regen
15106: [4d7afe0aa6fa]
15107:
15108: * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
15109: Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
15110: [4e6ff2965a42]
15111:
15112: * sudo.pod, sudoers.pod, visudo.pod:
15113: Add some missing markup Update copyright
15114: [7e6d3c686b5e]
15115:
15116: 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
15117:
15118: * configure, configure.in:
15119: fix sudo_noexec extension which got broken in the libtool update
15120: [3a5b447df861]
15121:
15122: 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
15123:
15124: * Makefile.in:
15125: explicitly specify -Tascii to nroff
15126: [45c8da4cbefe]
15127:
15128: 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
15129:
15130: * logging.c:
15131: remove an ANSI-ism that crept in
15132: [29086f87b2ca]
15133:
15134: 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
15135:
15136: * sudo.pod:
15137: Adjust list indents Prevent -- from being turned into an em dash Use
15138: a list for the environment instead of a literal paragraph
15139: [c3abcd8f76f4]
15140:
15141: * visudo.pod:
15142: Use a list for the environment instead of an indented literal
15143: paragraph.
15144: [0ffcfcb7349f]
15145:
15146: * sudoers.pod:
15147: Adjust list indentation
15148: [615c89e3123a]
15149:
15150: * license.pod:
15151: add =head3
15152: [8b2e0d38c0bd]
15153:
15154: 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
15155:
15156: * sudo.pod:
15157: mention that when specifying a uid for the -u option the shell may
15158: require that the # be escaped
15159: [3e3a17bff150]
15160:
15161: 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
15162:
15163: * match.c:
15164: Fix off by one in group matching.
15165: [b529602b7fba]
15166:
15167: 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
15168:
15169: * env.c:
15170: Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
15171: [ffbf8907c6e7]
15172:
15173: 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
15174:
15175: * configure, configure.in:
15176: Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
15177: -lgssapi_krb5 case.
15178: [2b85a89c2252]
15179:
15180: * aclocal.m4, configure, configure.in:
15181: Fix link tests such that new gcc doesn't optimize away the test.
15182: [83484ec95cba]
15183:
15184: 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
15185:
15186: * sudo.pod, sudoers.pod, visudo.pod:
15187: add missing over/back
15188: [251a12c89b91]
15189:
15190: * sudo.pod, sudoers.pod, visudo.pod:
15191: Change FILES section to use =item
15192: [60b9efc3a0b2]
15193:
15194: * env.c:
15195: Add back allocation of the env struct in rebuild_env but save a copy
15196: of the old pointer and free it before returning.
15197: [1100cd4fa997]
15198:
15199: * env.c:
15200: Don't init the private environment in rebuild_env() since it may
15201: have already been done implicitly sudo_setenv/sudo_unsetenv.
15202:
15203: Multiply length by sizeof(char *) in memcpy/memmove when copying the
15204: environment so we copy the full thing.
15205:
15206: Add missing set of parens so we deref the right pointer in
15207: sudo_unsetenv when searching for a matching variable.
15208: [9086a8f756b1]
15209:
15210: 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
15211:
15212: * sudo.pod, sudoers.pod, visudo.pod:
15213: Use file markup for paths in the FILES section
15214: [940d99f731f2]
15215:
15216: * sudo.pod, sudoers.pod, visudo.pod:
15217: Don't capitalize sudo/visudo
15218: [f067a455d44b]
15219:
15220: * sudoers.pod:
15221: Sort sudoers options; based on a diff from Igor Sobrado.
15222: [a9b9befe85ac]
15223:
15224: 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
15225:
15226: * sudo.pod, sudoers.pod, visudo.pod:
15227: Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
15228: latter confuses pod2man. The Makefile rules for the .man.in file
15229: will add @mansectsu@ and @mansectform@ back in after pod2man is done
15230: anyway.
15231: [b50ea0db727c]
15232:
15233: 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
15234:
15235: * LICENSE, Makefile.in, license.pod:
15236: Move license info to pod format
15237: [25bdd82e592b]
15238:
15239: * configure, configure.in, sudoers.pod:
15240: Substitute value of path_info into sudoers man page.
15241: [9ba661a82798]
15242:
15243: * WHATSNEW:
15244: remove features that were back-ported to 1.6.9
15245: [e76d756cbe65]
15246:
15247: * sudo.c, sudo.pod, visudo.c, visudo.pod:
15248: Sort SYNOPSIS and sync usage. From Igor Sobrado.
15249: [4970386c9e54]
15250:
15251: * env.c:
15252: Only need sudo_setenv/sudo_unsetenv if we are going to use
15253: ldap_sasl_interactive_bind_s() but don't have
15254: gss_krb5_ccache_name().
15255: [f1a73d8b35c5]
15256:
15257: * ChangeLog:
15258: rebuild without branch info
15259: [5d5a33494677]
15260:
15261: * Makefile.in:
15262: Add ChangeLog target
15263: [a702034fdd89]
15264:
15265: * auth/pam.c:
15266: Run cleanup code if the user hits ^C at the password prompt.
15267: [9cf87768e921]
15268:
15269: * auth/pam.c:
15270: Some versions of pam_lastlog have a bug that will cause a crash if
15271: PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
15272: string.
15273: [5b63f6c88866]
15274:
15275: 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
15276:
15277: * Makefile.in:
15278: ChageLog not Changelog
15279: [1243d8473ceb]
15280:
15281: * ChangeLog:
15282: sync
15283: [d887df98c6b0]
15284:
15285: * Makefile.in:
15286: CHANGE -> Changelog
15287: [917738df30dd]
15288:
15289: * TODO:
15290: sync
15291: [cd382f7d1948]
15292:
15293: 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
15294:
15295: * config.h.in, configure, configure.in, ldap.c:
15296: Add configure hooks for gss_krb5_ccache_name() and the gssapi
15297: headers.
15298: [139606209991]
15299:
15300: 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
15301:
15302: * env.c, sudo.c:
15303: rebuild_env() and insert_env_vars() no longer return environment
15304: pointer, they set environ directly.
15305:
15306: No longer need to pass around an envp pointer since we just operate
15307: on environ now.
15308:
15309: Add dosync argument to insert_env() that indicates whether it should
15310: reset environ when realloc()ing env.envp.
15311:
15312: Use an initial size of 128 for the environment.
15313: [4735fd5fddb8]
15314:
15315: * env.c:
15316: Split sudo_setenv() into an external version and a version only for
15317: use by rebuild_env().
15318: [fda7d655adb1]
15319:
15320: 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
15321:
15322: * ldap.c:
15323: Add support for using gss_krb5_ccache_name() instead of setting
15324: KRB5CCNAME. Also use sudo_unsetenv() in the non-
15325: gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
15326: original environment. TODO: configure setup for
15327: gss_krb5_ccache_name()
15328: [fcafa5a49caf]
15329:
15330: * README.LDAP:
15331: add krb5_ccname
15332: [fceb8f883886]
15333:
15334: * README.LDAP, ldap.c:
15335: Add support for sasl_secprops in ldap.conf
15336: [1f06f4bf7347]
15337:
15338: * env.c, sudo.h:
15339: Add sudo_unsetenv() and refactor private env syncing code into
15340: sync_env().
15341: [045ecb3fd22b]
15342:
15343: * README.LDAP, ldap.c:
15344: The ldap.conf variable is sasl_auth_id not sasl_authid.
15345: [a5f98491311b]
15346:
15347: 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
15348:
15349: * ldap.c, sudo.c, sudo.h:
15350: Add support for krb5_ccname in ldap.conf. If specified, it will
15351: override the default value of KRB5CCNAME in the environment for the
15352: duration of the call to ldap_sasl_interactive_bind_s().
15353: [b08a10c3045b]
15354:
15355: * env.c, sudo.h:
15356: Remove format_env() Add sudo_setenv() to replace most format_env() +
15357: insert_env() combinations. insert_env() no longer takes a struct
15358: environment *
15359: [131da52f43f3]
15360:
15361: * ldap.c:
15362: Fix use_sasl vs. rootuse_sasl logic.
15363: [0c0417b6918c]
15364:
15365: * README.LDAP, config.h.in, configure, configure.in, ldap.c:
15366: Add support for SASL auth when connecting to an LDAP server. Adapted
15367: from a diff by Tom McLaughlin.
15368: [a6285f1356ea]
15369:
15370: 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
15371:
15372: * configure, configure.in:
15373: Only enable AIX or BSD auth if no other exclusive auth method has
15374: been chosen. Allows people to e.g., use PAM on AIX without adding
15375: --without-aixauth. A better solution is needed to deal with default
15376: authentication since if a non-exclusive method is chosen we will
15377: still get an error.
15378: [83f7afdc0ec3]
15379:
15380: 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
15381:
15382: * HISTORY, Makefile.in, history.pod:
15383: Generate HISTORY from history.pod (which is also used for web pages)
15384: [60bcd5164931]
15385:
15386: 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
15387:
15388: * sudo.man.in, sudoers.man.in:
15389: regen
15390: [63956a366191]
15391:
15392: * sudo.pod:
15393: Better explanation of environment handling in the sudo man page.
15394: [6c247742f7ee]
15395:
15396: * env.c, sudo.c:
15397: Defer setting user-specified env vars until after authentication.
15398: [4750b79323ee]
15399:
15400: * env.c:
15401: honor def_default_path for PATH set on the command line
15402: [6db31d9b6d65]
15403:
15404: * env.c, sudo.c, sudo.pod, sudoers.pod:
15405: Allow user to set environment variables on the command line as long
15406: as they are allowed by env_keep and env_check. Ie: apply the same
15407: restrictions as normal environment variables. TODO: deal with
15408: secure_path
15409: [26c0da3840cf]
15410:
15411: 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
15412:
15413: * sudo.c, sudo_edit.c:
15414: Call rebuild_env() in call cases. Pass original envp to sudo_edit().
15415: Don't allow -E or env var setting in sudoedit mode. More accurate
15416: usage() when called as sudoedit.
15417: [a4af20658361]
15418:
15419: * ldap.c:
15420: warn -> warning
15421: [d87d1192b048]
15422:
15423: * sudo.pod:
15424: add -c option to sudoedit synopsis
15425: [15b596a7e2db]
15426:
15427: * TODO:
15428: udpate to reality
15429: [e2f8fde89db1]
15430:
15431: * parse.c:
15432: Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
15433: value from {user,host,runas,cmnd}_matches(). Rename *matches
15434: variables -> *match. Purely cosmetic.
15435: [e54a44c00a88]
15436:
15437: * parse.c:
15438: Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
15439: in behavior.
15440: [c6272b4f2127]
15441:
15442: * sudoers:
15443: add SETENV tag
15444: [3a3066bb6788]
15445:
15446: 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
15447:
15448: * parse.c:
15449: Make pwcheck local to the pwflag block. Use pwcheck even if user
15450: didn't match since Defaults options may still apply.
15451: [45da9efbbafd]
15452:
15453: * check.c, sudo.c:
15454: Do not update timestamp if user not validated by sudoers.
15455: [a4a9d4364827]
15456:
15457: * set_perms.c:
15458: for PERM_RUNAS, set the egid to the runas user's gid and restore to
15459: the user's original in PERM_ROOT
15460: [1514bfb32847]
15461:
15462: * logging.c, mon_systrace.c, set_perms.c, sudo.h:
15463: PERM_FULL_ROOT is now no different than PERM_ROOT so remove
15464: PERM_FULL_ROOT
15465: [b9d047a3178c]
15466:
15467: * check.c:
15468: don't check timestamp mtime if we are just going to remove it
15469: [5d2470bc6cbd]
15470:
15471: * sudoers.pod:
15472: Move sudoers defaults parameters into their own section.
15473: [54701fbc0ff3]
15474:
15475: * testsudoers.c:
15476: Reduce a level of indent by a few placed continue statements.
15477: [5d5a9838c8ef]
15478:
15479: * parse.c:
15480: Make matching but negated commands/hosts/runas entries override a
15481: previous match as expected. Also reduce some levels of indent by a
15482: few placed continue statements.
15483: [dd59fa4b91a1]
15484:
15485: 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
15486:
15487: * parse.c:
15488: Print default runas in "sudo -l" if sudoers don't specify one.
15489: [07d408c400bd]
15490:
15491: * match.c:
15492: Less hacky way of testing whether the domain was set.
15493: [a537059776e5]
15494:
15495: 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
15496:
15497: * INSTALL:
15498: Mention pam-devel and openldap-devel for Linux
15499: [9e708c54ecc3]
15500:
15501: 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
15502:
15503: * README.LDAP:
15504: or vs. are
15505: [abe8c0f3a410]
15506:
15507: 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
15508:
15509: * sudo.c:
15510: fix typo in Solaris project support
15511: [2ffeb2d80959]
15512:
15513: * HISTORY:
15514: update
15515: [df162b36f120]
15516:
15517: * sudo.c:
15518: Make -- on the command line match the manual page. The implied shell
15519: case has been simplified as a result.
15520: [cd217a1f6694]
15521:
15522: 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
15523:
15524: * sudoers2ldif:
15525: add simplistic support for sudoRunas; note that if a sudoers entry
15526: contains multiple Runas users, all will apply to the sudoRole
15527: [65b11421f5c8]
15528:
15529: * sudoers2ldif:
15530: honor SETENV and NOSETENV tags
15531: [2c0d5ba7a09b]
15532:
15533: 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
15534:
15535: * mon_systrace.c:
15536: Redo setting of user_args. We now build up a private copy of argv
15537: first and then replace the NULs?with spaces.
15538: [ccbba72ea112]
15539:
15540: * mon_systrace.c:
15541: getcwd() returns NULL on failure, not 0 on success
15542: [88cd9e66e530]
15543:
15544: * mon_systrace.c:
15545: allow chunksiz to reach 1 before erroring out
15546: [619d68f14964]
15547:
15548: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
15549: visudo.man.in:
15550: regen
15551: [8db512d3caf0]
15552:
15553: 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
15554:
15555: * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
15556: logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
15557: toke.c, toke.l:
15558: Add support for setting environment variables on the command line.
15559: This is only allowed if the setenv sudoers options is enabled or if
15560: the command is prefixed with the SETENV tag.
15561: [5744caebd969]
15562:
15563: * README.LDAP:
15564: replace Aaron's email address with the sudo-workers list
15565: [2ffce5f9afc0]
15566:
15567: * configure:
15568: regen
15569: [8013dff82c0c]
15570:
15571: 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
15572:
15573: * schema.OpenLDAP, schema.iPlanet:
15574: Break schema out into separate files.
15575: [15e598e4c60b]
15576:
15577: * Makefile.in, README.LDAP:
15578: Break schema out into separate files.
15579: [1a53966ca1fa]
15580:
15581: 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
15582:
15583: * auth/aix_auth.c:
15584: free message if set by authenticate()
15585: [849c220c1236]
15586:
15587: * match.c:
15588: deal with NULL gr_mem
15589: [49e4d74f0bbe]
15590:
15591: 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
15592:
15593: * config.h.in:
15594: regen
15595: [fead999ad3e9]
15596:
15597: * configure.in:
15598: add template for HAVE_PROJECT_H
15599: [e6c42c2eaad1]
15600:
15601: * closefrom.c:
15602: include fcntl.h
15603: [54d98b382f03]
15604:
15605: 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
15606:
15607: * INSTALL:
15608: mention --with-project
15609: [d3ea3baad7c5]
15610:
15611: * config.h.in, configure.in, sudo.c:
15612: Add Solaris 10 "project" support. From Michael Brantley.
15613: [f14f3c8c6554]
15614:
15615: * sudoers.pod:
15616: fix typo
15617: [50db81a19787]
15618:
15619: * configure:
15620: regen
15621: [ea71afd3e564]
15622:
15623: * configure.in:
15624: Fix preservation of LDFLAGS in the LDAP case.
15625: [40a3a47e8059]
15626:
15627: * memrchr.c:
15628: Remove dependecy on NULL
15629: [c957ae5e1733]
15630:
15631: * configure:
15632: regen
15633: [4955ce0c6912]
15634:
15635: * aclocal.m4, configure.in:
15636: Can't use the regular autoconf fnmatch() check since we need
15637: FNM_CASEFOLD so go back to our custom one.
15638: [f10d76237486]
15639:
15640: * env.c:
15641: Fix preserving of variables in env_keep.
15642: [d040049d6b84]
15643:
15644: * env.c:
15645: add XAUTHORIZATION
15646: [0d589a5fe015]
15647:
15648: * UPGRADE:
15649: expand upon env resetting and mention that it began in 1.6.9 not
15650: 1.7.
15651: [dba251655c76]
15652:
15653: * sudoers.pod:
15654: Update descriptions of env_keep and env_check to match current
15655: reality.
15656: [dba77357954b]
15657:
15658: 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
15659:
15660: * env.c:
15661: Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
15662: LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
15663: [eec4632bd190]
15664:
15665: * env.c, logging.c:
15666: Treat USERNAME environemnt variable like LOGNAME/USER
15667: [09f52dcfd70c]
15668:
15669: * env.c:
15670: Don't need to populate keepenv table with the contents of the
15671: checkenv table.
15672: [527a14afd973]
15673:
15674: * sudo.c:
15675: Don't force sudo into the C locale.
15676: [8a5bd301ef96]
15677:
15678: * env.c:
15679: Make env_check apply when env_reset it true. Environment variables
15680: are passed through unless they contain '/' or '%'. There is no need
15681: to have a variable in both env_check and env_keep.
15682: [840c802721e4]
15683:
15684: 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
15685:
15686: * visudo.c:
15687: Remove an duplicate lock_file() call and add a comment.
15688: [5af9dcdf0eb6]
15689:
15690: * UPGRADE:
15691: Add sudo 1.6.9 upgrade note.
15692: [1585149f2914]
15693:
15694: 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
15695:
15696: * interfaces.c:
15697: Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
15698: small. From Klaus Wagner.
15699: [d6899fc44f77]
15700:
15701: * logging.c, sudo.h:
15702: Redo the long syslog line splitting based on a patch from Eygene
15703: Ryabinkin. Include memrchr() for systems without it.
15704: [66a50e8d553a]
15705:
15706: * memrchr.c:
15707: Redo the long syslog line splitting based on a patch from Eygene
15708: Ryabinkin. Include memrchr() for systems without it.
15709: [2f6702b7d41b]
15710:
15711: * Makefile.in, config.h.in, configure, configure.in:
15712: Redo the long syslog line splitting based on a patch from Eygene
15713: Ryabinkin. Include memrchr() for systems without it.
15714: [407a46190921]
15715:
15716: * configure.in:
15717: Since we need to be able to convert timespec to timeval for utimes()
15718: the last 3 digits in the tv_nsec are not significant. This makes the
15719: sudoedit file date comparison work again.
15720: [9d0258849fa9]
15721:
15722: 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
15723:
15724: * aclocal.m4, configure, configure.in:
15725: Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
15726: This deals with exclusive authentication methods in a simple way.
15727: [7d70072c0f35]
15728:
15729: 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
15730:
15731: * LICENSE:
15732: mkstemp.c is BSD code too.
15733: [29e236d98162]
15734:
15735: * sudo.pod, sudoers.pod, visudo.pod:
15736: No commercial support for now.
15737: [7c76b3e192dd]
15738:
15739: 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
15740:
15741: * sudo.c:
15742: cleanenv() is no more.
15743: [518080514408]
15744:
15745: 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
15746:
15747: * ChangeLog:
15748: Display branch info in Changelog
15749: [44e3b27427c7]
15750:
15751: * utimes.c:
15752: Include config.h early so we have it for TIME_WITH_SYS_TIME
15753: [4bf1a00d0703]
15754:
15755: * ChangeLog:
15756: Fix Changelog generation and update.
15757: [6e960dbcbece]
15758:
15759: 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
15760:
15761: * closefrom.c:
15762: Use /proc/self/fd instead of /proc/$$/fd
15763:
15764: Move old-style fd closing into closefrom_fallback() and call that if
15765: /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
15766: [faa7e4810758]
15767:
15768: * auth/kerb5.c, config.h.in, configure.in:
15769: o use krb5_verify_user() if available instead of doing it by hand o
15770: use krb5_init_secure_context() if we have it o pass an encryption
15771: type of 0 to krb5_kt_read_service_key() instead of
15772: ENCTYPE_DES_CBC_MD5 to let kerberos choose.
15773: [df7acf72bd7c]
15774:
15775: * env.c:
15776: Check TERM and COLORTERM for '%' and '/' characters. From Debian.
15777: [f92d05197e40]
15778:
15779: * configure.in:
15780: Fix closefrom() substitution in the Makefile
15781: [b642b13fcc5c]
15782:
15783: * TROUBLESHOOTING:
15784: Mention alternate sudo pronunciation.
15785: [7c71dc73409f]
15786:
15787: 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
15788:
15789: * env.c:
15790: Remove KRB5_KTNAME from environment. Allow COLORTERM.
15791: [70f35a79f780]
15792:
15793: * auth/kerb5.c:
15794: If we cannot get a valid service key using the default keytab it is
15795: a fatal error. Fixes a bug where sudo could be tricked into
15796: allowing access when it should not by a fake KDC. From Thor Lancelot
15797: Simon.
15798: [a3ae6a47cb23]
15799:
15800: 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
15801:
15802: * aclocal.m4, configure, configure.in:
15803: Update long long checks to use AC_CHECK_TYPES and to cache values.
15804: [047318eaaeb2]
15805:
15806: * aclocal.m4, configure.in:
15807: Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
15808: use AC_REPLACE_FNMATCH since that assumes replacing with GNU
15809: fnmatch.
15810: [80513a1003ea]
15811:
15812: 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
15813:
15814: * configure, configure.in:
15815: Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
15816: need it for visudo now too.
15817: [50837c7c2b5e]
15818:
15819: 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
15820:
15821: * sudoers.pod:
15822: Attempt to clarify the bit talking about network numbers w/o
15823: netmasks.
15824: [211e68c1d034]
15825:
15826: * sudo.pod:
15827: Clarify timestamp dir ownership sentence.
15828: [9178f132c7f7]
15829:
15830: 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
15831:
15832: * auth/pam.c:
15833: Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
15834: Dmitry V. Levin.
15835: [81fce91667bc]
15836:
15837: 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
15838:
15839: * sudo.c:
15840: -i is also one of the mutually exclusive options to list it in the
15841: warning message. Noted by Chris Pepper.
15842: [7da73fb248e9]
15843:
15844: 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
15845:
15846: * visudo.pod:
15847: The sudoers variable is env_editor, not enveditor. From Jean-
15848: Francois Saucier.
15849: [2a86ec09a6db]
15850:
15851: 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
15852:
15853: * redblack.c:
15854: I tracked down the original author so credit him and include his
15855: license info.
15856: [3733553a1bba]
15857:
15858: 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
15859:
15860: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
15861: sudoers.pod:
15862: Fix typos; from Jason McIntyre.
15863: [1ee4ce2512f2]
15864:
15865: * logging.c:
15866: Restore signal mask before calling reapchild(). Fixes a possible
15867: race condition that could prevent sudo from properly waiting for the
15868: child.
15869: [9ee4192385dc]
15870:
15871: 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
15872:
15873: * pwutil.c:
15874: Don't declare pw_free() if we are not going to use it.
15875: [adb79a4289ca]
15876:
15877: * env.c:
15878: Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
15879: LDR_PRELOAD64. The 64-bit version is not currently supported.
15880: Remove zero_env() prototype as it no longer exists.
15881: [b4fe65027fb6]
15882:
15883: 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
15884:
15885: * logging.c:
15886: Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
15887: [78002ad90f7b]
15888:
15889: 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
15890:
15891: * auth/pam.c:
15892: If the user enters ^C at the password prompt, abort instead of
15893: trying to authenticate with an empty password (which causes an
15894: annoying delay).
15895: [da3f27b747c7]
15896:
15897: 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
15898:
15899: * closefrom.c, config.h.in, configure, configure.in:
15900: Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
15901: Darren Tucker.
15902: [0331b7780759]
15903:
15904: * pwutil.c:
15905: pw_free() is only used by sudo_freepwcache() so ifdef it out too.
15906: [0014c0d9eeba]
15907:
15908: 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
15909:
15910: * config.guess, config.sub:
15911: Update to latest versions from cvs.savannah.gnu.org
15912: [aa0143101c20]
15913:
15914: 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
15915:
15916: * pwutil.c, sudo_edit.c:
15917: Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
15918: we can close the passwd/group files early.
15919: [559074bd7eb7]
15920:
15921: * config.h.in, configure, configure.in, set_perms.c:
15922: Add seteuid() flavor of set_perms() for systems without setreuid()
15923: or setresuid() that have a working seteuid(). Tested on Darwin.
15924: [508d8da99189]
15925:
15926: 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
15927:
15928: * mon_systrace.c:
15929: systrace_read() returns ssize_t
15930: [9f97d1d1a59d]
15931:
15932: * configure, configure.in:
15933: Fix typo, -lldap vs. -ldap; from Tim Knox.
15934: [a8cc43c3bb2a]
15935:
15936: 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
15937:
15938: * HISTORY:
15939: Fix typo; Matt Ackeret
15940: [86964ee3dfbd]
15941:
15942: 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
15943:
15944: * sudo.c:
15945: Print sudoers path in -V mode for root.
15946: [dc43f2d75bd9]
15947:
15948: 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
15949:
15950: * ldap.c:
15951: Do a sub tree search instead of a base search (one level in the tree
15952: only) for sudo right objects. This allows system administrators to
15953: categorize the rights in a tree to make them easier to manage.
15954: [6d2d9abf996e]
15955:
15956: 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
15957:
15958: * sudo.pod:
15959: fix typo
15960: [1473413bcbda]
15961:
15962: 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
15963:
15964: * ldap.c:
15965: Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
15966: bind_timelimit support; adapted from gentoo.
15967: [afc816093026]
15968:
15969: 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
15970:
15971: * ldap.c:
15972: Support comments that start in the middle of a line
15973: [c25df6ee3db8]
15974:
15975: * configure, configure.in:
15976: Define LDAP_DEPRECATED until we start using ldap_get_values_len()
15977: [ee249bfe230a]
15978:
15979: 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
15980:
15981: * closefrom.c:
15982: Silence gcc -Wsign-compare; djm@openbsd.org
15983: [28769ce6418d]
15984:
15985: * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
15986: cleanup() now takes an int as an arg so it can be used as a signal
15987: handler too.
15988: [2bb0df34d09c]
15989:
15990: * sudo.c:
15991: Make a copy of the shell field in the passwd struct for NewArgv to
15992: avoid a use after free situation after sudo_endpwent() is called.
15993: [5dcc9ffd362e]
15994:
15995: 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
15996:
15997: * config.h.in, configure, configure.in:
15998: Add mkstemp() for those poor souls without it.
15999: [5fdd02e863e0]
16000:
16001: * mkstemp.c:
16002: Add mkstemp() for those poor souls without it.
16003: [c99401207860]
16004:
16005: * Makefile.in:
16006: Add mkstemp() for those poor souls without it.
16007: [9c1cf2678f24]
16008:
16009: 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
16010:
16011: * env.c:
16012: Add PERL5DB to list of environment variables to remove.
16013: [7375c27ecf75]
16014:
16015: 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
16016:
16017: * mon_systrace.c, mon_systrace.h:
16018: Instead of calling the check function twice with a state cookie use
16019: separate check/log functions.
16020:
16021: Check more ioctl() calls for failure.
16022:
16023: systrace_{read,write} now return the number of bytes read/written or
16024: -1 on error.
16025: [3dc8946d90e9]
16026:
16027: * env.c:
16028: Add more environment variables to remove; from gentoo linux Add some
16029: comments about what bad env variables go to what (more to do)
16030: [6918110a6b82]
16031:
16032: 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
16033:
16034: * sudo.c, sudo_edit.c:
16035: Move sudo_end{gr,pw}ent() until just before the exec since they free
16036: up our cached copy of the passwd structs, including sudo_user and
16037: sudo_runas. Fixes a use-after-free bug.
16038: [54de3778bad0]
16039:
16040: * visudo.c:
16041: Close all fd's before executing editor.
16042: [4fcc05e1bec8]
16043:
16044: * sudo.c:
16045: Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
16046: [ef0e8ffa5c9f]
16047:
16048: * check.c:
16049: Fix fd leak when lecture file option is enabled. From Jerry Brown
16050: [ce97f9207cd8]
16051:
16052: 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
16053:
16054: * env.c:
16055: Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
16056: environment variables to remove. From Charles Morris
16057: [c96e1367d1c1]
16058:
16059: 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
16060:
16061: * env.c:
16062: add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
16063: [72a6a1571226]
16064:
16065: 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
16066:
16067: * env.c:
16068: add PS4 and SHELLOPTS to initial_badenv_table for bash
16069: [89dfb3f318f3]
16070:
16071: 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
16072:
16073: * sudoers.pod:
16074: Fix typo; Toby Peterson
16075: [b7a3222b23f4]
16076:
16077: 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
16078:
16079: * tsgetgrpw.c:
16080: Make return buffers static so they don't get clobbered
16081: [13323a39b9f5]
16082:
16083: 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
16084:
16085: * auth/securid5.c:
16086: Fix securid5 authentication, was not checking for ACM_OK. Also add
16087: default cases for the two switch()es. Problem noted by ccon at
16088: worldbank
16089: [14091e418333]
16090:
16091: 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
16092:
16093: * ldap.c:
16094: Remove ncat() in favor of just counting bytes and pre-allocating
16095: what is needed.
16096: [25b8712adb61]
16097:
16098: 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
16099:
16100: * ldap.c:
16101: Fix up some comments Add missing fclose() for the rootbinddn case
16102: [ae95c8a89711]
16103:
16104: * ldap.c:
16105: align struct ldap_config
16106: [35d0d64c76f8]
16107:
16108: * ldap.c:
16109: use LINE_MAX for max conf file line size
16110: [da116cb8853d]
16111:
16112: * pathnames.h.in:
16113: add _PATH_LDAP_SECRET
16114: [128b04ecfab7]
16115:
16116: * README.LDAP:
16117: Mention rootbinddn Give example ou=SUDOers container
16118: [852edc69bd1c]
16119:
16120: 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
16121:
16122: * INSTALL, configure, configure.in, ldap.c:
16123: Support rootbinddn in ldap.conf
16124: [1615c91522a1]
16125:
16126: * env.c, sudo.pod, sudoers.pod:
16127: Preserve DISPLAY environment variable by default.
16128: [05f503d5f438]
16129:
16130: * acsite.m4, configure:
16131: set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
16132: [18a04dea8d05]
16133:
16134: * acsite.m4, configure:
16135: set need_version=no for all cases; this is safe for LD_PRELOAD
16136: [b542560e1a73]
16137:
16138: * aclocal.m4:
16139: typo
16140: [c040df0fcd5a]
16141:
16142: * configure, configure.in:
16143: Add dragonfly
16144: [f13794618636]
16145:
16146: * auth/pam.c:
16147: Fix call to pam_end() when pam_open_session() fails.
16148: [0be47cdfdef1]
16149:
16150: * configure:
16151: regen
16152: [7f5c13b4b800]
16153:
16154: * acsite.m4:
16155: rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
16156: ltsugar.m4 ltversion.m4
16157: [a7ba9fd1a2ab]
16158:
16159: * config.guess, config.sub, ltmain.sh:
16160: merge in local changes: config.guess: o better openbsd support
16161: config.sub: o hiuxmpp support ltmain.sh o remove requirement that
16162: libs must begin with "lib" o don't print a bunch of crap about
16163: library installs o don't run ldconfig
16164: [f4149f2c720f]
16165:
16166: * config.guess, config.sub, ltmain.sh:
16167: libtool 1.9f
16168: [82a534e7121f]
16169:
16170: * configure.in:
16171: Update with autoupdate and make minor changes for libtool 1.9f
16172: [11b5ae5c1428]
16173:
16174: 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
16175:
16176: * parse.c:
16177: don't call sudo_ldap_display_cmnd if ldap not setup
16178: [8bcf6c094ffe]
16179:
16180: * sudo_edit.c, visudo.c:
16181: Move declatation of struct timespec to its own include files for
16182: systems without it since it needs time_t defined.
16183: [b95c333299a0]
16184:
16185: * gettime.c:
16186: Move declatation of struct timespec to its own include files for
16187: systems without it since it needs time_t defined.
16188: [021b4569cc0c]
16189:
16190: * fileops.c:
16191: Move declatation of struct timespec to its own include files for
16192: systems without it since it needs time_t defined.
16193: [dd8573b2ee7d]
16194:
16195: * emul/timespec.h:
16196: Move declatation of struct timespec to its own include files for
16197: systems without it since it needs time_t defined.
16198: [f95137771564]
16199:
16200: * check.c, compat.h:
16201: Move declatation of struct timespec to its own include files for
16202: systems without it since it needs time_t defined.
16203: [2ef2ace8fe85]
16204:
16205: * ldap.c:
16206: Don't set safe_cmnd for the "sudo ALL" case.
16207: [ad7fa9e07da0]
16208:
16209: 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
16210:
16211: * auth/pam.c:
16212: Call pam_open_session() and pam_close_session() to give pam_limits a
16213: chance to run. Idea from Karel Zak.
16214: [fed46d471350]
16215:
16216: 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
16217:
16218: * check.c, sudo.c:
16219: Add explicit cast from mode_t -> u_int in printf to silence warnings
16220: on Solaris
16221: [17bb961fe22d]
16222:
16223: * parse.c:
16224: include grp.h to silence a warning on Solaris
16225: [14386fbab640]
16226:
16227: 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
16228:
16229: * parse.c:
16230: Fix printing of += and -= defaults.
16231: [a667604c56cd]
16232:
16233: 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
16234:
16235: * mon_systrace.c:
16236: Sanity check number of syscall args with argsize. Not really needed
16237: but a little paranoia never hurts.
16238: [6bb455a2c2d6]
16239:
16240: * mon_systrace.c, mon_systrace.h:
16241: Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
16242: for systrace lengths (since it uses int)
16243: [3cafccffcffd]
16244:
16245: 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
16246:
16247: * mon_systrace.c:
16248: Add some memsets for paranoia Fix namespace collsion w/ error Check
16249: rval of decode_args() and update_env() Remove improper setting of
16250: validated variable
16251: [3d385158354d]
16252:
16253: 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
16254:
16255: * parse.c, sudo.c, sudo.h:
16256: In -l mode, only check local sudoers file if def_ignore_sudoers is
16257: not set and call LDAP versions from display_privs() and
16258: display_cmnd() instead of directly from main(). Because of this we
16259: need to defer closing the ldap connection until after -l processing
16260: has ocurred and we must pass in the ldap pointer to display_privs()
16261: and display_cmnd().
16262: [1dfc2e8c9f2b]
16263:
16264: * ldap.c:
16265: Reorganize LDAP code to better match normal sudoers parsing.
16266: Instead of storing strings for later printing in -l mode we do
16267: another query since the authenticating user and the user being
16268: listed may not be the same (the new -U flag). Also add support for
16269: "sudo -l command".
16270:
16271: There is still a fair bit if duplicated code that can probably be
16272: refactored.
16273: [e9568f19bde5]
16274:
16275: 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
16276:
16277: * ldap.c:
16278: Replace pass variable with do_netgr for better readability.
16279: [1bba841b6e79]
16280:
16281: * ldap.c:
16282: use DPRINTF macro
16283: [02b159b66bb5]
16284:
16285: * ldap.c:
16286: estrdup, not strdup
16287: [22cdee7973c1]
16288:
16289: 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
16290:
16291: * parse.c:
16292: Add macro to test if the tag changed to improve readability.
16293: [4e11b4819556]
16294:
16295: * parse.c:
16296: Avoid printing defaults header if there are no defaults to print...
16297: [41a28627df03]
16298:
16299: * glob.c:
16300: Fix a warning on systems without strlcpy().
16301: [6814e0f0e4f4]
16302:
16303: * pwutil.c:
16304: Use macros where possible for sudo_grdup() like sudo_pwdup().
16305: [30f201ff35cd]
16306:
16307: 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
16308:
16309: * utimes.c:
16310: It is possible for tv_usec to hold >= 1000000 usecs so add in
16311: tv_usec / 1000000.
16312: [794ac4d53a65]
16313:
16314: 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
16315:
16316: * auth/kerb5.c:
16317: The component in krb5_principal_get_comp_string() should be 1, not 0
16318: for Heimdal. From Alex Plotnick.
16319: [fefa351c5044]
16320:
16321: 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
16322:
16323: * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
16324: interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
16325: redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
16326: Add efree() for consistency with emalloc() et al. Allows us to rely
16327: on C89 behavior (free(NULL) is valid) even on K&R.
16328: [7876bb80d87c]
16329:
16330: * parse.c, sudo.c:
16331: Move initgroups() for -U option into display_privs() so group
16332: matching in sudoers works correctly.
16333: [b074428ad2ca]
16334:
16335: 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
16336:
16337: * ldap.c:
16338: Removed duplicate call to ldap_unbind_s introduced along with
16339: sudo_ldap_close.
16340: [19acc1c20f7c]
16341:
16342: * parse.c:
16343: Add missing space in Defaults printing
16344: [95d2935bf6d4]
16345:
16346: 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
16347:
16348: * pwutil.c:
16349: Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
16350: and string copies.
16351: [6b6b241495e5]
16352:
16353: 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
16354:
16355: * pwutil.c:
16356: Zero old pw_passwd before replacing with version from shadow file.
16357: [3251b349dfe1]
16358:
16359: * configure, configure.in:
16360: Only attempt shadow password detection if PAM is not being used Add
16361: shadow_* variables to make shadow password detection more generic.
16362: [d498a3423ac9]
16363:
16364: * configure.in:
16365: Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
16366: [04d55bbd5e35]
16367:
16368: 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
16369:
16370: * sudoers.pod:
16371: use a non-breaking space to avoid a double space after e.g.
16372: [11cdb54bdf7b]
16373:
16374: * sudo.pod:
16375: commna, not colon after e.g.
16376: [8d5875ff72e0]
16377:
16378: 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
16379:
16380: * sudo_noexec.c:
16381: Add __ variants of the exec functions. GNU libc at least uses
16382: __execve() internally.
16383: [d1880473d790]
16384:
16385: * indent.pro:
16386: Match reality a bit more.
16387: [633e3fa875a7]
16388:
16389: * pwutil.c:
16390: Missed piece from rev. 1.6, fix sudo_getpwnam() too.
16391: [128f7b21c2ee]
16392:
16393: * pwutil.c:
16394: Store shadow password after making a local copy of struct passwd in
16395: case normal and shadow routines use the same internal buffer in
16396: libc.
16397: [f806052a6ffc]
16398:
16399: 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
16400:
16401: * alloc.c, logging.c:
16402: Make varargs usage consistent with the rest of the code.
16403: [3d45affc9851]
16404:
16405: 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
16406:
16407: * sudo_noexec.c:
16408: Wrap more of the exec family since on Linux the others do not appear
16409: to go through the normal execve() path.
16410: [8167769b4e19]
16411:
16412: * visudo.c:
16413: make print_unused static like proto says
16414: [ecf10e1bae55]
16415:
16416: * glob.c:
16417: silence a warning on K&R systems
16418: [2e00425f1a5c]
16419:
16420: * alias.c, error.c:
16421: make this build in K&R land
16422: [156f65f8525a]
16423:
16424: * parse.c:
16425: make this build in K&R land
16426: [6fc9276889cb]
16427:
16428: 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
16429:
16430: * toke.c:
16431: regen
16432: [3b349748cd21]
16433:
16434: 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
16435:
16436: * ldap.c:
16437: return(foo) not return foo optimize _atobool() slightly
16438: [11d09d154ed5]
16439:
16440: * ldap.c:
16441: Use TRUE/FALSE
16442: [53999320d98f]
16443:
16444: * ldap.c:
16445: Reformat to match the rest of sudo's code.
16446: [1bd0f2afa0e7]
16447:
16448: * sudo.pod:
16449: I am the primary author
16450: [5d311ecd85c6]
16451:
16452: 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
16453:
16454: * Makefile.in, README, RUNSON:
16455: The RUNSON file is toast--it confused too many people and really
16456: isn't needed in a configure-oriented world.
16457: [96a6ef7bbc08]
16458:
16459: * INSTALL:
16460: alternate -> alternative
16461: [b65015c5d0a2]
16462:
16463: * tgetpass.c:
16464: Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
16465: TCSAFLUSH.
16466: [c66b4763ffdc]
16467:
16468: * toke.l:
16469: Allow leading blanks before Defaults and Foo_Alias definitions
16470: [2add513d9277]
16471:
16472: * Makefile.in:
16473: fix rules to build toke.o and gram.o in devel mode
16474: [96cbb414ebd3]
16475:
16476: 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
16477:
16478: * sudoers.pod:
16479: env_keep overrides set_logname
16480: [401877193a15]
16481:
16482: * env.c:
16483: Fix disabling set_logname and make env_keep override set_logname.
16484: [0906e7a5ed93]
16485:
16486: * compat.h, config.h.in, configure, configure.in:
16487: No longer need memmove()
16488: [43bdb6efe3f2]
16489:
16490: * env.c, sudo.c:
16491: Just clean the environment once. This assumes that any further
16492: setenv/putenv will be able to handle the fact that we replaced
16493: environ with our own malloc'd copy but all the implementations I've
16494: checked do.
16495: [11658fe92ba2]
16496:
16497: 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
16498:
16499: * env.c, sudo.c:
16500: In -i mode, base the value of insert_env()'s dupcheck flag on
16501: DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
16502: [8365b0bd0c71]
16503:
16504: 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
16505:
16506: * env.c, sudo.c:
16507: Move setting of user_path, user_shell, user_prompt and prev_user
16508: into init_vars() since user_shell at least is needed there.
16509: [37e22dce66e9]
16510:
16511: 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
16512:
16513: * Makefile.in:
16514: fix devel builds
16515: [9fbb15ef164c]
16516:
16517: * sudo.c:
16518: Fix some printf format mismatches on error.
16519: [ffc1c3f11740]
16520:
16521: * check.c:
16522: Fix some printf format mismatches on error.
16523: [7b3b508adf50]
16524:
16525: * configure, gram.c, toke.c:
16526: regen
16527: [aa76f9d8b02a]
16528:
16529: * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
16530: auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
16531: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
16532: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
16533: auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
16534: closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
16535: emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
16536: getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
16537: interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
16538: parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
16539: snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
16540: sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
16541: testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
16542: visudo.pod, zero_bytes.c:
16543: Update copyright years.
16544: [0610c3654739]
16545:
16546: * Makefile.binary.in:
16547: Update copyright years.
16548: [d78ffc9f2e2b]
16549:
16550: * LICENSE:
16551: Update copyright years.
16552: [f60473bca4b1]
16553:
16554: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
16555: version 1.7
16556: [aa977a544ca1]
16557:
16558: * WHATSNEW:
16559: What's new in sudo 1.7, based on the 1.7 CHANGES entries.
16560: [ecfcf7269c14]
16561:
16562: 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
16563:
16564: * compat.h, logging.h, sudo.h:
16565: Add __printflike and use it with gcc to warn about printf-like
16566: format mismatches
16567: [b192ad4a0548]
16568:
16569: 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
16570:
16571: * CHANGES, ChangeLog:
16572: Replaced CHANGES file with ChangeLog generated from cvs logs
16573: [d9ace9dab98f]
16574:
16575: * set_perms.c:
16576: Use warning/error instead of perror/fatal.
16577: [e33259df7738]
16578:
16579: * config.guess:
16580: Update OpenBSD section
16581: [9d2c23de6801]
16582:
16583: * UPGRADE:
16584: Add upgrading noted for 1.7
16585: [1fb6b6d6df07]
16586:
16587: * env.c, sudo.c, sudoers.pod:
16588: Instead of zeroing out the environment, just prune out entries based
16589: on the env_delete and env_check lists. Base building up the new
16590: environment on the current environment and the variables we removed
16591: initially.
16592: [fc192df8fd15]
16593:
16594: * config.h.in, configure, configure.in, sudo.c:
16595: Set locale to "C" if locales are supported, just to be safe.
16596: [91fbaa98f02e]
16597:
16598: * toke.c, toke.l:
16599: Cast?argument to ctype functions to unsigned char.
16600: [e096b4d65796]
16601:
16602: 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
16603:
16604: * env.c:
16605: correct value for DID_USER
16606: [b5b05d36ec15]
16607:
16608: * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
16609: #include <compat.h> not "compat.h"
16610: [7a0ad9a0ccd7]
16611:
16612: * defaults.c:
16613: Reset the environment by default.
16614: [4ecc6423e0f0]
16615:
16616: * sudo.c:
16617: Alloc an extra slot in NewArgv. Removes the need to malloc an new
16618: vector if execve() fails.
16619: [83dfb6f584a7]
16620:
16621: 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
16622:
16623: * INSTALL, config.h.in, configure, configure.in, sudo.c:
16624: Use execve(2) and wrap the command in sh if we get ENOEXEC.
16625: [c0c6af4e2a21]
16626:
16627: 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
16628:
16629: * sudo_noexec.c:
16630: Only include time.h on systems that lack struct timespec which gets
16631: defind in compat.h (using time_t).
16632: [e373e518b4cb]
16633:
16634: * sudo_noexec.c:
16635: Include time.h for time_t in compat.h for systems w/o struct
16636: timespec.
16637: [a34b5637e458]
16638:
16639: * compat.h, config.h.in, configure, configure.in:
16640: use bcopy on systems w/o memmove
16641: [f835eafd78c6]
16642:
16643: * compat.h:
16644: __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
16645: use to gcc >= 2.8.
16646: [1cb9a4e58566]
16647:
16648: * Makefile.in:
16649: Add explicit rule to build sudo_noexec.lo
16650: [df1dfcf8dd77]
16651:
16652: 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
16653:
16654: * INSTALL.configure, Makefile.in:
16655: No longer depend on VPATH; pointed out a bunch of missed
16656: dependencies.
16657: [601a45d4af6b]
16658:
16659: * TROUBLESHOOTING:
16660: Help for PAM when account section is missing
16661: [9b8221256756]
16662:
16663: * auth/pam.c:
16664: Give user a clue when there is a missing "account" section in the
16665: PAM config.
16666: [2529625c0495]
16667:
16668: * auth/pam.c:
16669: Better error handling.
16670: [518c9bda23d8]
16671:
16672: * config.h.in, configure, configure.in:
16673: Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
16674: possible. Silences a warning about isblank() on linux.
16675: [19c94d7ecdc8]
16676:
16677: * auth/pam.c:
16678: Fix typo (missing comma) that caused an incorrect number of args to
16679: be passed to log_error().
16680: [0099dfec560f]
16681:
16682: 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
16683:
16684: * pwutil.c:
16685: Don't try to destroy a tree we didn't create.
16686: [d43c4fe03aa4]
16687:
16688: 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
16689:
16690: * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
16691: auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
16692: auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
16693: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
16694: compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
16695: fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
16696: goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
16697: match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
16698: sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
16699: strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
16700: tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
16701: Add __unused to rcsids
16702: [ad6b4ac45705]
16703:
16704: 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
16705:
16706: * configure, configure.in:
16707: Fix error message when mixing invalid auth types
16708: [68069b3ff5bc]
16709:
16710: * INSTALL:
16711: PAM, AIX auth, BSD auth and login_cap are now on by default if the
16712: OS supports them.
16713: [4e44e9098cf0]
16714:
16715: * auth/sudo_auth.h, config.h.in:
16716: s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
16717: [2d569b43b23e]
16718:
16719: * configure.in:
16720: Better checking for conflicting authentication methods Display the
16721: authentication methods used at the end of configure Rename --with-
16722: authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
16723: --with-pam, --with-logincap by default on systems that support them
16724: unless disabled. Add OSMAJOR variable that replaces old OSREV; now
16725: OSREV has full version number
16726: [a21115b6fe9f]
16727:
16728: 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
16729:
16730: * def_data.c, def_data.in, sudo.c, sudoers.pod:
16731: s/-O/-C/
16732: [ee73f1b81923]
16733:
16734: 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
16735:
16736: * configure.in:
16737: Replace: test -n "$FOO" || FOO="bar"
16738:
16739: With: : ${FOO='bar'}
16740: [37552d9054fc]
16741:
16742: 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
16743:
16744: * pwutil.c, testsudoers.c, tsgetgrpw.c:
16745: Use function pointers to only call private passwd/group routines
16746: when using a nonstandard passwd/group file.
16747: [215908681dfb]
16748:
16749: 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
16750:
16751: * CHANGES:
16752: sync
16753: [2e55c03f5790]
16754:
16755: * tsgetgrpw.c:
16756: Can't use strtok() since it doesn't handle empty fields so add
16757: getpwent()/getgrent() functions and call those.
16758: [bdaa5b0db70e]
16759:
16760: 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
16761:
16762: * Makefile.in:
16763: Fix dummied out toke.c and gram.c dependencies.
16764: [4b909c8b2ebe]
16765:
16766: * Makefile.in:
16767: Rename PARSESRCS -> GENERATED since it is only used in the clean
16768: target Add devdir variable and use it to specify the path to parser
16769: sources
16770: [f27b3f41ca23]
16771:
16772: * configure:
16773: regen
16774: [22c6435dbd46]
16775:
16776: * configure.in:
16777: Add a devdir variables that defaults to $(srcdir) and is set to . if
16778: --devel was specified. Allows for proper dependecies building the
16779: parser.
16780: [a36d694c6d21]
16781:
16782: * testsudoers.c:
16783: Add support for custom passwd/group files.
16784: [296549ff4b87]
16785:
16786: * Makefile.in:
16787: Build private copy of pwutil.o for testsudoers with MYPW defined so
16788: it uses our own passwd/group routines.
16789: [bafa54ec78ca]
16790:
16791: * visudo.c:
16792: Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
16793: stubs instead. We can now just use the caching sudo_*{pw,gr}*
16794: functions in pwutil.c Add comment about wanting to call
16795: sudo_endpwent/sudo_endgrent in cleanup()
16796: [7e59d6b5510d]
16797:
16798: * tsgetgrpw.c:
16799: Remove caching; we will just use what is in pwutil.c Use global
16800: buffers for passwd/group structs Rename functions from sudo_* to
16801: my_*
16802: [8c1e068f574c]
16803:
16804: * logging.c, sudo.c:
16805: g/c pwcache_init/pwcache_destroy
16806: [60a24909b947]
16807:
16808: * sudo.h:
16809: Undo last commit and add sudo_setspent and sudo_endspent instead.
16810: [bac80db08296]
16811:
16812: * getspwuid.c, pwutil.c:
16813: Move all but the shadow stuff from getspwuid.c to pwutil.c and
16814: pwcache_get and pwcache_put as they are no longer needed. Also add
16815: preprocessor magic to use private versions of the passwd and group
16816: routines if MYPW is defined (for use by testsudoers).
16817: [a16b8678a426]
16818:
16819: * tsgetgrpw.c:
16820: zero out struct passwd/group before filling it in so if there are
16821: fields we don't handle they end up as 0.
16822: [274cb6a93301]
16823:
16824: * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
16825: Adapt to pwutil.c
16826: [43ebd04c8b82]
16827:
16828: * Makefile.in:
16829: Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
16830: readability.
16831: [7f88c6061e2d]
16832:
16833: * tsgetgrpw.c:
16834: Passwd and group lookup routines for testsudoers that support
16835: alternate passwd and group files.
16836: [d7803101d34e]
16837:
16838: * getspwuid.c, pwutil.c:
16839: Split off pw/gr cache and dup code into its own file. This allows
16840: visudo and testsudoers to use the pw/gr cache too.
16841: [ef333d3ffedf]
16842:
16843: 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
16844:
16845: * parse.c:
16846: Print Defaults info in "sudo -l" output and wrap lines based on the
16847: terminal width.
16848: [e559eae4250e]
16849:
16850: 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
16851:
16852: * match.c, testsudoers.c, visudo.c:
16853: Only check group vector in usergr_matches() if we are matching the
16854: invoking or list user. Always check the group members, even if
16855: there was a group vector.
16856: [d0c7ceb2a041]
16857:
16858: 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
16859:
16860: * LICENSE, Makefile.in, fnmatch.3:
16861: No longer bundle fnmatch.3
16862: [72db4a4ff4e1]
16863:
16864: * CHANGES, TODO:
16865: checkpoint
16866: [e92781bfd99c]
16867:
16868: 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
16869:
16870: * sudo.c:
16871: sort usage
16872: [15e3b876ec2c]
16873:
16874: * sudo.pod:
16875: Sort command line options
16876: [c1fa56584bc4]
16877:
16878: * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
16879: sudo.pod, sudoers.pod:
16880: Add closefrom sudoers option to start closing at a point other than
16881: 3. Add closefrom_override sudoers option and -C sudo flag to allow
16882: the user to specify a different closefrom starting point.
16883: [370652b099d1]
16884:
16885: * pathnames.h.in:
16886: Add _PATH_DEVNULL for those without it.
16887: [0c4c3e0ceb8b]
16888:
16889: * LICENSE:
16890: no more UCB strcasecmp
16891: [397a6298e07f]
16892:
16893: * strcasecmp.c:
16894: replace BSD licensed one with version derived from pdksh
16895: [d7cfda8c57a2]
16896:
16897: 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
16898:
16899: * sudo.c:
16900: Fix last commit.
16901: [7afb9a180532]
16902:
16903: * sudo.c:
16904: Make sure stdin, stdout and stderr are open and dup them to
16905: /dev/null if not.
16906: [590f387068bd]
16907:
16908: 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
16909:
16910: * ldap.c, mon_systrace.c, sudo.c, sudo.h:
16911: add sudo_ldap_close
16912: [4273a36765a7]
16913:
16914: * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
16915: Use TIME_WITH_SYS_TIME
16916: [c32b59bf15fb]
16917:
16918: * config.h.in, configure, configure.in:
16919: Add TIME_WITH_SYS_TIME_H
16920: [57cb146f451d]
16921:
16922: 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
16923:
16924: * env.c:
16925: Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
16926: unconditionally on darwin. From Toby Peterson.
16927: [d69959681c87]
16928:
16929: * getspwuid.c:
16930: Check rbinsert() return value. In the case of faked up entries
16931: there is usually a negative response cached that we need to
16932: overwrite.
16933:
16934: In pwfree() don't try to zero out a NULL pw_passwd pointer.
16935: [00b32d1a48c1]
16936:
16937: * mon_systrace.c:
16938: Use the double fork trick to avoid the monitor process being waited
16939: for by the main program run through sudo.
16940: [e0ce556712ff]
16941:
16942: 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
16943:
16944: * sudo.c:
16945: Call initgroups() in -U mode so group matches work normally.
16946: [2235bea15283]
16947:
16948: * def_data.h, mkdefaults:
16949: Don't print a trailing comma for the last entry in enum def_tupple
16950: [c43a96bb31df]
16951:
16952: 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
16953:
16954: * sudoers.cat, sudoers.man.in, sudoers.pod:
16955: Mention values when lecture, listpw and verifypw are used in boolean
16956: context.
16957: [a0b5c0abaccf]
16958:
16959: * def_data.c, def_data.in:
16960: verifypw when used in a boolean TRUE context should be "all", not
16961: "any".
16962: [2eb076ddd5e2]
16963:
16964: 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
16965:
16966: * def_data.in, defaults.c:
16967: Allow tuples that can be used as booleans to be used as boolean
16968: TRUE. In this case the 2nd possible value of the tuple is used for
16969: TRUE.
16970: [bd99aa77e88b]
16971:
16972: 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
16973:
16974: * configure, configure.in:
16975: Correct the test for 2-parameter timespecsub
16976: [d41c9cb26b97]
16977:
16978: * sudo.h:
16979: Add strub struct definitions for passwd, timeval and timespec
16980: [c4ce5c43d8c5]
16981:
16982: * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
16983: Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
16984: and fix a typo in the gettimeofday check.
16985: [8ac9893057ce]
16986:
16987: 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
16988:
16989: * match.c, testsudoers.c:
16990: Deal with user_stat being NULL as it is for visudo and testsudoers.
16991: [3605a6ff64d0]
16992:
16993: * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
16994: Add -U option to use in conjunction with -l instead of -u. Add
16995: support for "sudo -l command" to test a specific command.
16996: [99638789d415]
16997:
16998: * gram.c, gram.y, sudo.c:
16999: Set safe_cmnd after sudoers_lookup() if it has not been set.
17000: Previously it was set by sudo "ALL" in the parser but at that point
17001: the fully-qualified pathname has not yet been found.
17002: [ac30d98f8225]
17003:
17004: 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
17005:
17006: * parse.c, testsudoers.c:
17007: Correctly handle multiple privileges per userspec and runas
17008: inheritence.
17009: [a98a965181af]
17010:
17011: 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
17012:
17013: * defaults.c:
17014: Zero out sd_un for each entry in sudo_defs_table in init_defaults.
17015: [031d3cd4a848]
17016:
17017: 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
17018:
17019: * toke.c, toke.l:
17020: make per-command defaults work with sudoedit
17021: [e56fe33db916]
17022:
17023: * ldap.c, parse.c, sudo.c, sudo.h:
17024: Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
17025: Instead, we just set the approriate defaults variable.
17026: [756eeecc1d86]
17027:
17028: * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
17029: Document per-command Defaults.
17030: [92a0f84b91c1]
17031:
17032: * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
17033: sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
17034: Add support for command-specific Defaults entries. E.g.
17035: Defaults!/usr/bin/vi noexec
17036: [be3d52bf01cf]
17037:
17038: * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
17039: Change an occurence of user_matches() -> runas_matches() missed
17040: previously runas_matches(), host_matches() and cmnd_matches() only
17041: really need to pass in a list of members. user_matches() still
17042: needs to pass in a passwd struct because of "sudo -l"
17043: [833b22fc6fa0]
17044:
17045: * parse.c:
17046: Check def_authenticate, def_noexec and def_monitor when setting
17047: return flags. XXX May be better to just set the defaults directly
17048: and get rid of those flags.
17049: [b6db22b59d69]
17050:
17051: * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
17052: auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
17053: auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
17054: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
17055: defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
17056: getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
17057: gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
17058: mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
17059: strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
17060: sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
17061: visudo.c, zero_bytes.c:
17062: Use: #include <config.h> Not: #include "config.h" That way we get
17063: the correct config.h when build dir != src dir
17064: [97e5670a442b]
17065:
17066: * Makefile.in:
17067: Back out part of rev 1.263; fix -I order
17068: [197ea01cad5d]
17069:
17070: * toke.c, toke.l:
17071: More robust parsing if #include; could be much better still.
17072: [31bc3cd8f045]
17073:
17074: * sudo_edit.c, visudo.c:
17075: Make arg splitting in visudo and sudoedit consistent.
17076: [7bc74485f246]
17077:
17078: * Makefile.in, alias.c, gram.c, gram.y, parse.h:
17079: Split alias routines out into their own file.
17080: [d90f633cf9ae]
17081:
17082: * error.h:
17083: __attribute__ is already defined in compat.h
17084: [676ed3fe9203]
17085:
17086: * visudo.c:
17087: quit() should not be __noreturn__ as it is non-void on some
17088: platforms.
17089: [e528c2b6ba10]
17090:
17091: * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
17092: Add local error/warning functions like err/warn but that call an
17093: additional cleanup routine in the error case. This means we no
17094: longer need to compile a special version of alloc.o for visudo.
17095: [e78e8aae882e]
17096:
17097: * parse.h:
17098: Clarify comments about the data structures
17099: [ae894e266701]
17100:
17101: 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
17102:
17103: * visudo.c:
17104: Add support for VISUAL and EDITOR containing command line args. If
17105: env_editor is not set any args in VISUAL and EDITOR are ignored.
17106: Arguments are also now supported in def_editor.
17107: [ff7303b8e298]
17108:
17109: 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
17110:
17111: * parse.h:
17112: alias_matches() is no more
17113: [b59825e28084]
17114:
17115: * CHANGES, TODO:
17116: sync
17117: [2b8f5f63c1de]
17118:
17119: * Makefile.in:
17120: When regenerating the parser, don't replace gram.h unless it has
17121: changed.
17122: [819949668018]
17123:
17124: * Makefile.in:
17125: remove Makefile.binary for distclean
17126: [351eec8d00b2]
17127:
17128: * env.c:
17129: Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
17130: sure we can't overflow new_env.
17131: [3284d17b9c6d]
17132:
17133: * sudo_edit.c:
17134: paranoia when stripping trailing slashes from tempdir.
17135: [012f1aa2b81f]
17136:
17137: * sudo.c:
17138: Set user_ngroups to 0 if getgroups() returns an error.
17139: [c46d43e9449a]
17140:
17141: 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
17142:
17143: * config.h.in, configure, configure.in, sudo.c:
17144: Add configure check for getgroups()
17145: [5d8a214e2cef]
17146:
17147: * ldap.c:
17148: Use supplementary group vector in struct sudo_user.
17149: [3d0c463c034d]
17150:
17151: * match.c:
17152: Only do string comparisons on the group members if there is no
17153: supplemental group list.
17154: [be1c8362f7ef]
17155:
17156: * CHANGES, TODO:
17157: sync
17158: [db188bc5b975]
17159:
17160: * sudo_edit.c:
17161: On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
17162: chop off any trailing slashes we see and add an explicit one.
17163: [e1b477dafee1]
17164:
17165: * match.c:
17166: remove bogus XXX comment
17167: [8aecb8a28d40]
17168:
17169: * match.c:
17170: Get rid of alias_matches and correctly fall through to the non-alias
17171: cases when there is no alias with the specified name.
17172: [2cd555246f09]
17173:
17174: * getspwuid.c:
17175: Cache non-existent passwd/group entries too.
17176: [8de9a467d271]
17177:
17178: * gram.c:
17179: regen
17180: [9ece18c58f36]
17181:
17182: * getspwuid.c:
17183: fix typo
17184: [9a7ae371eac1]
17185:
17186: * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
17187: mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
17188: Implement group caching and use the passwd and group caches
17189: throughout.
17190: [f1d8c5015169]
17191:
17192: 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
17193:
17194: * match.c:
17195: Properly negate the return value of alias_matches() when
17196: appropriate.
17197: [ce59c4ce77ad]
17198:
17199: * match.c:
17200: Make hostname_matches() return TRUE for a match, else FALSE like the
17201: caller expects.
17202: [1dc03902d3a2]
17203:
17204: * Makefile.in:
17205: Add missing dependencies on gram.h
17206: [4f94bbb1d50c]
17207:
17208: * match.c:
17209: Use runas_matches in alias_matches() now that we have it.
17210: [284d22e91178]
17211:
17212: * parse.c, parse.h:
17213: Expand aliases in "sudo -l" mode
17214: [f67a38b79c44]
17215:
17216: * gram.y, match.c:
17217: Use ALIAS for the member type when storing an alias instead of
17218: HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
17219: more generic type. Expand runas_matches instead of calling
17220: user_matches() inside of it since user_matches() looks up
17221: USERALIASes, not RUNASALIASes.
17222: [52004d75232b]
17223:
17224: * CHANGES, getspwuid.c:
17225: Paranoia; zero out pw_passwd before freeing passwd entry.
17226: [bd1b22638f00]
17227:
17228: * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
17229: configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
17230: error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
17231: sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
17232: Add local error/warning functions like err/warn but that call an
17233: additional cleanup routine in the error case. This means we no
17234: longer need to compile a special version of alloc.o for visudo.
17235: [25000b676cfe]
17236:
17237: * match.c:
17238: Use userpw_matches() to compare usernames, not strcmp(), since the
17239: latter checks for "#uid".
17240: [fcbe4b859f66]
17241:
17242: * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
17243: Cache passwd db entries in 2 reb-black trees; one indexed by uid,
17244: the other by user name. The data returned from the cache should be
17245: considered read-only and is destroyed by sudo_endpwent().
17246: [ee2418ff3f86]
17247:
17248: * match.c:
17249: add cast to uid_t
17250: [eb6415302d84]
17251:
17252: * gram.y:
17253: missing free in alias_destroy
17254: [572ecb680ad8]
17255:
17256: * redblack.c:
17257: Can't use rbapply() for rbdestroy since the destructor is passed a
17258: data pointer, not a node pointer.
17259: [11ce713830c0]
17260:
17261: * getspwuid.c, logging.c, sudo.c, sudo.h:
17262: Create and use private versions of setpwent() and endpwent() that
17263: set/end the shadow password file too.
17264: [616bc76d23bf]
17265:
17266: * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
17267: Store aliases in a red-black tree.
17268: [ce017d540416]
17269:
17270: * Makefile.in, redblack.c, redblack.h:
17271: red-black tree implementation
17272: [cd5586e8f48b]
17273:
17274: * visudo.c:
17275: Edit all sudoers file if there were unused or undefined aliases and
17276: we are in strict mode.
17277: [b6d5f5bb7262]
17278:
17279: 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
17280:
17281: * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
17282: find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
17283: Bring back the "secure_path" Defaults option now that Defaults take
17284: effect before the path is searched.
17285: [2e52c0e27606]
17286:
17287: 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
17288:
17289: * logging.c, parse.c:
17290: A user can always list their own entries, even with -u. Better error
17291: message when failing to list another user's entries.
17292: [e2e24deb0071]
17293:
17294: * parse.c, sudo.c, sudo.h:
17295: The syntax to list another user's entries is now "-u otheruser -l".
17296: Only root or users with sudo "ALL" may list other user's entries.
17297: [3c0657e8f5fe]
17298:
17299: * sudo.cat, sudo.man.in, sudo.pod:
17300: Update env variable info in SECURITY NOTES
17301: [299716071024]
17302:
17303: * env.c:
17304: strip CDPATH too
17305: [9b97643b26f9]
17306:
17307: * env.c:
17308: strip exported bash functions from the environment.
17309: [9e5090c8284f]
17310:
17311: 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
17312:
17313: * sudo.c:
17314: Only reset sudo_user.pw based on SUDO_USER environment variables for
17315: real commands and sudoedit. This avoids a confusing message when a
17316: user tries "sudo -l" or "sudo -v" and is denied.
17317: [3ea6d0053274]
17318:
17319: * gram.c, gram.y, parse.h:
17320: Extend LIST_APPEND to deal with appending lists too
17321: [d963e42f622f]
17322:
17323: 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
17324:
17325: * logging.c:
17326: Convert some bitwise AND to ISSET
17327: [130dc40d268e]
17328:
17329: * lex.yy.c, toke.c:
17330: toke.c replaces lex.yy.c
17331: [048858df79e7]
17332:
17333: * CHANGES, TODO:
17334: sync
17335: [d19e7abf251c]
17336:
17337: * BUGS:
17338: new parser fixes most of the outstanding bugs
17339: [0891f66e3758]
17340:
17341: * configure:
17342: regen
17343: [1a3358cc7283]
17344:
17345: * visudo.c:
17346: Rework for the new parser. Now checks for unused aliases in sudoers.
17347: [ad462ede3094]
17348:
17349: * testsudoers.c:
17350: Rewrite for the new parser. Now supports a -d flag (dump) and adds
17351: a -h flag (host). It now defaults to the local hostname unless
17352: otherwise specified.
17353: [1b69685cc601]
17354:
17355: * sudo.h:
17356: Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
17357: [2e4fb3abfef0]
17358:
17359: * sudo.c:
17360: Update for new parse. We now call find_path() *after* we have
17361: updated the global defaults based on sudoers. Also adds support for
17362: listing other user's privs if you are root.
17363: [cf3db9fc3024]
17364:
17365: * mon_systrace.c:
17366: Working LDAP support; also remove a now-unneeded rewind().
17367: [649ecf1baf6b]
17368:
17369: * logging.c, logging.h:
17370: Add NO_STDERR flag.
17371: [6cb935af94e0]
17372:
17373: * ldap.c:
17374: Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
17375: udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
17376: connecto to LDAP, apply the default options, find the command in the
17377: user's path, and then check whether the user is allowed to run it.
17378: The important thing here is that the default runas user may be
17379: specified as a default option and that needs to be set before we
17380: search for the command.
17381: [fc0426abc6f1]
17382:
17383: * ldap.c:
17384: Add casts to unsigned char for isspace() to quiet a gcc warning.
17385: [e5358e3df439]
17386:
17387: * defaults.h:
17388: Add prototype for update_defaults()
17389: [564dac3db74e]
17390:
17391: * defaults.c:
17392: Don't warn about line numbers now that we operate on a set of data
17393: structures (or LDAP) and not a file.
17394: [bcd9ffb9b67c]
17395:
17396: * config.h.in:
17397: No long use lsearch()
17398: [9d048c587319]
17399:
17400: * Makefile.in:
17401: Update for new and changed file names.
17402: [6f424a7c4515]
17403:
17404: * LICENSE:
17405: no more BSD lsearch.c
17406: [463a96d89026]
17407:
17408: * match.c:
17409: foo_matches() routines now live in match.c Added user_matches(),
17410: runas_matches(), host_matches(), cmnd_matches() and alias_matches()
17411: that operate on the parsed sudoers file.
17412: [b14da8a0567e]
17413:
17414: * parse.lex, toke.l:
17415: Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
17416: WORD no longer needs to exclude '@' kill yywrap()
17417: [a922294eb7b7]
17418:
17419: * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
17420: sudo.tab.h:
17421: Rewritten parser that converts sudoers into a set of data
17422: structures. This eliminates ordering issues and makes it possible to
17423: apply sudoers Defaults entries before searching for the command.
17424: [30d2ec4d203c]
17425:
17426: * configure.in, emul/search.h, lsearch.c:
17427: We won't be using lsearch() any longer.
17428: [29c4d54bfac0]
17429:
17430: * ldap.c:
17431: sudo should not send mail if someone who runs 'sudo -l' has no
17432: entry.
17433: [6fc27a69fd9c]
17434:
17435: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17436: visudo.man.in:
17437: regen
17438: [8166347917f3]
17439:
17440: * visudo.pod:
17441: Update warnings to match new visudo
17442: [004c0766798f]
17443:
17444: * sudoers.pod:
17445: The new parser doesn't have the old ordering constraints.
17446: [ffd43bd08661]
17447:
17448: * sudo.pod:
17449: Document that -l now takes an optional username argument
17450: [278f9557de8b]
17451:
17452: 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
17453:
17454: * RUNSON:
17455: AIX 5.2.0.0 works
17456: [523acd29d858]
17457:
17458: * ldap.c:
17459: If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
17460: a compilation problem with Solaris 9's native LDAP.
17461:
17462: Set FLAG_MONITOR when needed.
17463: [35824ade672d]
17464:
17465: 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
17466:
17467: * mon_systrace.c:
17468: Call sudo_goodpath() *after* changing the cwd to match the traced
17469: process. Fixes relative paths.
17470: [12ee111d0ad7]
17471:
17472: 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
17473:
17474: * testsudoers.c:
17475: Kill set_perms() stub--it is no longer needed.
17476: [116ed702935d]
17477:
17478: 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
17479:
17480: * sudoers.cat, sudoers.man.in, sudoers.pod:
17481: stay_setuid now requires set_reuid() or setresuid()
17482: [8511f67e25d5]
17483:
17484: * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
17485: configure.in, set_perms.c, sudo.c, sudo.h:
17486: Kill use of POSIX saved uids; they aren't worth bothering with.
17487: [b3b1f19f18c1]
17488:
17489: 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
17490:
17491: * glob.c:
17492: remove call to issetugid()
17493: [63f2e492c08f]
17494:
17495: * sudoers.cat, sudoers.man.in, sudoers.pod:
17496: Remove warning about wildcards. Now that we use glob() the bug is
17497: fixed.
17498: [b15729d32266]
17499:
17500: * parse.c:
17501: Use glob(3) instead of fnmatch(3) for matching pathnames and stat
17502: each result that matches the basename of the user's command. This
17503: makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
17504: /usr/bin/blah. Fixes bug #143.
17505: [e31eb6310340]
17506:
17507: * config.h.in, configure, configure.in:
17508: Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
17509: GLOB_BRACE)
17510: [677ed6661e17]
17511:
17512: * config.h.in, configure, configure.in:
17513: Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
17514: [aaa2329dd266]
17515:
17516: * LICENSE:
17517: reference glob
17518: [bedc9a923423]
17519:
17520: * glob.c:
17521: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
17522: removed.
17523: [81799451473c]
17524:
17525: * emul/glob.h:
17526: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
17527: removed.
17528: [0335cf31fb1e]
17529:
17530: 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
17531:
17532: * mon_systrace.c:
17533: Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
17534: means we are out of space in the stack gap...
17535: [5b02b702021e]
17536:
17537: * CHANGES:
17538: sync
17539: [be3826273e56]
17540:
17541: * mon_systrace.c:
17542: Take a stab at ldap sudoers support here.
17543: [9d023695b0de]
17544:
17545: * mon_systrace.c, mon_systrace.h:
17546: Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
17547: doesn't cause reboot to inadvertanly kill itself.
17548: [d4aab2365610]
17549:
17550: * mon_systrace.c:
17551: put "monitor" in the proctitle, not "systrace"
17552: [9a9025767d86]
17553:
17554: * mon_systrace.c:
17555: When modifying the environment, don't replace envp when we can get
17556: away with just rewriting pointers in the traced process.
17557: [c03622f7a2e2]
17558:
17559: * mon_systrace.c, mon_systrace.h:
17560: Add environment updating via STRIOCINJECT (if available).
17561: [037291016870]
17562:
17563: * sudoers.cat, sudoers.man.in:
17564: regen
17565: [869acc511046]
17566:
17567: 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
17568:
17569: * lex.yy.c:
17570: regen
17571: [4e61a9bd3c97]
17572:
17573: * parse.lex:
17574: Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
17575: [b70d7bd6e147]
17576:
17577: * mon_systrace.c:
17578: Include file is now mon_systrace.h
17579: [ead4e36d92ae]
17580:
17581: * Makefile.in, configure, configure.in, def_data.c, def_data.h,
17582: def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
17583: sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
17584: No longer call it tracing, it is now "monitoring" which should be
17585: more a obvious name to non-hackers.
17586: [aa811ded0789]
17587:
17588: 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
17589:
17590: * mon_systrace.c, mon_systrace.h:
17591: Fix some XXX
17592: [a271072dacc6]
17593:
17594: * mon_systrace.c, mon_systrace.h:
17595: No need to include syscall.h, use 1024 as the max # of entries (the
17596: max that systrace(4) allows).
17597:
17598: Only need to use SYSTR_POLICY_ASSIGN once
17599:
17600: Change check_syscall() -> find_handler() and have it return the
17601: handler instead of just running it. We need this since handler now
17602: have two parts: one part that generates and answer and another that
17603: gets called after the answer is accepted (to do logging).
17604:
17605: Add some missing check_exec for emul execv
17606: [a89d243f0525]
17607:
17608: * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
17609: Add $Sudo$ tags.
17610: [6f3fedb0daba]
17611:
17612: * config.h.in:
17613: Add missing HAVE_LINUX_SYSTRACE_H
17614: [ff75ab7bfc53]
17615:
17616: * Makefile.in:
17617: add trace_systrace.o dependency
17618: [88a408668ab2]
17619:
17620: 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
17621:
17622: * configure, configure.in:
17623: Also look for systrace.h in /usr/include/linux
17624: [98b98b436cf3]
17625:
17626: * mon_systrace.c, mon_systrace.h:
17627: Move all struct defs and prototypes into trace_systrace.h and mark
17628: all but systace_attach() static.
17629: [85511253b570]
17630:
17631: * mon_systrace.c, mon_systrace.h:
17632: Add support for tracing emulations. At the moment, all emulations
17633: are compiled in. It might make sense to #ifdef them in the future,
17634: though this impeeds readability.
17635: [87bb50abf277]
17636:
17637: * Makefile.in, configure, configure.in:
17638: rename systrace.c -> trace_systrace.c
17639: [31cfa4407d93]
17640:
17641: * parse.yacc, sudo.tab.c:
17642: Allow this to build with a K&R compiler again
17643: [32876af5bb98]
17644:
17645: * TODO:
17646: sync
17647: [46865bd70f7c]
17648:
17649: * compat.h, sudo.c, visudo.c:
17650: Use __attribute__((__noreturn__))
17651: [65bbad71fe89]
17652:
17653: * visudo.c:
17654: Exit() takes a negative value to indicate it was not called via
17655: signal.
17656: [b93032ed7b60]
17657:
17658: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17659: visudo.man.in:
17660: regen
17661: [45bcf4661558]
17662:
17663: * Makefile.in, visudo.c:
17664: Define Err() and Errx() that are like err() and errx() but call
17665: Exit() instead of exit(). Build private copy of alloc.o for visudo
17666: that calls Err() and Errx().
17667: [c6d02bf42edd]
17668:
17669: 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
17670:
17671: * lex.yy.c, sudo.tab.c:
17672: regen
17673: [39de7e7c59da]
17674:
17675: * CHANGES:
17676: sync
17677: [ba481d9ed1aa]
17678:
17679: * visudo.c:
17680: Overhaul visudo for editing multiple files: o visudo has been
17681: broken out into functions (more work needed here) o each file is
17682: now edited before sudoers is re-parsed o if a #include line is
17683: added that file will be edited too
17684:
17685: TODO: o cleanup temp files when exiting via err() or errx() o
17686: continue breaking things out into separate functions
17687: [80c35cf534eb]
17688:
17689: * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
17690: Add keepopen arg to open_sudoers that open_sudoers can use to
17691: indicate to the caller that the fd should not be closed when it is
17692: done with it. To be used by visudo to keep locked fds from being
17693: closed prematurely (and thus losing the lock).
17694: [f330fe632470]
17695:
17696: * parse.yacc, sudo.c:
17697: Add errorfile global that contains the name of the file that caused
17698: the error.
17699: [98079c7a37ed]
17700:
17701: * parse.lex:
17702: return COMMENT to yacc grammar for a #include line
17703: [2024a8de4fa8]
17704:
17705: * parse.lex:
17706: Remove us of unput() in favor of yyless() which is cheaper.
17707: [c61291902beb]
17708:
17709: * parse.yacc:
17710: Allow an empty sudoers file.
17711: [62fb111db2e7]
17712:
17713: 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
17714:
17715: * mon_systrace.c:
17716: Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
17717: [9e15869ef597]
17718:
17719: * lex.yy.c, sudo.tab.c:
17720: regen
17721: [c29bdd43bfad]
17722:
17723: * visudo.c:
17724: Do signal setup before calling edit_sudoers(). Don't shadow the
17725: "quiet" global.
17726: [74252efd09ff]
17727:
17728: * visudo.c:
17729: If a sudoers file includes other files, edit those too. Does not yes
17730: deal with creating the new includes files itself.
17731: [06af7b9c173f]
17732:
17733: * testsudoers.c:
17734: init_parser now takes a path
17735: [b5ee186eb192]
17736:
17737: * parse.c, parse.h, parse.lex, parse.yacc:
17738: More scaffolding for dealing with multiple sudoers files: o
17739: init_parser() now takes a path used to populate the sudoers global
17740: o the sudoers global is used to print the correct file in yyerror()
17741: o when switching to a new sudoers file, perserve old file name and
17742: line number
17743: [d9be4970b8bd]
17744:
17745: * Makefile.in, pathnames.h.in:
17746: Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
17747: multiple sudoers files.
17748: [6ccc4e921c43]
17749:
17750: * parse.c, sudo.c:
17751: Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
17752: we start at the right file position when reading include files.
17753: [91fcb961e7a4]
17754:
17755: * sudoers.pod:
17756: document #include
17757: [fbb92a25a726]
17758:
17759: * lex.yy.c:
17760: regen
17761: [50cd7a4c9dff]
17762:
17763: * parse.lex:
17764: Add max depth of 128 for the include stack to avoid loops.
17765:
17766: Since yyerror() doesn't stop parsing, pass return values back to
17767: yylex and call yyterminate() on error.
17768: [e79dbffb729d]
17769:
17770: 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
17771:
17772: * sudoers.pod:
17773: document tracing
17774: [165a467eadd8]
17775:
17776: * sudo.pod:
17777: Mention PREVENTING SHELL ESCAPES section of sudoers man page
17778: [3217ccecd834]
17779:
17780: * lex.yy.c, sudo.tab.c:
17781: regen
17782: [fbd58d1d3a76]
17783:
17784: * parse.lex:
17785: Add support for #include in sudoers (visudo support TBD)
17786: [a78015ca81af]
17787:
17788: * parse.yacc:
17789: make yyerror()'s argument const
17790: [7d8e168c019a]
17791:
17792: * testsudoers.c, visudo.c:
17793: Add open_sudoers() stubs.
17794: [087466787198]
17795:
17796: * sudo.c, sudo.h:
17797: Rename check_sudoers() open_sudoers() and make it return a FILE *
17798: [142fc511fc65]
17799:
17800: 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
17801:
17802: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
17803: version.h:
17804: Crank version
17805: [1adc3f839480]
17806:
17807: * Makefile.in, sudo.psf:
17808: Better HP-UX depot construction
17809: [2d952b000e63]
17810:
17811: 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
17812:
17813: * mon_systrace.c:
17814: o Made children global so check_exec() can lookup a child. o
17815: Replaced uid in struct childinfo with struct passwd * (for runas) o
17816: new_child() now takes a parent pid so the runas info can be
17817: inherited o Added find_child() to lookup a child by its pid o
17818: update_child() now fills in a struct passwd o Converted the big
17819: if/else mess in set_policy to a switch o Syscalls that change uid
17820: are now "ask" so we get SYSTR_MSG_UGID events
17821: [29b9ea3f09a3]
17822:
17823: * getspwuid.c:
17824: Add flag to sudo_pwdup that indicates whether or not to lookup the
17825: shadow password. Will be used to a struct passwd that has the
17826: shadow password already filled in.
17827: [e19d43dd7238]
17828:
17829: * mon_systrace.c:
17830: add missing increment of addr in read_string()
17831: [f9eb0f060cb6]
17832:
17833: * mon_systrace.c:
17834: Remove bogus call to update_child() and some cosmetic fixes
17835: [701ab0b97fef]
17836:
17837: * mon_systrace.c:
17838: Don't leak /dev/systrace fd to tracee Make initialized global for
17839: simplicity If STRIOCATTACH returns EBUSY we are already being traced
17840: Check for user_args == NULL in setproctitle() call Add missing calls
17841: to STRIOCANSWER
17842: [1956edf9bc3a]
17843:
17844: * sudo.c:
17845: g/c sudo_pwdup proto
17846: [b7c4d6249ecb]
17847:
17848: * Makefile.in, sudo.psf:
17849: Add target for building a depot file
17850: [357019efd99b]
17851:
17852: * mon_systrace.c:
17853: trim includes
17854: [501534428471]
17855:
17856: 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
17857:
17858: * lex.yy.c, sudo.tab.c, sudo.tab.h:
17859: regen
17860: [52fd250c6986]
17861:
17862: * INSTALL:
17863: document --with-systrace
17864: [79623927c94e]
17865:
17866: * config.h.in, configure, configure.in:
17867: Add check for setproctitle
17868: [1730cf1c26ed]
17869:
17870: * mon_systrace.c:
17871: pass struct str_msg_ask in to syscall checker so it can set the
17872: error code
17873: [1703fd2fdef6]
17874:
17875: * mon_systrace.c:
17876: systrace(4) support for sudo. On systems with the systrace(4)
17877: kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
17878: intercept exec calls and check the exec args against the sudoers
17879: file. In other words, sudo can now control subcommands and shell
17880: escapes.
17881: [928c9217c386]
17882:
17883: * sudo.c, sudo.h:
17884: Call systrace_attach() if FLAG_TRACE is set.
17885: [014ba9402fa5]
17886:
17887: * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
17888: Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
17889: [a99904db5e56]
17890:
17891: * parse.c, sudo.c:
17892: Don't close sudoers_fp, keep it open and set close on exec flag
17893: instead.
17894: [43a9fec60bee]
17895:
17896: * def_data.c, def_data.h, def_data.in:
17897: Add trace option
17898: [5b643b86730a]
17899:
17900: * Makefile.in:
17901: Add systrace
17902: [47a0519c427c]
17903:
17904: * INSTALL:
17905: SunOS /bin/sh blows up with configure
17906: [005a23cc5615]
17907:
17908: * configure, configure.in:
17909: Include sys/param.h before systrace.h
17910: [9345bc8efecf]
17911:
17912: * configure:
17913: regen
17914: [a8f53fcbb254]
17915:
17916: * pathnames.h.in:
17917: _PATH_DEV_SYSTRACE
17918: [d2ad1e492a00]
17919:
17920: * configure.in:
17921: line up options in --help
17922: [fa51f2821d09]
17923:
17924: * config.h.in, configure.in:
17925: Add --with-systrace
17926: [a264d54bc413]
17927:
17928: 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
17929:
17930: * configure:
17931: regen
17932: [a4dad0bcc523]
17933:
17934: * aclocal.m4, configure.in:
17935: make this work with autoconf-2.59
17936: [c4a92b6a684a]
17937:
17938: 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
17939:
17940: * sudo_edit.c:
17941: Simplify logic around open & stat of files and do sanity on edited
17942: file even if we lack fstat (still racable but worth doing).
17943: [adda65ade70c]
17944:
17945: 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
17946:
17947: * HISTORY:
17948: Add support url
17949: [bf6590fbde9f]
17950:
17951: * Makefile.in:
17952: versino 1.6.8p1
17953: [b84ebfaf1552] [SUDO_1_6_8p1]
17954:
17955: * CHANGES:
17956: more changes for 1.6.8p1
17957: [e23a9c0393b6]
17958:
17959: * version.h:
17960: 1.6.8p1
17961: [872f14504b5f]
17962:
17963: * CHANGES, sudo_edit.c:
17964: Add sanity check so we don't try to edit something other than a
17965: regular file.
17966: [350134ec6d4e]
17967:
17968: 2004-09-15 Aaron Spangler <aaron777@gmail.com>
17969:
17970: * CHANGES:
17971: sync
17972: [3091ca9eae00]
17973:
17974: * INSTALL:
17975: document --with-ldap-conf-file
17976: [0e2cd6b896f1]
17977:
17978: 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
17979:
17980: * CHANGES, ins_csops.h:
17981: political correctness strikes again
17982: [428e8bc77f55]
17983:
17984: * RUNSON:
17985: sync
17986: [27f44bd423dc]
17987:
17988: 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
17989:
17990: * Makefile.binary.in, Makefile.in:
17991: Install sudoedit man link
17992: [19a55234fc1f]
17993:
17994: * INSTALL:
17995: Update PAM note and mention where HP-UX users can download gcc
17996: binaries.
17997: [d37cdbbabfd4]
17998:
17999: * Makefile.in:
18000: libtool wants to install stuff from .libs so fake one up for binary
18001: installations.
18002: [a681bc6fcfba]
18003:
18004: * Makefile.binary.in:
18005: rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
18006: [3e0c4b3372cc]
18007:
18008: * Makefile.in:
18009: Deal with "uname -m" having slashes in it rm -f old sudoedit link
18010: instead of using ln -f
18011: [cff33fb97e5b]
18012:
18013: * Makefile.binary, Makefile.binary.in:
18014: Makefile.binary -> Makefile.binary.in for config.status substitution
18015: Add support for installing noexec bits
18016: [37d8bb3483c6]
18017:
18018: * Makefile.in:
18019: Copy noexec bits into binary dists too No longer use my old arch
18020: script for making binary dists
18021: [e7058bab9e33]
18022:
18023: * Makefile.binary:
18024: Install sudoedit link.
18025: [417d1e101711]
18026:
18027: 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
18028:
18029: * emul/utime.h:
18030: avoid __P so there is no need for compat.h to be included
18031: [6d8d1f1abf7d]
18032:
18033: * utimes.c:
18034: Don't use HAVE_UTIME_H before including config.h.
18035: [013b7bb61181]
18036:
18037: 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
18038:
18039: * compat.h:
18040: Fix Solatis futimes macro
18041: [d4eda2ca0d29]
18042:
18043: 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
18044:
18045: * sudo_edit.c:
18046: Rename ots -> omtim for improved readability.
18047: [127ca5bb297c]
18048:
18049: 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
18050:
18051: * sudo_edit.c:
18052: Redo changes in revision 1.7. Don't really need to keep the temp
18053: file open; re-opening it with the invoking user's euid is
18054: sufficient.
18055: [55a883165a95]
18056:
18057: * CHANGES:
18058: sync
18059: [9015b291170d]
18060:
18061: * sudo.cat, sudo.man.in:
18062: regen
18063: [c0313f6ed783]
18064:
18065: * sudo.pod:
18066: back out revision 1.70; it is no long applicable
18067: [b641d503aff6]
18068:
18069: * env.c:
18070: Let the loader initialize nep
18071: [bec192139b02]
18072:
18073: * config.h.in, configure, configure.in:
18074: Removed unneed check for fchown Add check for gettimeofday Move
18075: autoheader template stuff into separate AH_TEMPLATE lines
18076: [bfc0edbd43f2]
18077:
18078: * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
18079: Use timespec throughout.
18080: [1a178a23b69b]
18081:
18082: * Makefile.in:
18083: gettime.[co]
18084: [6aeb48a7ab7f]
18085:
18086: * gettime.c:
18087: function to return the current time in a struct timespec
18088: [bf8eb12cb63f]
18089:
18090: * utimes.c:
18091: Not a darpa-sponsored file.
18092: [121ce5e2036c]
18093:
18094: 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
18095:
18096: * compat.h, config.h.in, configure, configure.in:
18097: Add a check for struct timespec and provide it for those without.
18098: [42124055030d]
18099:
18100: * config.h.in, configure, configure.in, sudo_edit.c:
18101: Add checks for st_mtim and st_mtimespec and add macros for pulling
18102: the mtime sec and nsec out of struct stat. These are used in
18103: sudo_edit() to better tell whether or not the file has changed.
18104: [23debfbb3fab]
18105:
18106: * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
18107: Add an extra param to touch() for nsec
18108: [56f7a4ba8ddb]
18109:
18110: * sudo_edit.c:
18111: Call mkstemp() as the in invoking user so we don't have to chown the
18112: file later. Only touch() the temp file if we can do it via the file
18113: descriptor. Don't check for modification of the temp file if we lack
18114: fstat(). Catch errors read()ing the temp file.
18115: [665f52c70836]
18116:
18117: * fileops.c:
18118: If path is NULL and fd == -1 return -1.
18119: [757a518a824c]
18120:
18121: * sudo_edit.c:
18122: closefrom() is overkill, the only extra fds are the ones we opened
18123: so just close those in the child.
18124: [f361c9d2a1f4]
18125:
18126: * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
18127: configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
18128: visudo.c:
18129: Use utimes() and futimes() instead of utime() in touch(), emulating
18130: as needed. Not all systems are able to support setting the times of
18131: an fd so touch() takes both an fd and a file name as arguments.
18132: [3d9276f29717]
18133:
18134: 2004-09-07 Aaron Spangler <aaron777@gmail.com>
18135:
18136: * env.c:
18137: Rare SEGV
18138: [8995f828782d]
18139:
18140: 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
18141:
18142: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
18143: visudo.man.in:
18144: regen
18145: [b8e9406711c5]
18146:
18147: * sudo.pod, sudoers.pod, visudo.pod:
18148: Add SUPPORT section and re-order some of the sections to match the
18149: order we use in OpenBSD.
18150: [fa37bd917e2c]
18151:
18152: 2004-09-06 Aaron Spangler <aaron777@gmail.com>
18153:
18154: * env.c:
18155: Openldap ~/.ldaprc fix
18156: [1a37afe6850f]
18157:
18158: 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
18159:
18160: * sudo.pod:
18161: Talk about how the editor must write its changes to the original
18162: file and not just use rename(2).
18163: [c55ed91c5ee9]
18164:
18165: * CHANGES:
18166: sync
18167: [62af26bd37a2]
18168:
18169: * sudo_edit.c:
18170: Keep the temp file open instead of re-opening after the editor has
18171: exited.
18172: [de41eeb6dcf2]
18173:
18174: * sample.pam:
18175: Update for current redhat/fedora core.
18176: [8cf083077333]
18177:
18178: 2004-09-03 Aaron Spangler <aaron777@gmail.com>
18179:
18180: * README.LDAP:
18181: tls_ examples
18182: [ba783d88a034]
18183:
18184: 2004-09-02 Aaron Spangler <aaron777@gmail.com>
18185:
18186: * ldap.c:
18187: config tls_* options
18188: [0b0e0797b3b9]
18189:
18190: 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
18191:
18192: * configure, configure.in:
18193: No need for -lcrypt when using pam.
18194: [41fff3a53e68]
18195:
18196: 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
18197:
18198: * configure:
18199: regen
18200: [75820aecce2c]
18201:
18202: 2004-08-27 Aaron Spangler <aaron777@gmail.com>
18203:
18204: * configure.in, ldap.c, pathnames.h.in:
18205: Allow --with-ldap-conf-file option to override LDAP_CONF
18206: [c9909bc484a5]
18207:
18208: * ldap.c:
18209: cleanup debug message
18210: [1f6ca4824d8d]
18211:
18212: 2004-08-26 Aaron Spangler <aaron777@gmail.com>
18213:
18214: * README.LDAP:
18215: more config info
18216: [f2e7147fd507]
18217:
18218: 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
18219:
18220: * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
18221: Add cmnd_base to struct sudo_user and set it in init_vars(). Add
18222: cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
18223: longer use gross statics in command_matches(). Also rename some
18224: variables for improved clarity.
18225: [7169a6c7bea4]
18226:
18227: 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
18228:
18229: * INSTALL:
18230: document HP's crippled compiler deficiency.
18231: [c405ea5a8d4c]
18232:
18233: * INSTALL:
18234: Fix some thinkos in --with-editor and --with-env-editor
18235: descriptions. Noticed by Norihiko Murase.
18236: [dd781de1c985]
18237:
18238: * configure, configure.in:
18239: --with-noexec takes an optional PATH argument.
18240: [8f6ab77f22cc]
18241:
18242: * INSTALL:
18243: document --with-noexec
18244: [50cb1fc627ce]
18245:
18246: 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
18247:
18248: * RUNSON, TODO:
18249: sync
18250: [f2503bd13373] [SUDO_1_6_8]
18251:
18252: * sudo_edit.c:
18253: Better warning message when sudoedit is unable to write to the
18254: destination file.
18255: [f78c18f2ffa8]
18256:
18257: * sudo.cat, sudo.man.in:
18258: regen
18259: [7e2bf63d6d9a]
18260:
18261: * sudo.pod:
18262: Don't italicize the string "sudoedit"
18263: [c691643bd269]
18264:
18265: 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
18266:
18267: * HISTORY:
18268: Mention GratiSoft.
18269: [dc53de581b2d]
18270:
18271: 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
18272:
18273: * sudo.tab.c:
18274: regen
18275: [8ae0484dfc38]
18276:
18277: * parse.yacc:
18278: Reset used_runas to FALSE when re-intializing the parser.
18279: [b7403f353a02]
18280:
18281: 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
18282:
18283: * config.guess:
18284: Correct OpenBSD mips support
18285: [314fc7afc165]
18286:
18287: * config.guess:
18288: Add OpenBSD/mips
18289: [ac87d0a773ef]
18290:
18291: 2004-08-07 Aaron Spangler <aaron777@gmail.com>
18292:
18293: * README.LDAP:
18294: More behavior notes
18295: [13be1d212b47]
18296:
18297: * README.LDAP:
18298: Updates on current behavior
18299: [d498a8866d6f]
18300:
18301: 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
18302:
18303: * sudoers.pod:
18304: =back does not take an indentlevel (makes no difference to formatted
18305: files).
18306: [9c8523bb382a]
18307:
18308: * sudo.pod:
18309: =back does not take an indentlevel (makes no difference to formatted
18310: files).
18311: [e5f479e24fa8]
18312:
18313: * CHANGES:
18314: new
18315: [2dbd9aba8b33]
18316:
18317: * sudo.c:
18318: Consistency. Use same error for bad -u #uid when targetpw is set as
18319: we do when a bad -u username is specified.
18320: [922961c4a9d6]
18321:
18322: * TODO:
18323: Add checksum idea from Steve Mancini
18324: [e6ece1b766ba]
18325:
18326: * sudoers.cat, sudoers.man.in:
18327: regen
18328: [370d2317829f]
18329:
18330: * sudo.cat, sudo.man.in:
18331: regen
18332: [f93d41fc38b1]
18333:
18334: * sudo.pod, sudoers.pod:
18335: Document the restriction on uids specified via -u when targetpw is
18336: set.
18337: [878fedb455db]
18338:
18339: * sudo.c:
18340: Error out when targetpw is enabled and sudo is run with -u #uid but
18341: #uid does not exist in the passwd database. We can't do target
18342: authentication when the target is not in passwd!
18343: [27c5888c86eb]
18344:
18345: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
18346: regen
18347: [ceb65711050c]
18348:
18349: * TODO:
18350: Some more todo for the next release.
18351: [7b7417be7601]
18352:
18353: * INSTALL:
18354: Make it clear that PAM should be used for DCE support when possible.
18355: [7502029fd385]
18356:
18357: * sudoers.pod:
18358: o Document problems with wildcards and relative paths. o Make the
18359: order requirements more prominent. o Change a "set" to "reset" for
18360: clarity.
18361: [bacdd181b33f]
18362:
18363: 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
18364:
18365: * sudo.pod:
18366: Mention --with-secure-path, not SECURE_PATH.
18367: [41283ddde5e1]
18368:
18369: 2004-08-03 Aaron Spangler <aaron777@gmail.com>
18370:
18371: * ldap.c:
18372: reflect changes to parse.c
18373: [8880fe9b724d]
18374:
18375: 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
18376:
18377: * sudo.tab.c:
18378: regen
18379: [a57658ca9177]
18380:
18381: * parse.c, parse.h, testsudoers.c, visudo.c:
18382: Don't pass user_cmnd and user_args to command_matches(), just use
18383: the globals there. Since we keep state with statics anyway it is
18384: misleading to pretend that passing in different cmnd and cmnd_args
18385: will work.
18386: [0a2544991fd6]
18387:
18388: * parse.yacc:
18389: Don't pass user_cmnd and user_args to command_matches(), just use
18390: the globals there. Since we keep state with statics anyway it is
18391: misleading to pretend that passing in different cmnd and cmnd_args
18392: will work.
18393: [a4910bf6032b]
18394:
18395: * parse.c:
18396: Fix a bug introduced in rev. 1.149. When checking for pseudo-
18397: commands check for a '/' anywhere in cmnd, not just the first
18398: character.
18399: [ce98142f03ca]
18400:
18401: 2004-07-31 Aaron Spangler <aaron777@gmail.com>
18402:
18403: * sudo.man.in, sudo.pod:
18404: Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
18405: [a91800e094b1]
18406:
18407: * sudoers.man.in, sudoers.pod:
18408: Add ignore_local_sudoers
18409: [741ddcbf7083]
18410:
18411: * README.LDAP:
18412: Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
18413: janth@moldung.no
18414: [742c02e07cd9]
18415:
18416: 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
18417:
18418: * CHANGES:
18419: typo
18420: [e7cdefbd7a9a]
18421:
18422: 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
18423:
18424: * CHANGES:
18425: sync
18426: [734dafc4a85e]
18427:
18428: * parse.c:
18429: Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
18430: PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
18431: [151b7f593568]
18432:
18433: 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
18434:
18435: * CHANGES:
18436: PAM change
18437: [d8fb6d6a22d0]
18438:
18439: 2004-07-08 Aaron Spangler <aaron777@gmail.com>
18440:
18441: * ldap.c:
18442: Better debugging of ALL command
18443: [9db3e84029dc]
18444:
18445: 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
18446:
18447: * parse.c:
18448: When matching for "sudoedit" in sudoers check both the command the
18449: user typed *and* the command that is listed in the sudoers entry.
18450: [f36ca1f94095]
18451:
18452: 2004-07-04 Aaron Spangler <aaron777@gmail.com>
18453:
18454: * ldap.c:
18455: Added !command feature
18456: [ed539574611b]
18457:
18458: 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
18459:
18460: * auth/pam.c:
18461: Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
18462: [2be8e0e8813a]
18463:
18464: 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
18465:
18466: * LICENSE:
18467: License is ISC-style, not BSD-style
18468: [ac0589e1dd5d]
18469:
18470: * CHANGES:
18471: sync
18472: [16058a30f404]
18473:
18474: 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
18475:
18476: * sudo.cat, sudo.man.in:
18477: regen
18478: [8820eb9c809b]
18479:
18480: * sudo.pod:
18481: o Update some out of date bits to reality o Change the shell promt
18482: in examples to bourne-shell style o Clarify some details o Add a
18483: CAVEAT about "sudo cd /foo"
18484: [b0af373214b6]
18485:
18486: * check.c:
18487: Don't ask for a password if invoking user == target user.
18488: [dd5c96141132]
18489:
18490: * sudo.c:
18491: typo in comment
18492: [278d20f9b249]
18493:
18494: 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
18495:
18496: * sudoers.cat, sudoers.man.in:
18497: regen
18498: [9036c6f39eff]
18499:
18500: * sudoers.pod:
18501: Expand on NOEXEC a little.
18502: [9a13756aebe4]
18503:
18504: * TODO:
18505: sync
18506: [8d2c1af48de8]
18507:
18508: * visudo.cat, visudo.man.in:
18509: regen
18510: [3921f01607c8]
18511:
18512: * sudo.tab.c:
18513: regen
18514: [9338c3d68250]
18515:
18516: * visudo.pod:
18517: Add a check in visudo for runas_default being set after it has
18518: already been used.
18519: [6700358d7ad8]
18520:
18521: * CHANGES, parse.yacc, visudo.c:
18522: Add a check in visudo for runas_default being set after it has
18523: already been used.
18524: [803560986a8a]
18525:
18526: * sudo.tab.c:
18527: regen
18528: [b60636e2cf63]
18529:
18530: * parse.yacc:
18531: Add a MATCHED macro for testing whether foo_matches has been set to
18532: TRUE or FALSE. This is more readable than checking for >=0 or < 0.
18533: Doesn't change the actual code generated.
18534: [f376da8ccdc8]
18535:
18536: 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
18537:
18538: * sudoers.cat:
18539: regen
18540: [6cceb6d6c9bd]
18541:
18542: * sudoers.man.in:
18543: regen
18544: [5acd12b730b3]
18545:
18546: * sudoers.pod:
18547: Correct description of where Defaults specs should go.
18548: [6b11ff53d7ad]
18549:
18550: * sudoers:
18551: Correct description of where Defaults specs should go.
18552: [868db857630d]
18553:
18554: * testsudoers.c, visudo.c:
18555: update (c) year
18556: [272c8a53604c]
18557:
18558: * logging.h:
18559: update (c) year
18560: [3cec76d400ce]
18561:
18562: * ldap.c:
18563: update (c) year
18564: [f264632488a0]
18565:
18566: * find_path.c:
18567: update (c) year
18568: [40c227af9227]
18569:
18570: * auth/pam.c:
18571: update (c) year
18572: [87149e0eed50]
18573:
18574: * auth/bsdauth.c, auth/kerb5.c:
18575: update (c) year
18576: [d72eb434c068]
18577:
18578: 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
18579:
18580: * sudo.tab.c:
18581: regen
18582: [83408d9e9d2e]
18583:
18584: * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
18585: Remove trailing spaces, no actual code changes.
18586: [4c3bf2819293]
18587:
18588: * tgetpass.c:
18589: Remove trailing spaces, no actual code changes.
18590: [96f6e0a24c26]
18591:
18592: * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
18593: Remove trailing spaces, no actual code changes.
18594: [c7075d1cbed5]
18595:
18596: * getcwd.c:
18597: Remove trailing spaces, no actual code changes.
18598: [776cc0374547]
18599:
18600: * find_path.c:
18601: Remove trailing spaces, no actual code changes.
18602: [7ed7099f3c71]
18603:
18604: * compat.h, defaults.c, env.c:
18605: Remove trailing spaces, no actual code changes.
18606: [893e83c33795]
18607:
18608: * check.c:
18609: Remove trailing spaces, no actual code changes.
18610: [f77750f8803b]
18611:
18612: * sudo.tab.c:
18613: regen
18614: [62e0ed883b31]
18615:
18616: * parse.yacc:
18617: Fix a >=0 that should be <0 that was improperly converted when
18618: UNSPEC was added.
18619: [ad1531a55a49]
18620:
18621: * parse.yacc:
18622: Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
18623: NOMATCH when resetting it.
18624: [ae017a12870a]
18625:
18626: * parse.yacc:
18627: Fix pastos introduced in SETNMATCH addition.
18628: [6ea1c9d80681]
18629:
18630: 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
18631:
18632: * README.LDAP:
18633: Update for configure changes
18634: [637a635da287]
18635:
18636: * sudo.tab.c:
18637: regen
18638: [4753c2788713]
18639:
18640: * sudo.h:
18641: Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
18642: these in parse.yacc. Also in parse.yacc initialize the *_matches
18643: vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
18644: when setting *_matches to a value that may be
18645: NOMATCH/UNSPEC/TRUE/FALSE.
18646: [2ba622e15a4d]
18647:
18648: * parse.yacc:
18649: Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
18650: these in parse.yacc. Also in parse.yacc initialize the *_matches
18651: vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
18652: when setting *_matches to a value that may be
18653: NOMATCH/UNSPEC/TRUE/FALSE.
18654: [746b519e41a6]
18655:
18656: * parse.yacc:
18657: Initialize runas to -2, not -1 since we need to be able to
18658: distinguish between the initialized value and the value of a non-
18659: match when passing along the runas value to multiple commands.
18660:
18661: The result of this is that an unmatched runas is now set to -1, not
18662: 0. This is required now that parse.c treats a FALSE value for runas
18663: as being explicitly denied.
18664: [7791ed3621f6]
18665:
18666: 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
18667:
18668: * sudo.c, visudo.c:
18669: Error out if argc < 1.
18670: [ce6b2a9eda3c]
18671:
18672: * getprogname.c:
18673: Error out if argc < 1.
18674: [c566cce8dc78]
18675:
18676: * configure, configure.in:
18677: Add tests for what libs we need to link with for ldap and for
18678: whether or not lber.h needs to be explicitly included.
18679: [b2e9729cc4e7]
18680:
18681: 2004-06-03 Aaron Spangler <aaron777@gmail.com>
18682:
18683: * ldap.c:
18684: Solaris native LDAP build fix
18685: [39929e40eb11]
18686:
18687: 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
18688:
18689: * ldap.c:
18690: Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
18691: unset variable.
18692: [6a4c20a66f98]
18693:
18694: * sudo.h:
18695: Add prototype for sudo_ldap_list_matches
18696: [443b007a8dab]
18697:
18698: * configure, configure.in:
18699: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
18700: version too. Added check for dd_fd in `DIR' if no dirfd is found;
18701: this is now used to confitionally define the dirfd macro in
18702: compat.h.
18703: [567656978f7e]
18704:
18705: * config.h.in:
18706: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
18707: version too. Added check for dd_fd in `DIR' if no dirfd is found;
18708: this is now used to confitionally define the dirfd macro in
18709: compat.h.
18710: [34eace4faec8]
18711:
18712: * compat.h:
18713: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
18714: version too. Added check for dd_fd in `DIR' if no dirfd is found;
18715: this is now used to confitionally define the dirfd macro in
18716: compat.h.
18717: [8d50ff1bbf2a]
18718:
18719: * closefrom.c:
18720: Only check /proc/$$/fd if we have the dirfd function/macro.
18721: [15e3ccce7553]
18722:
18723: * compat.h, config.h.in, configure, configure.in:
18724: Add a check for a dirfd() function (like Linux) and add a dirfd
18725: macro in compat.h if there is no dirfd() function or macro.
18726: [1e95756edb50]
18727:
18728: * closefrom.c, getcwd.c:
18729: dirfd() is now defined in compat.h as needed.
18730: [bb1d79271188]
18731:
18732: * CHANGES:
18733: Clarify closefrom() note.
18734: [f4e4a5508dda]
18735:
18736: * parse.c:
18737: When checking for a command in the directory, only copy the base dir
18738: once.
18739: [7a3276808b87]
18740:
18741: * closefrom.c:
18742: If there is a /proc/$$/fd directory, behave like the Solaris
18743: closefrom() and only close the descriptors listed therein.
18744: [19de23779e84]
18745:
18746: * alloc.c:
18747: compat.h guarantees INT_MAX is defined.
18748: [1bf0c79d4606]
18749:
18750: * compat.h:
18751: Add definitions of OPEN_MAX and INT_MAX for those without it and
18752: remove definition of RLIM_INFINITY (now unused).
18753: [f827d1ebf96e]
18754:
18755: * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
18756: sudo.c, sudo.h, visudo.c:
18757: Use PATH_MAX, not MAXPATHLEN since the former is standardized.
18758: [59788f211c24]
18759:
18760: 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
18761:
18762: * CHANGES:
18763: sync
18764: [d32fa124f1ad]
18765:
18766: * RUNSON:
18767: Add some entries that were mailed in a while ago
18768: [ff8d5bfec54e]
18769:
18770: * closefrom.c:
18771: o sysconf returns a long, not an int. o check for negative return
18772: value from sysconf/getdtablesize and use OPEN_MAX in this case. o
18773: define OPEN_MAX to 256 for those without it (a fair guess...)
18774: [ccf81ae6deb2]
18775:
18776: 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
18777:
18778: * UPGRADE:
18779: Mention change in parse order for RunAs entries.
18780: [dc73b0bca617]
18781:
18782: * configure:
18783: regen
18784: [07cce8e0534e]
18785:
18786: 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
18787:
18788: * INSTALL, README.LDAP, config.h.in, configure.in:
18789: o --with-ldap now takes an optional dir as a parameter o added
18790: check for ldap_initialize() and start_tls_s()
18791: [2b846c7974c6]
18792:
18793: * README.LDAP:
18794: Fix some typos, word choice and formatting issues.
18795: [00dc8ca84b10]
18796:
18797: 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
18798:
18799: * tgetpass.c:
18800: Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
18801: read/write as it is simpler.
18802: [30f5446ee8b0]
18803:
18804: * configure, configure.in:
18805: Remove hack overriding cross-compiler check. It should no longer be
18806: needed.
18807: [22a6cbd88608]
18808:
18809: * compat.h:
18810: Remove select() compat bits since we no longer use select().
18811: [d7bbf7cd36f5]
18812:
18813: * CHANGES, tgetpass.c:
18814: Use alarm() instead of select() for the timeout for systems that
18815: don't fully/properly implement select().
18816: [d7cc60f15800]
18817:
18818: 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
18819:
18820: * CHANGES:
18821: synbc
18822: [132a39788e07]
18823:
18824: * RUNSON:
18825: update
18826: [61ef508380c6]
18827:
18828: * set_perms.c:
18829: Deal with systems that have no way of setting the effective uid such
18830: as nsr-tandem-nsk.
18831: [306e00e9b5a4]
18832:
18833: * configure, configure.in:
18834: Define NO_SAVED_IDS if we don't find seteuid()
18835: [8588f18345cf]
18836:
18837: * config.h.in, configure, configure.in:
18838: Add back check for setreuid() since NSK doesn't have it.
18839: [43127bd703d1]
18840:
18841: * sudoers.cat, sudoers.man.in:
18842: regen
18843: [af4f4b20e422]
18844:
18845: * CHANGES:
18846: sync
18847: [29ca3b699c24]
18848:
18849: * BUGS:
18850: sync
18851: [3593f17f72ed]
18852:
18853: * parse.c:
18854: In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
18855: explicitly denied and the command matched. This fixes a long-
18856: standing bug and makes: foo machine = (ALL) /usr/bin/blah
18857: foo machine = (!bar) /usr/bin/blah
18858:
18859: equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
18860: [2f5ee244985a]
18861:
18862: * sudoers.pod:
18863: Clarify mail_noperm
18864: [3238b2d41989]
18865:
18866: 2004-05-20 Aaron Spangler <aaron777@gmail.com>
18867:
18868: * Makefile.in:
18869: Missing DESTDIR in make install for sudo_noexec.la
18870: [91431e821525]
18871:
18872: 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
18873:
18874: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
18875: visudo.man.in:
18876: regen
18877: [cdfde0dcb556]
18878:
18879: * TODO:
18880: sync
18881: [4799b7d8b62c]
18882:
18883: * sudoers.pod:
18884: Remove fastboot/fasthalt (who still remembers these?) and add a
18885: minimal sudoedit example.
18886: [19d299f233cd]
18887:
18888: * sample.sudoers:
18889: Remove fastboot/fasthalt (who still remembers these?) and add a
18890: minimal sudoedit example.
18891: [b1bca73d6250]
18892:
18893: * UPGRADE, sudo.c, visudo.c:
18894: filesystem -> file system
18895: [1e1afaf30469]
18896:
18897: * TROUBLESHOOTING:
18898: filesystem -> file system
18899: [39fb594e9338]
18900:
18901: * CHANGES, INSTALL:
18902: filesystem -> file system
18903: [85948b608ffe]
18904:
18905: * sudo.pod, sudoers.pod:
18906: Fix some minor typos and formatting goofs
18907: [e94d243a0b90]
18908:
18909: * lex.yy.c:
18910: regen
18911: [2eed0ab1f4c4]
18912:
18913: * visudo.pod:
18914: remove my email addr
18915: [b63262c0389b]
18916:
18917: * sudo.pod, sudoers.pod, visudo.pod:
18918: Use @mansectform@ and @mansectsu@ everywhere Make man page
18919: references links with L<>
18920: [f459f4b9ddb9]
18921:
18922: * parse.lex:
18923: Accept quoted globbing characters and pass them verbatim for
18924: fnmatch()
18925: [8248b86e9380]
18926:
18927: * UPGRADE:
18928: Document that /tmp/.odus is gone.
18929: [3667b66af5bb]
18930:
18931: * pathnames.h.in:
18932: No longer use /tmp/.odus as a possible timestamp dir unless
18933: specifically configured to do so. Instead, if no /var/run exists,
18934: use /var/adm/sudo or /usr/adm/sudo.
18935: [48d94c9f9ad4]
18936:
18937: * configure:
18938: No longer use /tmp/.odus as a possible timestamp dir unless
18939: specifically configured to do so. Instead, if no /var/run exists,
18940: use /var/adm/sudo or /usr/adm/sudo.
18941: [058d7b8cf07b]
18942:
18943: * aclocal.m4:
18944: No longer use /tmp/.odus as a possible timestamp dir unless
18945: specifically configured to do so. Instead, if no /var/run exists,
18946: use /var/adm/sudo or /usr/adm/sudo.
18947: [cf52c4c2803f]
18948:
18949: * CHANGES:
18950: No longer use /tmp/.odus as a possible timestamp dir unless
18951: specifically configured to do so. Instead, if no /var/run exists,
18952: use /var/adm/sudo or /usr/adm/sudo.
18953: [6058c4cefcec]
18954:
18955: * set_perms.c, sudo.c, tgetpass.c, visudo.c:
18956: Preliminary changes to support nsr-tandem-nsk. Based on patches
18957: from Tom Bates.
18958: [2e5f81834383]
18959:
18960: * logging.c:
18961: Preliminary changes to support nsr-tandem-nsk. Based on patches
18962: from Tom Bates.
18963: [934bbe6872b6]
18964:
18965: * check.c, compat.h:
18966: Preliminary changes to support nsr-tandem-nsk. Based on patches
18967: from Tom Bates.
18968: [390b698b5924]
18969:
18970: 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
18971:
18972: * CHANGES:
18973: There was no 1.6.7p6.
18974: [8013d2e6b062]
18975:
18976: * BUGS, CHANGES:
18977: sync
18978: [c38b41f32857]
18979:
18980: * Makefile.in:
18981: add missing files to DISTFILES
18982: [e6a80ad03039]
18983:
18984: * sudo.cat, sudoers.cat, visudo.cat:
18985: regen
18986: [027bc9746dd5]
18987:
18988: * sudoers.man.in:
18989: regen
18990: [f5e85ef686cf]
18991:
18992: * Makefile.in:
18993: Fix some line wrap and update (c) year
18994: [bad1f46aa1ca]
18995:
18996: 2004-04-28 Aaron Spangler <aaron777@gmail.com>
18997:
18998: * README.LDAP:
18999: Build Note
19000: [7a061248249b]
19001:
19002: 2004-04-07 Aaron Spangler <aaron777@gmail.com>
19003:
19004: * Makefile.in:
19005: Fix install-dirs
19006: [be0726dd92e7]
19007:
19008: 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
19009:
19010: * sudo.tab.c:
19011: regen
19012: [3f4f0d1ab8b9]
19013:
19014: * visudo.c:
19015: In Exit() when used as a signal handler, emsg is a pointer so
19016: sizeof() is wrong so make it a #define instead. Also avoid using a
19017: negative exit value. Found by Aaron Campbell
19018: [78716a3a3fdc]
19019:
19020: 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
19021:
19022: * sudoers.pod:
19023: Remove bogus sentence about uids in a User_List. Document usernames
19024: vs. uid parsing in a Runas_List.
19025: [7ca510b5031c]
19026:
19027: * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
19028: If the user specified a uid with the -u flag and the uid exists in
19029: the passwd file, set runas_user to the name, not the uid.
19030:
19031: When comparing usernames in sudoers, if a name is really a uid
19032: (starts with '#') compare it numerically to pw_uid.
19033: [8d6935d04673]
19034:
19035: 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
19036:
19037: * auth/kerb5.c:
19038: krb5_mcc_ops should be const; Johnny C. Lam
19039: [aa8c753e426e]
19040:
19041: 2004-02-28 Aaron Spangler <aaron777@gmail.com>
19042:
19043: * CHANGES, config.h.in, ldap.c:
19044: Added start_tls support
19045: [7ef864c15b69]
19046:
19047: 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
19048:
19049: * Makefile.in:
19050: Clean up libtool stuff for 'make distclean' and add def_data.c,
19051: def_data.h to PARSESRCS.
19052: [bf9bb6bb06ab]
19053:
19054: 2004-02-14 Aaron Spangler <aaron777@gmail.com>
19055:
19056: * strlcat.c, strlcpy.c:
19057: Un-Fix last license munge
19058: [42654b77ac71]
19059:
19060: 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
19061:
19062: * configure:
19063: regen
19064: [e4de6b23a4dc]
19065:
19066: * CHANGES, RUNSON, TODO:
19067: checkpoint
19068: [94e1ace84d5c]
19069:
19070: * lex.yy.c, sudo.tab.c:
19071: regen
19072: [8ce784505643]
19073:
19074: * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
19075: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
19076: emul/search.h, emul/utime.h:
19077: More to a less restrictive, ISC-style license.
19078: [a31b20e48003]
19079:
19080: * auth/kerb5.c, auth/pam.c:
19081: More to a less restrictive, ISC-style license.
19082: [e41f92b41216]
19083:
19084: * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
19085: More to a less restrictive, ISC-style license.
19086: [87534c164a52]
19087:
19088: * auth/bsdauth.c:
19089: More to a less restrictive, ISC-style license.
19090: [e21be6594b58]
19091:
19092: * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
19093: More to a less restrictive, ISC-style license.
19094: [6d234be91c5e]
19095:
19096: * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
19097: visudo.man.in, visudo.pod:
19098: More to a less restrictive, ISC-style license.
19099: [b02aea324fd6]
19100:
19101: * sudo_noexec.c:
19102: More to a less restrictive, ISC-style license.
19103: [a6da7631e0b2]
19104:
19105: * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
19106: sudo_edit.c:
19107: More to a less restrictive, ISC-style license.
19108: [71cdcc241e94]
19109:
19110: * sigaction.c, strerror.c:
19111: More to a less restrictive, ISC-style license.
19112: [4bccdedca58a]
19113:
19114: * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
19115: set_perms.c:
19116: More to a less restrictive, ISC-style license.
19117: [64d772d70ab3]
19118:
19119: * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
19120: ins_goons.h, insults.h, interfaces.c, interfaces.h:
19121: More to a less restrictive, ISC-style license.
19122: [520381c60a54]
19123:
19124: * find_path.c, getprogname.c:
19125: More to a less restrictive, ISC-style license.
19126: [f605d5eab6f1]
19127:
19128: * fileops.c:
19129: More to a less restrictive, ISC-style license.
19130: [4129a8b38a67]
19131:
19132: * env.c:
19133: More to a less restrictive, ISC-style license.
19134: [d5bd859757de]
19135:
19136: * defaults.h:
19137: More to a less restrictive, ISC-style license.
19138: [008f5d5743f5]
19139:
19140: * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
19141: defaults.c:
19142: More to a less restrictive, ISC-style license.
19143: [d8d7bfc8a18b]
19144:
19145: * utime.c, version.h:
19146: More to a less restrictive, ISC-style license.
19147: [e2e038ad8209]
19148:
19149: * parse.lex, parse.yacc:
19150: More to a less restrictive, ISC-style license.
19151: [2f5942e847a1]
19152:
19153: * Makefile.binary:
19154: More to a less restrictive, ISC-style license.
19155: [1ed561734535]
19156:
19157: 2004-02-13 Aaron Spangler <aaron777@gmail.com>
19158:
19159: * sudoers2ldif:
19160: Merged in LDAP Support
19161: [3994c4d05947]
19162:
19163: * ldap.c, sudo.c, sudo.h:
19164: Merged in LDAP Support
19165: [547eaa346fcc]
19166:
19167: * def_data.c, def_data.h, def_data.in:
19168: Merged in LDAP Support
19169: [8fb255280e42]
19170:
19171: * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
19172: Merged in LDAP Support
19173: [1038092a161e]
19174:
19175: 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
19176:
19177: * sudo.h, sudo_noexec.c:
19178: Only do "extern int errno" if errno is not a macro.
19179: [b2e02a08be8b]
19180:
19181: 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
19182:
19183: * set_perms.c:
19184: setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
19185: euid first, then just call setuid(0) to set the real uid too.
19186: [f08546e2e0ee]
19187:
19188: * set_perms.c:
19189: Use setresuid() and setreuid() for PERM_RUNAS when appropriate
19190: instead of seteuid() which may not exist.
19191: [ba508581befb]
19192:
19193: 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
19194:
19195: * LICENSE:
19196: 2004
19197: [37425513a342]
19198:
19199: * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
19200: Add --with-pc-insults configure option
19201: [7daa5294c17b]
19202:
19203: * visudo.man.in:
19204: Prefer VISUAL over EDITOR like old vipw did.
19205: [996252a4ab65]
19206:
19207: 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
19208:
19209: * sudo.man.in, sudoers.man.in:
19210: regen
19211: [a247f1c52eb9]
19212:
19213: * sudoers.pod:
19214: Add a note that noexec is not a cure-all.
19215: [9e7fc535367d]
19216:
19217: * sudoers.pod:
19218: Mention that disabling "root_sudo" is pretty pointless.
19219: [f38a415afba0]
19220:
19221: * configure, configure.in:
19222: Substitute for root_sudo in sudoers.pod
19223: [ce483cfc86be]
19224:
19225: * sudo.pod:
19226: Add sudoedit to the NAME section
19227: [51bc453ec2f6]
19228:
19229: * sudoers.pod:
19230: Document that fact that setting ignore_dot in sudoers has no effect
19231: due to the fact that find_path() is called *before* sudoers is read.
19232: [6808df7e417c]
19233:
19234: 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
19235:
19236: * sudo_edit.c:
19237: Do not require _PATH_USRTMP to be set.
19238: [546f3270dd10]
19239:
19240: * BUGS, CHANGES, TODO:
19241: sync
19242: [4205ddeab781]
19243:
19244: * sudo.man.in:
19245: regen
19246: [e2143690a88a]
19247:
19248: * sudo.pod:
19249: Clarify that when sudo is run by root with the SUDO_USER variable
19250: set, the sudoers lookup happens for root and not the SUDO_USER user.
19251: [47207bec1bdf]
19252:
19253: 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
19254:
19255: * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
19256: set_perms.c, sigaction.c, sudo.c, tgetpass.c:
19257: Use the SET, CLR and ISSET macros.
19258: [a8b0d7f1e8fd]
19259:
19260: * fnmatch.c:
19261: Use the SET, CLR and ISSET macros.
19262: [1afbcba22ba6]
19263:
19264: * defaults.c, env.c:
19265: Use the SET, CLR and ISSET macros.
19266: [2f39431e0a49]
19267:
19268: * interfaces.h:
19269: MAIN was replaced with _SUDO_MAIN some time ago.
19270: [ea1b38f2ac9d]
19271:
19272: * sudo.c:
19273: Don't look at prev_user until after we've parsed sudoers and done
19274: the password check. That way, if sudo/sudoedit is run from a root
19275: process that was invoked by sudo, we check sudoers for root, not the
19276: previous user. This makes sudoedit much more useful and means that
19277: for the sudo case, we get correct logging on who actually ran the
19278: command.
19279: [431dfbf20552]
19280:
19281: 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
19282:
19283: * sudo_edit.c:
19284: Add a comment describing why we need to be notified about our child
19285: stopping.
19286: [0bec3ce4b49d]
19287:
19288: 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
19289:
19290: * def_data.c, def_data.in:
19291: Update the noexec variable descriptions
19292: [9cb7f1aa0e57]
19293:
19294: * sudoers.man.in, sudoers.pod:
19295: noexec now replaces more than just execve()
19296: [23cbdc0ee95c]
19297:
19298: * sudo_noexec.c:
19299: Alas, all the world does not go through execve(2). Many systems
19300: still have an execv(2) system call, Linux 2.6 provides fexecve(2)
19301: and it is not uncommon for libc to have underscore ('_') versions of
19302: the functions to be used internally by the library. Instead of
19303: stubbing all these out by hand, define a macro and let it do the
19304: work. Extra exec functions pointed out by Reznic Valery.
19305: [9fa0cd871b0c]
19306:
19307: * sudo.c, sudo_edit.c:
19308: Fix suspending the editor in -e mode. Because we do a fork() first
19309: we need to be notified when the child has been stopped and then send
19310: that same signal to ourself so the shell can do its job control
19311: thing.
19312: [773165eb6057]
19313:
19314: * visudo.c:
19315: Use WIFEXITED and WEXITSTATUS macros. If there are systems out
19316: there that want to run sudo that still don't support these we can
19317: try to deal with that later.
19318: [6af68e4aff60]
19319:
19320: * lex.yy.c:
19321: regen
19322: [403435317d5d]
19323:
19324: * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
19325: Document sudo -e / sudoedit
19326: [a80f6ea910af]
19327:
19328: * configure, configure.in:
19329: fix typo
19330: [5020fcdc27f4]
19331:
19332: * config.h.in, configure.in:
19333: Add SET/CLR/ISSET
19334: [03ff57286e7e]
19335:
19336: 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
19337:
19338: * sudo.c:
19339: Allow non-exclusive flags when invoked as sudoedit. Pretty print the
19340: long usage() line to not wrap (assumes 80 char display)
19341: [3941fa4004bb]
19342:
19343: * Makefile.in, sudo.c:
19344: If sudo is invoked as "sudoedit" the -e flag is implied and no other
19345: flags are permitted.
19346: [929670b01293]
19347:
19348: * sudo.h:
19349: Add a new flag, -e, that makes it possible to give users the ability
19350: to edit files with the editor of their choice as the invoking user,
19351: not the runas user. Temporary files are used for the actual edit
19352: and the temp file is copied over the original after the editor is
19353: done.
19354: [c4051414c1f4]
19355:
19356: * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
19357: Add a new flag, -e, that makes it possible to give users the ability
19358: to edit files with the editor of their choice as the invoking user,
19359: not the runas user. Temporary files are used for the actual edit
19360: and the temp file is copied over the original after the editor is
19361: done.
19362: [37ac05c8ac3c]
19363:
19364: * env.c, sudo.c:
19365: If real uid == 0 and the SUDO_USER environment variables is set, use
19366: that to determine the invoking user's true identity. That way the
19367: proper info gets logged by someone who has done "sudo su" but still
19368: uses sudo to as root. We can't do this for non-root users since
19369: that would open up a security hole, though perhaps it would be
19370: acceptable to use getlogin(2) on OSes where this a system call (and
19371: doesn't just look in the utmp file).
19372: [c2f9198708a1]
19373:
19374: * pathnames.h.in:
19375: Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
19376: [7d9e5768df93]
19377:
19378: * config.h.in, configure, configure.in:
19379: Add check for fchown(2)
19380: [a85df18798ed]
19381:
19382: 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
19383:
19384: * sudo.c:
19385: Back out portions of the -i commit that set NewArgv[0] in
19386: set_runaspw. It is far to late to set NewArgv[0] there and will have
19387: no effect anyway as cmnd and safe_cmnd have already been set.
19388: [c2d343430c1c]
19389:
19390: * visudo.c, visudo.pod:
19391: Prefer VISUAL over EDITOR like old vipw did.
19392: [ae32f477cea3]
19393:
19394: 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
19395:
19396: * env.c, sudo.c:
19397: In -i mode always set new environment based on the runas user's
19398: passwd entry.
19399: [fa653b7887a8]
19400:
19401: 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
19402:
19403: * sudo.man.in, sudo.pod:
19404: Document the new -i flag and sync SYNOPSIS section with usage() in
19405: sudo.c. Also sort the flags in the OPTIONS section.
19406: [6aabc0ffc47e]
19407:
19408: * sudo.c, sudo.h:
19409: o Add -i that acts similar to "su -", based on patches from David J.
19410: MacKenzie o Sort the flags in the usage message
19411: [c0fe7d6beffd]
19412:
19413: * sudoers.man.in, sudoers.pod:
19414: Add a missing @runas_default@ substitution.
19415: [60516fe2d090]
19416:
19417: 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
19418:
19419: * sudo.c:
19420: Change euid to runas user before calling find_path().
19421: Unfortunately, though runas_user can be modified in sudoers we
19422: haven't parsed sudoers yet.
19423: [f469fdf2e313]
19424:
19425: * sudoers.man.in, sudoers.pod:
19426: Add missing defintion of Parameter_List and use single pipes in the
19427: Defaults EBNF definition.
19428: [f7bed6e909bf]
19429:
19430: * sudo.c:
19431: Fix a bug when set_runaspw() is used as a callback. We don't want
19432: to reset the contents of runas_pw if the user specified a user via
19433: the -u flag.
19434:
19435: Avoid unnecessary passwd lookups in set_authpw(). In most cases we
19436: already have the info in runas_pw.
19437: [efc35623ba09]
19438:
19439: 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
19440:
19441: * check.c:
19442: Add Stan Lee / Uncle Ben quote to the lecture from RedHat
19443: [ebd5a76ccd7e]
19444:
19445: * sudo.h:
19446: Update sudo_getepw() proto and add one for set_runaspw()
19447: [6ed65795c17f]
19448:
19449: * parse.c:
19450: If we can't stat the command as root, try as the runas user instead.
19451: [ae713fca0e15]
19452:
19453: * testsudoers.c, visudo.c:
19454: Add stub set_runaspw() function
19455: [42aa37050053]
19456:
19457: * sudo.c:
19458: Add set_runaspw() function to fill in runas_pw. This will be used
19459: as a callback to update runas_pw when the runas user changes.
19460: [e570aa0088d0]
19461:
19462: * env.c, sudo.c:
19463: PERM_RUNAS -> PERM_FULL_RUNAS
19464: [51eec6f9e89a]
19465:
19466: * set_perms.c, sudo.h:
19467: Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
19468: changes the euid.
19469: [877c6fe4d12c]
19470:
19471: * getspwuid.c:
19472: Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
19473: one chunk for easy free()ing. Also change it from static to extern.
19474: [ab503260a7ec]
19475:
19476: * defaults.c, defaults.h:
19477: Add callback support
19478: [a61c4ca983fb]
19479:
19480: * mkdefaults:
19481: Add a callback field and use it for runas_default
19482: [96b69c27df5e]
19483:
19484: * def_data.c, def_data.in:
19485: Add a callback field and use it for runas_default
19486: [d3e9f06872b8]
19487:
19488: 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
19489:
19490: * auth/fwtk.c:
19491: Add support for chalnecho and display server responses used by fwtk
19492: >= 2.0
19493: [b1870f7aaf0d]
19494:
19495: 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
19496:
19497: * sudoers.man.in, sudoers.pod:
19498: ld.so is ld.so.1 on solaris
19499: [2bf9a123fa4c]
19500:
19501: * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
19502: Use closefrom() instead of doing the equivalent inline.
19503: [7e3ef6072884]
19504:
19505: * closefrom.c:
19506: closefrom(3) for systems w/o it
19507: [35caf58bb636]
19508:
19509: 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
19510:
19511: * sudoers.man.in:
19512: Update from .pod file.
19513: [d4c94fc0e0c9]
19514:
19515: * configure, configure.in:
19516: Substitute noexec_file for the sudoers man page
19517: [203d3376a551]
19518:
19519: * sudo.man.in, sudo.pod:
19520: Mention noexec
19521: [014375ddbb06]
19522:
19523: * sudoers.man.in, sudoers.pod:
19524: Document noexec
19525: [49a65d06201f]
19526:
19527: * auth/pam.c, config.h.in, configure.in:
19528: Move PAM_CONST macro definition from config.h to pam.c where it
19529: belongs. We can't have this in config.h since that gets included too
19530: early.
19531: [e64748071637]
19532:
19533: * auth/pam.c, config.h.in, configure, configure.in:
19534: Some PAM implementations put their headers in /usr/include/pam
19535: instead of /usr/include/security.
19536: [8cc749e9575c]
19537:
19538: * configure.in:
19539: I missed changing the EXEC macro -> EXECV here when I changed this
19540: in config.h.in and sudo.c a while ago.
19541: [6f5afac7789f]
19542:
19543: * acsite.m4:
19544: OpenBSD vax/m88k/hppa don't do shared libs
19545: [e4901d958bb7]
19546:
19547: * configure, configure.in:
19548: o merge the hpux case entries into a single entry w/ its own sub-
19549: case statement. o HP-UX >= 11 support getspnam(), use it in
19550: preference to getprpwuid()
19551: [0caad428894e]
19552:
19553: * configure, configure.in:
19554: eval $shrext so that it expands nicely on MacOS X
19555: [40419343eef8]
19556:
19557: * Makefile.in:
19558: Don't lie about making a module, it does the wrong thing on mach
19559: [7629b28f5688]
19560:
19561: * ltmain.sh:
19562: Remove requirement that libs must begin with "lib". They don't when
19563: we point directly at the lib using LD_PRELOAD or its equivalent.
19564: [d66f3de6ec85]
19565:
19566: * acsite.m4:
19567: Disable support for c++, f77 and java. We don't need it, it takes a
19568: lot of time, and it hosed our check for shared lib support.
19569: [4f5749c52ce4]
19570:
19571: * configure:
19572: regen
19573: [160865e9d15f]
19574:
19575: * configure.in:
19576: Call AC_ENABLE_SHARED and check the status of enable_shared to know
19577: when shared libs are available.
19578: [42504c1668fc]
19579:
19580: * acsite.m4:
19581: Duh, OpenBSD suports shared libs too
19582: [8e3cd9417475]
19583:
19584: * config.h.in, configure.in:
19585: Only OpenPAM and Linux PAM use const qualifiers.
19586: [b2f76476e866]
19587:
19588: * configure, configure.in:
19589: o No need to check for sed, libtool config does that for us o move
19590: check for --with-noexec until after libtool magic is run so we can
19591: use $can_build_shared and $shrext
19592: [668c656e89cc]
19593:
19594: * ltmain.sh:
19595: Don't print a bunch of crap about library installs since we are not
19596: really installing a library.
19597: [83fbcad29fe4]
19598:
19599: * env.c:
19600: Make format_env() varargs Add noexec support for Darwin, MacOS X,
19601: Irix, and Tru64
19602: [468885d75d10]
19603:
19604: * acsite.m4, ltconfig, ltmain.sh:
19605: Update to libtool 1.5 with local changes: o no ldconfig in the
19606: finish step o assume no libprefix or version is needed
19607: [4961cffc3797]
19608:
19609: * sudo_noexec.c:
19610: Fix compilation under K&R
19611: [8b309bf0b1b2]
19612:
19613: 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
19614:
19615: * CHANGES:
19616: checkpoint
19617: [3c368badab32]
19618:
19619: * sudo_noexec.c:
19620: stub execve() that just returns EACCES; used for noexec
19621: functionality
19622: [1297acae283a]
19623:
19624: * sudo.tab.h:
19625: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
19626: generated code.
19627: [dcab78c49273]
19628:
19629: * sudo.tab.c:
19630: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
19631: generated code.
19632: [0a61c735eabe]
19633:
19634: 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
19635:
19636: * def_data.c, def_data.h, def_data.in:
19637: Move the environment defaults to the end and shorten a few of the
19638: descriptions.
19639: [66787b9c612c]
19640:
19641: * configure, configure.in:
19642: no shared libs on ultris or convexos
19643: [2c5f3c456e32]
19644:
19645: * Makefile.in, configure, configure.in:
19646: Build sudo_noexec shared object using libtool; could use some
19647: cleanup.
19648: [373f483555dd]
19649:
19650: * acsite.m4, ltconfig, ltmain.sh:
19651: libtool scaffolding
19652: [c903a42e3d90]
19653:
19654: * parse.yacc, sudo.tab.c:
19655: Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
19656: important.
19657: [c6e8a34639a4]
19658:
19659: * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
19660: parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
19661: update copyright year
19662: [a16372ae1711]
19663:
19664: * configure, configure.in, defaults.c, env.c, pathnames.h.in:
19665: Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
19666: option. The default value of noexec_file is set to this.
19667: [7d88e1d3c494]
19668:
19669: * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
19670: parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
19671: sudo.tab.h:
19672: Add support for preloading a shared object containing a dummy
19673: execve() function that just sets error and returns -1. This adds a
19674: "noexec_file" option to load the filename as well as a "noexec" flag
19675: to enable it unconditionally. There is also a NOEXEC tag that can
19676: be attached to specific commands and an EXEC tag to disable it.
19677: [c8b6712feb91]
19678:
19679: * mkdefaults:
19680: add missing newline to usage statement
19681: [e84746618362]
19682:
19683: * config.h.in, sudo.c:
19684: Rename EXEC macro -> EXECV
19685: [ddaa0c027299]
19686:
19687: * logging.c:
19688: Don't truncate usernames to 8 characters in the log message.
19689: [f62a20f27075]
19690:
19691: * check.c, sudoers.man.in, sudoers.pod:
19692: Update copyright year
19693: [ca9964054085]
19694:
19695: * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
19696: sudoers.pod:
19697: Add a new option, lecture_file, that can be used to point to a
19698: custom sudo lecture.
19699: [940133231216]
19700:
19701: 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
19702:
19703: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
19704: auth/sudo_auth.c:
19705: Add a zero_bytes() function to do the equivalent of bzero in such a
19706: way that will heopfully not be optimized away by sneaky compilers.
19707: [161b6d74bfb4]
19708:
19709: * zero_bytes.c:
19710: Add a zero_bytes() function to do the equivalent of bzero in such a
19711: way that will heopfully not be optimized away by sneaky compilers.
19712: [d035abf0af94]
19713:
19714: * Makefile.in, sudo.h:
19715: Add a zero_bytes() function to do the equivalent of bzero in such a
19716: way that will heopfully not be optimized away by sneaky compilers.
19717: [ff136de3e255]
19718:
19719: * err.c:
19720: Use #ifdef __STDC__, not #if __STDC__.
19721: [6889dd6bc51a]
19722:
19723: 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
19724:
19725: * mkdefaults:
19726: Always put at least one space between the def_* macro name and its
19727: definition.
19728: [6b3ad0e6619a]
19729:
19730: * configure, configure.in:
19731: Adjust code for --without-lecture to match new values.
19732: [062aa788a6b9]
19733:
19734: * visudo.man.in:
19735: regen after pasto fix
19736: [3deec16906c0]
19737:
19738: * sudoers.man.in, sudoers.pod:
19739: Document that "lecture" has changed from a flag to a tuple.
19740: [e2c03062b533]
19741:
19742: * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
19743: defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
19744: Add support for tuples in def_data.in; these are implemented as an
19745: enum type. Currently there is only a single tuple enum but in the
19746: future we may have one tuple enum per T_TUPLE entry in def_data.in.
19747: Currently listpw, verifypw and lecture are tuples. This avoids the
19748: need to have two entries (one ival, one str) for pwflags and syslog
19749: values.
19750:
19751: lecture is now a tuple with the following values: never, once,
19752: always
19753:
19754: We no longer use both an int and string entry for syslog facilities
19755: and priorities. Instead, there are logfac2str() and logpri2str()
19756: functions that get used when we need to print the string values.
19757: [5293f946c836]
19758:
19759: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
19760: auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
19761: check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
19762: logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
19763: sudo.tab.c, visudo.c:
19764: Create def_* macros for each defaults value so we no longer need the
19765: def_{flag,ival,str,list,mode} macros (which have been removed). This
19766: is a step toward more flexible data types in def_data.in.
19767: [009c02934106]
19768:
19769: * TODO:
19770: checkpoint
19771: [0a99a4bb5d15]
19772:
19773: 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
19774:
19775: * sudo.c:
19776: If we are in -k/-K mode, just spew to stderr. It is not unusual for
19777: users to place "sudo -k" in a .logout file which can cause sudo to
19778: be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
19779: Previously, this would result in useless mail and logging.
19780: [d282e7ed63af]
19781:
19782: 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
19783:
19784: * visudo.pod:
19785: fix pasto in VISUAL description
19786: [1c6a6148b5f9]
19787:
19788: 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
19789:
19790: * configure:
19791: regen
19792: [f44312c63799]
19793:
19794: * CHANGES:
19795: checkpoint
19796: [0c42e38f78d5]
19797:
19798: * TROUBLESHOOTING:
19799: Some OSes (like Solaris) allow export w/ nosuid too
19800: [973ce85ffa12]
19801:
19802: 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
19803:
19804: * compat.h:
19805: We don't use FD_ZERO anymore so just define FD_SET (if not already
19806: there).
19807: [d1c8c11905cd]
19808:
19809: 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
19810:
19811: * auth/pam.c:
19812: Fix a core dump on Solaris by preserving the pam_handle_t we used
19813: during authentication for pam_prep_user(). If we didn't
19814: authenticate (ie: ticket still valid), we call pam_init() from
19815: pam_prep_user(). This is something of a hack; it may be better to
19816: change the auth API and add an auth_final() function that acts like
19817: pam_prep_user().
19818: [f787de49b175]
19819:
19820: 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
19821:
19822: * set_perms.c:
19823: Add explicit declaration of printerr variable in function header
19824: (was defaulting to int which is OK but oh so K&R :-). From Theo.
19825: [492c2358783f]
19826:
19827: 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
19828:
19829: * config.h.in, configure.in:
19830: s/HAVE_STOW/USE_STOW/
19831: [4b99e1824ece]
19832:
19833: * logging.c:
19834: Also exit waitpid() loop when pid == 0. Fixes a problem where the
19835: sudo process would spin eating up CPU until sendmail finished when
19836: it has to send mail.
19837: [ec3d5792b9b4]
19838:
19839: 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
19840:
19841: * fnmatch.c:
19842: Remove advertising clause, UCB has disavowed it
19843: [43a26bbd6628]
19844:
19845: * fnmatch.3:
19846: Remove advertising clause, UCB has disavowed it
19847: [3ff24291bcfa]
19848:
19849: 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
19850:
19851: * parse.c:
19852: Don't assume that getgrnam() calls don't modify contents of struct
19853: passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
19854: Based on a patch from Kirk Webb.
19855: [5574c68f60f3]
19856:
19857: 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
19858:
19859: * configure.in:
19860: missing ;;
19861: [22378f2a9d31]
19862:
19863: * configure.in:
19864: darwin has a broken setreuid() in at least some versions
19865: [d572aed930d2]
19866:
19867: * env.c:
19868: Fix an off by one error when reallocating the environment; Kevin Pye
19869: [3d98e7cf097a]
19870:
19871: 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
19872:
19873: * sudoers.pod:
19874: Fix User_Spec definition; SEKINE Tatsuo
19875: [49b0da65e090]
19876:
19877: 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
19878:
19879: * HISTORY:
19880: More info on the early days from Coggs.
19881: [9381ca10b06b]
19882:
19883: 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
19884:
19885: * auth/kerb5.c:
19886: remove errant semicolon that prevented compilation under heimdal
19887: [d2f2bb73a598]
19888:
19889: 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
19890:
19891: * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
19892: add DARPA credit on affected files
19893: [7020785ee50d]
19894:
19895: * sudoers.pod:
19896: add DARPA credit on affected files
19897: [83b46318750b]
19898:
19899: * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
19900: sudoers.man.in:
19901: add DARPA credit on affected files
19902: [d8adf1c2ba22]
19903:
19904: * set_perms.c:
19905: add DARPA credit on affected files
19906: [3d79fdabb582]
19907:
19908: * pathnames.h.in:
19909: add DARPA credit on affected files
19910: [e334cdda422f]
19911:
19912: * logging.c, parse.c:
19913: add DARPA credit on affected files
19914: [8f75f822755b]
19915:
19916: * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
19917: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
19918: find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
19919: interfaces.h:
19920: add DARPA credit on affected files
19921: [da66e28fb3f5]
19922:
19923: * auth/kerb5.c, auth/pam.c:
19924: add DARPA credit on affected files
19925: [15da3021b49c]
19926:
19927: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
19928: auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
19929: version.h:
19930: add DARPA credit on affected files
19931: [868d54cbddea]
19932:
19933: * env.c:
19934: add DARPA credit on affected files
19935: [90239f51ef0a]
19936:
19937: * defaults.c, defaults.h:
19938: add DARPA credit on affected files
19939: [6a64205fd1eb]
19940:
19941: * compat.h:
19942: add DARPA credit on affected files
19943: [316a735783c4]
19944:
19945: * Makefile.in, alloc.c, check.c:
19946: add DARPA credit on affected files
19947: [cd939e05c810]
19948:
19949: * LICENSE:
19950: slightly different wording for the darpa credit
19951: [e468909c4a21]
19952:
19953: 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
19954:
19955: * LICENSE:
19956: Add DARPA credit
19957: [8eb20e2cd63e]
19958:
19959: 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
19960:
19961: * auth/kerb5.c:
19962: Use krb5_princ_component() instead of krb5_princ_realm() for MIT
19963: Kerberos like we did before I messed things up ;-)
19964:
19965: Use krb5_principal_get_comp_string() to do the same thing w/
19966: Heimdal. I'm not sure if the component should be 0 or 1 in this
19967: case.
19968:
19969: #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
19970: older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
19971: should be a configure check for this I guess.
19972: [74919a3933fe]
19973:
19974: 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
19975:
19976: * sample.sudoers:
19977: builtin -> built-in; Jason McIntyre
19978: [027f2187923e]
19979:
19980: * TROUBLESHOOTING, config.h.in, configure, configure.in:
19981: builtin -> built-in; Jason McIntyre
19982: [70b81ac48943]
19983:
19984: * sudoers.pod:
19985: built in -> built-in; Jason McIntyre
19986: [da658ef5138d]
19987:
19988: 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
19989:
19990: * CHANGES:
19991: checkpoint for 1.6.7p3
19992: [da85f989fadf]
19993:
19994: * HISTORY:
19995: Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
19996: Amazingly, sudo source from 1985 is available via groups.google.com
19997: [39e0fc85b89f]
19998:
19999: * sudo.c:
20000: Don't change rl.rlim_max for RLIMIT_CORE. We need only set
20001: rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
20002: RLIMIT_CORE restoration on some OSes.
20003: [7e2c1a7adfd8]
20004:
20005: 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
20006:
20007: * auth/kerb5.c:
20008: Make this compile on Heimdal and MIT Kerberos 5
20009: [44c07d615868]
20010:
20011: * config.h.in, configure, configure.in:
20012: Check for heimdal even if we found krb5-config and define
20013: HAVE_HEIMDAL.
20014: [aba0126f0059]
20015:
20016: * auth/kerb5.c:
20017: Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
20018: no longer defined by MIT kerb5 (though it used to be and indeed
20019: remains so in Heimdal).
20020: [e5a6c64d7cd5]
20021:
20022: 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
20023:
20024: * mkinstalldirs:
20025: Remove newer stuff that passes multiple (possibly duplicate)
20026: directories to "mkdir -p" since that seems to break on Tru64 Unix at
20027: least. This basically brings back what shipped with sudo 1.6.6.
20028: [f2a1abd872b3]
20029:
20030: 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
20031:
20032: * auth/kerb5.c:
20033: Correct number of args to krb5_principal_get_realm() and fix an
20034: unclosed comment that hid the bug.
20035: [0b37f8ce7824]
20036:
20037: * configure:
20038: regen
20039: [1876cb840fe0]
20040:
20041: * configure.in:
20042: ++version
20043: [480aff7c048e]
20044:
20045: * README:
20046: ++version
20047: [488e0bbff613]
20048:
20049: * Makefile.in:
20050: ++version
20051: [97ef63cedc38]
20052:
20053: * INSTALL.binary:
20054: ++version
20055: [a506204e77d0]
20056:
20057: * INSTALL:
20058: ++version
20059: [555aeba5c2bf]
20060:
20061: * CHANGES, version.h:
20062: ++version
20063: [f66985a64063]
20064:
20065: * BUGS:
20066: ++version
20067: [ea3573432412]
20068:
20069: * configure.in:
20070: use krb5-config to determine Kerberos V details if it exists
20071: [7b46bbdaf774]
20072:
20073: * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
20074: auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
20075: find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
20076: testsudoers.c, visudo.c:
20077: Use warn/err and getprogname() throughout. The main exception is
20078: openlog(). Since the admin may be filtering logs based on the
20079: program name in the log files, hard code this to "sudo".
20080: [9f180d015cfa]
20081:
20082: * Makefile.in:
20083: Add getprogname.c and err.c
20084: [d411c54a07dc]
20085:
20086: * configure:
20087: regen
20088: [6d585d391acc]
20089:
20090: * config.h.in, configure.in:
20091: Add checks for getprognam(), __progname and err.h
20092: [bcbccf61d34a]
20093:
20094: * emul/err.h:
20095: For systems withour err/warn functions.
20096: [1b33118884d9]
20097:
20098: * err.c:
20099: For systems withour err/warn functions.
20100: [26721f6b041f]
20101:
20102: * getprogname.c:
20103: For systems neither getprogname() nor __progname; uses Argv[0].
20104: [841cf42af1eb]
20105:
20106: 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
20107:
20108: * CHANGES:
20109: checkpoint for 1.6.7p1
20110: [5bfdaf441dce]
20111:
20112: * sudo.c, testsudoers.c:
20113: fix strlcpy() rval check (innocuous)
20114: [e05ac7e0d1f3]
20115:
20116: * check.c:
20117: oflow detection in expand_prompt() was faulty (false positives). The
20118: count was based on strlcat() return value which includes the length
20119: of the entire string.
20120: [086c5a0acb25]
20121:
20122: 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
20123:
20124: * RUNSON, TODO:
20125: checkpoint for the sudo 1.6.7 release
20126: [096bab4da29a] [SUDO_1_6_7]
20127:
20128: * CHANGES:
20129: checkpoint for the sudo 1.6.7 release
20130: [87322187ed78]
20131:
20132: 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
20133:
20134: * logging.c:
20135: g/c unused variable
20136: [c57cd4a17765]
20137:
20138: * configure:
20139: regen
20140: [e7c1f581dfac]
20141:
20142: * configure.in:
20143: use man sections 8 and 5 for csops
20144: [87de581bda88]
20145:
20146: 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
20147:
20148: * configure:
20149: regen
20150: [cb1433a9c7a1]
20151:
20152: * configure.in:
20153: Add -lskey or -lopie directly to SUDO_LIBS instead of having
20154: AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
20155: [ac5667978939]
20156:
20157: * configure:
20158: regen
20159: [638459118a2a]
20160:
20161: * configure.in:
20162: Add --with-blibpath for AIX. An alternate libpath may be specified
20163: or
20164: -blibpath support can be disabled. Also change conifgure such that
20165: -blibpath is not specified if no -L libpaths were added to
20166: SUDO_LDFLAGS.
20167: [c7d17b480cad]
20168:
20169: * aclocal.m4:
20170: Add --with-blibpath for AIX. An alternate libpath may be specified
20171: or
20172: -blibpath support can be disabled. Also change conifgure such that
20173: -blibpath is not specified if no -L libpaths were added to
20174: SUDO_LDFLAGS.
20175: [37022e991575]
20176:
20177: * INSTALL:
20178: Add --with-blibpath for AIX. An alternate libpath may be specified
20179: or
20180: -blibpath support can be disabled. Also change conifgure such that
20181: -blibpath is not specified if no -L libpaths were added to
20182: SUDO_LDFLAGS.
20183: [4b4bbe5bbe1b]
20184:
20185: * configure.in:
20186: add AIX blibpath support
20187: [16ba788bf086]
20188:
20189: * INSTALL, configure.in:
20190: --with-skey and --with-opie now take an option directory argument
20191: This obsoletes a --with-csops hack (/tools/cs/skey)
20192:
20193: Also remove the remaining direct uses of "echo"
20194: [5b4986a90c03]
20195:
20196: 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
20197:
20198: * configure.in:
20199: Detect KTH Kerberos IV and deal with it. Also make -lroken optional
20200: for KTH Kerberos IV and V.
20201: [119f97b48e18]
20202:
20203: * aclocal.m4:
20204: Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
20205: -R/path/to/dir if $with_rpath) to the specified variable.
20206: [e55e49d076ce]
20207:
20208: * INSTALL, configure.in:
20209: Add -R/path/to/libs for Solaris and SVR4. There is a new configure
20210: option, --with-rpath to control this behavior.
20211: [d4730c5399ab]
20212:
20213: * configure.in:
20214: for kerb4 put libdes after libkrb on the link line
20215: [5c566100eab6]
20216:
20217: * auth/kerb4.c:
20218: typo
20219: [6541b72b64a3]
20220:
20221: * configure.in:
20222: fix kerberos lib check when a path is specified
20223: [ae833a914c6f]
20224:
20225: * logging.c:
20226: Fix boolean thinko in SIGCHLD reaper and call reapchild after
20227: sending mail instead of doing a conditional sudo_waitpid.
20228: [86fa9a35df5a]
20229:
20230: 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
20231:
20232: * configure:
20233: regen
20234: [e6275cf528ba]
20235:
20236: * configure.in:
20237: replace =DIR with [=DIR] where sensible
20238: [c39a59173b38]
20239:
20240: * configure.in:
20241: o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
20242: detection based on openssh's configure.in
20243: [5b7a340912df]
20244:
20245: * INSTALL:
20246: --with-kerb4 and --with-kerb5 now take an optional argument.
20247: [71ed87fc9c64]
20248:
20249: 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
20250:
20251: * auth/securid.c:
20252: Kill remaining strcpy(), the programmer's guide says username is 32
20253: bytes.
20254: [bdba70fcd08d]
20255:
20256: * auth/kerb4.c:
20257: trat uid_t as unsigned long for printf and use snprintf, not sprintf
20258: [8072f5f8966d]
20259:
20260: * auth/rfc1938.c:
20261: use snprintf
20262: [fc0c70c665fe]
20263:
20264: 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
20265:
20266: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
20267: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
20268: auth/rfc1938.c, auth/sudo_auth.c:
20269: update copyright year
20270: [b0a10ccb1d0e]
20271:
20272: * sudo.man.in, sudoers.man.in, visudo.man.in:
20273: update copyright year
20274: [8fce0034eb51]
20275:
20276: * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
20277: configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
20278: parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
20279: sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
20280: update copyright year
20281: [d541e75fe520]
20282:
20283: * check.c, env.c, sudo.c:
20284: Cast [ug]ids to unsigned long and printf with %lu
20285: [2ede64d3592b]
20286:
20287: * configure:
20288: regen
20289: [c7c3245bdf3e]
20290:
20291: * configure.in:
20292: correct error messages for --with-sudoers-{mode,uid,gid}
20293: [77fc15b1c9db]
20294:
20295: * alloc.c:
20296: make the malloc(0) error specific to each function to aid tracking
20297: down bugs.
20298: [a58c34374b4b]
20299:
20300: * alloc.c:
20301: deal with platforms where size_t is signed and there is no SIZE_MAX
20302: or SIZE_T_MAX
20303: [7192abb4ab4e]
20304:
20305: * auth/kerb5.c:
20306: Make this compile w/ Heimdal and fix some gcc warnings.
20307: [f52f026f31c2]
20308:
20309: * sudo.c:
20310: Use stat_sudoers macro so --with-stow can work
20311: [c3674735c139]
20312:
20313: * INSTALL, config.h.in, configure, configure.in:
20314: Add support for --with-stow based on patches from Robert Uhl
20315: [b274cc1dd52c]
20316:
20317: * env.c:
20318: fix indentation
20319: [110d9f1721b1]
20320:
20321: * configure.in:
20322: back out rev 1.352
20323: [1eee91c83f11]
20324:
20325: * lex.yy.c:
20326: regen
20327: [72fba1c9590b]
20328:
20329: * parse.lex:
20330: use strlcpy, not strncpy
20331: [4faccbaeccef]
20332:
20333: * set_perms.c:
20334: Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
20335: [33bf0d18fdc1]
20336:
20337: * logging.c:
20338: use pid_t
20339: [3e0536993d2c]
20340:
20341: 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
20342:
20343: * strlcat.c, strlcpy.c:
20344: Make gcc shutup about unused rcsid
20345: [1669a0c74e9e]
20346:
20347: * interfaces.c:
20348: Move the n == 0 check for the non-getifaddrs cas
20349: [2460be061b2a]
20350:
20351: * auth/rfc1938.c:
20352: skeychallenge() on NetBSD take a size parameter
20353: [05acc2012801]
20354:
20355: * configure:
20356: regen
20357: [24bccf4749e8]
20358:
20359: * configure.in:
20360: put -ldl after -lpam, not before; fixes static linking on Linux
20361: [7f06b7b2b4d8]
20362:
20363: * interfaces.c:
20364: Avoid malloc(0) and fix the loop invariant for the getifaddrs()
20365: case.
20366: [239a55068646]
20367:
20368: * sudo.cat, sudoers.cat, visudo.cat:
20369: regen
20370: [4a2eed3981ca]
20371:
20372: * sudo.man.in, sudoers.man.in, visudo.man.in:
20373: regen
20374: [2c96ea2cf930]
20375:
20376: * Makefile.in:
20377: Preserve copyright notice from .pod file in .man.in file
20378: [519fbd09aebc]
20379:
20380: * visudo.pod:
20381: Add sudoers(5) to SEE ALSO
20382: [77ecfe3aedf1]
20383:
20384: 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
20385:
20386: * lex.yy.c:
20387: regen
20388: [6f5751ce0b74]
20389:
20390: * parse.lex:
20391: Don't assume libc can realloc() a NULL string. If malloc/realloc
20392: fails, make sure we just return; yyerror() is not terminal.
20393: [1b8618623708]
20394:
20395: * lex.yy.c:
20396: regen
20397: [5d31b46191c6]
20398:
20399: * parse.lex:
20400: simplify fill_args a little and use strlcpy for paranoia
20401: [0ea35a55542b]
20402:
20403: * sudo.tab.c:
20404: regen
20405: [5a8d508d708b]
20406:
20407: * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
20408: testsudoers.c:
20409: Use strlc{at,py} for paranoia's sake and exit on overflow. In all
20410: cases the strings were either pre-allocated to the correct size of
20411: length checks were done before the copy but a little paranoia can go
20412: a long way.
20413: [e73d28f1d14e]
20414:
20415: * sudo.h:
20416: Add strlc{at,py} protos
20417: [748ffc7fc7f4]
20418:
20419: * env.c, interfaces.c:
20420: Use erealloc3()
20421: [47f2cb46aba8]
20422:
20423: * configure:
20424: regen
20425: [e7e2fb79f935]
20426:
20427: * alloc.c:
20428: Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
20429: memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
20430: [7e0fa4d6fc1d]
20431:
20432: * sudo.c:
20433: snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
20434: configure.
20435: [09ea4d3959e9]
20436:
20437: * aclocal.m4:
20438: In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
20439: [31b4fdfdb8bf]
20440:
20441: 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
20442:
20443: * sudo.c:
20444: Use snprintf() for paranoia
20445: [a2659ceb46de]
20446:
20447: * parse.yacc:
20448: Use emalloc2 and erealloc3
20449: [90a069842401]
20450:
20451: * Makefile.in:
20452: strlc{at,py} for those w/o it
20453: [bac82dc916ee]
20454:
20455: * strlcat.c, strlcpy.c:
20456: stlc{at,py} for those w/o it.
20457: [ce7254f5db09]
20458:
20459: * config.h.in, configure, configure.in:
20460: Add stlc{at,py} for those w/o it.
20461: [00f08219657a]
20462:
20463: * alloc.c, sudo.h:
20464: Add erealloc3(), a realloc() version of emalloc2().
20465: [c96eaf08bbed]
20466:
20467: * interfaces.c, sudo.c:
20468: Use emalloc2() to allocate N things of a certain size.
20469: [1e0aba365555]
20470:
20471: * alloc.c, sudo.h:
20472: Add emalloc2() -- like calloc() but w/o the bzero and with
20473: error/oflow checking.
20474: [292150bc4153]
20475:
20476: * alloc.c:
20477: Error out on malloc(0); suggested by theo
20478: [995279e81326]
20479:
20480: 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
20481:
20482: * configure, configure.in:
20483: fix a typo; David Krause
20484: [f161213a17ab]
20485:
20486: 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
20487:
20488: * sudo.pod:
20489: fix typo
20490: [3ae5ad9a351a]
20491:
20492: 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
20493:
20494: * env.c:
20495: Remove DYLD_ from the environment for MacOS X; from bbraun
20496: [38caad5a3935]
20497:
20498: 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
20499:
20500: * config.h.in, configure.in:
20501: not not; Anil Madhavapeddy
20502: [d4f4f0bfc66b]
20503:
20504: 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
20505:
20506: * sudo.pod, sudoers.pod, visudo.pod:
20507: typos; jmc@openbsd.org
20508: [868c0f09bf9e]
20509:
20510: 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
20511:
20512: * parse.yacc:
20513: Add some missing ';' rule terminators that bison warns about.
20514: [535b0b8dcce5]
20515:
20516: * config.sub:
20517: fix typo I introduced in last merge
20518: [81db4e4f43fe]
20519:
20520: * configure:
20521: regenerate with autoconf 2.57
20522: [ca0c1e9564f8]
20523:
20524: * config.h.in:
20525: Add missing "$HOME"
20526: [209186197ad1]
20527:
20528: * configure.in:
20529: Add some more square backets to make autoconf 2.57 happy
20530: [b5639c14faf7]
20531:
20532: * config.sub, mkinstalldirs:
20533: Updates from autoconf-2.57
20534: [36be35eb331b]
20535:
20536: * config.guess:
20537: Updates from autoconf-2.57
20538: [ea0f8ca622af]
20539:
20540: 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
20541:
20542: * sudo.tab.h:
20543: regen
20544: [13a65a421567]
20545:
20546: * lex.yy.c, sudo.tab.c:
20547: regen
20548: [0b529db7cb6d]
20549:
20550: * parse.lex, parse.yacc, sudoers.pod:
20551: Add support for Defaults>RunasUser
20552: [20d726373175]
20553:
20554: 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
20555:
20556: * visudo.c:
20557: fclose() yyin after each yyparse() is done and use fopen() instead
20558: of using freopen().
20559: [587f8a2df857]
20560:
20561: * parse.lex:
20562: Better fix for sudoers files w/o a newline before EOF. It looks
20563: like the issue is that yyrestart() does not reset the start
20564: condition to INITIAL which is an issue since we parse sudoers
20565: multiple times.
20566: [920f8326968a]
20567:
20568: 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
20569:
20570: * parse.lex:
20571: Work around what appears to be a flex bug when dealing with files
20572: that lack a final newline before EOF. This adds a rule to match EOF
20573: in the non-initial states which resets the state to INITIAL and
20574: throws an error.
20575: [b94943bb1f81]
20576:
20577: * visudo.c:
20578: o The parser needs sudoers to end with a newline but some editors
20579: (emacs) may not add one. Check for a missing newline at EOF and
20580: add one if needed. o Set quiet flag during initial sudoers parse (to
20581: get options) o Move yyrestart() call and always use freopen() to
20582: open yyin after initial sudoers parse.
20583: [12d12f9b07aa]
20584:
20585: 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
20586:
20587: * set_perms.c:
20588: Fix pasto/thinko in setresgid()/setregid() usage. Want to set
20589: effective gid, not real gid, when reading sudoers.
20590: [c7d18b810fcd]
20591:
20592: * set_perms.c:
20593: don't compile set_perms_posix if we have setreuid or setresuid
20594: [b9cea7a81a29]
20595:
20596: 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
20597:
20598: * sudo.pod, sudoers.pod:
20599: document new prompt escapes
20600: [2f088076b640]
20601:
20602: * check.c:
20603: Add %U and %H escapes and redo prompt rewriting. "%%" now gets
20604: collapsed to "%" as was originally intended. This also gets rid of
20605: lastchar (does lookahead instead of lookback) which should simplify
20606: the logic slightly.
20607: [4b707b77b3c7]
20608:
20609: 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
20610:
20611: * tgetpass.c:
20612: Write the prompt *after* turning off echo to avoid some password
20613: characters being echoed on heavily-loaded machines with fast
20614: typists.
20615: [d38c57775915]
20616:
20617: * config.sub:
20618: Add support for mipseb; wiz@danbala.tuwien.ac.at
20619: [cfdac87ed5c8]
20620:
20621: * configure.in:
20622: Fix IRIX fallout from name changes in man dir/sect Makefile
20623: variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
20624: [9a7618755c23]
20625:
20626: * auth/pam.c:
20627: Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
20628: the global copy. Problem noted by Peter Pentchev.
20629: [d0a3e189cb06]
20630:
20631: 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
20632:
20633: * sudo.tab.c:
20634: regen
20635: [23b931359087]
20636:
20637: * parse.yacc:
20638: Add missing yyerror() calls; YYERROR does not seem to call this for
20639: us.
20640: [0be7aeb3ac57]
20641:
20642: 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
20643:
20644: * sudo.c:
20645: fix typo in comment; Pedro Bastos
20646: [d7406c460e99]
20647:
20648: 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
20649:
20650: * INSTALL:
20651: document --disable-setresuid
20652: [fbd03d03a027]
20653:
20654: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
20655: auth/sudo_auth.c:
20656: Sprinkle some volatile qualifiers to prevent over-enthusiastic
20657: optimizers from removing memset() calls.
20658: [5370ac0e6129]
20659:
20660: * logging.c, parse.yacc:
20661: minor sign fixes pointed out by gcc -Wsign-compare
20662: [db872438337f]
20663:
20664: * set_perms.c, sudo.c, sudo.h:
20665: Revamp set_perms. We now use a version based on setresuid() or
20666: setreuid() when possible since that allows us to support the
20667: stay_setuid option and we always know exactly what the semantics
20668: will be (various Linux kernels have broken POSIX saved uid support).
20669: [523bc212396c]
20670:
20671: * config.h.in, configure:
20672: regen from configure.in
20673: [351877ea2624]
20674:
20675: * configure.in:
20676: Add checks for setresuid() and a way to disable using it
20677: [a5b21653d169]
20678:
20679: * compat.h:
20680: No long need to emulate set*[ug]id() via setres[ug]id() or
20681: setre[ug]id(). The new set_perms stuff only uses things it knows are
20682: there.
20683: [47884bd5d1d9]
20684:
20685: * sudo.c:
20686: Before exec, restore state of signal handlers to be the same as when
20687: we were initialy invoked instead of just reseting to SIG_DFL. Fixes
20688: a problem when using sudo with nohup. Based on a patch from Paul
20689: Markham.
20690: [f8f5a1484faa]
20691:
20692: * sudo.c:
20693: o timestamp_uid should be uid_t, not int o clarify error message
20694: when sudo is run by root and no_root_sudo is set
20695: [19dda0734264]
20696:
20697: 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
20698:
20699: * README:
20700: update ftp link for bison
20701: [98bc191016e3]
20702:
20703: 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
20704:
20705: * set_perms.c:
20706: Error out if setusercontext() fails and the runas user is not root.
20707: [089f9ade4686]
20708:
20709: 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
20710:
20711: * auth/securid5.c:
20712: Fix rcsid
20713: [07e9e85dcc2f]
20714:
20715: * configure.in:
20716: Fix SecurID API test
20717: [5ec201f454a5]
20718:
20719: 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
20720:
20721: * env.c:
20722: typo in comment
20723: [9d385c9ac533]
20724:
20725: * configure.in:
20726: securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
20727: but I don't see a better way at the moment.
20728: [f89e55cbb313]
20729:
20730: * Makefile.in, auth/securid5.c:
20731: SecurID API version 5 support from Michael Stroucken
20732: [68500ac7e531]
20733:
20734: * configure.in:
20735: Add check for SecurID 5.0 API
20736: [1ee242e6de6b]
20737:
20738: 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
20739:
20740: * strerror.c:
20741: We actually do still need config.h to get the 'const' definition for
20742: K&R C.
20743: [d9c982032d85]
20744:
20745: 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
20746:
20747: * configure:
20748: regen with autoconf 2.5.3
20749: [c71fc086eef5]
20750:
20751: * configure.in:
20752: Don't set sysconfdir to '/etc' if the user has specified a --prefix.
20753: [d90da1efafd9]
20754:
20755: * configure.in:
20756: Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
20757: LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
20758: [dd67afefa90d]
20759:
20760: * env.c, sudo.c, sudo.h:
20761: No need for dump_badenv() now that dump_defaults() knows how to dump
20762: lists.
20763: [6bcda468501d]
20764:
20765: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
20766: version.h:
20767: ++version
20768: [44e3b8f95f0b]
20769:
20770: * sudoers.pod:
20771: document timestampowner
20772: [37ebd69e9dd1]
20773:
20774: * check.c:
20775: Don't call set_perms() when doing timestamp stuff unless
20776: timestamp_uid != 0.
20777: [63a63d41d18c]
20778:
20779: * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
20780: sudo.h, testsudoers.c:
20781: g/c second arg to set_perms--it is no longer used
20782: [7ac4ce50c612]
20783:
20784: 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
20785:
20786: * check.c, set_perms.c, sudo.c, sudo.h:
20787: Add support for non-root timestamp dirs. This allows the timestamp
20788: dir to be shared via NFS (though this is not recommended).
20789: [faa83dd2b7fb]
20790:
20791: * def_data.c, def_data.h, def_data.in:
20792: Add timestampowner, "Owner of the authentication timestamp dir"
20793: [d47640d4c86a]
20794:
20795: 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
20796:
20797: * env.c:
20798: Don't try to pre-compute the size of the new envp, just allocate
20799: space up front and realloc as needed. Changes to the new env
20800: pointer must all be made through insert_env() which now keeps track
20801: of spaced used and allocates as needed.
20802: [39bc934a9f2c]
20803:
20804: 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
20805:
20806: * configure:
20807: regen
20808: [0e12c09bb790]
20809:
20810: * configure.in:
20811: Fix two typo/pastos; from jrj@purdue.edu
20812: [b718a4bf1181]
20813:
20814: 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
20815:
20816: * INSTALL.binary, README:
20817: ++version
20818: [a1e33027278c] [SUDO_1_6_6]
20819:
20820: * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
20821: visudo.cat, visudo.man.in:
20822: regen
20823: [19eb2be283ef]
20824:
20825: * CHANGES, RUNSON, TODO:
20826: Sync with 1.6.6
20827: [2ff9a9087f63]
20828:
20829: * check.c:
20830: The the loop used to expand %h and %u, the lastchar variable was not
20831: being initialized. This means that if the last char in the prompt
20832: is '%' and the first char is 'h' or 'u' a extra copy of the host or
20833: user name would be copied, for which space had not been allocated.
20834: [b2e27197857d]
20835:
20836: 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
20837:
20838: * BUGS, INSTALL, Makefile.in, configure.in, version.h:
20839: crank version to 1.6.6
20840: [cfd08689e597]
20841:
20842: * auth/afs.c:
20843: #undef VOID to get rid of an AFS warning
20844: [b40760564dc1]
20845:
20846: * env.c:
20847: Use easprintf instead of emalloc + sprintf for some things.
20848: [e7bfe2e69a03]
20849:
20850: 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
20851:
20852: * lex.yy.c, sudo.tab.c:
20853: regen
20854: [35327104383d]
20855:
20856: * parse.c, parse.lex, parse.yacc, testsudoers.c:
20857: Remove Chris Jepeway's email address so people don't bug him ;-)
20858: [c03410747a69]
20859:
20860: 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
20861:
20862: * sudo.c:
20863: Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
20864: endgrent() at the same time.
20865: [28b6097d5d1a]
20866:
20867: 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
20868:
20869: * INSTALL:
20870: Make it clear which configure options take arguments.
20871: [38529e7efad0]
20872:
20873: 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
20874:
20875: * compat.h:
20876: HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
20877: RLIM_INFINITY, just pretend it is -1. This works because we only
20878: check for RLIM_INFINITY and do not set anything to that value.
20879: [53173d34e6eb]
20880:
20881: 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
20882:
20883: * auth/pam.c:
20884: Zero and free allocated memory when there is a conversation error.
20885: [e342133db579]
20886:
20887: * auth/bsdauth.c:
20888: Use sigaction() not signal()
20889: [126c2790561f]
20890:
20891: * INSTALL:
20892: Mention that some linux kernels have broken POSIX saved ID support
20893: [571ef1a893d3]
20894:
20895: * CHANGES:
20896: checkpoint for 1.6.5p2
20897: [9e9e456f7f43]
20898:
20899: * configure:
20900: regen
20901: [d53703a46708]
20902:
20903: * configure.in:
20904: Add --disable-setreuid flag
20905: [3b9f2679cb55]
20906:
20907: * INSTALL:
20908: Document new --disable-setreuid option and change description for
20909: --disable-saved-ids to match new error message.
20910: [14fd3e5f60a5]
20911:
20912: * set_perms.c:
20913: fatal() now takes an argument that determines whether or not to call
20914: perror().
20915: [d826b25e62ff]
20916:
20917: * TROUBLESHOOTING:
20918: Update for new error messages from set_perms()
20919: [78007c3f76a9]
20920:
20921: * PORTING:
20922: Update for new error messages from set_perms()
20923: [60c545a6bcff]
20924:
20925: 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
20926:
20927: * auth/pam.c:
20928: Make this compile w/o warnings
20929: [b90843a29af5]
20930:
20931: * auth/pam.c:
20932: Mention that we can't use pam_acct_mgmt()
20933: [1dfc5a6e0479]
20934:
20935: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
20936: The user's password was not zeroed after use when AIX
20937: authentication, BSD authentication, FWTK or PAM was in use.
20938: [b18fff30b1e7]
20939:
20940: 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
20941:
20942: * auth/pam.c:
20943: Avoid giving PAM a NULL password response, use the empty string
20944: instead. This avoids a log warning when the user hits ^C at the
20945: password prompt when PAM is in use.
20946: [c3315805e4e4]
20947:
20948: * auth/pam.c:
20949: Don't check the return value of pam_setcred(). In Linux-PAM 0.75
20950: pam_setcred() returns the last saved return code, not the return
20951: code for the setcred module. Because we haven't called
20952: pam_authenticate(), this is not set and so pam_setcred() returns
20953: PAM_PERM_DENIED.
20954: [73db145fa179]
20955:
20956: * Makefile.in:
20957: Don't need a '/' between $(DESTDIR) and a directory.
20958: [0901ca618176]
20959:
20960: * Makefile.binary:
20961: Don't need a '/' between $(DESTDIR) and a directory.
20962: [cd7eb6098b87]
20963:
20964: 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
20965:
20966: * configure:
20967: regen
20968: [41b12c039282]
20969:
20970: * configure.in:
20971: o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
20972: setreuid() o new NetBSD has a real setreuid() o add check for
20973: freeifaddrs() if getifaddrs() exists.
20974: [a82ee3b01733]
20975:
20976: * config.h.in, interfaces.c:
20977: Older BSDi releases lack freeifaddrs() so add a test for that and if
20978: it is not present just use free().
20979: [6270671ea9d5]
20980:
20981: 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
20982:
20983: * CHANGES, RUNSON:
20984: Checkpoint for 1.6.5p1
20985: [26134ecf9b36]
20986:
20987: * auth/passwd.c:
20988: Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
20989: to normal passwords, not AUTH_FATAL (which just causes an exit).
20990: [785e0f4bc0e2]
20991:
20992: * visudo.c:
20993: Don't use memory after it has been freed.
20994: [c60492739fdb]
20995:
20996: * auth/passwd.c:
20997: skeyaccess() wants a struct passwd * not a char *; Patch from
20998: Phillip E. Lobbes
20999: [65a1d3806fcd] [SUDO_1_6_5]
21000:
21001: * BUGS:
21002: ++version
21003: [b2e1825e692e]
21004:
21005: * CHANGES, RUNSON, TODO:
21006: checkpoint for sudo 1.6.5
21007: [d730945622e7]
21008:
21009: 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
21010:
21011: * configure:
21012: regen
21013: [49744c403ac9]
21014:
21015: * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
21016: version 1.6.5
21017: [ec30a5f7fc45]
21018:
21019: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
21020: visudo.man.in:
21021: sudo version 1.6.5
21022: [458a3bed535d]
21023:
21024: * logging.c:
21025: o when invoking the mailer as root use a hard-coded environment that
21026: doesn't include any info from the user's environment. Basically
21027: paranoia.
21028:
21029: o Add support for the NO_ROOT_MAILER compile-time option and run the
21030: mailer as the user and not root if NO_ROOT_MAILER is defined.
21031: [4df351ec92ce]
21032:
21033: * set_perms.c, sudo.h:
21034: Bring back PERM_FULL_USER
21035: [edb6039bb284]
21036:
21037: * configure:
21038: regen
21039: [3eb2943afa03]
21040:
21041: * version.h:
21042: version 1.6.5
21043: [044fc9a0c72b]
21044:
21045: * INSTALL, config.h.in, configure.in:
21046: Add --disable-root-mailer option to run the mailer as the user and
21047: not root.
21048: [e9f805397963]
21049:
21050: * CHANGES:
21051: checkpoint for 1.6.4p2
21052: [b58aae5aa98a]
21053:
21054: * PORTING:
21055: Mention the "seteuid(0): Operation not permitted" problem here too
21056: just for good measure.
21057: [90135b37a691]
21058:
21059: 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
21060:
21061: * env.c, getspwuid.c, sudo.c:
21062: The SHELL environment variable was preserved from the user's
21063: environment instead of being reset based on the passwd database when
21064: the "env_reset" option was used. Now it is reset as it should be.
21065: [300066ef3c71]
21066:
21067: * configure:
21068: regen
21069: [a47d779e6552]
21070:
21071: * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
21072: sudo.c:
21073: Add a configure option to turn off use of POSIX saved IDs
21074: [fb18cc8e94d0]
21075:
21076: * configure:
21077: regen
21078: [d4f2f20025b6]
21079:
21080: * configure.in:
21081: add --with-efence option
21082: [45c4f33a8e88]
21083:
21084: * sudo.c:
21085: Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
21086: "sudo -l" would not work if always_set_home was set.
21087: [c3a6de6c4800]
21088:
21089: * lex.yy.c:
21090: regen
21091: [417424452998]
21092:
21093: * parse.lex:
21094: Quoted commas were not being treated correctly in command line
21095: arguments.
21096: [753415541b37]
21097:
21098: * sudo.c:
21099: o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
21100: Otherwise, the set_home option has no effect.
21101:
21102: o Fix use of freed memory when the "fqdn" flag is set. This was
21103: introduced by the fix for the "segv when gethostbynam() fails" bug.
21104: Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
21105: there is no need to check the "fqdn" flag in set_fqdn() itself.
21106: [4b6a4245c04e]
21107:
21108: * env.c:
21109: Add 'continue' statements to optimize the switch statement. From
21110: Solar.
21111: [a82c76975ae5]
21112:
21113: 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
21114:
21115: * sudoers.cat, sudoers.man.in:
21116: Regen from new sudoers.pod
21117: [6ecc07b3d0e1] [SUDO_1_6_4]
21118:
21119: * sudoers.pod:
21120: Add caveat about stay_setuid flag
21121: [9d228a7bea1b]
21122:
21123: * sudo.c:
21124: If set_perms == set_perms_posix and the stay_setuid flag is not set,
21125: set all uids to 0 and use set_perms_fallback().
21126: [c4e54d1ec86f]
21127:
21128: * set_perms.c, sudo.h:
21129: Remove PERM_FULL_USER (which is no longer used) and add
21130: PERM_FULL_ROOT (used when exec'ing the mailer).
21131: [15406c522ea2]
21132:
21133: * logging.c:
21134: Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
21135: never want to run the mailer setuid.
21136: [2294853e0666]
21137:
21138: 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
21139:
21140: * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
21141: visudo.pod:
21142: Use sudo.ws instead of courtesan.com in URLs
21143: [55204002a308]
21144:
21145: * Makefile.binary, Makefile.in:
21146: Fix mansect substitution
21147: [b7b5cbc3aa91]
21148:
21149: * Makefile.in:
21150: Substitute man sections in Makefile.binary
21151: [040deb785e56]
21152:
21153: * Makefile.binary:
21154: Sync install targets with Makefile.in and substitute in man
21155: sections.
21156: [77882a275281]
21157:
21158: * INSTALL, INSTALL.binary:
21159: version is 1.6.4
21160: [0f87aabbcb70]
21161:
21162: * Makefile.in:
21163: Repair bindist target
21164: [8d43bfe7e2d1]
21165:
21166: * CHANGES:
21167: sync for 1.6.4
21168: [13ca3d4a0a72]
21169:
21170: 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
21171:
21172: * install-sh:
21173: Fix case where neither whoami nor id are found
21174: [424dd270bc47]
21175:
21176: 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
21177:
21178: * install-sh:
21179: If neither whoami nor id exists, just assume we are root.
21180: [2d2644e42c53]
21181:
21182: * alloc.c:
21183: Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
21184: on AIX which for some reason isn't pulling in the malloc prototype.
21185: [231440d2ee3b]
21186:
21187: 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
21188:
21189: * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
21190: (c) 2002
21191: [700e3b41a68e]
21192:
21193: * CHANGES:
21194: checkpoint
21195: [33e604bd8d5b]
21196:
21197: * sudo.c:
21198: Defer assigning new environment until right before the exec.
21199: [f13c49e75c1c]
21200:
21201: * parse.c:
21202: kill extra blank line
21203: [12ef22e9dae3]
21204:
21205: 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
21206:
21207: * configure:
21208: regen
21209: [a6cd2d788f74]
21210:
21211: * configure.in:
21212: Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
21213: compiler doesn't recognise -O2.
21214: [5234aa543692]
21215:
21216: * HISTORY:
21217: Clarify origins of Root Group sudo a bit based on info from
21218: billp@rootgroup.com
21219: [4deef01c4208]
21220:
21221: 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
21222:
21223: * LICENSE:
21224: 2002
21225: [6c8e089dbd1a]
21226:
21227: * CHANGES:
21228: checkpoint for 1.6.4rc1
21229: [3349eb87a49f]
21230:
21231: 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
21232:
21233: * config.h.in:
21234: now generated via autoheader
21235: [84657d303cb9]
21236:
21237: * configure:
21238: regen
21239: [207bfa6a13f6]
21240:
21241: * compat.h:
21242: Move in some stuff that was previously in config.h.
21243: [e576d8b6480f]
21244:
21245: * aclocal.m4, configure.in:
21246: Add info for autoheader.
21247: [0549cd5da27c]
21248:
21249: 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
21250:
21251: * Makefile.in:
21252: o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
21253: -g to facilitate non-root installs
21254: [619216038f56]
21255:
21256: * install-sh:
21257: Add -M option (like -m but only for root) If we can't find "whoami",
21258: use "id" w/ some sed.
21259: [b39121c8b792]
21260:
21261: * configure:
21262: regen
21263: [b39b93ff9804]
21264:
21265: * configure.in:
21266: allow user to always override mansectsu and mansectform
21267: [0fca5e63bd90]
21268:
21269: 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
21270:
21271: * mkinstalldirs:
21272: update from autoconf 2.52
21273: [07bd75a508c3]
21274:
21275: * config.guess, config.sub:
21276: Update from autoconf 2.52
21277: [857b90fe31b7]
21278:
21279: * configure:
21280: regen with autoconf 2.52
21281: [08e7d1ea2aeb]
21282:
21283: * configure.in:
21284: o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
21285: mode o Remove compiler-specific checks for HP-UX now that we use
21286: AC_PROG_CC_STDC
21287: [d433a70b6208]
21288:
21289: * RUNSON:
21290: Checkpoint
21291: [babf6d2235d1]
21292:
21293: * auth/pam.c:
21294: o Add pam_prep_user function to call pam_setcred() for the target
21295: user; on Linux this often sets resource limits. o When calling
21296: pam_end(), try to convert the auth->result to a PAM_FOO value.
21297: This is a hack--we really need to stash the last PAM_FOO value
21298: received and use that instead.
21299: [6ad6f340dd2a]
21300:
21301: * set_perms.c, sudo.h:
21302: o Add pam_prep_user function to call pam_setcred() for the target
21303: user; on Linux this often sets resource limits.
21304: [67795421ac82]
21305:
21306: * env.c:
21307: Fix off by one error in number of bytes allocated via malloc (does
21308: not affected any released version of sudo).
21309: [5f5915360111]
21310:
21311: 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
21312:
21313: * lex.yy.c:
21314: regen
21315: [8208c0277775]
21316:
21317: * parse.lex:
21318: Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
21319: requiring that they be quoted.
21320: [ae59bc8f68dd]
21321:
21322: * sudoers.cat, sudoers.man.in, sudoers.pod:
21323: Mention that no double quotes are needed when
21324: adding/deleting/assigning a single value to a list.
21325: [25efc940a1f0]
21326:
21327: * Makefile.in:
21328: Don't rely on mkdefaults being executable, call perl explicitly.
21329: [6edc97ba5f1d]
21330:
21331: * sudo.tab.c:
21332: regen
21333: [49130b2e7e4d]
21334:
21335: * parse.yacc:
21336: Remove some XXX that are no longer relevant.
21337: [d460ac0d3767]
21338:
21339: * defaults.c:
21340: o Roll our own loop instead of using strpbrk() for better
21341: grokability o When adding to a list we must malloc() and use
21342: memcpy(), not strdup() since we must only copy len bytes from str.
21343: [649bef08e1f0]
21344:
21345: 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
21346:
21347: * sudo.tab.c:
21348: regen
21349: [f0bbf2c38c0e]
21350:
21351: * parse.yacc:
21352: typo in comment
21353: [2563711ff593]
21354:
21355: 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
21356:
21357: * CHANGES:
21358: checkpoint
21359: [a6d8a29fb30e]
21360:
21361: * configure:
21362: regen
21363: [bdfcaaf3bd13]
21364:
21365: * configure.in:
21366: avoid the -g flag unless --with-devel was specified
21367: [a976707bef30]
21368:
21369: * Makefile.in:
21370: mkdefaults, def_data.in and sigaction.c were missing from the
21371: tarball
21372: [6917ffbaa412]
21373:
21374: * Makefile.in:
21375: def_data.c was missing
21376: [87c78b11453d]
21377:
21378: 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
21379:
21380: * env.c:
21381: Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
21382: allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
21383: [fc8698e6a45e]
21384:
21385: * TODO:
21386: Another TODO item
21387: [6f251d6cd466]
21388:
21389: * sudoers:
21390: Add comment for Default section so folks know where it should go.
21391: [7edba626f392]
21392:
21393: 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
21394:
21395: * tgetpass.c:
21396: Use TCSETAF, not TCSETA to set terminal in termio case
21397: [fbd172f6c5d3]
21398:
21399: * sudoers.cat, sudoers.man.in:
21400: regen from sudoers.pod
21401: [64edd2de816e]
21402:
21403: * sudoers.pod:
21404: o Typo, Runas_User_List should be Runas_List o a User_List can not
21405: contain a uid o mention that the Defaults section should come after
21406: Alias definitions but before the user specifications
21407: [54070ba2092b]
21408:
21409: 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
21410:
21411: * sudoers.cat, sudoers.man.in:
21412: regen
21413: [e62d1d97693c]
21414:
21415: * sudoers.pod:
21416: Fix listpw and verifypw sections, they were not being formatted
21417: properly.
21418: [123868c2f3e9]
21419:
21420: * sudoers.cat, sudoers.man.in:
21421: regen
21422: [f94841f8b374]
21423:
21424: * sudoers.pod:
21425: fix typos
21426: [f278f1c1184e]
21427:
21428: * configure:
21429: regen
21430: [d2270049ba9f]
21431:
21432: * config.h.in, configure.in:
21433: use AC_SYS_POSIX_TERMIOS instead of rolling our own
21434: [c1a13f1354b9]
21435:
21436: * README:
21437: Reference sudo.ws not courtesan.com
21438: [ca13be67ebd7]
21439:
21440: * PORTING:
21441: Add notes on shadow passwords
21442: [aa13863f2314]
21443:
21444: * BUGS:
21445: In list mode (sudo -l), characters escaped with a backslash are
21446: shown verbatim with the backslash.
21447: [1a75a2858be2]
21448:
21449: * sudoers:
21450: Add simple examples from OpenBSD (Marc Espie)
21451: [3ae9a9ae4125]
21452:
21453: * tgetpass.c:
21454: Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
21455: [f8817699ee10]
21456:
21457: * CHANGES:
21458: minor prettyification
21459: [f523587929b9]
21460:
21461: * CHANGES:
21462: Updated change log
21463: [39d9010ee7a8]
21464:
21465: * testsudoers.c:
21466: Fix CIDR handling here too.
21467: [c91db8344c32]
21468:
21469: * auth/pam.c:
21470: Apparently a NULL response is OK
21471: [83bae61078d9]
21472:
21473: * TODO:
21474: Checkpoint for upcoming beta release
21475: [efb95c09df2a]
21476:
21477: * TROUBLESHOOTING:
21478: Many people believe that adding a runas spec should obviate the need
21479: for the -u flag. It does not.
21480: [c698bad85b0e]
21481:
21482: * RUNSON:
21483: checkpoint update for upcoming 1.6.4 beta
21484: [009e465a0a45]
21485:
21486: * config.h.in:
21487: o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
21488: if HAVE_STRING_H is defined -- this is safe now
21489: [d27c035f4e14]
21490:
21491: * PORTING:
21492: Add signals section
21493: [2d24c13cb3c8]
21494:
21495: * configure:
21496: regen
21497: [2b80a939e2ed]
21498:
21499: * configure.in:
21500: Fix check for sigaction_t
21501: [6fa41c89ab20]
21502:
21503: * sudo.c:
21504: XXX - should call find_path() as runas user, not root. Can't do
21505: that until the parser changes though.
21506: [f0b4f85651bd]
21507:
21508: * sudo.c:
21509: If find_path() fails as root, try again as the invoking user (useful
21510: for NFS). Idea from Chip Capelik.
21511: [e03fa7872692]
21512:
21513: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
21514: Regenerate after pod file changes
21515: [48e4bd75ec21]
21516:
21517: * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
21518: sudo.pod, sudoers.pod:
21519: Add new sudoers option "preserve_groups". Previously sudo would not
21520: call initgroups() if the target user was root. Now it always calls
21521: initgroups() unless the -P command line option or the
21522: "preserve_groups" sudoers option is set. Idea from TJ Saunders.
21523: [4f730359f101]
21524:
21525: 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
21526:
21527: * compat.h, config.h.in:
21528: Use new HAVE_SIGACTION_T define
21529: [dfb25f3cae5b]
21530:
21531: * logging.c:
21532: Fix compilation on K&C
21533: [7355e3275e34]
21534:
21535: * configure:
21536: regen
21537: [a710584f92f0]
21538:
21539: * configure.in:
21540: Add check for sigaction_t -- IRIX already defines this so don't
21541: redefine it.
21542: [df9c5737f6da]
21543:
21544: * snprintf.c:
21545: fix typo
21546: [3d782b8134c8]
21547:
21548: * interfaces.c:
21549: need stdlib.h here too
21550: [c789d8973ab2]
21551:
21552: * configure:
21553: regen
21554: [44822856bf46]
21555:
21556: * configure.in:
21557: Remove redundant checks for string.h, strings.h and unistd.h
21558: [933c94f8bbf4]
21559:
21560: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
21561: visudo.man.in:
21562: Regen from pod files
21563: [ad18c590f638]
21564:
21565: * BUGS:
21566: Update for 1.6.4
21567: [26bc88b69d22]
21568:
21569: * configure, lex.yy.c, sudo.tab.c:
21570: regen
21571: [bef89fd6fa2d]
21572:
21573: * strerror.c:
21574: Return EINVAL if errnum > sys_nerr
21575: [0512374e6661]
21576:
21577: * auth/sudo_auth.h:
21578: o Update copyright year
21579: [a877016db6e2]
21580:
21581: * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
21582: config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
21583: sudo.pod:
21584: o Update copyright year
21585: [e15a1b39039f]
21586:
21587: * configure.in:
21588: o Don't define STDC_HEADERS unconditionally for IRIX o Update
21589: copyright year
21590: [82a8cb819e07]
21591:
21592: * README:
21593: update version
21594: [d82e523a16b4]
21595:
21596: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
21597: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
21598: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
21599: auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
21600: set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
21601: visudo.c:
21602: o Reorder some headers and use STDC_HEADERS define properly o Update
21603: copyright year
21604: [fe39f76b3795]
21605:
21606: * lsearch.c:
21607: o Reorder some headers and use STDC_HEADERS define properly o Update
21608: copyright year
21609: [764ba3d4fa13]
21610:
21611: * getspwuid.c, goodpath.c, interfaces.c:
21612: o Reorder some headers and use STDC_HEADERS define properly o Update
21613: copyright year
21614: [fb46d46140d4]
21615:
21616: * getcwd.c:
21617: o Reorder some headers and use STDC_HEADERS define properly o Update
21618: copyright year
21619: [b199d70ac7ab]
21620:
21621: * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
21622: fnmatch.c:
21623: o Reorder some headers and use STDC_HEADERS define properly o Update
21624: copyright year
21625: [dab8f192a3ed]
21626:
21627: * configure:
21628: regen
21629: [156658f25cea]
21630:
21631: * tgetpass.c:
21632: flags set in signal handlers should be volatile sig_atomic_t
21633: [c22931a5535e]
21634:
21635: * config.h.in, configure.in:
21636: Add checks for volatile and sig_atomic_t
21637: [b03b3341381d]
21638:
21639: * configure, lex.yy.c:
21640: regen
21641: [ed9daba88217]
21642:
21643: * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
21644: sudo.c, sudoers.pod:
21645: Remove "secure_path" Defaults option since it cannot work with the
21646: existing parser.
21647: [c9e54a0f5971]
21648:
21649: * find_path.c, sudo.c:
21650: Unset "secure_path" if user_is_exempt()
21651: [fb7544565ae8]
21652:
21653: * env.c, pathnames.h.in:
21654: o Remove assumption that PATH and TERM are not listed in env_keep o
21655: If no PATH is in the environment use a default value o If TERM is
21656: not set in the non-reset case also give it a default value.
21657: [c987eb7df268]
21658:
21659: * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
21660: _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
21661: systems that define in paths.h
21662: [51865b0cdebf]
21663:
21664: * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
21665: Add support for skeyaccess(3) if it is present in libskey.
21666: [8add77c7d3e7]
21667:
21668: 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
21669:
21670: * sudo.c:
21671: Only need to do 'lc = login_getclass(NULL)' if lc == NULL
21672: [5a3d3cbf2c6d]
21673:
21674: * parse.lex:
21675: '\\' is a perfectly legal character to have in a command line
21676: argument.
21677: [c15a466ef00e]
21678:
21679: * sudo.c:
21680: o Defer call to set_fqdn() until it is safe to use log_error() o
21681: Don't print errno string value if gethostbyname fails, it is not
21682: relevant
21683: [c0c6bcf08bcb]
21684:
21685: * parse.c:
21686: Fix CIDR -> in_addr_t conversion.
21687: [2f307ebeb63f]
21688:
21689: 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
21690:
21691: * sudoers.pod:
21692: Remove an extra "User_List" in the User_Spec definition From
21693: ybertrand AT snoopymail.com
21694: [97bde59ea280]
21695:
21696: * parse.c:
21697: Make 'listpw=never' work for users who are not explicitly mentioned
21698: in sudoers.
21699: [258f0f30a428]
21700:
21701: * sudoers.pod:
21702: Remove gratuitous '=' in EBNF grammar; era AT iki.fi
21703: [4b0f03872ee1]
21704:
21705: * sudoers.pod:
21706: Document new list Defaults type and convert env_keep and env_delete
21707: to lists. Document new env_check option.
21708: [a07f1f079fe3]
21709:
21710: * lex.yy.c, sudo.tab.c, sudo.tab.h:
21711: regen parser
21712: [e39ac6c6581b]
21713:
21714: * parse.lex:
21715: Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
21716: to #[0-9-]+.
21717: [69c5388908f3]
21718:
21719: * configure:
21720: regen
21721: [0f1877b88cb3]
21722:
21723: * aclocal.m4:
21724: Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
21725: [6545503ae361]
21726:
21727: * config.h.in, configure.in:
21728: Add check for skeyaccess(3)
21729: [6caf69fe6359]
21730:
21731: * visudo.pod:
21732: Document new -c, -f, and -q options
21733: [13d0203c21d3]
21734:
21735: * visudo.c:
21736: o Add -f option (alternate sudoers file) o Convert to use getopt(3)
21737: [4c2b664d617d]
21738:
21739: * configure:
21740: regen
21741: [6d5bd932e7b5]
21742:
21743: * aclocal.m4, config.h.in, configure.in:
21744: Add check for isblank and a replacement macro if it doesn't exist.
21745: [b524f5e4f953]
21746:
21747: 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
21748:
21749: * visudo.c:
21750: In check-only mode, don't create sudoers if it does not already
21751: exist.
21752: [c748a2d5acad]
21753:
21754: * parse.yacc:
21755: o Add a new token, DEFVAR, to indicate a Defaults variable name o
21756: Add support for "+=" and "-=" list operators o replace some 1 and 0
21757: with TRUE and FALSE for greater legibility.
21758: [554cb174b37e]
21759:
21760: * parse.lex:
21761: o Use exclusive start conditions to remove some ambiguity in the
21762: lexer. Also reorder some things for clarity. o Add support for
21763: "+=" and "-=" list operators. o Use the new DEFVAR token to denote
21764: a Defaults variable name.
21765: [3a2cf8323e26]
21766:
21767: * sudo.h:
21768: Prototype init_envtables()
21769: [b74916469dab]
21770:
21771: * env.c:
21772: o Convert environment handling to use lists instead of strings.
21773: This greatly simplifies routines that need to do "foreach" type
21774: operations. o Add new init_envtables() function to set env_check
21775: and env_delete defaults based on initial_badenv_table and
21776: initial_checkenv_table (formerly sudo_badenv_table).
21777: [0a8b404658b6]
21778:
21779: * defaults.c, defaults.h:
21780: o Add a new LIST type and functions to manipulate it. o This is for
21781: use with environment handling variables. o Call new
21782: init_envtables() routine inside init_defaults() to initialize the
21783: environment lists.
21784: [ae73e64f0902]
21785:
21786: * def_data.c, def_data.h, def_data.in:
21787: Convert environment options to use the new LIST type and add a new
21788: one, env_check that only deletes if the sanity check fails.
21789: [3019503936de]
21790:
21791: * testsudoers.c:
21792: Add dummy version of init_envtables()
21793: [9d9e3ee609d9]
21794:
21795: * parse.yacc:
21796: honor quiet mode
21797: [8330fba6167c]
21798:
21799: * visudo.c:
21800: Add check-only mode
21801: [dab411bc8c35]
21802:
21803: * mkdefaults:
21804: Fix generation of entries with NULL descriptions.
21805: [ea75b9fed02e]
21806:
21807: 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
21808:
21809: * tgetpass.c:
21810: Use sigaction_t and quiet a gcc warning.
21811: [6f67d719c452]
21812:
21813: * sudo.c:
21814: Must reset signal handlers before we exec
21815: [300418120e1a]
21816:
21817: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
21818: auth/sudo_auth.c:
21819: Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
21820: version needs testing. Set SIGTSTP to SIG_DFL during password entry
21821: so user can suspend us.
21822: [00304aa58747]
21823:
21824: * tgetpass.c:
21825: Add support for interrupting/suspending tgetpass via keyboard input.
21826: If you suspend sudo from the password prompt and resume it will re-
21827: prompt you.
21828: [4af2b5101d32]
21829:
21830: * sudo.c:
21831: Don't block keyboard interrupt signals, just set them to SIG_IGN.
21832: [d46d7f67ef6b]
21833:
21834: 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
21835:
21836: * config.h.in:
21837: add back HAVE_SIGACTION
21838: [c9c7702c603e]
21839:
21840: * configure:
21841: regen
21842: [09fe669d337f]
21843:
21844: * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
21845: Kill POSIX_SIGNALS define and old signal support now that we emulate
21846: POSIX ones Also be sure to correctly initialize struct sigaction.
21847: [4bc2a6dbb2be]
21848:
21849: * strerror.c:
21850: Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
21851: [1ad64a19f328]
21852:
21853: * compat.h:
21854: Add scaffolding for POSIX signal emulation
21855: [945861d4c93b]
21856:
21857: * sigaction.c:
21858: o Add missing ';' so this compiles o Can't use NULL since we don't
21859: include stdio.h
21860: [04d0cac7438f]
21861:
21862: * sigaction.c:
21863: Emulate sigaction() using sigvec()
21864: [d0b54a989875]
21865:
21866: 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
21867:
21868: * sudoers.pod:
21869: Document new behavior of negative values of timestamp_timeout Fix a
21870: typo
21871: [4c0716570d01]
21872:
21873: * sudo.pod:
21874: Add security note about command not being logged after 'sudo su' and
21875: friends.
21876: [43294851a33c]
21877:
21878: * sudo.pod:
21879: Mention that -V prints default values when run as root, including
21880: the list of environment variables to clear.
21881: [d9e5e550a8c3]
21882:
21883: * Makefile.in:
21884: Run pod2man with --quotes=none to avoid stupid quoting of C<>
21885: entries.
21886: [997b23c35dbe]
21887:
21888: 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
21889:
21890: * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
21891: Add mail_badpass option Also modify mail_always behavior to also
21892: send mail when the password is wrong
21893: [838d40ccafce]
21894:
21895: * env.c, sudo.c, sudo.h:
21896: Dump default bad env table when 'sudo -V' is run by root.
21897: [f67f1b8048b0]
21898:
21899: * sudoers.pod:
21900: document env_delete
21901: [d74f893663a2]
21902:
21903: * env.c:
21904: Add support for '*' in env_keep when not resetting the environment
21905: (ie: the normal case).
21906: [fd4fb62ea8fd]
21907:
21908: * env.c:
21909: Add env_delete variable that lets the user replace/add to the
21910: bad_env_table. Allow '*' wildcard in env_keep entries.
21911: [aa728bc35e29]
21912:
21913: 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
21914:
21915: * mkinstalldirs:
21916: Force umask to 022 to guarantee sane directory permissions.
21917: [9ab3cfe70569]
21918:
21919: 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
21920:
21921: * Makefile.in:
21922: add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
21923: [671010465e6f]
21924:
21925: * mkdefaults:
21926: fix breakage in last commit
21927: [8318f8851e56]
21928:
21929: * Makefile.in:
21930: acsite.m4 -> aclocal.m4
21931: [30c146873a01]
21932:
21933: * check.c:
21934: fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
21935: [4dc8b39954da]
21936:
21937: * def_data.c:
21938: regenerated from def_data.in
21939: [915ea16ce1eb]
21940:
21941: * check.c, defaults.c, defaults.h:
21942: Add new T_UINT type that most things use instead of T_INT If
21943: timestamp_timeout is < 0 then treat the ticket as never expiring (to
21944: be expired manually by the user).
21945: [3a3a636a2a5d]
21946:
21947: * def_data.in:
21948: change most T_INT -> T_UINT
21949: [a2228d2457af]
21950:
21951: * mkdefaults:
21952: fix warning when no args
21953: [ca70a5394af5]
21954:
21955: * visudo.c:
21956: Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
21957: we are a signal handler. We no longer print the signal number but
21958: the user can just check the exit value for that.
21959: [dc424f631fef]
21960:
21961: 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
21962:
21963: * logging.c:
21964: when setting up pipes in child process check for case where stdin ==
21965: pipe fd 0
21966: [518112d76184]
21967:
21968: 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
21969:
21970: * visudo.c:
21971: Ignore editor exit value since XPG4 says vi's exit value is the
21972: count of editing errors made (failed searches, etc).
21973: [b9d952284865]
21974:
21975: 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
21976:
21977: * configure:
21978: regen
21979: [cb3aa586f03b]
21980:
21981: * configure.in:
21982: sco now is identified by config.guess as *-sco-*
21983: [46664bbdea61]
21984:
21985: * configure.in:
21986: Check for getspnam() in -lgen if not in -lc for UnixWare.
21987: [0f152ad1ba93]
21988:
21989: 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
21990:
21991: * sudoers.pod, visudo.pod:
21992: "upper case" -> "uppercase"
21993: [f9151f232326]
21994:
21995: * sudoers.pod:
21996: fix typos and grammar; pjanzen@foatdi.harvard.edu
21997: [2855d73d0237]
21998:
21999: 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
22000:
22001: * sudoers.pod:
22002: Missing word (specify); krapht@secureops.com
22003: [65523eb37a2c]
22004:
22005: 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
22006:
22007: * sudo.c:
22008: If we fail to lookup a login class, apply the default one.
22009: [d4869faa6816]
22010:
22011: * logging.c:
22012: In log_error() free message, not logline unconditionally, then free
22013: logline if it is not the same as message. No function change but
22014: this mirrors how they are allocated.
22015: [565e5f6cc643]
22016:
22017: 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
22018:
22019: * configure:
22020: regenerate
22021: [834a48f548a2]
22022:
22023: * configure.in:
22024: remove some backslash quotes that are unneeded
22025: [50d401d6e2ca]
22026:
22027: * configure.in:
22028: o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
22029: instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
22030: can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
22031: to AC_DEFINE things manually.
22032: [f502c5f15f92]
22033:
22034: * config.guess, config.sub:
22035: Updated from autoconf-2.50
22036: [6140205915ef]
22037:
22038: 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
22039:
22040: * README:
22041: Update mailing list section. We use mailman now, not majordomo.
22042: [b9a8ca45e6dc]
22043:
22044: 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
22045:
22046: * getspwuid.c, logging.c, sudo.c:
22047: Use setpwent()/endpwent() + all the shadow variants to make sure we
22048: don't inadvertantly leak an fd to the child. Apparently Linux's
22049: shadow routines leave the fd open even if you don't call setspent().
22050: Reported by mike@gistnet.com; different patch used.
22051: [d33792ef6c01]
22052:
22053: 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
22054:
22055: * sudoers.pod:
22056: s/eg./e.g./
22057: [bd32a0acaf93]
22058:
22059: * tgetpass.c:
22060: select() may return EAGAIN. If so, continue like we do for EINTR.
22061: [5f202c943818]
22062:
22063: * logging.c:
22064: Fix a non-exploitable buffer overflow in the word splitting code.
22065: This should really be rewritten.
22066: [4c724363863a]
22067:
22068: * Makefile.in:
22069: FAQ link goes away
22070: [1d26dd6c8972]
22071:
22072: * INSTALL:
22073: Tell people to look in sample.syslog.conf for examples, not FAQ
22074: [affcae3f43ca]
22075:
22076: * TROUBLESHOOTING:
22077: Update list of env vars that are cleared
22078: [234e56f1435a]
22079:
22080: * sudo.c:
22081: remove struct env_table decl since that stuff has all moved to env.c
22082: [5dd923148777]
22083:
22084: 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
22085:
22086: * fileops.c:
22087: Fix a pasto in flock-style unlocking and include <sys/file.h> for
22088: flock on older systems; twetzel@gwdg.de
22089: [d5420d9d2861]
22090:
22091: * configure:
22092: regen to get NeXT lockf/flock fix
22093: [d3ba6ed70e15]
22094:
22095: * configure.in:
22096: force NeXT to use flock since lockf is broken
22097: [bd5391dca1bb]
22098:
22099: 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
22100:
22101: * check.c:
22102: Use stashed user_gid when checking against exempt gid since sudo
22103: sets its gid to a a value that makes sudoers readable. Previously
22104: if you used gid 0 as the exempt group everyone would be exempt. From
22105: Paul Kranenburg <pk@cs.few.eur.nl>
22106: [0b140cc3a817]
22107:
22108: 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
22109:
22110: * configure:
22111: regen
22112: [cc455408f32b]
22113:
22114: * aclocal.m4:
22115: #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
22116: some types (such as ssize_t) therein.
22117: [b6aee85ca331]
22118:
22119: 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
22120:
22121: * defaults.c:
22122: Fix negation of paths in a boolean context. Problem found by
22123: apt@UH.EDU
22124: [8aee217a7cdf]
22125:
22126: 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
22127:
22128: * visudo.c:
22129: pasto
22130: [ad32b277bf68]
22131:
22132: 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
22133:
22134: * visudo.c:
22135: SA_RESETHAND means the opposite of what I was thinking--oops To
22136: block all signals in old-style signals use ~0, not 0xffffffff
22137: [6ecdd793590a]
22138:
22139: 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
22140:
22141: * defaults.c:
22142: coerce difference of pointers to int when used in a string length
22143: printf format; deraadt@openbsd.org
22144: [a9d10f07180d]
22145:
22146: 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
22147:
22148: * visudo.c:
22149: Block all signals in Exit() to avoid a signal race. There is still
22150: a tiny window but I'm not going to worry about it.
22151: [6661805c0458]
22152:
22153: 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
22154:
22155: * env.c:
22156: glibc uses the LANGUAGE env var so clear that too; Solar Designer
22157: [d4ba95628afb]
22158:
22159: * lex.yy.c:
22160: Regenerate with a fix to flex.skl that preserves errno from
22161: clobbering by isatty().
22162: [607eec736e19]
22163:
22164: 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
22165:
22166: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
22167: auth/sia.c, auth/sudo_auth.c:
22168: Some defaults I_ defines got renamed.
22169: [ec19b23caaf3]
22170:
22171: * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
22172: defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
22173: set_perms.c, sudo.c, sudo.tab.c:
22174: Move defaults info into its own files from which we generate .h and
22175: .c files. This makes adding or rearranging variables much simpler.
22176: [e91b880b5043]
22177:
22178: 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
22179:
22180: * configure, configure.in:
22181: fix typo in last commit
22182: [10a6ee2bae71]
22183:
22184: * compat.h, config.h.in, configure, configure.in:
22185: Add check + emulation for setegid (like seteuid).
22186: [29492092bd2f]
22187:
22188: * env.c:
22189: Make env_keep override badenv_table as documented Fix traversal of
22190: badenv_table (broken in last commit)
22191: [37c9f0d22673]
22192:
22193: * set_perms.c, sudo.c, sudo.h:
22194: Don't try and build saved uid version of set_perms on systems w/o
22195: them. Rename set_perms_saved_uid() -> set_perms_posix() Make
22196: set_perms_setreuid simply be set_perms_fallback() and simply include
22197: the appropriate function at compile time (setreuid() vs. setuid()).
22198: [3107333c062c]
22199:
22200: * sudoers.cat, sudoers.man.in, sudoers.pod:
22201: PATH is also preserved when env_reset is in effect
22202: [90e45c5711ff]
22203:
22204: * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
22205: configure.in, defaults.c, defaults.h, env.c, find_path.c,
22206: getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
22207: sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
22208: visudo.c, visudo.cat, visudo.man.in:
22209: New Defaults options: o stay_setuid - sudo will remain setuid if
22210: system has saved uids or setreuid(2) o env_reset - reset the
22211: environment to a sane default o env_keep - preserve environment
22212: variables that would otherwise be cleared
22213:
22214: No longer use getenv/putenv/setenv functions--do environment munging
22215: by hand. Potentially dangerous environment variables can be cleared
22216: only if they contain '/' pr '%' characters to protect buggy
22217: programs. Moved environment routines into env.c (new file)
22218: [c2f97651db4c]
22219:
22220: * INSTALL:
22221: Clear up --without-passwd description
22222: [2f336dab6733]
22223:
22224: * putenv.c, sudo_setenv.c:
22225: We now build up a new environment from scratch and assign it to
22226: "environ".
22227: [6ae6152f2238]
22228:
22229: 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
22230:
22231: * sudo.pod, visudo.pod:
22232: Grammatical fixes from Paul Janzen
22233: [e03ead2e56f8]
22234:
22235: 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
22236:
22237: * visudo.c:
22238: If there was a syntax error and the user just wants to quit, unlink
22239: sudoers if it is zero length.
22240: [74ba7921f520]
22241:
22242: * visudo.c:
22243: 'Q' means ignore parse error, not 'q'
22244: [e8d0e4491fe6]
22245:
22246: * visudo.c:
22247: Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
22248: <dim@xs4all.nl>
22249: [b24990a72491]
22250:
22251: 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
22252:
22253: * set_perms.c:
22254: Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
22255: [41a8db10e076]
22256:
22257: 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
22258:
22259: * config.guess, config.sub:
22260: Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
22261: [6052da895d2e]
22262:
22263: 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
22264:
22265: * sudo.c, visudo.c:
22266: Use exit(127), not exit(-1)
22267: [9ff0c3eada34]
22268:
22269: * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
22270: Move set_perms() to its own file and use POSIX saved uid or
22271: setreuid() if available.
22272:
22273: Added stay_setuid option for systems that have libraries that
22274: perform extra paranoia checks in system libraries for setuid
22275: programs (ie: anything with issetugid(2)).
22276: [28960f842698]
22277:
22278: * sudo.c:
22279: strip more bits from the environment and add a facility for
22280: stripping things only if they contain '/' or '%' to address printf
22281: format string vulnerabilities in other programs.
22282: [b98d6375f299]
22283:
22284: 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
22285:
22286: * configure:
22287: regen
22288: [7e74e5c91049]
22289:
22290: * configure.in:
22291: For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
22292: strcasecmp().
22293: [a418e9e70442]
22294:
22295: * configure:
22296: regen
22297: [bbff244a52bc]
22298:
22299: * configure.in:
22300: Check for strcasecmp(3) in -lc89 for NCR Unix
22301: [361c99576681]
22302:
22303: 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
22304:
22305: * config.h.in:
22306: Define HAVE_INNETGR #ifdef HAVE__INNETGR
22307: [473cdb92b6db]
22308:
22309: * configure:
22310: regen
22311: [4e6364a195e0]
22312:
22313: * compat.h, config.h.in, configure.in:
22314: Add check for _innetgr(3) since NCR systems have that instead of
22315: innetgr(3).
22316: [25e6852e7494]
22317:
22318: 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
22319:
22320: * auth/securid.c:
22321: check return value of creadcfg() call sd_close() after sd_auth()
22322: store username in sd->username so we don't rely on the USER env
22323: variable
22324: [d106b4f42722]
22325:
22326: 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
22327:
22328: * INSTALL:
22329: document --with-bsdauth
22330: [f1518ecc2ee9]
22331:
22332: * configure:
22333: regen
22334: [dceb35071ea8]
22335:
22336: * configure.in:
22337: --with-bsdauth assumes --with-logincap
22338: [4200778083fd]
22339:
22340: * auth/bsdauth.c, auth/fwtk.c:
22341: When prompting for a response to a challenge, if the user just hits
22342: return then reprompt with echo turned on.
22343: [a539b6474a97]
22344:
22345: 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
22346:
22347: * sudo.c:
22348: Remove debugging code that should not have been committed, oops.
22349: [9862607b77a7]
22350:
22351: * auth/bsdauth.c:
22352: Use lower-level routines and get the password ourselves. Checks for
22353: a challenge and if there is one echo is not turned off.
22354: [2d8fcd166baa]
22355:
22356: * auth/pam.c, auth/sudo_auth.h:
22357: minor housekeeping, no real code changes
22358: [d0074a277fb4]
22359:
22360: 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
22361:
22362: * sudo.c:
22363: Fix a coredump in the logging functions if gethostname(2) fails by
22364: deferring the call to log_error() until things are better setup.
22365:
22366: Fix return value of set_loginclass() in non-BSD-auth case.
22367:
22368: Hard-code 'sudo' in the usage message so we can fit more options on
22369: a line
22370: [d9d1b7579818]
22371:
22372: * logging.c:
22373: Fix errant ';' (typo) that broken MSG_ONLY
22374: [849b2276a470]
22375:
22376: 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
22377:
22378: * sudo.cat, sudo.man.in:
22379: regen
22380: [bb3c8c6704d1]
22381:
22382: * sudo.pod:
22383: Document -a flag
22384: [e18316cebaac]
22385:
22386: * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
22387: configure, configure.in, getspwuid.c, sudo.c:
22388: Add support for BSD authentication.
22389: [f374cfd9ca0d]
22390:
22391: 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
22392:
22393: * sudoers.pod:
22394: Fix typo; from sato@complex.eng.hokudai.ac.jp
22395: [3085fee9766e]
22396:
22397: 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
22398:
22399: * sudoers.pod:
22400: Mention negating umask
22401: [c9e410294dae]
22402:
22403: * defaults.c:
22404: Allow user to specify umask of 0777 (same as !umask)
22405: [bb771daa96fe]
22406:
22407: 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
22408:
22409: * sudo.pod, visudo.pod:
22410: Fix a typo and give a URL for the sudo history.
22411: [77f73199aedb]
22412:
22413: 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
22414:
22415: * defaults.c, sudo.pod:
22416: fix typos; pepper@reppep.com
22417: [5532c7421340]
22418:
22419: 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
22420:
22421: * sudo.c, sudo.h, sudo_setenv.c:
22422: sudo_setenv() now exits on memory alloc failure instead of returning
22423: -1.
22424: [71f1cf18f47b]
22425:
22426: 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
22427:
22428: * sudo.c:
22429: Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
22430: and possibly others.
22431: [b69d985b0d22]
22432:
22433: * logging.c:
22434: Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
22435: that "%m" won't be expanded but we don't use that anyway since the
22436: logging routines may splat to stderr as well.
22437: [8d37a544d0c0]
22438:
22439: * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
22440: sudoers.pod:
22441: Add always_set_home variable
22442: [dbcaff646e07]
22443:
22444: * configure, configure.in:
22445: Have to hard code default values in help since the defaults are set
22446: _after_ the help stuff.
22447: [7b5d6d72f55c]
22448:
22449: 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
22450:
22451: * lex.yy.c, parse.lex:
22452: Allow special characters (including '#') to be embedded in pathnames
22453: if quoted by a '\\'. The quoted chars will be dealt with by
22454: fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
22455: [3ed33cf09977]
22456:
22457: 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
22458:
22459: * install-sh:
22460: Better path searching for programs we need.
22461: [60517cb1f0d6]
22462:
22463: * TROUBLESHOOTING:
22464: Add section on "C compiler cannot create executables" errors.
22465: [e4ada6eaee59]
22466:
22467: * Makefile.binary, Makefile.in, version.h:
22468: Crank version
22469: [93d1bd5b7f5e]
22470:
22471: * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
22472: sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
22473: visudo.man.in, visudo.pod:
22474: Substitute values from configure into man pages.
22475: [619854c356c1]
22476:
22477: 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
22478:
22479: * parse.c, sudo.c:
22480: The listpw and verifypw sudoers options would not take effect
22481: because the value of the default was checked *before* sudoers was
22482: parsed. Instead of passing in the value of PWCHECK_* to
22483: sudoers_lookup(), pass in the arg for def_ival() so the check can be
22484: deferred until after sudoers is parsed.
22485: [4f596e358f72]
22486:
22487: 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
22488:
22489: * tgetpass.c:
22490: When writing prompt, no need to write the NUL as well;
22491: hag@linnaean.org
22492: [fbcdd7b431ee]
22493:
22494: 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
22495:
22496: * install-sh:
22497: When looking for chown, check in /sbin too
22498: [657ba6653f8c]
22499:
22500: 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
22501:
22502: * visudo.c:
22503: Remove extraneous call to init_defaults() and set runas_user to NULL
22504: betweem parses so init_defaults will reset it each time, thus
22505: avoiding a reference to free()d data.
22506: [7421fcd692af]
22507:
22508: 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
22509:
22510: * config.h.in, interfaces.c, interfaces.h, sudo.c:
22511: Add support for using getifaddrs() to get the list of ip addr /
22512: netmask pairs. Currently IPv4-only.
22513: [a35bc4f7306d]
22514:
22515: * visudo.c:
22516: Add a missing check for UserEditor == NULL Add missing '+' before
22517: line number when invoking editor to fix a syntax error
22518: [f0d4635f6082]
22519:
22520: 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
22521:
22522: * sudo.c:
22523: Call clean_env very early in main() for paranoia's sake. Idea from
22524: Marc Esipovich.
22525: [f8d72ebd0115]
22526:
22527: 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
22528:
22529: * sudo.h:
22530: Update proto for evasprintf and easprintf
22531: [d147d6e58419]
22532:
22533: * alloc.c:
22534: Make easprintf() and evasprintf() return an int.
22535: [b2ca5d089667]
22536:
22537: * check.c:
22538: If the targetpw flag is set, use target username as part of the
22539: timestamp path. If tty tickets are in effect cat the tty and the
22540: target username with a ':' as the separator.
22541: [de11abc693c2]
22542:
22543: 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
22544:
22545: * auth/pam.c:
22546: Backout part of last change; setting PAM_USER to the invoking user
22547: breaks things like targetpw.
22548: [427218a7387f]
22549:
22550: * auth/pam.c:
22551: set tty and username via pam_set_item
22552: [85d1922dbcc9]
22553:
22554: * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
22555: Fix root, runas, and target authentication for non-passwd file auth
22556: methods.
22557: [a14535e7b30c]
22558:
22559: 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
22560:
22561: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
22562: sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
22563: Use B<-Z> not C<-Z> for command line flags in all places. This is
22564: more consistent and works around a bug in Pod::Man.
22565: [64b5a05f30c5]
22566:
22567: * sudoers.cat, sudoers.man.in, sudoers.pod:
22568: Fix an occurence of 'semicolon' that should be 'colon'
22569: [4ea5aacae3fb]
22570:
22571: 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
22572:
22573: * configure, configure.in:
22574: Fix --with-badpri help line
22575: [3cc40977c043]
22576:
22577: 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
22578:
22579: * defaults.c, logging.c, sudo.c:
22580: Bracket calls to syslog with an openlog() and closelog() since some
22581: authentication methods (like PAM) may do their own logging via
22582: syslog. Since we don't use syslog much (usually just once per
22583: session) this doesn't really incur a performance penalty. It also
22584: Fixes a SEGV with pam_kafs.
22585: [fe1cc28529f6]
22586:
22587: 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
22588:
22589: * sudo.c:
22590: Fix -H flag. runas_homedir is only valid after
22591: set_perms(PERM_RUNAS, mode)
22592: [ce9b1c6f68a6]
22593:
22594: 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
22595:
22596: * INSTALL:
22597: Clarify the fact that insults are not enabled just by including them
22598: in the binary.
22599: [d5a31d48320c]
22600:
22601: 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
22602:
22603: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
22604: visudo.man.in:
22605: Regenerated with perl 5.6.0 pod2man
22606: [21751433768b]
22607:
22608: * Makefile.in:
22609: Give date string to pod2man since its default is ugly and it ain't
22610: got no alibi.
22611: [0080b2f6298f]
22612:
22613: * Makefile.in:
22614: Do section substitution on the output of pod2man and remove hack
22615: needed for old pod2man.
22616: [1ef843d5c78b]
22617:
22618: * sudo.pod, sudoers.pod, visudo.pod:
22619: Put back real man sections, we will do the substitution later.
22620: [f728c1abad7e]
22621:
22622: 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
22623:
22624: * configure, configure.in:
22625: Don't bother checking for the path to vi if user specified --with-
22626: editor
22627: [bf698487e0d5]
22628:
22629: 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
22630:
22631: * CHANGES, visudo.c:
22632: Visudo now does its own fork/exec instead of calling system(3).
22633: [99bbcd88863b]
22634:
22635: * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
22636: sudoers.pod, visudo.c:
22637: Visudo now checks for the existence of an editor and gives a
22638: sensible error if it does not exist.
22639:
22640: The path to the editor for visudo is now a colon-separated list of
22641: allowable editors. If the user has $EDITOR set and it matches one
22642: of the allowed editors that editor will be used. If not, the first
22643: editor in the list that actually exists is used.
22644: [cc86eb9f5440]
22645:
22646: * sudo.cat, sudo.man.in, sudo.pod:
22647: Clear up confusion wrt sudo's return value.
22648: [9385b12d8e79]
22649:
22650: 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
22651:
22652: * Makefile.in:
22653: Strip sudo and visudo for bindist target
22654: [a995ddd79177]
22655:
22656: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
22657: sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
22658: Use @mansectsu@ and @mansectform@ in the man page bodies as well.
22659: [5eb9e60a726f] [SUDO_1_6_3]
22660:
22661: * visudo.cat, visudo.man.in, visudo.pod:
22662: Typo: @sysconf@ -> @sysconfdir@
22663: [f07f52fcd099]
22664:
22665: * Makefile.in:
22666: 'make dist' should not cause any files to be modified so remove its
22667: dependencies.
22668: [7f44a2666a9c]
22669:
22670: * CHANGES:
22671: Whoops, forgot to add release marker
22672: [16c0f16b35b8]
22673:
22674: 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
22675:
22676: * CHANGES:
22677: Final change for 1.6.3 (or so I hope)
22678: [473c89da6123]
22679:
22680: * sudo.cat, sudoers.cat, visudo.cat:
22681: Use SYSV man sections since BSD systems will have nroff...
22682: [0a6bd154324e]
22683:
22684: 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
22685:
22686: * parse.yacc, sudo.tab.c:
22687: When checking to see if the host/user matches in a defaults spec,
22688: check against TRUE, not just non-zero since it might be -1.
22689: [41f2b7ad3fdd]
22690:
22691: * configure, configure.in:
22692: OSF/1 puts file formats in section 4, not 5.
22693: [d77c1301afa9]
22694:
22695: * CHANGES, INSTALL, sudo.c:
22696: Make login class support work on BSD/OS
22697: [e9bbe3c08ade]
22698:
22699: * RUNSON:
22700: Update for 1.6.3
22701: [c40ce1d76c4d]
22702:
22703: * configure, configure.in:
22704: If there is no inet_addr but there *is* an __inet_addr that's ok
22705: since inet_addr is probably just a macro then. The better thing to
22706: do would be to look for the macro, but this is fine for now.
22707: [1b8865ae4d68]
22708:
22709: * configure, configure.in:
22710: Don't use shlicc for BSD/OS 4.x
22711: [83fbf6dedd2c]
22712:
22713: * Makefile.in, configure, configure.in:
22714: *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
22715: configure variable so we can deal with this. Also, only remove *.man
22716: for 'distclean' not 'clean'.
22717: [30d56e6de214]
22718:
22719: * sudo.c:
22720: set_loginclass() should be static like the proto says
22721: [d570a2d55fb8]
22722:
22723: 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
22724:
22725: * fnmatch.c:
22726: Add #ifdef __STDC__ around the rangematch function header to avoid
22727: promotion of test to int, thus violating the prototype. Gcc handles
22728: this gracefully but more std ANSI compilers will complain.
22729: [7d98c3e332b2]
22730:
22731: * emul/fnmatch.h:
22732: Pull in newer fnmatch(3) that supports FNM_CASEFOLD
22733: [4e1320852f8b]
22734:
22735: * aclocal.m4, configure, fnmatch.3, fnmatch.c:
22736: Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
22737: FNM_CASEFOLD in configure
22738: [9ef952bf1896]
22739:
22740: * CHANGES, TODO:
22741: update for 1.6.3
22742: [e4ba6368a0c5]
22743:
22744: * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
22745: Fully qualified hosts w/ wildcards were not matching the FQHOST
22746: token type. There's really no need for a separate token for fully-
22747: qualified vs. unqualified anymore so FQHOST is now history and
22748: hostname_matches now decides which hostname (short or long) to check
22749: based on whether or not the pattern contains a '.'.
22750: [fbd2887d9811]
22751:
22752: * parse.h:
22753: Fully qualified hosts w/ wildcards were not matching the FQHOST
22754: token type. There's really no need for a separate token for fully-
22755: qualified vs. unqualified anymore so FQHOST is now history and
22756: hostname_matches now decides which hostname (short or long) to check
22757: based on whether or not the pattern contains a '.'.
22758: [dd7bbe223461]
22759:
22760: * lex.yy.c, parse.c, parse.lex, parse.yacc:
22761: Fully qualified hosts w/ wildcards were not matching the FQHOST
22762: token type. There's really no need for a separate token for fully-
22763: qualified vs. unqualified anymore so FQHOST is now history and
22764: hostname_matches now decides which hostname (short or long) to check
22765: based on whether or not the pattern contains a '.'.
22766: [630d9d205397]
22767:
22768: * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
22769: sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
22770: Add support for wildcards in the hostname.
22771: [d8d821ed4238]
22772:
22773: * Makefile.in:
22774: Add targets for *.man.in, using config.status to generate *.man from
22775: *.man.in
22776: [640e50ede485]
22777:
22778: * sudoers.cat, sudoers.man.in, sudoers.pod:
22779: Document set_logname option and enbolden refs to sudo and visudo.
22780: [9622b3a48707]
22781:
22782: * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
22783: sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
22784: visudo.cat, visudo.man.in, visudo.pod:
22785: Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
22786: from Michael D. Marchionna. configure now does substitution on the
22787: man pages, allowing us to fix up the paths and set the section
22788: correctly. Based on an idea from Michael D. Marchionna.
22789: [463e928a0a2f]
22790:
22791: * auth/passwd.c:
22792: Better fix for handling HP-UX aging info.
22793: [3950f42d8549]
22794:
22795: * sudo.c:
22796: Add support for set_logname run-time default
22797: [c6a7cc76b8b4]
22798:
22799: * sudo.man.in, sudoers.man.in, visudo.man.in:
22800: configure does substitution on these to produce *.man
22801: [b83fc3c1bfc9]
22802:
22803: * sudo.man, sudoers.man, visudo.man:
22804: These files now get generated from *.man.in at configure time.
22805: [c499061f79e0]
22806:
22807: 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
22808:
22809: * defaults.c, defaults.h:
22810: Add set_logname option so users can turn off setting of LOGNAME/USER
22811: environment variables.
22812: [6316869180b8]
22813:
22814: * lsearch.c, parse.c, testsudoers.c:
22815: kill register
22816: [6e104e653748]
22817:
22818: 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
22819:
22820: * auth/passwd.c:
22821: HP-UX adds extra info at the end for password aging so when
22822: comparing the result of crypt to pw_passwd we only compare the first
22823: len(epass) bytes *unless* the user entered an empty string for a
22824: password.
22825: [3d24d4e4e889]
22826:
22827: * logging.c:
22828: Get rid of grandchild hack, it was causing problems and there is
22829: really no need for it. This fixes a bug where we spin eating up CPU
22830: when the user runs a long-running process like a shell.
22831: [5743b10b1e81]
22832:
22833: 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
22834:
22835: * sudo.c:
22836: User can always specify a login class if he/she is already root.
22837: [710d160cef9f]
22838:
22839: * config.h.in, configure, configure.in, defaults.c, defaults.h,
22840: sudo.c, sudo.h:
22841: FreeBSD login class (login.conf) support.
22842: [026b981d6328]
22843:
22844: 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
22845:
22846: * auth/sudo_auth.c:
22847: HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
22848: [9cd4929f1a78]
22849:
22850: 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
22851:
22852: * auth/passwd.c:
22853: Truncate unencrypted password to 8 chars if encrypted password is
22854: exactly 13 characters (indicateing standard a DES password). Many
22855: versions of crypt() do this for you, but not all (like HP-UX's).
22856: [a9d0259cb193]
22857:
22858: 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
22859:
22860: * INSTALL, RUNSON:
22861: Mention that gcc on dynix may have problems
22862: [77b97fa5bf1b]
22863:
22864: 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
22865:
22866: * Makefile.in:
22867: Link visudo with NET_LIBS since we now call syslog via defaults.c
22868: [9e3830b277cc]
22869:
22870: * defaults.c:
22871: Use Argv[0] as the first arg to openlog() since visudo uses this
22872: too.
22873: [e61078f328ec]
22874:
22875: 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
22876:
22877: * sudo.c:
22878: Stash coredumpsize resource limit and retsore it before the exec()
22879: Otherwise the child ends up with a coredumpsize of 0.
22880: [f6a4783835a3]
22881:
22882: 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
22883:
22884: * sudo.cat, sudo.man, sudo.pod:
22885: document -S flag
22886: [3ebd805b7142]
22887:
22888: * sudo.c:
22889: fix usage string
22890: [66b2dfa47fe8]
22891:
22892: * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
22893: auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
22894: Added -S flag (read passwd from stdin) and tgetpass_flags global
22895: that holds flags to be passed in to tgetpass(). Change echo_off
22896: param to tgetpass() into a flags field. There are currently 2
22897: possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
22898: tgetpass(), abstract the echo set/clear via macros and if (flags &
22899: TGP_ECHO) but echo is not set on the terminal, but sure to set it.
22900: [a4fcbb712cd0]
22901:
22902: * tgetpass.c:
22903: Fixed a bug that caused an infinite loop when the password timeout
22904: was disabled.
22905: [2be1ffc5a39f]
22906:
22907: 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
22908:
22909: * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
22910: sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
22911: Add rootpw, runaspw, and targetpw options.
22912: [2d4563e46df7]
22913:
22914: * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
22915: visudo.c:
22916: enveditor -> env_editor
22917: [ddc5f856e583]
22918:
22919: 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
22920:
22921: * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
22922: sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
22923: visudo.man:
22924: crank versino to 1.6.3
22925: [a5f7d3e74360]
22926:
22927: * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
22928: sudoers.pod, visudo.c:
22929: Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
22930: them. This means that visudo will now parse the sudoers file
22931: *before* it is edited so a bogus sudoers file will cause a warning
22932: to go to stderr. Also, visudo checks the variables once--it does not
22933: check them after each editor run since that could be confusing.
22934: [9f5af18e9212]
22935:
22936: 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
22937:
22938: * RUNSON:
22939: 1.6.2 -> 1.6.2p1
22940: [e25b74f1d1af]
22941:
22942: * check.c, sudo.c, sudo.h:
22943: Move user_is_exempt prototype into sudo.h
22944: [daf26a6ded8a]
22945:
22946: 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
22947:
22948: * configure, configure.in:
22949: Fix thinko, some && should have been || in the last commit
22950: [4b9b2d487ded]
22951:
22952: * configure, configure.in:
22953: Don't initialized Makefile variables to be NULL since the user may
22954: want to import variables from their environment.
22955: [7be019f4422c]
22956:
22957: 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
22958:
22959: * configure, configure.in:
22960: typo
22961: [38f4d8971f0a]
22962:
22963: 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
22964:
22965: * sudo.tab.c:
22966: fix a yacc (skeleton.c) warning
22967: [a2da228a937b]
22968:
22969: 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
22970:
22971: * INSTALL, RUNSON, configure, configure.in:
22972: Make pam work on HP-UX 11.0;jaearick@colby.edu
22973: [b94de0ff6f42]
22974:
22975: * CHANGES:
22976: recent changes; prepare for 1.6.2p1
22977: [b291635ea141]
22978:
22979: * find_path.c:
22980: Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
22981: [4306285c4f6e]
22982:
22983: 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
22984:
22985: * sudo.tab.c:
22986: Regen with yacc that has a memory leak plugged.
22987: [e26383a04eb7]
22988:
22989: * sudoers.cat, sudoers.man, sudoers.pod:
22990: Expanded docs on sudoers 'defaults' options based on INSTALL file
22991: info.
22992: [54c3d62d6c74]
22993:
22994: * INSTALL:
22995: Fix some while lies
22996: [d15311782150]
22997:
22998: 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
22999:
23000: * Makefile.in:
23001: When making a bindist, link FAQ to TROUBLESHOOTING instead of
23002: copying.
23003: [2d88a6ac88cf]
23004:
23005: * sudoers.cat, sudoers.man, sudoers.pod:
23006: Add netgroup caveat
23007: [28d119f466e3] [SUDO_1_6_2]
23008:
23009: * RUNSON:
23010: Last minute updates
23011: [89fb4ed22d52]
23012:
23013: * TROUBLESHOOTING:
23014: PAM entry
23015: [a9fd59f39457]
23016:
23017: * auth/pam.c:
23018: correct a comment
23019: [a29627225ba9]
23020:
23021: * CHANGES, RUNSON:
23022: update for 1.6.2
23023: [b7f1c40ea732]
23024:
23025: * auth/pam.c:
23026: Better detection of PAM errors and fix custom prompts with PAM.
23027: Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
23028: [ff69234b94a5]
23029:
23030: 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
23031:
23032: * snprintf.c:
23033: Cast ULONG_MAX to unsigned long long when comparing to an unsigned
23034: long long value.
23035: [9d918c3a2ecd]
23036:
23037: 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
23038:
23039: * CHANGES, config.h.in, configure, configure.in, visudo.c:
23040: Fix sudoers locking in visudo. We now lock the sudoers file itself,
23041: not the temp file (since locking the temp file can foul up editors).
23042: The previous locking scheme didn't work because the fd was closed
23043: too early.
23044: [de2011bb11ed]
23045:
23046: * config.h.in, configure, configure.in:
23047: Don't need test for ftruncate() any more.
23048: [e5f71c848104]
23049:
23050: * configure, configure.in:
23051: Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
23052: the unbundled HP-UX cc.
23053: [2c373612c644]
23054:
23055: 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
23056:
23057: * sudoers.cat, sudoers.man, sudoers.pod:
23058: "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
23059: [05360d2c314e]
23060:
23061: 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
23062:
23063: * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
23064: parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
23065: version.h, visudo.c:
23066: update copyright year on changed files
23067: [5792a2a28a4c]
23068:
23069: * RUNSON:
23070: updates
23071: [edf8f19aa403]
23072:
23073: * CHANGES:
23074: aix fix
23075: [4d4a243b31e2]
23076:
23077: * INSTALL:
23078: Crank version to 1.6.2
23079: [bcb5cb411624]
23080:
23081: * configure:
23082: Crank version to 1.6.2
23083: [32a19f33427f]
23084:
23085: * sudo.c:
23086: When using rlimit check for RLIM_INFINITY When computing the value
23087: of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
23088: [8c16166802e5]
23089:
23090: * CHANGES:
23091: recent changes
23092: [09fc7112e44d]
23093:
23094: * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
23095: sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
23096: Crank version to 1.6.2
23097: [055fa61a7c61]
23098:
23099: * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
23100: Add 'shell_noargs' runtime option back in. We have to defer
23101: checking until after the sudoers file has been parsed but since
23102: there are now other options that operate that way this one can too.
23103: Based on a patch from bguillory@email.com.
23104: [231db7a007a6]
23105:
23106: * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
23107: Add "listpw" and "verifypw" options.
23108: [190683bac878]
23109:
23110: * sudoers.cat, sudoers.man, sudoers.pod:
23111: o Fix some typos/omissions o Add section on verifypw and listpw o
23112: Define how NOPASSWD interacts with the -v and -l flags
23113: [6feb7350eb79]
23114:
23115: 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
23116:
23117: * configure, configure.in:
23118: For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
23119: -D_HPUX_SOURCE to CPPFLAGS.
23120: [06cc35d89dc8]
23121:
23122: * defaults.c, defaults.h:
23123: In struct sudo_defs_types, move the union to the end and don't
23124: initialize the union member since that only works with an ANSI
23125: compiler. We set the value of the union by hand in init_defaults()
23126: anyway. This allows sudo to compile on a K&R compiler again.
23127: [623487e1fcfa]
23128:
23129: 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
23130:
23131: * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
23132: netgr_matches needs to check shost as well as host since they may be
23133: different.
23134: [3f43ace23d3e]
23135:
23136: * tgetpass.c:
23137: End on \r as well as \n
23138: [cb7c6e6f4202]
23139:
23140: 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
23141:
23142: * sudo.c:
23143: Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
23144: from 0400 to whatever SUDOERS_MODE is (converting from the old
23145: sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
23146: 0400 which should always be the case.
23147: [34cd83d49d20]
23148:
23149: * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
23150: Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
23151: w/o a passwd if there is *any* entry for the user on the host with a
23152: NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
23153: the user on the host w/ the specified runas user have the NOPASSWD
23154: flag set.
23155: [4b3b85697653]
23156:
23157: * Makefile.in:
23158: add check target
23159: [3d24d34a76fd]
23160:
23161: 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
23162:
23163: * visudo.c:
23164: Treat EOF at whatnow prompt like 'x' instead of looping.
23165: [5deffc27114c]
23166:
23167: 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
23168:
23169: * CHANGES:
23170: recent changes
23171: [5836a9452568] [SUDO_1_6_1]
23172:
23173: 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
23174:
23175: * config.h.in, configure, configure.in, sudo.c:
23176: Add check for initgroups() since old SYSV lacks this.
23177: [657a6005a569]
23178:
23179: * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
23180: parse.c, testsudoers.c:
23181: o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
23182: exists.
23183: [17d081e917d6]
23184:
23185: 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
23186:
23187: * auth/sudo_auth.c:
23188: Don't allow insults to be enabled if the insults[] array is empty.
23189: Otherwise there would be division by zero.
23190: [b20c14db6029]
23191:
23192: * insults.h:
23193: Don't allow insults to be enabled if the insults[] array is empty.
23194: Otherwise there would be division by zero.
23195: [028f130204b0]
23196:
23197: * CHANGES, RUNSON:
23198: Don't allow insults to be enabled if the insults[] array is empty.
23199: Otherwise there would be division by zero.
23200: [974f4780254b]
23201:
23202: * insults.h:
23203: Don't care about USE_INSULTS #define since the insult stuff may be
23204: overridden at runtime.
23205: [b873df8b299c]
23206:
23207: * auth/sudo_auth.c:
23208: Honor insults flag.
23209: [756111640fdc]
23210:
23211: * CHANGES, parse.c:
23212: Don't ask the user for a password if the user is not allowed to run
23213: the command and the authenticate flag (in sudoers) is false.
23214: [cea9fdc09c76]
23215:
23216: * CHANGES, RUNSON, lex.yy.c, parse.lex:
23217: o Whenever we get a bare newline we change to the INITIAL state. o
23218: Enter GOTRUNAS when we see Runas_Alias
23219:
23220: This allows #uid to work in a RunasAlias.
23221: [a475513e7c7a]
23222:
23223: 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
23224:
23225: * CHANGES, parse.yacc, sudo.tab.c:
23226: fix parsing of runas lists: o oprunasuser and runaslist now return a
23227: value o in a runasspec, if a runaslist does not return TRUE, set
23228: runas_matches to FALSE. Normally, a runaslist only returns FALSE
23229: for explicitly denied users. o since runaslist does not modify the
23230: stack there is no need for a push/pop in runasalias.
23231: [82b305b34a8c]
23232:
23233: * check.c, sudo.c:
23234: Don't kill the user's tickets until after sudoers has been parsed
23235: since tty_tickets and ticket_dir could be set in sudoers.
23236: [f43e25367f3a]
23237:
23238: * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
23239: configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
23240: sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
23241: crank version to 1.6
23242: [95f8bdcf9bb2]
23243:
23244: * testsudoers.c:
23245: add set_fqdn() stub
23246: [bbc81af5b41a]
23247:
23248: 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
23249:
23250: * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
23251: sudoers.man, sudoers.pod, visudo.c:
23252: o Kill shell_noargs option, it cannot work since the command needs
23253: to be set before sudoers is parsed. o Fix the "set_home" sudoers
23254: option (only worked at compile time). o Fix "fqdn" sudoers option.
23255: We now set host/shost via set_fqdn which gets called when the
23256: "fqdn" option is set in sudoers. o Move the openlog() to
23257: store_syslogfac() so this gets overridden correctly from the
23258: sudoers file.
23259: [3dca861f0f5d]
23260:
23261: * auth/securid.c:
23262: SecurID support should compile now.
23263: [a544e5c6ea34]
23264:
23265: 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
23266:
23267: * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
23268: visudo.man, visudo.pod:
23269: fix some syntactic goofs
23270: [b3451f0d5239]
23271:
23272: 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
23273:
23274: * Makefile.in, sudo.html, sudoers.html, visudo.html:
23275: No longer need the .html files as they are generated automatically
23276: on the web site.
23277: [1b4aa4204584]
23278:
23279: * CHANGES, LICENSE:
23280: kill characters that made wml unhappy
23281: [b988fbc6da56]
23282:
23283: * HISTORY:
23284: typo
23285: [a418963f7fce]
23286:
23287: 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
23288:
23289: * README:
23290: majordomo@cs.colorado.edu -> majordomo@courtesan.com
23291: [5d151e8ffd3b]
23292:
23293: * Makefile.in, configure:
23294: Wrap script execution w/ /bin/sh for the benefit of ctm
23295: [3a9c4766b2c3]
23296:
23297: 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
23298:
23299: * sudo.c:
23300: Make the -s flag be exclusive too. Also reorder the flags in the
23301: exclusive usage message so they are alphabetical.
23302: [4c7af200db34]
23303:
23304: 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
23305:
23306: * auth/pam.c:
23307: make pam errors other than PAM_PERM_DENIED fatal
23308: [64bcb3fd2baf]
23309:
23310: * auth/API:
23311: fix typo
23312: [f3134c88b12e]
23313:
23314: * INSTALL:
23315: make it clear that /etc/pam.d/sudo is required on linux
23316: [213cc3eaad82]
23317:
23318: * auth/pam.c:
23319: fix a warning on redhat and spew an error if pam_authenticate()
23320: returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
23321: [7e46dd19da89]
23322:
23323: * sudo.cat, sudo.html, sudo.man, sudo.pod:
23324: Be very clear that the password required is the user's not root's
23325: [a6da127347e5]
23326:
23327: 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
23328:
23329: * Makefile.in:
23330: add sample.syslog.conf to DISTFILES and BINFILES
23331: [8661c27c007e]
23332:
23333: 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
23334:
23335: * RUNSON:
23336: updates from Brian Jackson + some formatting
23337: [6d31c6fa63f8]
23338:
23339: 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
23340:
23341: * INSTALL.binary, Makefile.binary, README, RUNSON:
23342: o One RUNSon update o Changes for automating real binary releases
23343: [dd9585f4406c]
23344:
23345: * Makefile.in:
23346: Add bindist target
23347: [546ed3fa94bb]
23348:
23349: 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
23350:
23351: * TROUBLESHOOTING:
23352: talk about run-time options in addition to compile-time options
23353: [1eb813ff0a9a] [SUDO_1_6_0]
23354:
23355: * CHANGES:
23356: fix typos
23357: [65e92bb70a7b]
23358:
23359: * sudo.c:
23360: need sys/time.h if HAVE_SETRLIMIT
23361: [ce31655a8a60]
23362:
23363: * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
23364: sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
23365: get rid of references to sudo-bugs. Now mention the web site or the
23366: sudo@ alias
23367: [a9db861fd8c6]
23368:
23369: * sudoers.html:
23370: repair pod2html damage
23371: [62ece4277f1f]
23372:
23373: * RUNSON, TODO:
23374: Update for 1.6 release
23375: [98569c57ba2a]
23376:
23377: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
23378: Add warning about using ALL in a command context.
23379: [6c77685ab280]
23380:
23381: 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
23382:
23383: * visudo.c:
23384: Call yyrestart() on a parse error to reset the lexer state.
23385: [1370a27acdb2]
23386:
23387: * lex.yy.c, parse.lex:
23388: Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
23389: since it might not get called in yywrap if we get a parse error
23390: (and we only reread the file on error anyway).
23391: [37f4b449e28e]
23392:
23393: * lex.yy.c, parse.lex:
23394: Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
23395: might still exist. Call yyrestart() instead of using the deprecated
23396: YY_NEW_FILE macro.
23397: [7d0d873046c6]
23398:
23399: * lex.yy.c, parse.lex:
23400: flex doesn't need %N table size declarations
23401: [268b020fd60a]
23402:
23403: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
23404: Mention what characters need to be escaped in names.
23405: [72ccbb6b0f31]
23406:
23407: 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
23408:
23409: * configure:
23410: regen
23411: [65827abb5c7b]
23412:
23413: * INSTALL:
23414: clarify Mac OS X entry
23415: [8da1549a71f5]
23416:
23417: * RUNSON:
23418: update
23419: [0cff8df7459f]
23420:
23421: * configure.in:
23422: o Use AC_MSG_ERROR throughout o Check syslog configure options for
23423: danity
23424: [4cb81e642e5c]
23425:
23426: 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
23427:
23428: * defaults.c:
23429: Fix printing of type T_MODE in dump_defaults()
23430: [a868bb6f5515]
23431:
23432: * strcasecmp.c:
23433: missing sys/types.h
23434: [ca694ca325b6]
23435:
23436: * INSTALL:
23437: Break out options that may be overridden at run time into their own
23438: section. Add a not about Max OS X and correct some lies.
23439: [d8bcfd120593]
23440:
23441: 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
23442:
23443: * CHANGES, config.h.in, configure, configure.in, sudo.c:
23444: o Now use getrlimit to find the highest fd when closing all non-std
23445: fd's o Turn off core dumps via setrlimit for the sake of paranoia
23446: [dd9f651b6def]
23447:
23448: * RUNSON:
23449: updates
23450: [f581841fe615]
23451:
23452: 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
23453:
23454: * CHANGES:
23455: updates
23456: [553baa1d44c7]
23457:
23458: * tgetpass.c:
23459: When read()'ing, do a single character at a time to be sure we don't
23460: go oast the newline.
23461: [907d33f55bb4]
23462:
23463: * sudo.c:
23464: For the sudo_root option, check against user_uid, not getuid() since
23465: at this point, ruid == euid == 0.
23466: [92d5c51939b4]
23467:
23468: * RUNSON:
23469: some updates
23470: [e3ed0c1f312b]
23471:
23472: * logging.h:
23473: Fix compilation problem when --with-logging=file was specified.
23474: This means that syslog is now required to build sudo but that should
23475: not be a problem. If it is it can be fixed trivially with a
23476: configure check for syslog() or syslog.h.
23477: [839a4b069190]
23478:
23479: * tgetpass.c:
23480: Make this work again for things like "sudo echo hi | more" where the
23481: tty gets put into character at a time mode. We read until we read
23482: end of line or we run out of space (similar to fgets(3)).
23483: [c8f746df2e63]
23484:
23485: 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
23486:
23487: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
23488: change ital to bold
23489: [f860978e530a]
23490:
23491: * RUNSON:
23492: update
23493: [9bcfbb405568]
23494:
23495: 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
23496:
23497: * defaults.c:
23498: Error out if syslog parameters are given without a value. For
23499: Ultrix or 4.2BSD "syslog" is allowed without a value since there are
23500: no facilities in the 4.2BSD syslog.
23501: [69e7a686f5f0]
23502:
23503: 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
23504:
23505: * defaults.c:
23506: Ignore the syslog facility for systems w/ old syslog like Ultrix.
23507: [5c250adbbb84]
23508:
23509: * TROUBLESHOOTING:
23510: people with "." early in their path can have problems running sudo
23511: from the build dir ;-)
23512: [20a1744a24a4]
23513:
23514: 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
23515:
23516: * sudo.cat, sudo.html, sudo.man, sudo.pod:
23517: Remove -r realm option
23518: [127caa537f95]
23519:
23520: * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
23521: configure.in, sudo.c:
23522: New krb5 code from Frank Cusack <fcusack@iconnet.net>.
23523: [7177a3893a62]
23524:
23525: * CHANGES:
23526: update to reality
23527: [766cfbb512d6]
23528:
23529: 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
23530:
23531: * auth/fwtk.c:
23532: include <auth.h> to get function prototypes.
23533: [d6c7c12d09fe]
23534:
23535: * sudo.cat, sudo.html, sudo.man, sudo.pod:
23536: document -L flag
23537: [dc803e1ce0d7]
23538:
23539: 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
23540:
23541: * sudo.c:
23542: in set_perms(), always call setuid(0) before changing the ruid/euid
23543: so we always know it will succeed.
23544: [8cced1b862bf]
23545:
23546: * defaults.h:
23547: #undef T_FOO to avoid conflicts with system defines (like on
23548: ULTRIX).
23549: [d9f0aac092b0]
23550:
23551: * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
23552: sudoers.pod:
23553: Docuement "Defaults" lines in /etc/sudoers. Still needs some
23554: fleshing out but this is a start.
23555: [521a1e629bbc]
23556:
23557: 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
23558:
23559: * use strtol, not strtoul since not everyone has not strtoul
23560: [988462f093cc]
23561:
23562: * defaults.c:
23563: use strtol, not strtoul since not everyone has not strtoul
23564: [fce835ce62e3]
23565:
23566: * lex.yy.c, parse.lex:
23567: last {WORD} rule should only apply in the INITIAL state
23568: [9b57570bfa83]
23569:
23570: * lex.yy.c, parse.lex:
23571: o Add support for escaped characters in the WORD macro o Modify
23572: fill() to squash escape chars
23573: [87572d59e4e0]
23574:
23575: * defaults.c, defaults.h:
23576: o Add T_PATH flag to allow simple sanity checks for default values
23577: that are supposed to be pathnames. o Fix a duplicate free when
23578: visudo finds an error.
23579: [bdc6855a6c6d]
23580:
23581: 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
23582:
23583: * defaults.c, defaults.h, logging.c:
23584: mail_if_foo -> mail_foo
23585: [cbee9415875d]
23586:
23587: 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
23588:
23589: * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
23590: o Add requiretty option o Move O_NOCTTY to compat.h
23591: [65b8bf0e1795]
23592:
23593: * logging.c:
23594: The exit() in log_error() was mistakenly removed in a previous
23595: version. Put it back...
23596: [9473449130a4]
23597:
23598: 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
23599:
23600: * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
23601: auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
23602: configure, configure.in, defaults.c, defaults.h, find_path.c,
23603: getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
23604: o Change defaults stuff to put the value right in the struct. o
23605: Implement mailer_flags o Store syslog stuff both in int and string
23606: form. Setting the string form magically updates the int version.
23607: o Add boolean attribute to strings where it makes sense to say !foo
23608: [4698953f9a36]
23609:
23610: * tgetpass.c:
23611: add O_NOCTTY when opening /dev/tty just in case
23612: [4c6d1d1bb300]
23613:
23614: 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
23615:
23616: * auth/API:
23617: cleanup function no longer takes a status arg
23618: [0819edbfe7f8]
23619:
23620: * INSTALL:
23621: the the
23622: [19aadb65ea28]
23623:
23624: 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
23625:
23626: * TODO, config.h.in, configure, configure.in, logging.c:
23627: Use strftime() instead of ctime() if it is available.
23628: [fb60ea63b514]
23629:
23630: 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
23631:
23632: * defaults.c:
23633: fix copyright date
23634: [4a53b54aa72f]
23635:
23636: * RUNSON:
23637: update ReliantUNIX entry
23638: [de618a4f67d9]
23639:
23640: * defaults.c, defaults.h, logging.c:
23641: add log_year option
23642: [251a9e20568a]
23643:
23644: * configure, configure.in:
23645: add --without-sendmail to help output
23646: [93162f199902]
23647:
23648: * configure, configure.in:
23649: enforce an otctal arg for --with-suoders-mode
23650: [45e1b04ccad3]
23651:
23652: 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
23653:
23654: * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
23655: auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
23656: auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
23657: defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
23658: parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
23659: testsudoers.c, version.c, visudo.c:
23660: Add support for "Defaults" line in sudoers to make configuration
23661: variables changable at runtime (and on a global, per-host and per-
23662: user basis). Both the names and the internal representation are
23663: still subject to change. It was necessary to make sudo_user.runas
23664: but a char ** instead of a char * since this value can be changed by
23665: a Defaults line. There is a similar (but more complicated) issue
23666: with sudo_user.prompt but it is handled differently at the moment.
23667:
23668: Add a "-L" flag to list the name of options with their descriptions.
23669: This may only be temporary.
23670:
23671: Move some prototypes to parse.h
23672:
23673: Be much less restrictive on what is allowed for a username.
23674: [f71abf7ba80c]
23675:
23676: * sample.syslog.conf:
23677: Add more info
23678: [e952e6f42d4d]
23679:
23680: 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
23681:
23682: * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
23683: strcasecmp.c:
23684: UCB has dropped the advertising clause from their license.
23685: [a5602b36a341]
23686:
23687: 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
23688:
23689: * auth/sudo_auth.h:
23690: move dce_verofy proto to correct section
23691: [972c815af558]
23692:
23693: * auth/dce.c:
23694: remove XXX
23695: [820631855be0]
23696:
23697: 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
23698:
23699: * emul/fnmatch.h:
23700: Add fnmatch() prototype
23701: [79e84576d92a]
23702:
23703: * fnmatch.c, parse.c, testsudoers.c:
23704: Move inclusion of emul/fnmatch.h to be after sudo.h for __P
23705: [1182c89fa811]
23706:
23707: * sudo.h:
23708: add strcasecmp proto
23709: [512d1d8a6a0c]
23710:
23711: * auth/sudo_auth.c:
23712: add check for case where there are no auth methods
23713: [e4af2b91b43e]
23714:
23715: * configure, configure.in:
23716: Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
23717: SunOS4 w/ gcc
23718: [746ce8bcec23]
23719:
23720: * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
23721: include strings.h everywhere we include string.h
23722: [6f7d5d437e7b]
23723:
23724: * version.c:
23725: nicer output when showing auth methods
23726: [0eac4b977f9d]
23727:
23728: * version.c:
23729: Add support for SEND_MAIL_WHEN_NO_HOST
23730: [9f20a3a3fae6]
23731:
23732: * config.h.in, configure, configure.in:
23733: Add _GNU_SOURCE for Linux
23734: [c7bd8c511847]
23735:
23736: * lex.yy.c, parse.lex:
23737: fix definition of OCTECT
23738: [4af30e63244d]
23739:
23740: * configure, configure.in:
23741: aix_auth.o not authenticate.o
23742: [fe95dfb08df4]
23743:
23744: 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
23745:
23746: * sudo.c:
23747: Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
23748: keyboard). Since we run with ruid/euid == 0 the user can't really
23749: signal us in nasty ways.
23750: [a7f6487c0f48]
23751:
23752: * visudo.c:
23753: Don't need to worry about catching too many signals since we do
23754: locking on the tmp file. If a lockfile is really stale, it will be
23755: detected and overwritten.
23756: [28983db3e749]
23757:
23758: * INSTALL, Makefile.in:
23759: include auth/API in tarball
23760: [014991600252]
23761:
23762: * auth/sudo_auth.c:
23763: move memset() of plaintext pw outside of verify loop and only do the
23764: memset if we are *not* in standalone mode.
23765: [66f8e87567e2]
23766:
23767: * auth/sudo_auth.c, auth/sudo_auth.h:
23768: DCE is not a standalone method
23769: [34963e2d8a1b]
23770:
23771: * sudo.c:
23772: fix --enable-noargs-shell
23773: [4234062abbb0]
23774:
23775: * snprintf.c:
23776: "#ifdef __STDC__" not "#if __STDC__" (I missed one)
23777: [c430b80454c6]
23778:
23779: * auth/fwtk.c, auth/sia.c:
23780: _cleanup() function returns an int.
23781: [d1a1cc071ec1]
23782:
23783: * auth/dce.c:
23784: there were still some return(0)'s hanging around, make them
23785: AUTH_FAILURE
23786: [1002aa1962c3]
23787:
23788: * parse.c:
23789: typo in comment
23790: [5abc410dbfd2]
23791:
23792: * version.c:
23793: add missing semicolon
23794: [a262283b52a5]
23795:
23796: * auth/sudo_auth.h:
23797: missing backslash
23798: [bf89f6bd2900]
23799:
23800: 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
23801:
23802: * CHANGES, config.h.in, configure, configure.in:
23803: Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
23804: [f1a9bca0cf67]
23805:
23806: * Makefile.in:
23807: add parse.h to HDRS
23808: [a3d054987766]
23809:
23810: * Makefile.in, configure, configure.in:
23811: Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
23812: LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
23813: network libs like -lsocket, -lnsl go in NET_LIBS. This allows
23814: testsudoers to build on Solaris and is a bit cleaner in general.
23815: [4e6239e97002]
23816:
23817: * UPGRADE:
23818: mention ptmp -> sudoers.tmp
23819: [ec3baa0fe8a1]
23820:
23821: * config.h.in, configure, configure.in:
23822: Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
23823: [6f93dc7f39f5]
23824:
23825: * RUNSON:
23826: add 2 reports
23827: [ce0fcc00ee4e]
23828:
23829: * auth/kerb5.c:
23830: Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
23831: return a value more like a system function
23832: [0dd56aa21424]
23833:
23834: * auth/dce.c:
23835: Add an XXX
23836: [58fc8562c212]
23837:
23838: * TODO:
23839: more things todo!
23840: [5a459d0cf339]
23841:
23842: * sample.sudoers:
23843: update based on what is in the man page
23844: [1a0477db96fa]
23845:
23846: * parse.yacc, sudo.tab.c:
23847: minor change to first line printed in -l mode
23848: [69eb57d96952]
23849:
23850: * sudo.cat, sudo.html, sudo.man, sudo.pod:
23851: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
23852: standard and add "EXAMPLES" section
23853: [7e543335ebe1]
23854:
23855: * visudo.cat, visudo.html, visudo.man, visudo.pod:
23856: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
23857: standard
23858: [f82d87ed65c2]
23859:
23860: * logging.c, parse.c, sudo.h:
23861: add FLAG_NO_CHECK
23862: [c7d69176a2d7]
23863:
23864: * lex.yy.c, parse.lex:
23865: make an OCTET really be limited to 0-255
23866: [6ee568dd6a02]
23867:
23868: * UPGRADE:
23869: mention timestamp changes
23870: [e44d5302bf60]
23871:
23872: * PORTING:
23873: cosmetic cleanup
23874: [36fa3a2664dd]
23875:
23876: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
23877: new sudoers(8) man page
23878: [e674d06283d0]
23879:
23880: 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
23881:
23882: * version.c:
23883: Update comments about syslog name tables
23884: [63830a782dcb]
23885:
23886: * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
23887: strcasecmp.c, sudo.tab.c:
23888: include strcasecmp() for those without it
23889: [a0d8e2488bbc]
23890:
23891: * sample.sudoers:
23892: Use the : operator some more and fix a typo
23893: [18804c70da86]
23894:
23895: * HISTORY:
23896: update the history of sudo
23897: [9d9b3d5279b3]
23898:
23899: * parse.c, parse.lex, testsudoers.c:
23900: CIDR-style netmask support
23901: [768644467353]
23902:
23903: * CHANGES:
23904: recent changes
23905: [a4319e9d07cb]
23906:
23907: * sudo.tab.c, sudo.tab.h:
23908: these should be generated with byacc, not bison
23909: [f57b9489b752]
23910:
23911: * lex.yy.c:
23912: regen
23913: [522461f95dfa]
23914:
23915: * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
23916: In "sudo -l" mode, the type of the stored (expanded) alias was not
23917: stored with the contents. This could lead to incorrect output if
23918: the sudoers file had different alias types with the same name.
23919: Normal parsing (ie: not in '-l' mode) is unaffected.
23920: [823fe2bc4b79]
23921:
23922: 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
23923:
23924: * configure, configure.in:
23925: define _XOPEN_SOURCE to get at crypt() proto on some systems
23926: [1b3769b86fb9]
23927:
23928: 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
23929:
23930: * snprintf.c:
23931: fix comment
23932: [fc1264df00f7]
23933:
23934: * tgetpass.c:
23935: don't need limits.h
23936: [f1631829af45]
23937:
23938: * snprintf.c:
23939: kill bogus reference to vfprintf
23940: [a0b99b25d389]
23941:
23942: * sample.sudoers, sudoers:
23943: better examples
23944: [b4d87ea64cc8]
23945:
23946: * snprintf.c:
23947: Add some const in the K&R defs. This is safe since we define const
23948: away if the compiler doesn't grok it.
23949: [614d6e83d45e]
23950:
23951: * aclocal.m4, configure:
23952: Better test for working long long support. Ultrix compiler supports
23953: basic long long but not all operations on them.
23954: [5da1508710ed]
23955:
23956: * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
23957: snprintf.c, sudo.c:
23958: Add check for LONG_IS_QUAD #undef MAXINT before including
23959: hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
23960: in snprintf.c and use LONG_IS_QUAD
23961: [a1f7993367fc]
23962:
23963: 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
23964:
23965: * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
23966: snprintf.c:
23967: UCB-derived snprintf + asprintf support. Supports quads if the
23968: compiler does. No floating point yet, perhaps later...
23969: [0caf05aba945]
23970:
23971: 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
23972:
23973: * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
23974: goodpath.c, logging.c, parse.c, sudo.c:
23975: Run most of the code as root, not the invoking user. It doesn't
23976: really gain us anything to run as the user since an attacker can
23977: just have an setuid(0) in their egg. Running as root solves
23978: potential problems wrt signalling.
23979: [408e530dda01]
23980:
23981: * sudo.tab.c:
23982: regen
23983: [f8cfb37e37de]
23984:
23985: 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
23986:
23987: * logging.c, sudo.c:
23988: Don't wait for child to finish in log_error(), let the signal
23989: handler get it if we are still running, else let init reap it for
23990: us. The extra time it takes to wait lets the user know that mail is
23991: being sent.
23992:
23993: Install SIGCHLD handler in main() and for POSIX signals, block
23994: everything
23995: *except* SIGCHLD.
23996: [d2b6ab0ef3be]
23997:
23998: * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
23999: parse.yacc, sudo.c, sudo.h:
24000: sudoers_lookup() now returns a bitmap instead of an int. This makes
24001: it possible to express things like "failed to validate because user
24002: not listed for this host". Some thigns that were previously
24003: VALIDATE_FOO are now FLAG_FOO. This may change later on.
24004:
24005: Reorganized code in log_auth() and sudo.c to deal with above
24006: changes.
24007:
24008: Safer versions of push/pushcp with in the do { ... } while (0) style
24009:
24010: parse.yacc now saves info on the stack to allow parse.c to determine
24011: if a user was listed, but not for the host he/she tried to run on.
24012:
24013: Added --with-mail-if-no-host option
24014: [63326cb01efc]
24015:
24016: 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
24017:
24018: * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
24019: visudo.man, visudo.pod:
24020: o NewArgv and NewArgc don't need to be externally visible. o If
24021: pedantic > 1, it is a parse error. o Add -s (strict) option to
24022: visudo which sets pedantic to 2.
24023: [5d7d81b55cd5]
24024:
24025: * HISTORY, INSTALL:
24026: Just have sudo-bugs contact info in one place
24027: [e7f6588ea683]
24028:
24029: * sudo.cat, sudo.html, sudo.man, sudo.pod:
24030: Add BUGS section
24031: [6607d96ea510]
24032:
24033: * Makefile.in, configure, configure.in:
24034: Add testsudoers to default build target if --with-devel Don't clean
24035: generated parser files unless "distclean".
24036: [5827b769dc57]
24037:
24038: * parse.yacc, sudo.tab.c:
24039: In pedantic mode we need to save *all* the aliases, not just those
24040: that match, or we get spurious warnings.
24041: [24f5b1f0e1de]
24042:
24043: * TROUBLESHOOTING:
24044: reference samples.sylog.conf
24045: [11841668380a]
24046:
24047: 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
24048:
24049: * sample.syslog.conf:
24050: Sample entries for syslog.conf
24051: [0f7697d878a1]
24052:
24053: * CHANGES:
24054: recent changes
24055: [8bca8810c6bd]
24056:
24057: * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
24058: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
24059: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
24060: auth/sudo_auth.c, auth/sudo_auth.h:
24061: In struct sudo_auth, turn need_root and configured into flags and
24062: add a flag to specify an auth method is running alone (the only
24063: one). Pass auth methods their sudo_auth pointer, not the data
24064: pointer. This allows us to get at the flags and tell if we are the
24065: only auth method. That, in turn, allows the method to be able to
24066: decide what should/should not be a fatal error. Currently only
24067: rfc1938 uses it this way, which allows us to kill the OTP_ONLY
24068: define and te hackery that went with it. With access to the
24069: sudo_auth struct, methods can also get at a string holding their
24070: cannonical name (useful in error messages).
24071: [b7e320fc6511]
24072:
24073: * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
24074: getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
24075: sudo.tab.h:
24076: o --with-otp deprecated, use --without-passwd instead o real
24077: dependencies in the Makefile o --with-devel option to enable yacc,
24078: lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
24079: back to being a token, not a string but don't leak memory o rename
24080: hsotspec -> host in parse.yacc
24081: [912c45226cb2]
24082:
24083: 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
24084:
24085: * BUGS, CHANGES:
24086: recent changes
24087: [801fa6e55687]
24088:
24089: * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
24090: sudo.c, sudo.h:
24091: o Digital UNIX needs to check for *snprintf() before -ldb is added
24092: to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
24093: for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
24094: functions in snprintf.c to fix -Wall o Add missing includes to fix
24095: more -Wall
24096: [8d207203e126]
24097:
24098: * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
24099: configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
24100: visudo.c:
24101: o Add a "pedentic" flag to the parser. This makes sudo warn in
24102: cases where an alias may be used before it is defined. Only turned
24103: on for visudo and testsudoers. o Add --disable-authentication option
24104: that makes sudo not require authentication by default. The PASSWD
24105: tag can be used to require authentication for an entry. We no
24106: longer overload --without-passwd.
24107: [f307e09adf98]
24108:
24109: * lex.yy.c, parse.lex:
24110: Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
24111: username can contain just about anything so be very permissive. Also
24112: drop the unused \. punctuation.
24113: [06a50614ff89]
24114:
24115: 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
24116:
24117: * parse.yacc, sudo.tab.c:
24118: o add a 'val' element to aliasinfo struct and move -> parse.h o
24119: find_alias() now returns an aliasinfo * instead of boolean o
24120: add_alias() now takes a value parameter to store in the
24121: aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
24122: return: 1) positive match 0) negative match (due to '!')
24123: -1) no match This means setting $$ explicitly in all cases, which I
24124: should have done in the first place. It also means that we always
24125: store a value that is != -1 and when we see a '!' we can set
24126: *_matches to !rv if rv != -1. The upshot of all of this is that '!'
24127: now works the way it should in lists and some of the rules are more
24128: uniform and sensible.
24129: [ad8e73b5d581]
24130:
24131: * Makefile.in:
24132: add parse.h dependency
24133: [4ccccd464d30]
24134:
24135: * parse.h:
24136: kill unused *_matched macros
24137: [02cba6dcb732]
24138:
24139: * parse.yacc:
24140: Allow a list of users as the first thing in a user spec, not just a
24141: single entry. This makes things more uniform, though it does allow
24142: you to write user specs that are hard to read.
24143: [3c4c91c508ca]
24144:
24145: * sudo.tab.c:
24146: parse.yacc
24147: [feca81881bb6]
24148:
24149: * configure:
24150: regen
24151: [6f247010bb3b]
24152:
24153: * configure.in:
24154: fix check for crypt() in libufc
24155: [82770736f4b0]
24156:
24157: 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
24158:
24159: * README:
24160: sudo-users list now exists
24161: [4716d2bb0bbf]
24162:
24163: * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
24164: Update to reality.
24165: [1eda2d57e42a]
24166:
24167: * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
24168: config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
24169: version.c, visudo.c:
24170: o Move lock_file() and touch() into fileops.c so visudo can use them
24171: o Visudo now locks the sudoers temp file instead of bailing when the
24172: temp file already exists. This fixes the problem of stale temp
24173: files but it does *require* that you not try to put the temp file in
24174: a world-writable directory. This shoud not be an issue as the temp
24175: file should live in the same dir as sudoers. o Visudo now only
24176: installs the temp file as sudoers if it changed.
24177: [2517cd06c070]
24178:
24179: 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
24180:
24181: * logging.c:
24182: add fcntl locking
24183: [c304adeaf515]
24184:
24185: * config.h.in, configure, configure.in, logging.c:
24186: Lock the log file.
24187: [d8652704fbdf]
24188:
24189: * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
24190: visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
24191: o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
24192: temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
24193: -> _PATH_SUDOERS_TMP
24194: [68cad8975807]
24195:
24196: 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
24197:
24198: * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
24199: o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
24200: root sudo -V config reporting
24201: [cdd2613a9dcf]
24202:
24203: * configure, configure.in:
24204: aix_auth.o not authenticate.o
24205: [d972e35f6730]
24206:
24207: * config.h.in:
24208: Add --with-goodpri and --with-badpri configure options to specify
24209: the syslog priority to use.
24210: [2595ae50ab86]
24211:
24212: * INSTALL, configure, configure.in, logging.h:
24213: Add --with-goodpri and --with-badpri configure options to specify
24214: the syslog priority to use.
24215: [8276ee9b2b49]
24216:
24217: * compat.h:
24218: kill crufty AIX stuff
24219: [a4f35ef9854e]
24220:
24221: * Makefile.in:
24222: Sigh, some versions of make (like Solaris's) don't deal with $< like
24223: I would expect. Both GNU and BSD makes get this right but... So, we
24224: just expand $< inline at the cost of some ugliness.
24225: [b1b456f8801f]
24226:
24227: * version.c:
24228: If the invoking user is root, sudo will now print configure info in
24229: -V mode. Currently just prints logging info, to be expanded later.
24230: [392f7ed99267]
24231:
24232: * logging.c, logging.h, sudo.c, sudo.h:
24233: o new defines for syslog facility and priority o use new
24234: print_version() functino for -V mode
24235: [78abc5142985]
24236:
24237: * check.c:
24238: Don't need version.c
24239: [db9a830ad893]
24240:
24241: * aclocal.m4, config.h.in, configure, configure.in:
24242: Add check for syslog facilities and priorities tables in syslog.h
24243: [b86213e5fc5c]
24244:
24245: * Makefile.in:
24246: o authenticate -> aix_auth o add version.c
24247: [44b6b9a8d0f5]
24248:
24249: * auth/sudo_auth.c:
24250: Missed a prompt -> user_prompt conversion
24251: [e4c60b1f210c]
24252:
24253: 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
24254:
24255: * TODO:
24256: sudo should lock its logfile
24257: [6d2830b28b07]
24258:
24259: * parse.yacc, sudo.tab.c:
24260: o Add '!' correctly when expanding Aliases. o Add shortcut macros
24261: for append() to make things more readable. o The separator in
24262: append() is now a string instead of a char. o In append(), only
24263: prepend the separator if the last char is not a '!'. This is a
24264: hack but it greatly simplifies '!' handling. o In -l mode, Runas
24265: lists and NOPASSWD/PASSWD tags are now inherited across entries in
24266: a list (matches current behavior). o Fix formatting in -l mode such
24267: that items in a list are separated by a space. Greatlt improves
24268: readability. o Space for name field in struct aliasinfo is now
24269: allocated dyanically instead of using a (big) buffer. o In
24270: add_alias(), only search the list once (lsearch instead of lfind +
24271: lsearch)
24272: [51f7e07addb9]
24273:
24274: * lex.yy.c, sudo.tab.c, sudo.tab.h:
24275: regen
24276: [5c19bb05dc21]
24277:
24278: * configure, configure.in:
24279: Solais pam doesn't require anye xtra setup
24280: [a25ba03d91d1]
24281:
24282: * parse.yacc:
24283: o Simpler '!' support now that the lexer deals with multiple !'s for
24284: us. o In the case of opFOO, have FOO give a boolean return value and
24285: set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
24286: it gets fill()'d in parse.lex--fixes a small memory leak. In the
24287: long run it may be better to just fix parse.lex and make ALL back
24288: into a token. However, having it be a string is useful since it
24289: can be easily passed back to the parent rule if we so desire.
24290: [b3c64b443018]
24291:
24292: * parse.lex:
24293: o Remove some unnecessary backslashes o collapse multiple !'s by
24294: using !+ and checking if yyleng is even or odd. this allows us to
24295: simplify ! handling in parse.yacc
24296: [76330e8da8e3]
24297:
24298: * sudo.c:
24299: -u flag was being ignored
24300: [e30283207585]
24301:
24302: 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
24303:
24304: * Makefile.in:
24305: correct fix
24306: [a0e2377dec8f]
24307:
24308: * Makefile.in:
24309: work around pod2man stupididy
24310: [7c755640b67f]
24311:
24312: * Makefile.in:
24313: correct dependencies for .cat
24314: [5ed7b0653b68]
24315:
24316: * sudo.cat, sudo.man, visudo.cat, visudo.man:
24317: regen
24318: [b74510dd6a0a]
24319:
24320: * sudo.pod, visudo.pod:
24321: Add copyright Update to reality
24322: [188e9b046c15]
24323:
24324: * parse.c, sudo.c, sudo.h:
24325: rename validate() to the more descriptive sudoers_lookup()
24326: [7a1cb652f379]
24327:
24328: * auth/aix_auth.c:
24329: use tgetpass
24330: [b8ba5daec40a]
24331:
24332: 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
24333:
24334: * CHANGES:
24335: updates
24336: [e61460cdf4a0]
24337:
24338: * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
24339: configure, configure.in, sudo.c:
24340: Sudo, not CU Sudo
24341: [9061b3573c0c]
24342:
24343: * LICENSE:
24344: add 4th term to license similar to term 5 in the apache license
24345: [92712e895afb]
24346:
24347: * emul/search.h, emul/utime.h:
24348: add 4th term to license similar to term 5 in the apache license
24349: [4f93a8b9396e]
24350:
24351: * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
24352: auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
24353: auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
24354: auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
24355: logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
24356: pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
24357: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
24358: visudo.c:
24359: add 4th term to license similar to term 5 in the apache license
24360: [afae9f2bf9ec]
24361:
24362: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
24363: add 4th term to license similar to term 5 in the apache license
24364: [c389d3fdafac]
24365:
24366: * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
24367: getspwuid.c, goodpath.c:
24368: add 4th term to license similar to term 5 in the apache license
24369: [969e63dbd38e]
24370:
24371: * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
24372: insults.h, logging.c, sudo.c, sudo.h:
24373: there was a 1995 release too
24374: [5963fd89457a]
24375:
24376: 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
24377:
24378: * CHANGES:
24379: updates
24380: [254b794f16ab]
24381:
24382: * check.c:
24383: Use dirs instead of files for timestamp. This allows tty and non-
24384: tty schemes to coexist reasonably. Note, however, that when you
24385: update a tty ticket, the mtime on the user dir gets updated as well.
24386: [44bfac32f799]
24387:
24388: * configure, configure.in:
24389: Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
24390: when linking test program, not just -lprot. Also add check for
24391: getspnam(). The SCO docs indicate that /etc/shadow can be used but
24392: this may be a lie.
24393: [2ba21d36cc1e]
24394:
24395: 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
24396:
24397: * auth/API:
24398: first cut at auth API description
24399: [3d10df021eb8]
24400:
24401: 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
24402:
24403: * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
24404: auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
24405: auth/sudo_auth.h:
24406: auth API change. There is now an init method that gets run before
24407: the main loop. This allows auth routines to differentiate between
24408: initialization that happens once vs. setup that needs to run each
24409: time through the loop.
24410: [76df1c0d3478]
24411:
24412: * auth/kerb5.c, logging.c:
24413: use easprintf() and evasprintf()
24414: [fd97d96dc12f]
24415:
24416: * alloc.c, sudo.h:
24417: add easprintf() and evasprintf(), error checking versions of
24418: asprintf() and vasprintf()
24419: [f54385de20b7]
24420:
24421: * TODO:
24422: remove 2 items. One done, one won't do.
24423: [64513b47bc7a]
24424:
24425: * lex.yy.c, sudo.tab.c:
24426: regen
24427: [4aa299de2752]
24428:
24429: * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
24430: visudo.html, visudo.man:
24431: regen
24432: [553c0d1209be]
24433:
24434: * CHANGES:
24435: new changes
24436: [d7be00b7e36b]
24437:
24438: * sudo.pod:
24439: o Document -K flag and update meaning of -k flag. o BSD-style
24440: copyright o Document clearing of BIND resolver environment variables
24441: o Clarify bit about shared libs o suggest rc files create /tmp/.odus
24442: if your OS gives away files
24443: [4a4092be1455]
24444:
24445: * visudo.pod:
24446: BSD license
24447: [ad0bfd0a4630]
24448:
24449: * version.h:
24450: BSD-style copyright
24451: [ecc6479325be]
24452:
24453: * tgetpass.c:
24454: o BSD copyright o no need to block signals, we now do that in main()
24455: o cosmetic changes
24456: [61958beda7ab]
24457:
24458: * testsudoers.c, visudo.c:
24459: o BSD-style copyright o Use "struct sudo_user" instead of old
24460: globals. o some cometic cleanup
24461: [88c0c6924082]
24462:
24463: * sudo_setenv.c:
24464: BSD-style copyright
24465: [df20290129a0]
24466:
24467: * sudo.h:
24468: o BSD copyright o logging and parser bits moved to their own .h
24469: files o new "struct sudo_user" to encapsulate many of the old
24470: globals.
24471: [50fc86bf25cb]
24472:
24473: * sudo.c:
24474: o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
24475: logging routines o simplified flow of control o BIND resolver
24476: additions to badenv_table
24477: [8c53f15bfcb0]
24478:
24479: * strerror.c:
24480: BSD-style copyright
24481: [7c906c3a82ac]
24482:
24483: * snprintf.c:
24484: Now compiles on more K&R compilers
24485: [07ab1d3231c7]
24486:
24487: * putenv.c:
24488: BSD-style copyright, cosmetic changes
24489: [c42371295881]
24490:
24491: * pathnames.h.in:
24492: BSD-style copyright
24493: [e5c34ebd4cf1]
24494:
24495: * parse.c, parse.h, parse.lex, parse.yacc:
24496: BSD-style copyright. Move parser-specific defines and structs into
24497: parse.h + other cosmetic changes
24498: [d3088efb6228]
24499:
24500: * logging.h:
24501: defines for logging routines
24502: [13147941c02d]
24503:
24504: * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
24505: BSD-style copyright, cosmetic changes
24506: [e8205e91a4fa]
24507:
24508: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
24509: interfaces.h:
24510: BSD-style copyright
24511: [b9499da7cdce]
24512:
24513: * configure.in:
24514: o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
24515: kill --disable-tgetpass o add --without-passwd o changes to fill in
24516: AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
24517: v?asprintf() o replace --with-AuthSRV with --with-fwtk
24518: [9a3f39b9c128]
24519:
24520: * config.h.in:
24521: BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
24522: HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
24523: HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
24524: [9a09054db53a]
24525:
24526: * compat.h:
24527: BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
24528: [25509c566975]
24529:
24530: * alloc.c:
24531: BSD-style copyright
24532: [4967be892363]
24533:
24534: * TROUBLESHOOTING:
24535: no more --with-getpass
24536: [afd5b670c196]
24537:
24538: * TODO:
24539: Take out things I've done...
24540: [375420c8270e]
24541:
24542: * README:
24543: Refer to LICENSE
24544: [c486c8db30f6]
24545:
24546: * PORTING:
24547: --with-getpass no longer exists
24548: [db48202df1bb]
24549:
24550: * Makefile.in:
24551: BSD-style copyright. Update to reflect reality wrt new files and
24552: new auth modules.
24553: [61a2ca7940fb]
24554:
24555: * INSTALL:
24556: Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
24557: --without-passwd.
24558: [64e8f9e1c05e]
24559:
24560: * HISTORY:
24561: Update history a bit
24562: [df60c0a871b8]
24563:
24564: * COPYING, LICENSE:
24565: Now distributed under a BSD-style license
24566: [d1a184ccabe1]
24567:
24568: * auth/sudo_auth.c:
24569: o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
24570: options. o skey/opie replaced by rfc1938 code o new struct sudo_user
24571: global
24572: [891b57060868]
24573:
24574: * auth/pam.c, auth/sia.c:
24575: BSD-style copyright and use new log functions
24576: [65c44445ea84]
24577:
24578: * auth/kerb5.c:
24579: o BSD-style copyright o Use new log functiongs o Use asprintf() and
24580: snprintf() where sensible.
24581: [1ff0feaacf95]
24582:
24583: * check.c:
24584: Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
24585: done more reasonably--better sanity checks and tty-based stamps are
24586: now done as files in a directory with the same name as the invoking
24587: user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
24588: to mix tty and non-tty based ticket schemes but this may change in
24589: the future (it requires sudo to use a directory instead of a file in
24590: the non-tty case). Also, ``sudo -k'' now sets the ticket back to
24591: the epoch and ``sudo -K'' really deletes the file. That way you
24592: don't get the lecture again just because you killed your ticket in
24593: .logout. BSD-style copyright now.
24594: [ec3460f85be8]
24595:
24596: * logging.c:
24597: o rewritten logging routines. log_error() now takes printf-style
24598: varargs and log_auth() for the return value of validate(). o BSD-
24599: style copyright
24600: [438292025c4e]
24601:
24602: * auth.c, check_sia.c, dce_pwent.c, secureware.c:
24603: superceded by new auth API
24604: [412060590da7]
24605:
24606: * auth/kerb4.c:
24607: BSD-style copyright
24608: [cc4e800833c7]
24609:
24610: * auth/fwtk.c:
24611: Use snprintf() where it makes sense and add a BSD-style copyright
24612: [1b7502388a74]
24613:
24614: * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
24615: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
24616: BSD-style copyright
24617: [42583bedae5c]
24618:
24619: * emul/utime.h, utime.c:
24620: BSD-style copyright
24621: [3985c90aba47]
24622:
24623: * emul/search.h:
24624: this has been rewritten so use my BSD-style copyright
24625: [176df1b0de6f]
24626:
24627: 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
24628:
24629: * snprintf.c:
24630: include malloc.h if no stdlib.h
24631: [7b123f1d1d03]
24632:
24633: * snprintf.c:
24634: KTH snprintf()/asprintf() for systems w/o them
24635: [3ca9aefb9d01]
24636:
24637: * strerror.c:
24638: strerror() for systems w/o it
24639: [7f0bd8a1c1b4]
24640:
24641: 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
24642:
24643: * visudo.c:
24644: stylistic changes
24645: [6f99aceb7170]
24646:
24647: * parse.c, parse.lex, parse.yacc:
24648: Add contribution info in the main comment
24649: [e50cec10acd6]
24650:
24651: 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
24652:
24653: * auth/pam.c:
24654: remove missed ref to PAM_nullpw
24655: [a43e59692cdb]
24656:
24657: * auth/sudo_auth.h:
24658: pasto
24659: [891ff138ab89]
24660:
24661: * auth/kerb5.c:
24662: more or less complete now--still untested
24663: [21036732faa0]
24664:
24665: * auth/afs.c, auth/pam.c:
24666: don't use user_name macro, it will go away
24667: [def7cf727349]
24668:
24669: * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
24670: combine skey/opie code into rfc1938.c
24671: [44d88ca93d3e]
24672:
24673: * auth/dce.c, auth/sudo_auth.h:
24674: DCE authentication method; basically unchanged from dce_pwent.c
24675: [4d468473dd6f]
24676:
24677: * auth/aix_auth.c, auth/sudo_auth.h:
24678: AIX authenticate() support. Could probably be much better
24679: [000013321a33]
24680:
24681: * auth/sia.c:
24682: Fix an uninitialized variable and some cleanup. Now works (tested)
24683: [fd6ad88ff055]
24684:
24685: * auth/sia.c, auth/sudo_auth.h:
24686: SIA support for digital unix
24687: [5335f3e70eab]
24688:
24689: * auth/pam.c:
24690: don't use prompt global, it will go away
24691: [fadd22dd6ce4]
24692:
24693: * auth/secureware.c:
24694: correct copyright years
24695: [6aa07c49f51b]
24696:
24697: * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
24698: auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
24699: auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
24700: New authentication API and methods
24701: [9debe9b59c79]
24702:
24703: 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
24704:
24705: * sudo.tab.c:
24706: regen
24707: [84578e82c1a6]
24708:
24709: * parse.yacc:
24710: only save an entry if user_matches && host_matches, even if the
24711: stack is empty (fix for previous commit)
24712: [00984b078d8a]
24713:
24714: * sudo.tab.c:
24715: regen
24716: [66acf160b4b7]
24717:
24718: * parse.yacc:
24719: 1) Always save an entry on the stack if it is empty. This fixes the
24720: -l and -v flags that were broken by earlier parser changes.
24721:
24722: 2) In a Runas list, don't negate FALSE -> TRUE since that would make
24723: !foo match any time the user specified a runas user (via -u) other
24724: than foo.
24725: [f322eb54b015]
24726:
24727: * testsudoers.c:
24728: interfaces and num_interfaces are now auto, not extern
24729: [113add5c6518]
24730:
24731: 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
24732:
24733: * auth.c:
24734: use a static global to keep stae about empty passwords
24735: [bc02e30807d8]
24736:
24737: * check_sia.c:
24738: make PASSWORD_NOT_CORRECT logging consistent with other modules
24739: [21962549d5fd]
24740:
24741: 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
24742:
24743: * auth.c:
24744: PAM prompt code was wrong, looks like we have to kludge it after
24745: all.
24746: [91f246155ead]
24747:
24748: * auth.c:
24749: In the PAM code, when a user hits return at the first password
24750: prompt, exit without a warning just like the normal auth code
24751: [918f59bacdb7]
24752:
24753: * configure, configure.in:
24754: kludge around cross-compiler false positives
24755: [5e5fc8356400]
24756:
24757: * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
24758: New (correct) PAM code Tgetpass now takes an echo flag for use with
24759: PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
24760: useless umask setting Change error from BAD_ALLOCATION ->
24761: BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
24762: for consistency
24763: [e71397f09dd8]
24764:
24765: * sudo.c:
24766: Some -Wall and kill some trailing spaces
24767: [8229b43d5c4e]
24768:
24769: * configure.in:
24770: define -D__EXTENSIONS__ for solaris so we get crypt() proto
24771: [7533e4436cab]
24772:
24773: 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
24774:
24775: * RUNSON:
24776: add Dynix 4.4.4
24777: [b69f773efbce]
24778:
24779: * INSTALL, config.h.in, configure, configure.in:
24780: for kerberos V < version, fall back on old kerb4 auth code
24781: [d685ed3a1d8e]
24782:
24783: * INSTALL:
24784: clarify some things
24785: [2f5ba2e8e53a]
24786:
24787: * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
24788: typos
24789: [8925a109c093]
24790:
24791: 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
24792:
24793: * sudo.c:
24794: mention why DONT_LEAK_PATH_INFO is not the default
24795: [0346260cb4ec]
24796:
24797: 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
24798:
24799: * tgetpass.c:
24800: Fix open(2) return value checking, was NULL for fopen, should be -1
24801: for open
24802: [355878bf6d8a]
24803:
24804: * configure:
24805: regen
24806: [68bf82871862]
24807:
24808: * configure.in:
24809: better wording for solaris pam notice
24810: [04e88c7a6c42]
24811:
24812: * CHANGES:
24813: document recent changes
24814: [7c922c5622ef]
24815:
24816: * TROUBLESHOOTING:
24817: Update shadow password section
24818: [e8448bae7d66]
24819:
24820: * auth.c:
24821: move authentication code from check.c to auth.c
24822: [e9f6ecae2399]
24823:
24824: * Makefile.in, check.c, sudo.h:
24825: move authentication code to auth.c
24826: [124cded85f46]
24827:
24828: 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
24829:
24830: * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
24831: getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
24832: logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
24833: sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
24834: visudo.c:
24835: Move interface-related defines to interfaces.h so we don't have to
24836: include <netinet/in.h> everywhere.
24837: [e7599d8ea0bf]
24838:
24839: 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
24840:
24841: * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
24842: parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
24843: o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
24844: turns out the old DES crypt does the right thing with passwords
24845: longert than 8 characters. o Fix common typo (necesary ->
24846: necessary) o Update TODO list
24847: [ad75007a6f13]
24848:
24849: 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
24850:
24851: * sudo.c:
24852: set $LOGNAME when we set $USER
24853: [391596210fd7]
24854:
24855: 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
24856:
24857: * INSTALL:
24858: add comment about digital unix and interfaces.c warning with gcc
24859: [e20f815901cc]
24860:
24861: 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
24862:
24863: * sample.sudoers:
24864: use modern paths and give examples for some of the new parser
24865: features
24866: [e7b2e507c695]
24867:
24868: 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
24869:
24870: * parse.c:
24871: fix comment
24872: [5eb0d005a65f]
24873:
24874: * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
24875: getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
24876: parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
24877: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
24878: Function names should be flush with the start of the line so they
24879: can be found trivially in an editor and with grep
24880: [3c400abde574]
24881:
24882: * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
24883: sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
24884: free(3) is already void, no need to cast it
24885: [6981e1ebda0f]
24886:
24887: * logging.c, sudo.c, sudo.h:
24888: catch case where cmnd_safe is not set (this should not be possible)
24889: [3e1e3038546c]
24890:
24891: * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
24892: testsudoers.c, visudo.c:
24893: Stash the "safe" path (ie: the one listed in sudoers) to the command
24894: instead of stashing the struct stat. Should be safer.
24895: [aa2883fcf57e]
24896:
24897: 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
24898:
24899: * INSTALL, Makefile.in, UPGRADE:
24900: notes on updating from an earlier release
24901: [df9fffa4ab2c]
24902:
24903: * CHANGES:
24904: updated
24905: [574f5065d15a]
24906:
24907: 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
24908:
24909: * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
24910: sudoers.man, sudoers.pod:
24911: You can now specifiy a host list instead of just a host or alias.
24912: Ie: user = host1,host2,ALIAS,!host3 my_command now works.
24913: [e3942bb78021]
24914:
24915: * testsudoers.c:
24916: Quiet -Wall
24917: [a3edc8b08c3a]
24918:
24919: * parse.yacc, sudo.tab.c:
24920: Move the push from the beginning of cmndspec to the end. This means
24921: we no longer have to do a push at the end of privilege, just reset
24922: some values.
24923: [8ea66e5860c6]
24924:
24925: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
24926: runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
24927: use "!" most everywhere
24928: [aadae4d1c9d5]
24929:
24930: 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
24931:
24932: * sudoers.pod:
24933: modernize paths and update su example based on sample.sudoers one
24934: [3f6a37e16c83]
24935:
24936: * sample.sudoers:
24937: New runas semantics
24938: [756ee92865b7]
24939:
24940: * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
24941: strdup.c, sudo.h:
24942: In estrdup(), do the malloc ourselves so we don't need to rely on
24943: the system strdup(3) which may or may not exist. There is now no
24944: need to provide strdup() for those w/o it. Also, the prototype for
24945: estrdup() was wrong, it returns char * and its param is const.
24946: [5f1f984da8e3]
24947:
24948: * getcwd.c:
24949: $Sudo tag
24950: [e4188a35e68c]
24951:
24952: * check.c:
24953: buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
24954: [2aec87c86cde]
24955:
24956: * CHANGES, TODO, parse.yacc, sudo.tab.c:
24957: It is now possible to use the '!' operator in a runas list as well
24958: as in a Cmnd_Alias, Host_Alias and User_Alias.
24959: [a4fdaabda990]
24960:
24961: * logging.c, sudo.h:
24962: Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
24963: [73d0376785ae]
24964:
24965: * sudo.h:
24966: Definitions of *_matched were wrong--user top, not top-2 as
24967: subscript.
24968: [5f8350a57362]
24969:
24970: * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
24971: Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
24972: command but the NOPASSWD flag was set. Make runasspec, runaslist,
24973: runasuser, and nopasswd typeless in parse.yacc Add support for '!'
24974: in the runas list Fix double printing of '%' and '+' for groups and
24975: netgroups respectively Add *_matched macros (no need for local stack
24976: variable). Should only be used directly after a pop (since top must
24977: be >= 2).
24978: [392b1400c4e6]
24979:
24980: * aclocal.m4, configure.in:
24981: Add copyright, somewhat silly
24982: [55c2cdd82dca]
24983:
24984: 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
24985:
24986: * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
24987: compat.h, config.h.in, configure, configure.in, dce_pwent.c,
24988: emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
24989: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
24990: lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
24991: putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
24992: sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
24993: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
24994: visudo.man:
24995: Crank version to 1.6 and combine copyright statements
24996: [0e1c791658ae]
24997:
24998: * sample.sudoers:
24999: Use ! not ^ to do negation
25000: [1480a0761730]
25001:
25002: * lex.yy.c, sudo.tab.c:
25003: regen
25004: [89ca5a46684b]
25005:
25006: * parse.lex, parse.yacc:
25007: Make runas and NOPASSWD tags persistent across entris in a command
25008: list. Add a PASSWD tag to reverse NOPASSWD. When you override a
25009: runas or *PASSWD tag the value given becomes the new default for the
25010: rest of the command list.
25011: [f1bbb4066542]
25012:
25013: 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
25014:
25015: * CHANGES, RUNSON:
25016: update for 1.5.9
25017: [a1ae9d4a7d54] [SUDO_1_5_9]
25018:
25019: * visudo.c:
25020: Shift return value of system(3) by 8 to get real exit value and if
25021: it is not 1 or 0 print the retval along with the error message.
25022: [c1ff50d743fb]
25023:
25024: 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
25025:
25026: * Makefile.in:
25027: testsudoers needs LIBOBJS too
25028: [972571b4e4bf]
25029:
25030: * parse.c, parse.yacc, sudo.tab.c:
25031: Fix another parser bug. For a sudoers entry like this: millert
25032: ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
25033: as root.
25034: [51968e1eb33d]
25035:
25036: * CHANGES:
25037: new change
25038: [271c6110bb62]
25039:
25040: * parse.yacc, sudo.tab.c:
25041: Save entries that match a ! command on the matching stack too
25042: [5afb5107116c]
25043:
25044: * sudo.c:
25045: Make sudo's usage info better when mutually exclusive args are given
25046: and don't rely on argument order to detect this; nick@zeta.org.au
25047: [2422753c88fd]
25048:
25049: 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
25050:
25051: * CHANGES, Makefile.in, RUNSON:
25052: updates from CU
25053: [b37381e3dafb]
25054:
25055: * Makefile.in:
25056: use gzip
25057: [94a64e52a166]
25058:
25059: * parse.yacc, sudo.tab.c:
25060: Fix off by one error introduced in *alloc changes
25061: [95ede581153a]
25062:
25063: * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
25064: check_sia.c, compat.h, config.h.in, configure, configure.in,
25065: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
25066: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25067: interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
25068: pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
25069: sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
25070: sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
25071: visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
25072: ++version
25073: [c6d88f024e37]
25074:
25075: * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
25076: interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
25077: putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
25078: sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
25079: Use emalloc/erealloc/estrdup
25080: [44221d97361a]
25081:
25082: * alloc.c:
25083: error checking memory allocation routines
25084: [5f8c1e7bbc71]
25085:
25086: * parse.yacc, sudo.tab.c:
25087: Still not right, this fixes it for real
25088: [ad553b6f5339]
25089:
25090: * parse.yacc, sudo.tab.c:
25091: Fix for previous commit
25092: [4d6f989f9bf2]
25093:
25094: * CHANGES, INSTALL, parse.yacc:
25095: Fix a parser bug that was exposed when mixing different runas specs
25096: and ! commands. For example: millert ALL=(daemon)
25097: /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
25098: as well as daemon when it should just allow daemon. The problem was
25099: that comma-separated commands in a list shared the same entry on the
25100: matching stack. Now they get their own entry iff there is a full
25101: match. It may be better to just make the runas spec persistent
25102: across all commands in a list like the user and host entries of the
25103: matching stack. However, since that is a fairly major change it
25104: should gets its own minor rev increase.
25105: [c4b939cdcc8e]
25106:
25107: 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
25108:
25109: * check.c, config.h.in:
25110: Simplify PAM code and fix a PAM-related warning on Linux
25111: [2468399523b6]
25112:
25113: 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
25114:
25115: * CHANGES:
25116: updates
25117: [29d4a997769c]
25118:
25119: * sample.sudoers:
25120: better su entry
25121: [76d8285a72ba]
25122:
25123: * configure:
25124: regen
25125: [b7450cc6975d]
25126:
25127: * check.c, configure.in:
25128: new pam code that works on solaris, should work on linux too;
25129: aelberg@home.com
25130: [84c16c0ff259]
25131:
25132: 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
25133:
25134: * RUNSON:
25135: more entries
25136: [b6bef8660759]
25137:
25138: * config.h.in:
25139: only include strings.h if there is no string.h
25140: [b66054a32b00]
25141:
25142: 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
25143:
25144: * config.guess:
25145: Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
25146: [c086d2fe63af]
25147:
25148: 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
25149:
25150: * sudo.c:
25151: shost must be set before log functions are called #ifdef HOST_IN_LOG
25152: [d49a7944358f]
25153:
25154: 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
25155:
25156: * CHANGES, lex.yy.c, parse.lex:
25157: Fix a bug wrt quoting characters in command args. Stop processing
25158: an arg when you hit a backslash so the quoted-character detection
25159: can catch it.
25160: [2281438d7f41]
25161:
25162: 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
25163:
25164: * interfaces.c:
25165: include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
25166: [31118a9e9916]
25167:
25168: 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
25169:
25170: * configure, configure.in:
25171: add missing case statement so --without-sendmail works
25172: [ca25614f7dd9]
25173:
25174: 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
25175:
25176: * CHANGES:
25177: more
25178: [4d70e44f7f93]
25179:
25180: 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
25181:
25182: * configure, configure.in:
25183: only search for -lsun in irix <= 4.x
25184: [e604238317b1]
25185:
25186: * configure, configure.in:
25187: back out last configure.in change now that I've hacked autoconf to
25188: fix the real problem and add a missing newline
25189: [2dabf59a79b5]
25190:
25191: * CHANGES:
25192: updated
25193: [bb35d526552f]
25194:
25195: * getcwd.c:
25196: add def of dirfd() for those without it
25197: [95f0173d8441]
25198:
25199: * configure, configure.in:
25200: When falling back to checking for socket() when linking with
25201: "-lsocket -lnsl" check for main() instead since autoconf has already
25202: cached the results of checking for socket() in -lsocket. This is
25203: really an autoconf bug as it should use the extra libs as part of
25204: the cache variable name.
25205: [a845f8b710ad]
25206:
25207: * configure.in:
25208: typo
25209: [a7d62f62a478]
25210:
25211: 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
25212:
25213: * configure.in:
25214: fix occurrence of $with_timeout that should be
25215: $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
25216: bochum.de
25217: [8c4da2cf73d1]
25218:
25219: 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
25220:
25221: * sudo.cat, sudo.html, sudo.man, sudo.pod:
25222: fix grammar; espie@openbsd.org
25223: [7031d9dfbc3e] [SUDO_1_5_8]
25224:
25225: 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
25226:
25227: * parse.yacc, sudo.c, testsudoers.c:
25228: add cast for strdup in places it does not have it
25229: [7ce4478d3b0f]
25230:
25231: 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
25232:
25233: * configure, configure.in:
25234: define for_BSD_TYPES irix
25235: [858337ff4af8]
25236:
25237: 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
25238:
25239: * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
25240: Make it clear that it is the user's password, not root's, that we
25241: want.
25242: [ae0f51b35ee4]
25243:
25244: * check.c, sudo.h:
25245: If the user enters an empty password and really has no password,
25246: accept the empty password they entered. Perviously, they could
25247: enter anything
25248: *but* an empty password. Also, add GETPASS macro that calls either
25249: tgetpass() or getpass() depending on how sudo was configured.
25250: Problem noted by jdg@maths.qmw.ac.uk
25251: [2fde21ce94c1]
25252:
25253: 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
25254:
25255: * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
25256: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
25257: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25258: interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
25259: pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
25260: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
25261: visudo.c:
25262: add explicate copyright
25263: [d3b4449834a5]
25264:
25265: * CHANGES:
25266: mention -lsocket, -lnsl configure changes
25267: [9140af4ad8ae]
25268:
25269: 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
25270:
25271: * sudo.c:
25272: Don't clobber errno after calling check_sudoers().
25273: [59bd581b2654]
25274:
25275: 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
25276:
25277: * configure, configure.in:
25278: When linking with both -lsocket and -lnsl be sure to do so in that
25279: order. Also, when we can't find socket() or inet_addr() and have to
25280: try linking with both libs, issue a warning.
25281: [0ee547163067]
25282:
25283: * sudo.cat, sudo.man, sudo.pod:
25284: clarify bad timestamp and fmt
25285: [70e42cf56c75]
25286:
25287: 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
25288:
25289: * INSTALL, RUNSON:
25290: be clear that pam is linux-only and add a RUNSON entry
25291: [7fdeab875e0d]
25292:
25293: 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
25294:
25295: * CHANGES, INSTALL, configure, configure.in:
25296: fix and correctly document --with-umask; problem noted by
25297: adap@adap.org
25298: [11cd0481d63a]
25299:
25300: 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
25301:
25302: * configure, configure.in:
25303: only use /usr/{man,catman}/local to store man pages if suer didn't
25304: override prefix or mandir
25305: [781ad2cbe9be]
25306:
25307: * INSTALL, configure, configure.in:
25308: fix typo, make --with-SecurID take an arg
25309: [026a9b4014fc]
25310:
25311: 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
25312:
25313: * RUNSON:
25314: updates from users
25315: [2286982b31e6]
25316:
25317: * CHANGES, INSTALL, check.c, configure, configure.in:
25318: FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
25319: [23aa4e5c6b02]
25320:
25321: * configure, configure.in:
25322: better fix for the problem of unresolved symbols in -lnsl or
25323: -lsocket
25324: [82fe70fc287f]
25325:
25326: * configure, configure.in:
25327: when checking for functions in -lnsl and -lsocket link with both of
25328: them to avoid unresolved symbols on some weirdo systems
25329: [1734a591808e]
25330:
25331: 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
25332:
25333: * BUGS, CHANGES, RUNSON, TODO:
25334: old changes that didn't make it into RCS before the RCS->CVS switch
25335: [846eb2b8f9aa]
25336:
25337: 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
25338:
25339: * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
25340: configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
25341: getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
25342: ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
25343: lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
25344: secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
25345: sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
25346: visudo.pod:
25347: add sudo tags
25348: [962f81eaa5ab]
25349:
25350: * sudo.h:
25351: testing Sudo tag
25352: [e84cbc521129]
25353:
25354: * version.h:
25355: testing Sudo tag
25356: [a8c3a3998b88]
25357:
25358: * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
25359: config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
25360: find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
25361: ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
25362: logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
25363: secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
25364: sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
25365: utime.c, version.h, visudo.c, visudo.cat, visudo.man:
25366: crank version and regen files
25367: [23eacf00a1a4]
25368:
25369: * Makefile.in:
25370: kill rcs goop in update_version and fix now that version is a const
25371: [e6e50bd8d1e1]
25372:
25373: * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
25374: sudo.c, sudo.h, sudo.pod:
25375: kerb5 support from fcusack@iconnet.net
25376: [8134027986e2]
25377:
25378: * realpath.c, sudo_realpath.c:
25379: we no longer use realpath
25380: [0f5f64abc646]
25381:
25382: * qualify.c:
25383: replaced by find_path.c
25384: [9e32a87e09c4]
25385:
25386: * options.h:
25387: all options are now configure flags
25388: [ee6bd9610102]
25389:
25390: * lex.yy.c:
25391: regen
25392: [bdbf8a18161f]
25393:
25394: * getwd.c:
25395: superceded by getcwd.c
25396: [1e54ee0990b4]
25397:
25398: * getpass.c:
25399: superceded by tgetpass.c
25400: [4e0d1edc30e3]
25401:
25402: * SUPPORTED:
25403: superceded by RUNSON
25404: [854c5a21cb53]
25405:
25406: * OPTIONS:
25407: No longer used now that we have configure options for everything.
25408: [9b1ae1c89259]
25409:
25410: * configure:
25411: regen based on configure.in
25412: [3a4d73936973]
25413:
25414: * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
25415: sudoers.man, visudo.cat, visudo.html, visudo.man:
25416: regen based on sudo.pod, sudoers.pod, and visudo.pod
25417: [c267beb90778]
25418:
25419: 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
25420:
25421: * check.c:
25422: fix tty tickets in remove_timestamp (didn't use ':')
25423: [fd964a74a32b]
25424:
25425: 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
25426:
25427: * interfaces.c:
25428: close sock when we are done with it
25429: [95de0380f8a4]
25430:
25431: 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
25432:
25433: * parse.yacc:
25434: never say "error on line -1"
25435: [361db1491121]
25436:
25437: 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
25438:
25439: * configure.in:
25440: check for -lnsl before -lsocket
25441: [8e966d6bbcb5]
25442:
25443: * configure.in:
25444: quote '[', ']' used in ranges correctly
25445: [fa4f9c6ff651]
25446:
25447: 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
25448:
25449: * config.h.in:
25450: add missing NO_ROOT_SUDO noted by drno@tsd.edu
25451: [c969f25d1667]
25452:
25453: 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
25454:
25455: * version.h:
25456: 1.5.7
25457: [7a22de0bc148]
25458:
25459: * INSTALL:
25460: more info for 1.5.7
25461: [30ad9e784799]
25462:
25463: * README:
25464: update for 1.5.7
25465: [cd03a0a27cd2]
25466:
25467: * parse.yacc:
25468: make increases of cm_list_size and ga_list_size be similar to
25469: increases of stacksize (ie: >= not > in initial compare).
25470: [6bd450a896c7]
25471:
25472: * parse.yacc:
25473: when we get a syntax error, report it for the previous line since
25474: that's generally where the error occurred.
25475: [c4ac84058f0b]
25476:
25477: 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
25478:
25479: * config.h.in, configure.in, interfaces.c:
25480: add back check for sys/sockio.h but only use it if SIOCGIFCONF is
25481: not defined
25482: [d197f31fd1e4] [SUDO_1_5_7]
25483:
25484: * config.h.in:
25485: define BSD_COMP for svr4
25486: [87ac1147ff79]
25487:
25488: * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
25489: goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
25490: parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
25491: testsudoers.c, tgetpass.c, utime.c, visudo.c:
25492: more -Wall
25493: [d98e2d32db2a]
25494:
25495: * configure.in:
25496: kill check for sockio,h
25497: [4399779014c1]
25498:
25499: * config.h.in:
25500: no more HAVE_SYS_SOCKIO_H
25501: [67484528e347]
25502:
25503: * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
25504: goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
25505: parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
25506: testsudoers.c, tgetpass.c, utime.c, visudo.c:
25507: -Wall
25508: [2b7e83976788]
25509:
25510: 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
25511:
25512: * sudo.c:
25513: add missing inform_user()
25514: [8689528c6d55]
25515:
25516: 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
25517:
25518: * find_path.c:
25519: return NOT_FOUND if given fully qualified path and it does not exist
25520: previously it would perror(ENOENT) which bypasses the option to not
25521: leak path info
25522: [ccbc3d0130ae]
25523:
25524: * configure.in:
25525: for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
25526: -ldes
25527: [c77d3b484ece]
25528:
25529: 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
25530:
25531: * INSTALL:
25532: tty tickets are user:tty now
25533: [a53a303a614d]
25534:
25535: * check.c:
25536: when using tty tickets make it user:tty not user.tty as a username
25537: could have a '.' in it
25538: [3160b3f5c890]
25539:
25540: 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
25541:
25542: * sudo.c:
25543: add "ignoring foo found in ." for auth successful case
25544: [24257169e0bd]
25545:
25546: 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
25547:
25548: * sudo.c:
25549: add missing printf param
25550: [8c905124f777]
25551:
25552: 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
25553:
25554: * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
25555: go back to printing "command not found" unless --disable-path-info
25556: specified. Also, tell user when we ignore '.' in their path and it
25557: would have been used but for --with-ignore-dot.
25558: [066e118c11e4]
25559:
25560: * check.c, sudo.c:
25561: Only one space after a colon, not two, in printf's
25562: [38452f4c8007]
25563:
25564: 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
25565:
25566: * sudo.pod:
25567: document setting $USER
25568: [80557fe6aede]
25569:
25570: * check.c:
25571: fix bugs with prompt expansion
25572: [44c4fca5f009]
25573:
25574: * sudo.c:
25575: set $USER for root too
25576: [4b525e1c6269]
25577:
25578: 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
25579:
25580: * getspwuid.c:
25581: typo
25582: [5107446f43e0]
25583:
25584: * configure.in:
25585: HP-UX's iscomsec is in -lsec, not libc
25586: [03c9f700b795]
25587:
25588: * configure.in:
25589: remove some entries in the OS case statement that did nothing
25590: [ea96e7e0f624]
25591:
25592: * TROUBLESHOOTING:
25593: add "cd" section and flush out syslog section
25594: [5107f7363b78]
25595:
25596: * Makefile.in:
25597: no more sudo-lex.yy.c
25598: [ed50826efbbc]
25599:
25600: * check_sia.c:
25601: add custom prompt support
25602: [6a285cea10b7]
25603:
25604: * testsudoers.c:
25605: kill perror("malloc") since we already have a good error messages
25606: pw_ent -> pw for brevity
25607: [eee31052921e]
25608:
25609: * sudo.c:
25610: kill perror("malloc") since we already have a good error messages
25611: pw_ent -> pw for brevity set $USER if -u specified
25612: [9f3753461f8a]
25613:
25614: * parse.yacc:
25615: kill perror("malloc") since we already have a good error messages
25616: [849459088ac3]
25617:
25618: * parse.c:
25619: kill perror("malloc") since we already have a good error messages
25620: pw_ent -> pw for brevity when checking if %group matches, look up
25621: user in password file so that %groups works in a RunAs spec.
25622: [0489b4ecc59a]
25623:
25624: * logging.c:
25625: kill perror("malloc") since we already have a good error messages
25626: [3191a18b3526]
25627:
25628: * check.c, getspwuid.c, interfaces.c:
25629: kill perror("malloc") since we already have a good error messages
25630: pw_ent -> pw for brevity
25631: [7193fdb38cf9]
25632:
25633: 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
25634:
25635: * tgetpass.c:
25636: the prompt is expanded before tgetpass is called
25637: [0f408f508041]
25638:
25639: * sudo.h:
25640: tgetpass now has the same args as getpass again
25641: [b6778cd9d79f]
25642:
25643: * getspwuid.c:
25644: add iscomsec, issecure support
25645: [007be7ec7ae7]
25646:
25647: * check.c:
25648: we now expand any %h or %u in the prompt before passing to tgetpass
25649: [f3db8c9ee387]
25650:
25651: * configure.in:
25652: add check for syslog(3) in -lsocket, -lnsl, -linet
25653: [5a96f902ce00]
25654:
25655: * config.h.in:
25656: add HAVE_ISCOMSEC and HAVE_ISSECURE
25657: [f640b0d4cf05]
25658:
25659: * configure.in:
25660: add check for iscomsec in HP-UX
25661: [b28b249040f0]
25662:
25663: * configure.in:
25664: check for issecure if we have getpwanam on SunOS some options are
25665: incompatible with DUNIX SIA check for dispcrypt on DUNIX
25666: [a49d05d9c913]
25667:
25668: 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
25669:
25670: * config.h.in:
25671: add HAVE_DISPCRYPT
25672: [7376d543d8d6]
25673:
25674: * secureware.c:
25675: add back support for non-dispcrypt based checking for older DUNIX
25676: [977b98e936be]
25677:
25678: * INSTALL:
25679: sia changes
25680: [c5387c06e30f]
25681:
25682: * configure.in:
25683: SIA becomes the default on Digital UNIX now havbe --disable-sia to
25684: turn it off...
25685: [3b647558ea13]
25686:
25687: * check.c:
25688: move local includes after system ones
25689: [b2abad4c4aef]
25690:
25691: 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
25692:
25693: * check.c, check_sia.c, sudo.h:
25694: add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
25695: stderr
25696: [547cbf299661]
25697:
25698: * check_sia.c:
25699: fix while loop in sia_attempt_auth() that checks the password. Only
25700: the first iteration was working.
25701: [1886fd1ac831]
25702:
25703: 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
25704:
25705: * aclocal.m4:
25706: don't trust UID_MAX or MAXUID
25707: [2aeddb1654d8]
25708:
25709: * configure.in:
25710: fix two pastos
25711: [c18f0a10b75d]
25712:
25713: * configure.in:
25714: fix typo
25715: [1eb3190ef12d]
25716:
25717: * getspwuid.c, secureware.c:
25718: init crypt_type to INT_MAX since it is legal to be negative in DUNX
25719: 5.0
25720: [cefbde04822d]
25721:
25722: * configure.in:
25723: for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
25724: -ldb since DUNX < 4.0 lacks it
25725: [e6b11d971068]
25726:
25727: 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
25728:
25729: * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
25730: secureware.c, sudo.c, tgetpass.c:
25731: getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
25732: minutes if the shadow files don't exist).
25733: [2f297d095004]
25734:
25735: 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
25736:
25737: * INSTALL:
25738: updated --with-editor blurb
25739: [77d8a3ea7328]
25740:
25741: * TROUBLESHOOTING:
25742: tell how to put sudoers in a different dir
25743: [456cd20eb1d0]
25744:
25745: * configure.in:
25746: add missing quotes around $with_editor
25747: [22881748ab1b]
25748:
25749: * configure.in:
25750: typo in --with-editor bits
25751: [ab6964580681]
25752:
25753: * INSTALL:
25754: I don't expect it to work on Solaris
25755: [1c2fceaaf56e]
25756:
25757: * check.c:
25758: add back security/pam_misc.h
25759: [6ffd30033c1e]
25760:
25761: 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
25762:
25763: * INSTALL:
25764: remove dunix note since configure checks for this now
25765: [e9904512b8e8]
25766:
25767: * configure.in:
25768: add check for broken dunix prot.h (4.0 < 4.0D is bad)
25769: [8a4c1e6aef3b]
25770:
25771: * getspwuid.c, secureware.c, tgetpass.c:
25772: new dunix shadow code, use dispcrypt(3)
25773: [1b936bc7268c]
25774:
25775: * config.h.in:
25776: add HAVE_INITPRIVS
25777: [4369f4c4f914]
25778:
25779: * sudo.c:
25780: call initprivs() if we have it for getprpwuid later on
25781: [11cf5915d826]
25782:
25783: * Makefile.in:
25784: clean pathnames.h too
25785: [5f1df3262613]
25786:
25787: * configure.in:
25788: quote "Sorry, try again." with [] since it has a comma in it set
25789: LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
25790: getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
25791: initprivs later.
25792: [e226b0a3f250]
25793:
25794: * INSTALL:
25795: update Digital UNIX note about acl.h
25796: [80132b71d73a]
25797:
25798: * INSTALL:
25799: add --with-sia
25800: --without-root-sudo -> --disable-root-sudo some reordering
25801: [198386358818]
25802:
25803: * secureware.c:
25804: add whitespace
25805: [4aadaf1a54b0]
25806:
25807: * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
25808: add SIA support
25809: [fa3ddbb9cc51]
25810:
25811: * check_sia.c:
25812: Initial revision
25813: [2968551d40e4]
25814:
25815: 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
25816:
25817: * configure.in:
25818: when checking for -lsocket, -lnsl, and -linet, check for the
25819: specific functions we need from them.
25820: [8d33e64362a3]
25821:
25822: * config.h.in, sudo.h:
25823: move Syslog_* defs into sudo.h
25824: [03d1774f25c7]
25825:
25826: * Makefile.in, sudo.h:
25827: added check_secureware
25828: [e46e3cbb9a97]
25829:
25830: * configure.in:
25831: finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
25832: [dbefe1856503]
25833:
25834: * insults.h:
25835: don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
25836: defined. configure now does that for us
25837: [e4520ea0581f]
25838:
25839: * configure.in:
25840: move some --with options around change a bunch of echo's to
25841: AC_MSG_CHECKING, AC_MSG_RESULT pairs
25842: [ffdf6869fdd7]
25843:
25844: * configure.in:
25845: change $with_foo-bar -> $with_foo_bar kill extra " that caused a
25846: syntax error add some echo verbage
25847: [3278c49bf74b]
25848:
25849: 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
25850:
25851: * check.c:
25852: moved SecureWare stuff into secureware.c
25853: [42d3d3ac35dc]
25854:
25855: * secureware.c:
25856: Initial revision
25857: [aa7f72a249cf]
25858:
25859: * INSTALL:
25860: update url to solaris gcc bins
25861: [36a3eb668777]
25862:
25863: * INSTALL:
25864: change option formatter and flesh out someentries
25865: [6fbd1db4a8ad]
25866:
25867: * TROUBLESHOOTING, sudo.pod, visudo.pod:
25868: environmental variable -> environment variable
25869: [6f14d708e32d]
25870:
25871: * BUGS:
25872: everything is now done via configure
25873: [c217858f58ab]
25874:
25875: * README:
25876: prev rev was 1.5.6
25877: [7b4177103c35]
25878:
25879: * Makefile.in:
25880: passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
25881: [31c6b0a5e0e2]
25882:
25883: * config.h.in:
25884: SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
25885: [d406a1ef6d25]
25886:
25887: * Makefile.in:
25888: merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
25889: sudoers_mode from configure
25890: [1c509500655a]
25891:
25892: * configure.in:
25893: SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
25894: the Makefile, not config.h
25895: [d4482f1492fe]
25896:
25897: * INSTALL:
25898: document all --with/--enable options
25899: [22d81b312d7f]
25900:
25901: 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
25902:
25903: * insults.h:
25904: options.h is no more
25905: [560946a33f7f]
25906:
25907: * config.h.in:
25908: assimilated options.h
25909: [dd8ce74613c1]
25910:
25911: * configure.in:
25912: moved options from options.h to configure
25913: [d39662f71b4e]
25914:
25915: * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
25916: logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
25917: sudo_setenv.c, visudo.c:
25918: no more options.h
25919: [43924bf0858d]
25920:
25921: * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
25922: remove references to options.h
25923: [ef3474295395]
25924:
25925: * dce_pwent.c, interfaces.c, sudo.c:
25926: kill sys/time.h
25927: [4d833f0034e4]
25928:
25929: * tgetpass.c:
25930: if select return < -1 still prompt for pw
25931: [e0009e5c93a2]
25932:
25933: * options.h:
25934: convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
25935: configure options
25936: [e60a1e546516]
25937:
25938: * parse.c:
25939: FAST_MATCH is no longer an optino
25940: [c448dbb3464b]
25941:
25942: * check.c:
25943: remove_timestamp() if timestamp is preposterous
25944: [70d9a86c6ecd]
25945:
25946: * options.h:
25947: convert more options to --with/--enable
25948: [34646d9b09dc]
25949:
25950: * INSTALL, aclocal.m4:
25951: logfile -> logpath
25952: [42de502bc637]
25953:
25954: * configure.in:
25955: convert more options into --with and --enable
25956: [92d0898c9844]
25957:
25958: * tgetpass.c:
25959: catch EINTR in select and restart
25960: [f045d2f234d7]
25961:
25962: * logging.c:
25963: sys/errno -> errno
25964: [7f0c5beab6f2]
25965:
25966: 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
25967:
25968: * sudo.c:
25969: UMASK -> SUDO_UMASK.
25970: [48f308661514]
25971:
25972: * check.c, logging.c:
25973: time.h, not sys/time.h
25974: [91de049c79e4]
25975:
25976: 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
25977:
25978: * logging.c:
25979: MAILER -> _PATH_SENDMAIL
25980: [df65d6896639]
25981:
25982: * INSTALL, configure.in:
25983: no more --with-C2, now it is --disable-shadow
25984: [18bfcab3b9ab]
25985:
25986: * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
25987: getspwuid.c, sudo.c, tgetpass.c:
25988: new shadow password scheme. Always include shadow support if the
25989: platform supports it and the user did not disable it via configure
25990: [2135d93bb4a9]
25991:
25992: 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
25993:
25994: * configure.in:
25995: --with-getpass -> --{enable,disable}-tgetpass
25996: [451b33fdd4c7]
25997:
25998: * Makefile.in:
25999: pathnames.h -> pathnames.h.in
26000: [b109022eca69]
26001:
26002: * check.c:
26003: fix version string
26004: [761b25c314ea]
26005:
26006: * check.c:
26007: move pam_conv to be static to auth function remove pam_misc.h
26008: (solaris doesn't have one)
26009: [a682e4da987a]
26010:
26011: * aclocal.m4:
26012: _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
26013: [e6005d0599b5]
26014:
26015: * configure.in:
26016: munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
26017: [24c0ac2155ef]
26018:
26019: * pathnames.h.in:
26020: convert to pathnames.h.in
26021: [013bddf7f684]
26022:
26023: 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
26024:
26025: * configure.in:
26026: fix typo in sysv4 matching case /.
26027: [2994c4f88cf5]
26028:
26029: 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
26030:
26031: * check.c:
26032: pam stuff needs to run as root, not user, for shadow passwords
26033: [d94ff75de503]
26034:
26035: 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
26036:
26037: * BUGS, INSTALL, README, configure.in:
26038: updated version
26039: [775adc7de7ac]
26040:
26041: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
26042: emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
26043: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
26044: logging.c, options.h, parse.c, parse.lex, parse.yacc,
26045: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
26046: testsudoers.c, tgetpass.c, utime.c, visudo.c:
26047: updated version
26048: [5ca599fb6b93]
26049:
26050: * check.c:
26051: user version.h for long message
26052: [47a52ac7e542]
26053:
26054: * check.c:
26055: this is version 1.5.6
26056: [8451ac79eee2]
26057:
26058: 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
26059:
26060: * Makefile.in:
26061: remove errant backslash
26062: [0222a8a650ff]
26063:
26064: 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
26065:
26066: * options.h, parse.yacc, pathnames.h.in:
26067: fix version string
26068: [fdee73255d64] [SUDO_1_5_6]
26069:
26070: * BUGS, CHANGES, TODO:
26071: updtaed for 1.5.6
26072: [752443bf7f26]
26073:
26074: * RUNSON:
26075: updated for 1.5.6
26076: [0f878123fe6a]
26077:
26078: 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
26079:
26080: * interfaces.c:
26081: kill unused localhost_mask var copy if name to ifr_tmp after we zero
26082: it
26083: [8e89c364cef2]
26084:
26085: 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
26086:
26087: * INSTALL:
26088: Better description of new vs. old sudoers modes fix some typos
26089: better description of /usr/ucb/cc gotchas on slowaris
26090: [c00b2a6fc1e8]
26091:
26092: * Makefile.in:
26093: add sample.pam
26094: [ec7f6cc19b00]
26095:
26096: * sudo.c:
26097: set NewArgv[0] to user_shell, not basename(user_shell)
26098: [1e907cbc9f7b]
26099:
26100: 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
26101:
26102: * README:
26103: mention TROUBLESHOOTING more fix some typos
26104: [2c2e6907d4a4]
26105:
26106: * configure.in:
26107: move --enable/--disable to be after --with
26108: [9b30097f76c1]
26109:
26110: * INSTALL:
26111: document --enable/--disable
26112: [c522362e38a8]
26113:
26114: * INSTALL:
26115: document --with-pam
26116: [7e38932c78ac]
26117:
26118: 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
26119:
26120: * configure.in:
26121: Add message for pam users
26122: [d224f277e3cd]
26123:
26124: * sample.pam:
26125: Initial revision
26126: [3a84d7045f54]
26127:
26128: * config.h.in:
26129: fix HAVE_PAM
26130: [2f0f303ebd88]
26131:
26132: * check.c, config.h.in, configure.in:
26133: pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
26134: [ea3e0a72d707]
26135:
26136: 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
26137:
26138: * config.h.in:
26139: add HOST_IN_LOG and WRAP_LOG
26140: [822c36eeb6a8]
26141:
26142: * logging.c:
26143: add WRAP_LOG and HOST_IN_LOG
26144: [3cf6052bd27e]
26145:
26146: * configure.in:
26147: add --enable-log-host and --enable-log-wrap
26148: [c968cc12b353]
26149:
26150: * aclocal.m4:
26151: use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
26152: [915fef7e11a1]
26153:
26154: 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
26155:
26156: * compat.h:
26157: add howmany macro
26158: [9107a057a7c8]
26159:
26160: * tgetpass.c:
26161: include sys/param.h to get howmany macro
26162: [7e908b5e1f32]
26163:
26164: 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
26165:
26166: * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
26167: add RUNAS_DEFAULT
26168: [1e76398ea3fd]
26169:
26170: 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
26171:
26172: * fnmatch.c:
26173: bring in stdio.h for NULL
26174: [69c016610cbb]
26175:
26176: * aclocal.m4:
26177: allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
26178: [15ab2972f8d0]
26179:
26180: * sudo.c:
26181: use HAVE_SET_AUTH_PARAMETERS
26182: [8abfdc8c80f7]
26183:
26184: * config.h.in:
26185: add HAVE_SET_AUTH_PARAMETERS
26186: [673a5ebd5539]
26187:
26188: * configure.in:
26189: add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
26190: [a401f5a7469a]
26191:
26192: * config.sub:
26193: add support for HI-UX/MPP SR220001 02-03 0 SR2201
26194: [cb657b7acaae]
26195:
26196: * interfaces.c:
26197: initialize previfname
26198: [26a1902f56dc]
26199:
26200: * interfaces.c:
26201: Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
26202: it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
26203: kludging it
26204: [fa5c890c313b]
26205:
26206: * configure.in:
26207: typo
26208: [bff579fbe95c]
26209:
26210: * Makefile.in:
26211: don't need special build line for sudo.tab.o
26212: [10c0a0a912e4]
26213:
26214: * Makefile.in:
26215: don't clean sudo.tab.[ch]
26216: [c40d5968efbb]
26217:
26218: * sudo.c:
26219: Sudo should prompt for a password before telling the user that a
26220: command could not be found.
26221: [d718c85a0047]
26222:
26223: * BUGS:
26224: for 1.5.6
26225: [0cc1fe5b9129]
26226:
26227: * INSTALL, README:
26228: no longer require yacc
26229: [d9096fc5b8b6]
26230:
26231: * Makefile.in:
26232: typo
26233: [70feb1aefbd5]
26234:
26235: * Makefile.in:
26236: y.tab -> sudo.tab include pre-yacc'd parse.yacc
26237: [cc802025fd44]
26238:
26239: * parse.lex:
26240: include sudo.tab.h, not y.tab.h don't break out of command args if
26241: you get a '='
26242: [728ad26dbda5]
26243:
26244: * insults.h:
26245: fix version ,
26246: [242bbce1b2d4]
26247:
26248: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
26249: fix version
26250: [2bb9086fea1e]
26251:
26252: * compat.h:
26253: fix version
26254: [7e634d498ce6]
26255:
26256: * getcwd.c:
26257: getcwd(3) from OpenBSD for those without it.
26258: [6c68d0df8f6c]
26259:
26260: * sudo.h:
26261: HAVE_GETWD -> HAVE_GETCWD
26262: [2ad1e64d60c0]
26263:
26264: * configure.in:
26265: pretend sunos doesn't have getcwd(3) since it opens a pipe to
26266: getpwd!
26267: [677992ba5a6a]
26268:
26269: * parse.c:
26270: use NAMLEN() macro
26271: [8f5685aa3165]
26272:
26273: * fnmatch.c:
26274: remove duplicate include of string.h
26275: [6024f3051ac3]
26276:
26277: * configure.in:
26278: call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
26279: [3d82a9c22cc2]
26280:
26281: * aclocal.m4:
26282: add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
26283: [53fbc47282f9]
26284:
26285: * config.h.in:
26286: add dev_t and ino_t
26287: [5929bb0c7e1a]
26288:
26289: 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
26290:
26291: * check.c:
26292: fix OTP_ONLY for opie
26293: [7edcfa78f2ec]
26294:
26295: 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
26296:
26297: * testsudoers.c, tgetpass.c:
26298: include stdlib.h for malloc proto
26299: [c9f4b99a2fe9]
26300:
26301: 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
26302:
26303: * Makefile.in:
26304: make update_version saner
26305: [d522f93ee04a]
26306:
26307: * config.h.in:
26308: add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
26309: [c9a2d21dc608]
26310:
26311: * configure.in:
26312: check for waitpid and wait3 or no waitpid
26313: [1f18c3224184]
26314:
26315: * logging.c:
26316: used waitpid or wait3 if we have 'em
26317: [391c3279ee65]
26318:
26319: 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
26320:
26321: * visudo.c:
26322: fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
26323: [fbf53b18178f]
26324:
26325: 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
26326:
26327: * configure.in:
26328: don't need to explicately mention -lsocket -lnsl for sequent
26329: [1898dc055352]
26330:
26331: 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
26332:
26333: * configure.in:
26334: dynix should not link with -linet
26335: [278a4b9cfe2a]
26336:
26337: 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
26338:
26339: * INSTALL:
26340: mention that HP-UX doesn't ship with yacc
26341: [bde5147198c0]
26342:
26343: 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
26344:
26345: * check.c:
26346: ignore kerberos if we can't get the local realm
26347: [1e311a091a27]
26348:
26349: 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
26350:
26351: * BUGS, INSTALL, README, configure.in:
26352: ++version
26353: [499ffc746018]
26354:
26355: * version.h:
26356: ++
26357: [35ba1ee01bd3]
26358:
26359: * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
26360: find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
26361: logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
26362: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
26363: updated version
26364: [b4990a513f31]
26365:
26366: * check.c, sudo.h:
26367: fix version
26368: [5710795834e8]
26369:
26370: * getcwd.c:
26371: don't use popen/pclose. Do it inline.
26372: [29e57b0646a4]
26373:
26374: * lsearch.c:
26375: add rcsid
26376: [b2b55c39858d]
26377:
26378: * sudo.c:
26379: typo
26380: [d381ac39ed0f]
26381:
26382: * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
26383: ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
26384: sudo.h:
26385: updated version
26386: [462d6e1a2d75]
26387:
26388: * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
26389: MAX* + 1 -> MAX*
26390: [2c2eeb78d34f]
26391:
26392: * Makefile.in:
26393: getwd.c -> getcwd.c
26394: [7d718c32fc02]
26395:
26396: * config.h.in:
26397: kill HAVE_GETWD
26398: [6ad3d702343f]
26399:
26400: * configure.in:
26401: getcwd, not getwd
26402: [33e5b9841f58]
26403:
26404: * getcwd.c:
26405: use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
26406: purpose
26407: [24e58d340161]
26408:
26409: 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
26410:
26411: * OPTIONS, options.h:
26412: add STUB_LOAD_INTERFACES
26413: [d747cb23ca83]
26414:
26415: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
26416: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
26417: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
26418: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
26419: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
26420: testsudoers.c, tgetpass.c, utime.c, visudo.c:
26421: updated version
26422: [0798229312cc]
26423:
26424: * configure.in:
26425: support *-ccur-sysv4 and fix two typos
26426: [24a823ad7cc9]
26427:
26428: 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
26429:
26430: * configure.in:
26431: don't echo about with_logfile and with_timedir
26432: [31e4a1e2d9ad]
26433:
26434: * INSTALL:
26435: document --with-logfile and --with-timedir
26436: [674f811a40e0]
26437:
26438: * aclocal.m4:
26439: support --with-logfile and --with-timedir
26440: [2fc36b35db12]
26441:
26442: * configure.in:
26443: Add --with-logfile and --with-timedir
26444: [09045bf07e29]
26445:
26446: * sudo.c:
26447: change size computation of NewArgv for UNICOS
26448: [b50df07da3a1]
26449:
26450: 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
26451:
26452: * configure.in:
26453: treate -*-sysv4* like *-*-svr4
26454: [471b7ef4dbf2]
26455:
26456: 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
26457:
26458: * configure.in:
26459: fix spacing for --with-authenticate help
26460: [8321cb37c410]
26461:
26462: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
26463: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
26464: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
26465: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
26466: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
26467: testsudoers.c, tgetpass.c, utime.c, visudo.c:
26468: updated version
26469: [dc1ab97312eb]
26470:
26471: * parse.yacc:
26472: fix off by one error in push macro
26473: [bece59c8c3a9]
26474:
26475: 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
26476:
26477: * configure.in:
26478: removed bogus alloca hack
26479: [a68dd720462d]
26480:
26481: * check.c:
26482: added AIX 4.x authenticate() support
26483: [12985eb448a0]
26484:
26485: * parse.yacc:
26486: include alloca.h if using bison and not gcc and it exists. fixes an
26487: alloca problem on hpux 10.x
26488: [e3b5c4f26072]
26489:
26490: * INSTALL:
26491: mention --with-authenticate
26492: [78a1c96820e7]
26493:
26494: * configure.in:
26495: added AIX authenticate() support
26496: [c983193ec252]
26497:
26498: * config.h.in:
26499: add HAVE_AUTHENTICATE
26500: [7b0e5f5db5d9]
26501:
26502: * interfaces.c:
26503: dynamically size ifconf buffer
26504: [10afb0e9b2f9]
26505:
26506: * configure.in:
26507: quote '[' and ']'
26508: [8fc38a4defad]
26509:
26510: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
26511: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
26512: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
26513: logging.c, options.h, parse.c, parse.lex, parse.yacc,
26514: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
26515: testsudoers.c, tgetpass.c, utime.c, visudo.c:
26516: updated version
26517: [5f66de71ec61]
26518:
26519: * visudo.pod:
26520: add ERRORS section
26521: [3df3edb73cf6]
26522:
26523: 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
26524:
26525: * TROUBLESHOOTING:
26526: add busy stmp file explanation
26527: [6c555d469b6f]
26528:
26529: 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
26530:
26531: * configure.in:
26532: the name of the cached var that signals whether or not you are cross
26533: compiling changed. It is now ac_cv_prog_cc_cross
26534: [123911c0658c]
26535:
26536: 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
26537:
26538: * INSTALL:
26539: mention glibc 2.07 is fixed wrt lsearch()\.
26540: [ded758524582]
26541:
26542: 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
26543:
26544: * sample.sudoers, sudoers.pod:
26545: better example of su but not root su
26546: [b3199610be21]
26547:
26548: 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
26549:
26550: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
26551: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
26552: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
26553: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
26554: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
26555: testsudoers.c, tgetpass.c, utime.c, visudo.c:
26556: updated version
26557: [46922b84e86b]
26558:
26559: * Makefile.in:
26560: correct regexp for updating version
26561: [8032728b2a8a]
26562:
26563: * tgetpass.c:
26564: remove bogus flush of stderr spew prompt before turning off echo.
26565: Seems to fix a weird problem where if sudo complained about a bogus
26566: stamp file the user would sometimes not have a chance to enter a
26567: password
26568: [7aa1493cc141]
26569:
26570: * check.c:
26571: fix bogus flush of stderr
26572: [6d047871c5e8]
26573:
26574: * sudo.c:
26575: close fd's <=2 not <=3 and move that chunk of code up
26576: [553e4faac195]
26577:
26578: * configure.in:
26579: support hpux1[0-9] not just hpux10
26580: [5a34a000ff8a]
26581:
26582: 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
26583:
26584: * parse.c:
26585: set sudoers_fp to nil after closing
26586: [221a8b4bbf34]
26587:
26588: 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
26589:
26590: * config.guess, config.sub:
26591: updated from autoconf 2.12
26592: [6fc86a0fc61b]
26593:
26594: * configure.in:
26595: add *-*-svr4 rule
26596: [38f0427f7c9d]
26597:
26598: 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
26599:
26600: * tgetpass.c:
26601: fix select usage for high fd's (dynamically allocate readfds)
26602: [c2d1f76e0321]
26603:
26604: * check.c:
26605: kill extra whitespace
26606: [d784b6c9c514]
26607:
26608: * sudo.c:
26609: do an initgroups() before running a command, unless the target user
26610: is root.
26611: [4ca561287480]
26612:
26613: 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
26614:
26615: * TROUBLESHOOTING:
26616: tell people to use tabs, not spaces, in syslog.conf
26617: [8ae90a205134]
26618:
26619: 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
26620:
26621: * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
26622: parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
26623: updated version
26624: [4d855ff5de26]
26625:
26626: * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
26627: logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
26628: updated version
26629: [8e007e178b33]
26630:
26631: * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
26632: insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
26633: updated version
26634: [9ddea5c8814d]
26635:
26636: * Makefile.in:
26637: more tweaks to update_version
26638: [047698752855]
26639:
26640: * Makefile.in:
26641: fixed up update_version rule
26642: [47b6fa34b77f]
26643:
26644: * configure.in:
26645: ++version
26646: [c1ca664e30b7]
26647:
26648: * Makefile.in:
26649: removed supe of check.c
26650: [8f340a05296a]
26651:
26652: * INSTALL:
26653: ++version I missed
26654: [a298e6c17491]
26655:
26656: * RUNSON:
26657: updated
26658: [a14f6057bc15]
26659:
26660: * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
26661: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
26662: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
26663: insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
26664: parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
26665: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
26666: visudo.c:
26667: updated version
26668: [02231b1a3ab3]
26669:
26670: * CHANGES:
26671: updated for 1.5.5
26672: [634e5fcaf40b]
26673:
26674: * Makefile.in:
26675: add rules to update version stuff in files so I don't need to do it
26676: by hand
26677: [3620ad60485a]
26678:
26679: * sudo.h:
26680: sudoers_fp is now extern
26681: [88c6e9b9ea84]
26682:
26683: * sudo.c:
26684: in check_sudoers, cache the sudoers file handle in sudoers_fp so we
26685: don't have to open it again in the parse. This may help with weird
26686: solaris problems where EAGAIN sometime occurrs.
26687: [d3c26451ed1d]
26688:
26689: * parse.c:
26690: sudoers file open is now done only in check_sudoers() so we just do
26691: a rewind() instead of an open. May help people on solaris who were
26692: getting EAGAIN.
26693: [c8b8c7722fa5]
26694:
26695: 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
26696:
26697: * INSTALL:
26698: mention that newer glibc is fixed
26699: [20f06f5d3ef3]
26700:
26701: 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
26702:
26703: * sudo.c:
26704: newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
26705: _RLD* instead of _RLD_*
26706: [1e22c588d602]
26707:
26708: * parse.c:
26709: typo
26710: [d0b7cb85f08a]
26711:
26712: * parse.c:
26713: fix that bug for real
26714: [5a6eeca6d04b]
26715:
26716: * INSTALL:
26717: document Linux's libc6 brokenness.
26718: [0246c1aa64ee]
26719:
26720: * parse.yacc:
26721: -Wall
26722: [d0e452fb1e2d]
26723:
26724: * RUNSON:
26725: updated
26726: [4949a1bbd0a9] [SUDO_1_5_4]
26727:
26728: * TROUBLESHOOTING:
26729: remind people to HUP syslogd
26730: [590962faa4f0]
26731:
26732: * Makefile.in:
26733: add -O flag to tar
26734: [622d02de339d]
26735:
26736: * RUNSON:
26737: updated
26738: [a72930d6e615]
26739:
26740: * TODO:
26741: updated
26742: [4a51bd458390]
26743:
26744: * sudo.pod:
26745: remove author's email addr. people should mail sudo-bugs
26746: [9b6bbdb3a6d9]
26747:
26748: * INSTALL:
26749: fix version
26750: [246274c6c8af]
26751:
26752: * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
26753: find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
26754: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
26755: logging.c, options.h, parse.c, parse.lex, parse.yacc,
26756: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
26757: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
26758: ++version
26759: [f532ff4ee766]
26760:
26761: * RUNSON:
26762: updated
26763: [62d5c71358b5]
26764:
26765: * INSTALL, Makefile.in:
26766: ++version
26767: [1a7c7628edfc]
26768:
26769: * CHANGES:
26770: updated fort 1.5.4
26771: [7e4873508c99]
26772:
26773: * check.c:
26774: exit(1) if user enters no passwd
26775: [f382c0e35e4e]
26776:
26777: * BUGS:
26778: ++version
26779: [fab6a867ab67]
26780:
26781: * parse.c:
26782: commands can start with ./* not just /* -- fixes a serious security
26783: hole.
26784: [244d2fe35ee3]
26785:
26786: 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
26787:
26788: * sudo.c:
26789: Don't set the tty variable to NULL when we lack a tty, leave it as
26790: "unknown".
26791: [193b26daba03]
26792:
26793: 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
26794:
26795: * sample.sudoers:
26796: fix usage of (username) in conjunction with , and !
26797: [7ae68607f68f]
26798:
26799: * visudo.c:
26800: catch the case where the user is not in the passwd file
26801: [31650258deb0]
26802:
26803: * tgetpass.c:
26804: use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
26805: select(2)
26806: [60ab2d9a9ee8]
26807:
26808: * sudo.c:
26809: define tty global to an initial value to avoid dumping core in
26810: logging functions when passwd file is unavailable.
26811: [77056c7bc908]
26812:
26813: * sudo.c:
26814: do the set_perms(PERM_USER, sudo_mode) after we have gotten the
26815: passwd entry
26816: [1fdb8e579a5a]
26817:
26818: * sudo.pod:
26819: talk about problem of ALL
26820: [1cd1905c9f6f]
26821:
26822: 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
26823:
26824: * README:
26825: new web location
26826: [d24dc26f6da5]
26827:
26828: * INSTALL:
26829: fdesc bug is fixed in Open/Net BSD
26830: [7d4d81b08ac3]
26831:
26832: * HISTORY:
26833: updates from Nieusma
26834: [3a43769a1b78]
26835:
26836: 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
26837:
26838: * dce_pwent.c:
26839: move compat.h after the system includes
26840: [5ea43a5968ac]
26841:
26842: 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
26843:
26844: * logging.c:
26845: save errno from being clobbered by wait(). From Theo
26846: [f2d1c48cd592]
26847:
26848: 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
26849:
26850: * compat.h:
26851: fix an occurence of setresuid -> setreuid (typo)
26852: [394de35c9b1c]
26853:
26854: 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
26855:
26856: * install-sh:
26857: check for path to strip
26858: [2b7ef824bd55]
26859:
26860: 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
26861:
26862: * logging.c:
26863: deal with maxfilelen < 0 case
26864: [f0af095178d7]
26865:
26866: * OPTIONS:
26867: fixed descriptin
26868: [629f60bd4b5f]
26869:
26870: 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
26871:
26872: * sudo.c:
26873: correct error message if mode/owner wrong and not statable by owner
26874: but is statable by root.
26875: [cb631ce2e85e]
26876:
26877: 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
26878:
26879: * config.guess, config.sub:
26880: autoconf 2.11
26881: [f3cbe59e0756]
26882:
26883: 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
26884:
26885: * CHANGES, RUNSON, TODO:
26886: sudo 1.5.3.
26887: [2be3229b8626]
26888:
26889: 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
26890:
26891: * parse.yacc, sudo.h:
26892: command_alias -> generic_alias
26893: [c404ca8c510d] [SUDO_1_5_3]
26894:
26895: * sample.sudoers:
26896: added Runas_Alias example and fixed syntax errors
26897: [c304053f4a8a]
26898:
26899: * OPTIONS, options.h:
26900: updated MAILSUBJECT
26901: [18d1573fcd2a]
26902:
26903: * logging.c:
26904: added %h expansion
26905: [a4bff9b284fd]
26906:
26907: * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
26908: configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
26909: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
26910: insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
26911: parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
26912: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
26913: visudo.c:
26914: ++version
26915: [211ff20f956f]
26916:
26917: * BUGS, emul/utime.h:
26918: ++version
26919: [cde5376579e3]
26920:
26921: * sudoers.pod:
26922: document Runas_Alias
26923: [b1a58f28fb2c]
26924:
26925: * visudo.pod:
26926: q (uid) -> Q
26927: [d256649a0e6b]
26928:
26929: * visudo.c:
26930: buffer oflow checking q (uit) -> Q if yyparse() fails drop into
26931: whatnow
26932: [1cb183d15626]
26933:
26934: * parse.yacc:
26935: add size params to sprintf
26936: [9228f698921f]
26937:
26938: * parse.lex:
26939: allow trailing space after '\\' but before '\n'
26940: [f51dbbf69fdf]
26941:
26942: * find_path.c:
26943: off by one error in path size check
26944: [a6d75ccd7632]
26945:
26946: * check.c:
26947: sprintf paranoia
26948: [3ffb12d198dd]
26949:
26950: 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
26951:
26952: * parse.yacc:
26953: fixed more_aliases
26954: [aab12f2a50af]
26955:
26956: * visudo.c:
26957: now warns if killed by signal ./
26958: [310c186a0fd7]
26959:
26960: 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
26961:
26962: * parse.yacc:
26963: fix Runas_Alias stuff Alias's in runas list now get expanded (but it
26964: is gross)
26965: [45590b83120f]
26966:
26967: * sudo.c:
26968: Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
26969: [d53e01c14c58]
26970:
26971: * parse.yacc:
26972: add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
26973: [7a4a040aae2d]
26974:
26975: * parse.lex:
26976: Add Runas_Alias and simplify a rule.
26977: [6f794a769a37]
26978:
26979: * parse.yacc:
26980: always store User_Alias's since they can be used inside of a runas
26981: list. Sigh. Really need a Runas_Alias instead.
26982: [3bab058a873e]
26983:
26984: 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
26985:
26986: * visudo.c:
26987: deal with case where there is no sudoers file
26988: [fa38b3bb244d]
26989:
26990: 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
26991:
26992: * TROUBLESHOOTING:
26993: added one
26994: [e61346d06725]
26995:
26996: 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
26997:
26998: * HISTORY, testsudoers.c:
26999: developement -> development
27000: [4df55e293941]
27001:
27002: * INSTALL:
27003: added a note
27004: [3845fb83dbc0]
27005:
27006: * RUNSON:
27007: for 1.5.2
27008: [5489b7298942]
27009:
27010: * CHANGES:
27011: updated
27012: [0741834929e6]
27013:
27014: 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
27015:
27016: * PORTING:
27017: removed seteuid() notes
27018: [1010a60f281d] [SUDO_1_5_2]
27019:
27020: 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
27021:
27022: * compat.h:
27023: better seteuid() emulatino
27024: [e807623b662c]
27025:
27026: * configure.in:
27027: added check for seteuid
27028: [8cf9fabc6f4f]
27029:
27030: * config.h.in:
27031: added HAVE_SETEUID
27032: [596db46aa828]
27033:
27034: 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
27035:
27036: * configure.in:
27037: first stab at sequent support
27038: [b85a7bfcac76]
27039:
27040: * config.h.in:
27041: added HAVE_SYS_SELECT_H
27042: [93ecdd042463]
27043:
27044: * compat.h:
27045: sequent -> _SEQUENT_
27046: [63a38b6da98c]
27047:
27048: * compat.h:
27049: added seteuid() macro for DYNIX
27050: [695bd63c5ea6]
27051:
27052: * tgetpass.c:
27053: _AIX -> HAVE_SYS_SELECT_H
27054: [b31221211bc2]
27055:
27056: 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
27057:
27058: * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
27059: parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
27060: testsudoers.c, tgetpass.c, utime.c, visudo.c:
27061: ++version
27062: [8052992fd453]
27063:
27064: * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
27065: getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
27066: ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
27067: pathnames.h.in, version.h:
27068: ++version
27069: [f7ad15e1598a]
27070:
27071: * sudo.pod:
27072: added -H and SUDO_PS1
27073: [bb965241e30c]
27074:
27075: * configure.in:
27076: use SUDO_FUNC_FNMATCH
27077: [6a8350d85fb2]
27078:
27079: * aclocal.m4:
27080: added SUDO_FUNC_FNMATCH
27081: [45b32c91c4ba]
27082:
27083: * sudo.c:
27084: added -H flag
27085: [11ebc6872fd6]
27086:
27087: * sudo.h:
27088: added MODE_RESET_HOME /
27089: [67a7f8bcbbd6]
27090:
27091: 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
27092:
27093: * INSTALL:
27094: mention OPIE
27095: [5723515d5bbd]
27096:
27097: * options.h:
27098: SKEY -> OTP
27099: [c1d268130bc4]
27100:
27101: * configure.in:
27102: added opie support
27103: [123872b41b20]
27104:
27105: * compat.h, config.h.in:
27106: added HAVE_OPIE
27107: [528c71afc1e5]
27108:
27109: * check.c:
27110: added HAVE_OPIE and changed to *_OTP_*
27111: [4c62f5db872a]
27112:
27113: * OPTIONS:
27114: SKEY -> OTP
27115: [bd858e5e9652]
27116:
27117: 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
27118:
27119: * check.c:
27120: moved fclose() in skey stuff.
27121: [11f7dc8431a6]
27122:
27123: 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
27124:
27125: * putenv.c:
27126: index -> strchr remove unnecesary stuff
27127: [af2d05238062]
27128:
27129: * check.c:
27130: now call skeychallenge() to get challenge instead of making one up
27131: ourselves. this way, we get extra goodies in the prompt.
27132: [49b770d98d3a]
27133:
27134: 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
27135:
27136: * CHANGES:
27137: added one
27138: [3f5149357e2a] [SUDO_1_5_1]
27139:
27140: * parse.lex:
27141: allow logins to start with a number (YUCK!)
27142: [7ed7ef324741]
27143:
27144: 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
27145:
27146: * TROUBLESHOOTING:
27147: added soalris 2.5 vs 2.4 note
27148: [16160a251aae]
27149:
27150: * configure.in:
27151: DUNIX doesn't need -lnsl
27152: [be924cc322c3]
27153:
27154: * CHANGES:
27155: *** empty log message ***
27156: [1b2937521981]
27157:
27158: * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
27159: getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
27160: ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
27161: options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
27162: strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
27163: utime.c, version.h, visudo.c:
27164: courtesan
27165: [5f203589bbfe]
27166:
27167: * PORTING, README, RUNSON:
27168: courtesan
27169: [d72517f4937e]
27170:
27171: * INSTALL, Makefile.in, TROUBLESHOOTING:
27172: courtesan
27173: [5c007e3c7a71]
27174:
27175: * visudo.pod:
27176: *** empty log message ***
27177: [37ebe85bd4e1]
27178:
27179: * sudo.pod, visudo.pod:
27180: courtesan
27181: [37f02e2130ea]
27182:
27183: 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
27184:
27185: * HISTORY:
27186: added courtesan ./
27187: [b01435226276]
27188:
27189: 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
27190:
27191: * sudo.c:
27192: added $SUDO_PROMPT support
27193: [cb1fa72c093d]
27194:
27195: 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
27196:
27197: * check.c:
27198: print long skey challemged to stderr, not stdout
27199: [750fc775b3b2]
27200:
27201: 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
27202:
27203: * CHANGES:
27204: updated for 1.5.1
27205: [9b615f393057]
27206:
27207: * emul/utime.h:
27208: ++version
27209: [a94de18deafb]
27210:
27211: 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
27212:
27213: * RUNSON:
27214: updated for 1.5.1
27215: [4092f20ab634]
27216:
27217: 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
27218:
27219: * check.c:
27220: use shost, not host for tgetpass
27221: [6061c49ff9be]
27222:
27223: * sudo.pod:
27224: documented %u and %h
27225: [6d2922d29897]
27226:
27227: * OPTIONS:
27228: documented %u and %h
27229: [1a71da13a864]
27230:
27231: * configure.in:
27232: fixed typo
27233: [1230dec2b062]
27234:
27235: * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
27236: dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
27237: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
27238: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
27239: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
27240: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
27241: ++version
27242: [65ce8eabf77a]
27243:
27244: * BUGS:
27245: ++version
27246: [afecab53aab7]
27247:
27248: 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
27249:
27250: * Makefile.in, configure.in, version.h:
27251: ++version
27252: [fb3ff940d672]
27253:
27254: * sudo.h:
27255: new tgetpass() params
27256: [9eccc5b0f8ae]
27257:
27258: * check.c:
27259: pass use and host to tgetpass
27260: [c56d9d13c401]
27261:
27262: * tgetpass.c:
27263: added %u and %h escapes
27264: [04ae775d3e5d]
27265:
27266: * OPTIONS, check.c, options.h:
27267: added NO_MESSAGE
27268: [3927dad19057]
27269:
27270: * configure.in:
27271: added cray (unicos) support
27272: [1122210c5fb1]
27273:
27274: 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
27275:
27276: * OPTIONS, options.h, sudo.c:
27277: added SHELL_SETS_HOME
27278: [0b26909b0929]
27279:
27280: 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
27281:
27282: * INSTALL:
27283: added note about "make install"
27284: [7e56ea76d4b4]
27285:
27286: * parse.yacc:
27287: changed length/size params from int to size_t
27288: [5654e5ceb1b3]
27289:
27290: * OPTIONS:
27291: now get CSOPS insults as well by default
27292: [297323d0179a]
27293:
27294: * insults.h:
27295: use csops insults too by default
27296: [07fafc136169]
27297:
27298: * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
27299: version = 1.5
27300: [4b8772b11e3b]
27301:
27302: * sudo.c:
27303: added runas_homedir
27304: [b0e0d4417a15]
27305:
27306: * TODO:
27307: updated for 1.5
27308: [66259df825d5]
27309:
27310: * RUNSON:
27311: updated for 1.5
27312: [e08bc9ebfe95]
27313:
27314: * CHANGES:
27315: 1.5 release
27316: [8c16942fea41]
27317:
27318: * INSTALL:
27319: added "upgrading" notes
27320: [210d968964ff]
27321:
27322: 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
27323:
27324: * visudo.c:
27325: now do chmod and chown after edit of temp file and before rename
27326: [de174e34faa7] [SUDO_1_5_0]
27327:
27328: 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
27329:
27330: * Makefile.in:
27331: ++version added INSTALL.configure
27332: [c9e9214f52ae]
27333:
27334: * configure.in, version.h:
27335: ++version
27336: [5985abed3eb2]
27337:
27338: * TROUBLESHOOTING:
27339: *** empty log message ***
27340: [d65c540ec52e]
27341:
27342: * parse.yacc:
27343: added missing cast
27344: [e7247319a7d5]
27345:
27346: * sudo.c:
27347: sets $HOME to pw_dir of runas user
27348: [d3f7f4d05752]
27349:
27350: * sudo.pod:
27351: document $HOME change
27352: [854454d458c4]
27353:
27354: 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
27355:
27356: * sudo.pod:
27357: fixed up some wording
27358: [b0c8582f2c97]
27359:
27360: * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
27361: interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
27362: strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
27363: visudo.c:
27364: ++version
27365: [748be723fd8b]
27366:
27367: * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
27368: insults.h, options.h, pathnames.h.in, sudo.h:
27369: ++version
27370: [acdf8b1b2a1b]
27371:
27372: * emul/utime.h:
27373: ++version
27374: [b3f35298ab8d]
27375:
27376: * sudo.h:
27377: name nad type changes
27378: [db24ab3da141]
27379:
27380: * testsudoers.c:
27381: now works with new sudo
27382: [379346c42cc2]
27383:
27384: * parse.yacc:
27385: fixed some XXX
27386: [f5fe4c990052]
27387:
27388: * parse.yacc:
27389: some variable name changes + comment headers for functions.
27390: [3dc3bd9aa73d]
27391:
27392: * tgetpass.c:
27393: added extra paren's to make compilers happy
27394: [9e4968a34d56]
27395:
27396: * sudo.c:
27397: *** empty log message ***
27398: [70c924c1ed69]
27399:
27400: * parse.c:
27401: now uses init_parser() if not in sudoers and tries "list" or
27402: "validate" scold but don't be nasty.
27403: [c0d8fb3f8c9e]
27404:
27405: * TROUBLESHOOTING:
27406: now can use upper case login names
27407: [c772fffcefe5]
27408:
27409: * visudo.c:
27410: now uses init_parser()
27411: [b9efae7243fd]
27412:
27413: * INSTALL, README:
27414: updated
27415: [27dc8283fdc8]
27416:
27417: * PORTING:
27418: added info about PASSWORD_TIMEOUT
27419: [980e15d892f8]
27420:
27421: * INSTALL.configure:
27422: Initial revision
27423: [8292e89a08d3]
27424:
27425: * BUGS:
27426: fixed a bug ,
27427: [c6e46f5624f9]
27428:
27429: * parse.yacc:
27430: now dynamically allocates memory for the stacks -- no more
27431: overflows!
27432: [8615c35b6ad3]
27433:
27434: * sudo.pod:
27435: -l now explands command aliases
27436: [39f45605935d]
27437:
27438: * parse.yacc:
27439: hacks to expand command aliases for `sudo -l'
27440: [e4eb752608f9]
27441:
27442: * sudo.c:
27443: remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
27444: [01327ca5084b]
27445:
27446: * sudo.h:
27447: added struct command_alias
27448: [dd2f32764082]
27449:
27450: * sudo.pod:
27451: fixed a bug
27452: [e708ff08d2eb]
27453:
27454: * lsearch.c:
27455: in compar() key should be first arg
27456: [fc14c3fa62ee]
27457:
27458: 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
27459:
27460: * BUGS:
27461: fixed some bugs
27462: [639dfe425bd5]
27463:
27464: * parse.yacc:
27465: can now deal with upcase HOST and USER names
27466: [c6aa7bcfb00d]
27467:
27468: * sudo.c:
27469: don't yell too loudly at non-sudoers if they do "sudo -l"
27470: [4ef146128d89]
27471:
27472: * sudo.pod:
27473: fixed thinko
27474: [830f2f0f22e7]
27475:
27476: * parse.c:
27477: fix comment
27478: [d20ce9e17ddc]
27479:
27480: 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
27481:
27482: * parse.c, parse.yacc:
27483: added support for new `sudo -l' stuff
27484: [7dceaef3c733]
27485:
27486: * sudo.c:
27487: now uses list_matches()
27488: [293364821b61]
27489:
27490: * sudo.h:
27491: added struct sudo_match
27492: [b2684179d179]
27493:
27494: * configure.in:
27495: now more -lgnumalloc
27496: [4f8ae42617d8]
27497:
27498: 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
27499:
27500: * install-sh:
27501: added more paths for chown and whoami
27502: [6e685a19426c]
27503:
27504: 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
27505:
27506: * check.c:
27507: typo
27508: [3adfa01c04bc]
27509:
27510: 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
27511:
27512: * aclocal.m4:
27513: fixed DUNIX check for shadow pw
27514: [c25324bcd27b]
27515:
27516: * tgetpass.c:
27517: now only turn off echo if it is already on. this fixes a race when
27518: you use sudo in a pipelin
27519: [28388c2de21c]
27520:
27521: * INSTALL:
27522: updated
27523: [b45ac9366b7e]
27524:
27525: * configure.in:
27526: changed "test -z $foo && do_this" to if; then construct
27527: [2183c4426bca]
27528:
27529: 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
27530:
27531: * configure.in:
27532: added missing defines of SHADOW_TYPE
27533: [be89ea68a7f3]
27534:
27535: 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
27536:
27537: * check.c:
27538: protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
27539: only in dunix 4.x
27540: [1e7c1c677263]
27541:
27542: * getspwuid.c:
27543: added AUTH_CRYPT_C1CRYPT support
27544: [88d6b0058b20]
27545:
27546: * parse.c:
27547: no longer return VALIDATE_NOT_OK if there was a runas that didn't
27548: match. Now we can have runas stuff on more than one line.
27549: [52b68920d7b7]
27550:
27551: * getspwuid.c, sudo.c, tgetpass.c:
27552: use SHADOW_TYPE instead of HAVE_C2_SECURITY
27553: [cf401dfcbc06]
27554:
27555: * configure.in:
27556: got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
27557: something
27558: [c7a233c4dd93]
27559:
27560: * config.h.in:
27561: removed HAVE_C2_SECURITY added SPW_BSD
27562: [8314405e9754]
27563:
27564: * compat.h:
27565: use SHADOW_TYPE instead of HAVE_C2_SECURITY
27566: [6f94870df17f]
27567:
27568: * check.c:
27569: SHADOW_TYPE is always defined so just against its value
27570: [72c69a55d02f]
27571:
27572: * aclocal.m4:
27573: added SUDO_CHECK_SHADOW_DUNIX
27574: [ef025ae9d496]
27575:
27576: 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
27577:
27578: * sudoers.pod:
27579: * -> ?* in one example added another instance of (runas) and one of
27580: NOPASSWD:
27581: [d74fe1dcbe7d]
27582:
27583: 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
27584:
27585: * configure.in:
27586: added back check for config.cache from other host type
27587: [0ba87871f585]
27588:
27589: * parse.lex:
27590: removed an instance of \"
27591: [1e008d3709f6]
27592:
27593: * sample.sudoers:
27594: added an example
27595: [dbfcf68ee330]
27596:
27597: * sudoers.pod:
27598: updated wrt new wildcard matching
27599: [193fa44a475b]
27600:
27601: * configure.in:
27602: new check for shadow passwords if we don't know anything
27603: [67465df7dc9a]
27604:
27605: * aclocal.m4:
27606: new SUDO_CHECK_SHADOW_GENERIC
27607: [3563b16a41b8]
27608:
27609: * configure.in:
27610: added back check for -lsocket (oops)
27611: [a80882ee1cb6]
27612:
27613: * configure.in:
27614: better (working) check for shadow passwd type if we know to use C2.
27615: [3cdd2a59a641]
27616:
27617: * configure.in:
27618: now uses AC_CANONICAL_HOST to figure out os type
27619: [80db7fe6e704]
27620:
27621: * Makefile.in:
27622: added config.{guess,sub}
27623: [c6be7e3ca384]
27624:
27625: * aclocal.m4:
27626: removed unused stuff to figure out os type
27627: [c9a0f3b57123]
27628:
27629: * config.sub:
27630: added openbsd
27631: [bfc6bfec3668]
27632:
27633: * config.sub:
27634: Initial revision
27635: [e6e06ce0d17d]
27636:
27637: * config.guess:
27638: Initial revision
27639: [99dd06f79199]
27640:
27641: * testsudoers.c:
27642: don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
27643: pathname. need to check against sudoers_args even if user_args is
27644: nil
27645: [66e6cf77f5d6]
27646:
27647: * parse.c:
27648: don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
27649: pathname need to check against sudoers_args even if user_args is nil
27650: [74374df17311]
27651:
27652: 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
27653:
27654: * check.c:
27655: added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
27656: [cbb00261c415]
27657:
27658: * testsudoers.c:
27659: now takes command line args and uses cmnd_args
27660: [f0c2fd35a527]
27661:
27662: * parse.lex:
27663: fill_args was adding an extra leading space
27664: [692fc999b2e8]
27665:
27666: 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
27667:
27668: * visudo.c:
27669: fixed dummy command_matches()
27670: [93d9543db6e2]
27671:
27672: * parse.yacc:
27673: fixed prototype
27674: [7b0addfbd429]
27675:
27676: * sudo.h:
27677: added cmnd_args
27678: [8f47c4ae65ef]
27679:
27680: * parse.yacc:
27681: now uses flat args string
27682: [016e65877da3]
27683:
27684: * parse.c, parse.lex:
27685: now uses flat arg string
27686: [5b5f2e3f4c09]
27687:
27688: * visudo.c:
27689: added cmnd_args def
27690: [876867134775]
27691:
27692: * sudo.c:
27693: now sets cmnd_args global
27694: [e6fee70cb59b]
27695:
27696: * logging.c:
27697: cmnd_args is now exported from sudo.[ch]
27698: [7a9cd36e356f]
27699:
27700: 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
27701:
27702: * parse.yacc:
27703: can't rely on cmnd_matches as much as I thought -- added some $$
27704: stuff back in to prevent namespace pollution problems.
27705: [3c45fedb5af3]
27706:
27707: * parse.yacc:
27708: Simplified parse rules wrt runas and NOPASSWD (more consistent).
27709: [e6d838c8a4c7]
27710:
27711: 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
27712:
27713: * parse.lex:
27714: NOPASSWD may now have blanks before the ':' '(' only starts a
27715: 'runas' if in the initial state to avoid collision with command args
27716: [c5c01172f499]
27717:
27718: * configure.in:
27719: added checks for specific shadow passwd schemes
27720: [b7e3d1f7b84f]
27721:
27722: * aclocal.m4:
27723: added routines to check for specific shadow passwd types
27724: [e5e1d19960a6]
27725:
27726: 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
27727:
27728: * configure.in:
27729: added support for ncr boxen
27730: [bea9dc5aae7f]
27731:
27732: * aclocal.m4:
27733: added support for detecting ncr boxen
27734: [8653a158a924]
27735:
27736: 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
27737:
27738: * configure.in:
27739: added sinix support
27740: [5de2b2173ee1]
27741:
27742: 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
27743:
27744: * TROUBLESHOOTING:
27745: added info about "config.cache from other other" error.
27746: [845b10198e0b]
27747:
27748: * aclocal.m4:
27749: now makes sure you don't have a config.cache file from another OS
27750: [4fe32571c021]
27751:
27752: * configure.in:
27753: now sets $LIBS when needed to configure links with libs when doing
27754: tests hpux10 now uses SPW_SECUREWARE for C2 added check for
27755: bigcrypt(3) if SPW_SECUREWARE
27756: [2df6b8ca538f]
27757:
27758: * getspwuid.c:
27759: fixed typo
27760: [fe1cb1d792d6]
27761:
27762: * tgetpass.c:
27763: now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
27764: [f71138372c07]
27765:
27766: * getspwuid.c:
27767: no more SPW_HPUX10
27768: [cfdeb18bc16b]
27769:
27770: * config.h.in:
27771: no more SPW_HPUX10 added HAVE_BIGCRYPT
27772: [00d296479a61]
27773:
27774: * compat.h:
27775: now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
27776: [6c6d9e680417]
27777:
27778: * check.c:
27779: SPW_SECUREWARE now uses bigcrypt
27780: [be71fc66690f]
27781:
27782: 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
27783:
27784: * sample.sudoers:
27785: fixed 2 syntax errors
27786: [45eee19ef4ac]
27787:
27788: * sudoers:
27789: root may now run ALL as ALL
27790: [1b54c6b9b212]
27791:
27792: 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
27793:
27794: * interfaces.c:
27795: fixed a typo/thinko that broke BSD's with sa_len
27796: [603438360126]
27797:
27798: 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
27799:
27800: * check.c, configure.in:
27801: updated AFS support
27802: [e572eb8d177a]
27803:
27804: * TROUBLESHOOTING:
27805: added entry about /usr/ucb/cc
27806: [025b353aa9d3]
27807:
27808: * INSTALL:
27809: prep no longer holds gcc binaries
27810: [8b0942958049]
27811:
27812: * INSTALL:
27813: updated AFS note
27814: [7af6efd5abe4]
27815:
27816: * Makefile.in:
27817: added @AFS_LIBS@
27818: [97b6fe6ad7d6]
27819:
27820: * compat.h:
27821: AFS allows long passwords
27822: [5fb17122c302]
27823:
27824: * testsudoers.c:
27825: fixed -u user support
27826: [b1a0c1648639]
27827:
27828: * parse.c:
27829: sudo -v now groks VALIDATE_OK_NOPASS
27830: [74fc03fffe7e]
27831:
27832: * parse.yacc:
27833: fixed no_passwd vs. runas_matched
27834: [549a9b791a6a]
27835:
27836: * TROUBLESHOOTING:
27837: took out stuff about NFS-mounting since it is no longer an issue
27838: [d95ab7fbbc61]
27839:
27840: * INSTALL:
27841: added --with-libraries > --with-libpath --with-incpath
27842: [d5d15a7a0f4c]
27843:
27844: * parse.yacc:
27845: was setting runas_matches to -1 in wrong place
27846: [db2b1deb8d33]
27847:
27848: * check.c:
27849: removed usersec.h which is not present in new AFS versions
27850: [618b016dd17f]
27851:
27852: * tgetpass.c:
27853: now deals with timeout <= 0
27854: [ba53a1257255]
27855:
27856: * OPTIONS:
27857: updated
27858: [75093bd8fdca]
27859:
27860: * configure.in:
27861: BSD/OS >= 2.0 now uses shlicc instead of just gcc
27862: [ff6dbf7825c2]
27863:
27864: * sudo.c:
27865: fixed backwards compatibility with sudo 1.4 sudoers mode for root
27866: readable/writable filesystems
27867: [2694ed627221]
27868:
27869: * Makefile.in:
27870: now gives INSTALL -c flag
27871: [63db055a2fd1]
27872:
27873: * parse.yacc:
27874: slightly simpler initialization of no_passwd and runas_matches
27875: [463a1b5fa323]
27876:
27877: * testsudoers.c:
27878: added -u username support
27879: [38b072fcd6b3]
27880:
27881: * configure.in:
27882: improved --with-libraries support
27883: [047dbc5f0af2]
27884:
27885: 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
27886:
27887: * configure.in:
27888: added --with-incpath, --with-libpath, --with-libraries
27889: [20f20d6c718c]
27890:
27891: * parse.yacc:
27892: now initializes some fields that weren't getting set to -1 pretty
27893: gross -- need a rewrite.
27894: [021c160390c6]
27895:
27896: 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
27897:
27898: * alloca.c:
27899: removed emacs'isms
27900: [9d4ec2efe057]
27901:
27902: * configure.in:
27903: no longer add -lPW to *_LIBS since we include alloca.c
27904: [a626d1bbea80]
27905:
27906: * config.h.in:
27907: added HAVE_ALLOCA_H
27908: [15491e2a6cff]
27909:
27910: * Makefile.in:
27911: added alloca.c
27912: [0400f25e1fe4]
27913:
27914: * alloca.c:
27915: Initial revision
27916: [06d033aa4882]
27917:
27918: * configure.in:
27919: ++version
27920: [f52c0fb98f90]
27921:
27922: 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
27923:
27924: * sudo.c:
27925: now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
27926: not always set to a valid uid.
27927: [c2669f77704d]
27928:
27929: * OPTIONS:
27930: fixed entry for SUDO_MODE
27931: [d7272f6035b8]
27932:
27933: * sudo.c:
27934: Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
27935: being set to -2. Now beat NFS to the punch and set uid to "nobody"
27936: ourselves, preserving group 0 to read sudoers.
27937: [b1fbc5dd1e34]
27938:
27939: * parse.c:
27940: moved set_perms(PERM_ROOT) to be before yyparse()
27941: [7619d8080735]
27942:
27943: * logging.c:
27944: fixed a typo
27945: [318acc48cde0]
27946:
27947: * configure.in:
27948: no longer need AC_PROG_INSTALL
27949: [de01b1336dc8]
27950:
27951: * Makefile.in:
27952: always use install-sh to avoid install(1)'s that use get{pw,gr}nam
27953: [ea2351986406]
27954:
27955: * INSTALL:
27956: make clean -> make distclean
27957: [704a98e8ba10]
27958:
27959: 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
27960:
27961: * parse.yacc:
27962: removed some unnecsary if's
27963: [f00db6508132]
27964:
27965: * Makefile.in, version.h:
27966: ++version
27967: [bdb6740b24c8]
27968:
27969: * parse.c, testsudoers.c:
27970: now includes netgroup.h
27971: [93f5a06352bc]
27972:
27973: * interfaces.c:
27974: removed cats of ioctl to int since they didn't shut up -Wall
27975: [83e9f912cd7a]
27976:
27977: * interfaces.c:
27978: explicately cast ioctl() to int since it it not always declared
27979: [2ff9294e469e]
27980:
27981: * sudo.h:
27982: added declarations for yyparse() and yylex()
27983: [6071321ab771]
27984:
27985: * parse.yacc:
27986: fixed an occurence of '==' -> '='
27987: [2c46d2e11d57]
27988:
27989: * config.h.in, configure.in:
27990: added check for netgroup.h
27991: [73403050f4e3]
27992:
27993: * sudo.c:
27994: fixed 2 compiler warnings
27995: [680929b0bd97]
27996:
27997: * sudo.c:
27998: SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
27999: initialized
28000: [18707ecd07c2]
28001:
28002: 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
28003:
28004: * sudo.pod:
28005: fixed a typo
28006: [e4b5c12aa130]
28007:
28008: 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
28009:
28010: * parse.yacc:
28011: fixed a formatting thingie
28012: [c79327b6f19b]
28013:
28014: * parse.c, parse.yacc:
28015: fixed -u support with multiple user lists on a line
28016: [e4d1066adca2]
28017:
28018: * configure.in:
28019: unixware needs -lgen
28020: [b5bf9bca63cc]
28021:
28022: * README:
28023: updated ftp location
28024: [b25a033f7921]
28025:
28026: * sudoers.pod:
28027: add net_addr/netmask support
28028: [674e83516d1e]
28029:
28030: * sample.sudoers:
28031: added net_addr/mask example
28032: [774878e89b28]
28033:
28034: * parse.c, parse.lex:
28035: added support for net_addr/netmask
28036: [e33de27325d8]
28037:
28038: 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
28039:
28040: * sudoers.pod:
28041: ^ -> !
28042: [1a084950d6ef]
28043:
28044: 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
28045:
28046: * RUNSON:
28047: updated for 1.4.3
28048: [c82019025d09]
28049:
28050: * CHANGES:
28051: udpated for 1.4.3
28052: [ceaa81adb8f0]
28053:
28054: * BUGS, TODO, TROUBLESHOOTING:
28055: updated
28056: [ff94fae4b853]
28057:
28058: * sample.sudoers:
28059: updated with examples of new stuff
28060: [99d0b4cb4c9c]
28061:
28062: * INSTALL, README:
28063: ++version
28064: [b763b80fe836]
28065:
28066: * sudoers.pod:
28067: updated wrt -u and NOPASSWD
28068: [0b5b722ea0f4]
28069:
28070: * sudo.pod:
28071: updated wrt -u and CAVEATS
28072: [71d5d53b5d18]
28073:
28074: 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
28075:
28076: * sudo.c:
28077: fixed usage()
28078: [114c7d09b550]
28079:
28080: * parse.lex:
28081: now use :foo: character classes (makes no diff for generated lexer)
28082: [7b0aeb737a02]
28083:
28084: 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
28085:
28086: * check.c:
28087: fixed LONG_SKEY_PROMPT stuff
28088: [0efe78b4bdda]
28089:
28090: 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
28091:
28092: * visudo.c:
28093: fixed a comment
28094: [3d289017104b]
28095:
28096: * lsearch.c:
28097: make more like NetBSD one -- now compiles w/o warnings
28098: [932206296a54]
28099:
28100: * emul/search.h:
28101: fixed decls of lsearch()
28102: [c58cf4584c45]
28103:
28104: * config.h.in, configure.in, getspwuid.c:
28105: added SPW_HPUX10
28106: [d74e5eaa5f17]
28107:
28108: * check.c:
28109: hpux 10 uses bigcrypt() if C2
28110: [359eb63f4021]
28111:
28112: 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
28113:
28114: * parse.c:
28115: now always uses fnmatch to match args
28116: [a9d91f35256a]
28117:
28118: * tgetpass.c:
28119: back to using stdio instead of raw i/o since that caused some
28120: problems
28121: [e7ce2bc92974]
28122:
28123: 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
28124:
28125: * sudo.c:
28126: now give usage warning if use -l,-v,-k with args
28127: [6b48180c4fea]
28128:
28129: 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
28130:
28131: * sudo.c:
28132: NewArgc is now set to 1 for -l, -v, -k
28133: [7497cb1416a8]
28134:
28135: * sudo.c:
28136: now sets sudoers to correct group if mode is 0400
28137: [484c43d99718]
28138:
28139: * install-sh:
28140: updated to version used by inn and bind
28141: [28683ad8725a]
28142:
28143: * configure.in:
28144: now uses -lgnumalloc if it exists
28145: [3651ca4415a2]
28146:
28147: * Makefile.in:
28148: "make install" now sets uid/gid and mode on sudoers if it exists
28149: [1f5216191ae9]
28150:
28151: * sudo.c:
28152: rmeoved debugging statements
28153: [aeda278e2c26]
28154:
28155: * parse.yacc:
28156: added a missing free()
28157: [592c9482a159]
28158:
28159: * sudo.c:
28160: now uses user_gid instead of getegid (which was wrong anyway) to set
28161: SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
28162: (logging.c depends on args being in the environment)
28163: [9f5328a3b942]
28164:
28165: * logging.c:
28166: now uses SUDO_COMMAND envariable to get command args rather than
28167: building it up again.
28168: [7f8edc5bccb7]
28169:
28170: * parse.c:
28171: now uses user_gid
28172: [4b9303ae45fe]
28173:
28174: * sudo.c:
28175: fixed off by one error in allocation NewArgv
28176: [921ea1a4e7c6]
28177:
28178: * parse.c:
28179: in sudoers, 'command ""' now means command with no args
28180: [a5273648ace2]
28181:
28182: * configure.in:
28183: added check for fnmatch(3) and fnmatch.h
28184: [258916a7866f]
28185:
28186: * config.h.in:
28187: added HAVE_FNMATCH
28188: [b9860d361e93]
28189:
28190: * Makefile.in:
28191: replaced wildcat.* with fnmatch.*
28192: [03ad9ee21a1c]
28193:
28194: * testsudoers.c:
28195: now uses fnmatch()
28196: [5a7f7de987a9]
28197:
28198: 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
28199:
28200: * parse.c:
28201: now uses fnmatch() instead of wildmat a trailing star (*) by itself
28202: now matches multiple args added support for wildcards in the
28203: pathname in sudoers
28204: [1f7fb950b868]
28205:
28206: 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
28207:
28208: * fnmatch.c:
28209: now includes compat.h and config.h
28210: [090206b95cf8]
28211:
28212: * config.h.in:
28213: added HAVE_FNMATCH_H
28214: [90eb42150173]
28215:
28216: * configure.in:
28217: now checks for alloca() (if needed by bison or dce) and links with
28218: -lPW if it contains alloca() and libv and compiler do not.
28219: [cfa2b3cef49a]
28220:
28221: * emul/fnmatch.h, fnmatch.3, fnmatch.c:
28222: Initial revision
28223: [20b1f762a32a]
28224:
28225: 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
28226:
28227: * sudo.c:
28228: now fixes mode on sudoers if set to 0400 to aid in upgrade
28229: [d4bdfd521820]
28230:
28231: 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
28232:
28233: * Makefile.in:
28234: fixed pod2man usage
28235: [5adf2ec77b27]
28236:
28237: * Makefile.in, configure.in, version.h:
28238: ++version
28239: [b4029de876d0]
28240:
28241: * testsudoers.c, visudo.c:
28242: runas_user is now initialized to "root"
28243: [8537d97bff39]
28244:
28245: * sudo.h:
28246: removed PERM_FULL_ROOT
28247: [241f8bbf647f]
28248:
28249: * sudo.c:
28250: runas_user defaults to "root" so no more need to PERM_RUNAS
28251: [fc0c0dfc72ba]
28252:
28253: * parse.c:
28254: will now only running commands as root if there was no runas list
28255: (or if root is in the runas list)
28256: [40c587666c81]
28257:
28258: * logging.c:
28259: now logs "USER=%s"
28260: [b733504c87fd]
28261:
28262: * parse.yacc:
28263: runas_matches is now set to false if we get a negative match
28264: [5495b150b300]
28265:
28266: * parse.lex:
28267: make #uid work + some minor cleanup
28268: [07851bbce03a]
28269:
28270: * sample.sudoers:
28271: added support for NOPASSWD and "runas" from garp@opustel.com /
28272: [7a9c67b51fa5]
28273:
28274: * visudo.c:
28275: added support for "runas" from garp@opustel.com replaced
28276: SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
28277: SUDOERS_MODE
28278: [e714209b9885]
28279:
28280: * testsudoers.c:
28281: added support for "runas" from garp@opustel.com
28282: [b837f856da10]
28283:
28284: * sudo.h:
28285: added support for NO_PASSWD and runas from garp@opustel.com replaced
28286: SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
28287: fro SUDOERS_MODE
28288: [cea6f26679b7]
28289:
28290: * sudo.c:
28291: added support for NO_PASSWD and runas from garp@opustel.com replaced
28292: SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
28293: SUDOERS_MODE
28294: [61b5434237c5]
28295:
28296: * parse.yacc:
28297: added support for NO_PASSWD and runas from garp@opustel.com
28298: [72ebd3056f22]
28299:
28300: * parse.c, parse.lex:
28301: added support for NO_PASSWD and runas from garp@opustel.com
28302: [fef6dbdd114d]
28303:
28304: * logging.c:
28305: added support for SUDOERS_WRONG_MODE and "runas"
28306: [e794efc2b443]
28307:
28308: * configure.in:
28309: added --with-CC only link with -lshadow on linux (with shadow pw) if
28310: libc lacks getspnam()
28311: [3ecf4ae21002]
28312:
28313: * OPTIONS, options.h:
28314: removed NO_PASSWD since it is not possible to do this in the sudoers
28315: file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
28316: SUDOERS_GID. Added SUDOERS_MODE.
28317: [2eaa4891ef48]
28318:
28319: * Makefile.in:
28320: now uses SUDOERS_UID and SUDOERS_GID
28321: [8d615f0fdb2a]
28322:
28323: 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
28324:
28325: * INSTALL:
28326: added --with-CC
28327: [a1b8286a81b8]
28328:
28329: 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
28330:
28331: * parse.lex:
28332: added double quote support
28333: [a5e4fc7e3a2b]
28334:
28335: * sudoers.pod:
28336: documented double quoting
28337: [c6ea47969a44]
28338:
28339: 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
28340:
28341: * mkinstalldirs:
28342: Initial revision
28343: [dcb86d65ad8f]
28344:
28345: * check.c:
28346: fixed some indentation
28347: [4d1c5ab8072b]
28348:
28349: * Makefile.in:
28350: fixed a typo
28351: [0d27eebc7227]
28352:
28353: * Makefile.in:
28354: added install-dirs .
28355: [f499b99b8be7]
28356:
28357: 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
28358:
28359: * dce_pwent.c:
28360: new version from "Jeff A. Earickson" <jaearick@colby.edu>
28361: [422481be5fbd]
28362:
28363: 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
28364:
28365: * configure.in:
28366: $CSOPS -> $with_csops (whoops, missed one)
28367: [b04c6948130e]
28368:
28369: * BUGS:
28370: updated
28371: [c4d5713e227d]
28372:
28373: * parse.lex:
28374: FQHOST now has same constraints as non-FQHOST
28375: [e1c3bf2381d1]
28376:
28377: * INSTALL:
28378: added note about OS's w/ shadow passwords turned on by default
28379: [166257f43be4]
28380:
28381: 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
28382:
28383: * configure.in:
28384: fixed a typo
28385: [e5c3e2e9a359]
28386:
28387: * configure.in:
28388: added support for --without-THING sanitized shadow pw situtation by
28389: adding support for
28390: --without-C2
28391: [65dc6bf64cce]
28392:
28393: * tgetpass.c:
28394: fixed a typo wrt placement of an end paren
28395: [a8780f818231]
28396:
28397: * check.c:
28398: was closing an fd that may not have been opened
28399: [760271c7bdc9]
28400:
28401: 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
28402:
28403: * OPTIONS, options.h, sudo.c:
28404: added NO_PASSWD
28405: [28ff1dc93d7a]
28406:
28407: 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
28408:
28409: * configure.in:
28410: now always use shadow pw on some arches
28411: [069161ccffda]
28412:
28413: 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
28414:
28415: * configure.in:
28416: added pyramid support
28417: [a0eb57a3a531]
28418:
28419: * configure.in:
28420: no longer check for C2 if alternate passwd method is used no longer
28421: check for some libs twice
28422: [2d0c3c902b40]
28423:
28424: * parse.yacc:
28425: moved fqdn stuff into parse.lex (FQHOST)
28426: [d9c9abd481d8]
28427:
28428: * parse.lex:
28429: added FQHOST rules
28430: [4a1695acff6d]
28431:
28432: * tgetpass.c:
28433: now define TCSASOFT in necesary
28434: [3fac2e21c9ab]
28435:
28436: * tgetpass.c:
28437: now uses read/write instead of stdio string goop to avoid problems
28438: with select(2)
28439: [67fd174e518c]
28440:
28441: * OPTIONS, find_path.c, options.h:
28442: -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
28443: [d05ba5100d28]
28444:
28445: 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
28446:
28447: * INSTALL:
28448: added note about no shadow auto-detect if using alternate auth
28449: schemes
28450: [b425592232a3]
28451:
28452: * configure.in:
28453: don't check for C2 if AFS or DCE (unless they said --with-C2)
28454: [61342962171a]
28455:
28456: * testsudoers.c:
28457: now groks shost
28458: [85dda17303f6]
28459:
28460: * OPTIONS, find_path.c, options.h:
28461: added NO_DOT_PATH
28462: [c261ca1fb196]
28463:
28464: 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
28465:
28466: * find_path.c:
28467: checkdot now works correctly
28468: [3bc4835bb3e9]
28469:
28470: 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
28471:
28472: * configure.in:
28473: can't have DCE and C2 passwords both...
28474: [fb9a8ab7ca66]
28475:
28476: 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
28477:
28478: * parse.yacc, sudo.c, sudo.h, visudo.c:
28479: now uses shost even if not FQDN
28480: [87f7498b3a1f]
28481:
28482: * configure.in:
28483: now looks for skey in /usr/lib and doesn't require libskey to be in
28484: /usr/local/lib just because skey.h is (for my netbsd box :-)
28485: [ceb1763e37d2]
28486:
28487: * aclocal.m4, config.h.in, pathnames.h.in:
28488: _SUDO_PATH_ -> _CONFIG_PATH_
28489: [84d97ad13d75]
28490:
28491: * aclocal.m4, sudo.pod:
28492: /var/run/.odus -> /var/run/sudo
28493: [922da220b8f5]
28494:
28495: * pathnames.h.in:
28496: now uses _SUDO_PATH_TIMEDIR
28497: [5ecab0155fdf]
28498:
28499: * OPTIONS:
28500: udpated FQDN
28501: [361b6f7440c0]
28502:
28503: * aclocal.m4, configure.in:
28504: added SUDO_TIMEDIR
28505: [368c95c8c950]
28506:
28507: * config.h.in:
28508: added _SUDO_PATH_TIMEDIR
28509: [3879864d808c]
28510:
28511: * sudo.pod:
28512: updated wrt /var/run/sudo
28513: [9e14f2a429d3]
28514:
28515: * sudo.c, sudo.h:
28516: added support for shost if FQDN
28517: [51a3f51a09a1]
28518:
28519: * parse.yacc, visudo.c:
28520: now uses shost if FQDN
28521: [d19da2e92b42]
28522:
28523: * check.c:
28524: Now use skeylookup() instead off skeychallenge()
28525: [4c7438bb2ae0]
28526:
28527: 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
28528:
28529: * logging.c:
28530: mail_argv should not contain ALERTMAIL as it includes "-t"
28531: [67ffaaa8f843]
28532:
28533: 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
28534:
28535: * INSTALL, Makefile.in, README, configure.in, version.h:
28536: ++version
28537: [e08fd4a809fc]
28538:
28539: * compat.h:
28540: added more _PASSWD_LEN stuff -- now uses PASS_MAX too
28541: [2f20c3153689]
28542:
28543: * tgetpass.c:
28544: now includes limits.h moved _PASSWD_LEN -> compat.h
28545: [b1ca3cafdacc]
28546:
28547: 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
28548:
28549: * INSTALL, README:
28550: ++version
28551: [3eacf32803f5]
28552:
28553: * Makefile.in:
28554: ++versoin
28555: [3b91c317630a]
28556:
28557: * Makefile.in:
28558: fixed a typo
28559: [3661ac4a7803]
28560:
28561: * configure.in:
28562: ++version
28563: [60e842973745]
28564:
28565: 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
28566:
28567: * RUNSON:
28568: updated
28569: [def2c3c24195]
28570:
28571: * CHANGES:
28572: done for 1.4.1 (I hope)
28573: [2ab543769a40]
28574:
28575: * sudoers.pod:
28576: added info on wildcards
28577: [ce3bd41bc063]
28578:
28579: * sample.sudoers:
28580: added wildcard example
28581: [762feb0577bd]
28582:
28583: * Makefile.in:
28584: now uses *.pod to build *.man and *.cat & *.html
28585: [3ec14962028b]
28586:
28587: * configure.in:
28588: addedSUDO_PROG_BSHELL !ll
28589: [3c80b320bf16]
28590:
28591: * visudo.pod:
28592: fixed up some formatting
28593: [12166c434526]
28594:
28595: * sudoers.pod:
28596: redid section describing sample sudoers stuff
28597: [b8065cceec71]
28598:
28599: * sudo.pod:
28600: fixed some formatting
28601: [aa9a681add0f]
28602:
28603: * getspwuid.c:
28604: now treats "" as bourne shell
28605: [30194a72ad56]
28606:
28607: * Makefile.in:
28608: TESTOBJS nwo includes wildmat.o
28609: [86cc6500f84d]
28610:
28611: * testsudoers.c:
28612: now works with NewArg[cv]
28613: [2f72674ce942]
28614:
28615: * sudo.c:
28616: removed an XXX (fixed it in getspwuid.c)
28617: [e791ee0d1a68]
28618:
28619: * aclocal.m4:
28620: added check for bourne shell
28621: [a2fd51676b8a]
28622:
28623: * pathnames.h.in:
28624: added _PATH_BSHELL
28625: [e7c10011d47b]
28626:
28627: * config.h.in:
28628: added _SUDO_PATH_BSHELL
28629: [6a1182898de9]
28630:
28631: 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
28632:
28633: * visudo.c:
28634: unixware vi returns 256 instead of 0
28635: [234ffc7c6786]
28636:
28637: * INSTALL:
28638: added Linux note
28639: [5f85efcd2b58]
28640:
28641: * logging.c:
28642: fixed up some XXX's. file log format now looks a little more like
28643: real syslog(3) format.
28644: [6df55707bfc3]
28645:
28646: * README, TROUBLESHOOTING:
28647: updated wrt lex/flex
28648: [eb787d69156b]
28649:
28650: * Makefile.in:
28651: commented out rule to build lex.yy.c from parse.lex since we ship
28652: with a pre-flex'd parser
28653: [7507e2ce4a95]
28654:
28655: * parse.c, parse.yacc, visudo.c:
28656: path_matches -> command_matches
28657: [0bd469424f86]
28658:
28659: * logging.c:
28660: eliminated some strcat()'s
28661: [9878a79bc374]
28662:
28663: * configure.in:
28664: no longer checks for lex/flex (now assumes flex)
28665: [a086ccc73798]
28666:
28667: * configure.in:
28668: now checks for $kerb_dir_candidate/krb.h instead of just
28669: kerb_dir_candidate
28670: [9133bc3c5208]
28671:
28672: 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
28673:
28674: * parse.yacc:
28675: now use a 'hook' expression instead of an iffy one :-)
28676: [9560df01b8c0]
28677:
28678: 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
28679:
28680: * visudo.c:
28681: now works with new sudo arg stuff
28682: [310a0d43ddad]
28683:
28684: * parse.yacc:
28685: fixed dereferencing deadbeef
28686: [474ef8a8006b]
28687:
28688: * sudo.c:
28689: changed an occurrence of Argv to NewArgv
28690: [205b012b7691]
28691:
28692: * parse.lex:
28693: took out support for quoted commands since there is no need...
28694: [5c5036d353b1]
28695:
28696: * parse.c:
28697: fixed a typo in a for() loop
28698: [7e8d5283c43b]
28699:
28700: * logging.c:
28701: protected against dereferencing rogue pointers
28702: [56debd517717]
28703:
28704: * sudo.c:
28705: now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
28706: also allows us to eliminate some kludges in parse_args() and
28707: eliminate superfluous code.
28708: [5122f66ad150]
28709:
28710: * logging.c:
28711: no longer uses cmnd_args, now uses NewArgv instead.
28712: [abddd23cf068]
28713:
28714: * sudo.h:
28715: added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
28716: (no longer used)
28717: [78410984fb05]
28718:
28719: * Makefile.in:
28720: added wildmat.c to SRCS & SUDOBJS
28721: [3800efb41794]
28722:
28723: * parse.yacc:
28724: COMMAND is now a struct containing the path and args
28725: [5c32822c5b94]
28726:
28727: * parse.lex:
28728: replaced append() with fill_cmnd() and fill_args. command args from
28729: a sudoers entry are now stored in an arrary for easy matching.
28730: [a981d7f4eb0d]
28731:
28732: * parse.c:
28733: command line args from sudoers file are now in an array like ones
28734: passed in from the command line
28735: [1d9e37e84519]
28736:
28737: 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
28738:
28739: * parse.c:
28740: wildwat stuff now works
28741: [49d16488531f]
28742:
28743: 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
28744:
28745: * version.h:
28746: ++version
28747: [53e55463ef89]
28748:
28749: * Makefile.in:
28750: ++version added wildmat.*
28751: [0508297a4711]
28752:
28753: 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
28754:
28755: * parse.lex:
28756: added support for quoted commands (w/ or w/o args)
28757: [b9a637155673]
28758:
28759: 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
28760:
28761: * sudo.pod, visudo.pod:
28762: cleaned up formatting
28763: [4591d4195437]
28764:
28765: * sudo.pod, visudo.pod:
28766: Initial revision
28767: [7564a8242750]
28768:
28769: 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
28770:
28771: * sudoers.pod:
28772: looks reasonable, could be mroe readable
28773: [a5be2d19d9e0]
28774:
28775: * sudoers.pod:
28776: Initial revision
28777: [957888be31a6]
28778:
28779: 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
28780:
28781: * RUNSON:
28782: updated
28783: [633743aa924b]
28784:
28785: * OPTIONS:
28786: updated NO_ROOT_SUDO entry
28787: [f1c15b1dec9e]
28788:
28789: 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
28790:
28791: * RUNSON:
28792: *** empty log message ***
28793: [5b63de579ff7] [SUDO_1_4_0]
28794:
28795: * sudo.c:
28796: fixed SECURE_PATH
28797: [6002889f606d]
28798:
28799: * RUNSON:
28800: udpa`ted for 1.4
28801: [6014a8592815]
28802:
28803: * configure.in:
28804: AIX aixcrypt.exp now uses $(srcdir)
28805: [b0d57674fef4]
28806:
28807: * TROUBLESHOOTING:
28808: added entry for anal ansi compilers
28809: [4193cec1c6b1]
28810:
28811: 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
28812:
28813: * INSTALL:
28814: added info on libcrypt_i for SCO
28815: [575497d56698]
28816:
28817: * TODO:
28818: *** empty log message ***
28819: [d0aaf67b9913]
28820:
28821: * sample.sudoers:
28822: added comments
28823: [a7773f7eda8d]
28824:
28825: * TODO:
28826: 1.4 release
28827: [1dade29e9fd9]
28828:
28829: * CHANGES:
28830: ++version
28831: [67241be40780]
28832:
28833: * INSTALL, OPTIONS, README, config.h.in, configure.in:
28834: ++version
28835: [2e0a37897f68]
28836:
28837: * BUGS:
28838: ++version and fixed ISC
28839: [78963f01a0e3]
28840:
28841: * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
28842: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
28843: insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
28844: sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
28845: visudo.c:
28846: ++version
28847: [b6227f29b3d9]
28848:
28849: * interfaces.c:
28850: added STUB_LOAD_INTERFACES ++version
28851: [d8150a3fd577]
28852:
28853: * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
28854: version.h:
28855: ++version
28856: [da9e90e69bdc]
28857:
28858: * PORTING:
28859: added info about fd_set in tgetpass added info on interfaces.c
28860: [a39902febd17]
28861:
28862: 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
28863:
28864: * dce_pwent.c:
28865: added sudo header
28866: [fc0f2c48682e]
28867:
28868: * tgetpass.c:
28869: fixed a typo
28870: [43d40b72ee8f]
28871:
28872: * Makefile.in:
28873: tgetpass.o is now only linked in with sudo (not visudo)
28874: [7407c5ff11f8]
28875:
28876: 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
28877:
28878: * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
28879: configure.in:
28880: ++version
28881: [9b82ad805d6b]
28882:
28883: * emul/utime.h:
28884: added copyright notice
28885: [4380f16cd075]
28886:
28887: * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
28888: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
28889: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
28890: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
28891: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
28892: ++version
28893: [32717fdb5d05]
28894:
28895: * tgetpass.c:
28896: minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
28897: [326864428da2]
28898:
28899: * configure.in:
28900: ISC now gets -lcrypt now check for sys/bsdtypes.h
28901: [e064799c054b]
28902:
28903: * config.h.in:
28904: added check for sys/bsdtypes.h
28905: [9adb9533c363]
28906:
28907: 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
28908:
28909: * parse.yacc:
28910: removed debugging stuff (setting freed ptr to NULL)
28911: [02fe8eec63a0]
28912:
28913: * TROUBLESHOOTING:
28914: added 2 entries
28915: [02884e2733e2]
28916:
28917: * Makefile.in:
28918: added FAQ
28919: [074d8dfcf28d]
28920:
28921: * TROUBLESHOOTING:
28922: added section on syslog
28923: [e6bc02a22b86]
28924:
28925: * configure.in:
28926: added AC_ISC_POSIX for better ISC support
28927: [8436b3e12af2]
28928:
28929: * config.h.in:
28930: fixed typo
28931: [f1b3922babf4]
28932:
28933: * config.h.in:
28934: added define for _POSIX_SOURCE
28935: [ded6d92b34f9]
28936:
28937: 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
28938:
28939: * configure.in:
28940: fixed check for lsearch()
28941: [75baa5bc28a3]
28942:
28943: 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
28944:
28945: * interfaces.c:
28946: fixed for AIX now deal if num_interfaces == 0 (should not happen)
28947: [ae450e859227]
28948:
28949: 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
28950:
28951: * configure.in:
28952: now only define HAVE_LSEARCH if there is a corresponding search.h
28953: [8ce645c5d17f]
28954:
28955: * interfaces.c:
28956: works on ISC again
28957: [ccac920d424c]
28958:
28959: 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
28960:
28961: * configure.in:
28962: now define HAVE_LSEARCH if we find lsearch() in libcompat
28963: [7343e4313a87]
28964:
28965: * lsearch.c:
28966: char * -> const char *
28967: [1c0b11c2300a]
28968:
28969: * configure.in:
28970: now looks in -lcompat for lsearch()
28971: [a1cc1d6fcd09]
28972:
28973: * Makefile.in:
28974: remove sudo.core visudo.core for clan target
28975: [b523456a85df]
28976:
28977: * aclocal.m4:
28978: added UID_MAX support in check for MAX_UID_T_LEN
28979: [7ab262b1173f]
28980:
28981: * Makefile.in:
28982: fixed another occurence of sudo_getpwuid.*
28983: [fb5809c07da2]
28984:
28985: * Makefile.in, getspwuid.c:
28986: sudo_getpwuid.c -> getspwuid.c
28987: [875f2ef808b4]
28988:
28989: * configure.in:
28990: moved the "echo"
28991: [ad7b8f966076]
28992:
28993: * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
28994: compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
28995: getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
28996: ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
28997: parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
28998: sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
28999: version.h, visudo.c:
29000: ++version
29001: [ee57c6410ffa]
29002:
29003: * testsudoers.c:
29004: added group support
29005: [54d8097df8bd]
29006:
29007: * sample.sudoers:
29008: added group entry
29009: [50994d31fd49]
29010:
29011: * sudoers.man:
29012: documented group support
29013: [0a16707f8fed]
29014:
29015: * parse.c, parse.lex, parse.yacc, visudo.c:
29016: added group support
29017: [427218c879c8]
29018:
29019: 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
29020:
29021: * check.c:
29022: tkfile was too short and overflowed the kerberos realm
29023: [53823a1ff5af]
29024:
29025: 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
29026:
29027: * sudo.c:
29028: now copy command args directly from Argv
29029: [77408278b6fd]
29030:
29031: * sudo.c:
29032: replaced code to copy cmnd_args so that is does not use realloc
29033: since most realloc()'s really stink
29034: [b29a0ff73fb6]
29035:
29036: 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
29037:
29038: * configure.in:
29039: syslog() fixed in hpux 10.01
29040: [2648e6f0cdb0]
29041:
29042: 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
29043:
29044: * configure.in:
29045: AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
29046: [8f108b8d8711]
29047:
29048: * configure.in:
29049: better error if cannot find skey incs or libs
29050: [5887662ee9d3]
29051:
29052: * aclocal.m4:
29053: now use a temp file for determining max len of uid_t in string form.
29054: the old hacky way broke on netbsd
29055: [b68f470fa9f8]
29056:
29057: * sudo.c:
29058: added set of parens and a space
29059: [8a3d4826d022]
29060:
29061: 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
29062:
29063: * dce_pwent.c:
29064: fixes from Jeff Earickson <jaearick@colby.edu> ,
29065: [bde0f0b756ec]
29066:
29067: * check.c:
29068: modified a comment
29069: [e2a97f1afbbe]
29070:
29071: * Makefile.in:
29072: fixed up testsudoers target
29073: [d39c4e7bb609]
29074:
29075: * configure.in:
29076: DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
29077: SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
29078: [da7a1c433828]
29079:
29080: * Makefile.in:
29081: LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
29082: VISUDO_LDFLAGS
29083: [4b69503e8487]
29084:
29085: 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
29086:
29087: * configure.in:
29088: fix for C2 on hpux 10 now uses -linet if it exists
29089: [8d300112263d]
29090:
29091: * check.c:
29092: LONG_SKEY_PROMPT is less of a klusge /
29093: [dcc144abaac3]
29094:
29095: * configure.in:
29096: fixed typos w/ dce stuff
29097: [f7dfd6d4e149]
29098:
29099: * Makefile.in:
29100: added dce_pwent.c
29101: [79047acdc516]
29102:
29103: 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
29104:
29105: * INSTALL:
29106: amended section on combining authentication mechanisms
29107: [dc5138c7c716]
29108:
29109: * PORTING:
29110: minor updates for 1.3.6
29111: [fe80c13bd994]
29112:
29113: * TROUBLESHOOTING:
29114: added 2 more entries
29115: [c7201439a0f5]
29116:
29117: * BUGS:
29118: updated for 1.3.6
29119: [979b414d2a2d]
29120:
29121: * README:
29122: overhauled
29123: [3af8b60eb594]
29124:
29125: * INSTALL:
29126: rewrote for sudo 1.3.6
29127: [b16027b9c726]
29128:
29129: * TROUBLESHOOTING:
29130: added 3 entries
29131: [934c9ee3f153]
29132:
29133: 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
29134:
29135: * find_path.c, getspwuid.c, sudo.c:
29136: added explict casts for strdup since many includes don't prototype
29137: it. gag me.
29138: [3e19a11f2fcc]
29139:
29140: * sudo.h:
29141: removed prototype for sudo_getpwuid() since convex C compiler choked
29142: on it.
29143: [c3ea74ca67b0]
29144:
29145: * sudo.c:
29146: added prototype for sudo_getpwuid()
29147: [4a8e3cdc2b98]
29148:
29149: * lsearch.c:
29150: now compiles on strict ANSI compilers
29151: [3ce5d72d0b08]
29152:
29153: * check.c:
29154: added LONG_SKEY_PROMPT support
29155: [48a18b8a2332]
29156:
29157: * Makefile.in:
29158: added extra $'s for make to eat up, yum.
29159: [2995b214e12b]
29160:
29161: * OPTIONS, options.h:
29162: added LONG_SKEY_PROMPT
29163: [f23ae799b5a4]
29164:
29165: 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
29166:
29167: * check.c:
29168: s/key support now works with normal s/key as well as logdaemon
29169: [d67573f523bf]
29170:
29171: * OPTIONS, options.h:
29172: added SKEY_ONLY
29173: [bbf07654e0de]
29174:
29175: * compat.h:
29176: set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
29177: [205895b96a36]
29178:
29179: * INSTALL:
29180: added DCE note added more AIX notes
29181: [6345403b3522]
29182:
29183: * sudo.c:
29184: now include pthread.h for DCE support
29185: [6fe02865f679]
29186:
29187: * check.c:
29188: dce_pwent() is ok after all .,
29189: [d26a8746a55d]
29190:
29191: * logging.c:
29192: now uses SYSLOG() macro that equates to either syslog() or
29193: syslog_wrapper
29194: [42ac4cff8045]
29195:
29196: * dce_pwent.c:
29197: minor formatting changes. renamed check() to somthing less generic
29198: [71859f217be1]
29199:
29200: * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
29201: visudo.c:
29202: now uses user_pw_ent and simple macros to get at the contents
29203: [f4cbf3e7145a]
29204:
29205: 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
29206:
29207: * check.c:
29208: simpler dec unix C2 support
29209: [86bc8f75250e]
29210:
29211: * getspwuid.c:
29212: now sets crypt_type for DEC unix C2
29213: [99aeadd18266]
29214:
29215: 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
29216:
29217: * configure.in:
29218: added csops paths for skey
29219: [b8ca672e2117]
29220:
29221: * getspwuid.c:
29222: now includes string.h for strdup() prototype
29223: [3605259c3620]
29224:
29225: * getspwuid.c:
29226: fixed a few typos
29227: [46c97e4ea417]
29228:
29229: * check.c:
29230: now includes skey.h
29231: [11e611ce1b61]
29232:
29233: * getspwuid.c:
29234: fixed up comments
29235: [223dac56f0c8]
29236:
29237: * check.c:
29238: moved a lot of the shadow passwd crap to sudo_getpwuid()
29239: [97d8887fb7d3]
29240:
29241: * sudo.c:
29242: now uses sudo_pw_ent
29243: [d014dadbef48]
29244:
29245: * testsudoers.c:
29246: now uses sudo_pw_ent
29247: [d92936ed7e34]
29248:
29249: * visudo.c:
29250: now sets sudo_pw_ent
29251: [ff75cdfcf8b3]
29252:
29253: * getspwuid.c:
29254: Initial revision
29255: [6deb6df9d7bc]
29256:
29257: * tgetpass.c:
29258: moved dce stuff into compat.h
29259: [1124284396e7]
29260:
29261: * logging.c, sudo.h:
29262: now uses sudo_pw_ent
29263: [404ff20a5067]
29264:
29265: * Makefile.in:
29266: added sudo_getpwuid.c
29267: [6666d0644512]
29268:
29269: * compat.h:
29270: added dce support
29271: [3c3b36a7ce0e]
29272:
29273: * parse.yacc:
29274: now uses sudo_pw_ent
29275: [9f5e8d11bd68]
29276:
29277: 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
29278:
29279: * check.c:
29280: fixed exempt_group stuff for OS's that don't put base gid in group
29281: vector
29282: [003f153bd396]
29283:
29284: * check.c:
29285: S/Key support now works with sunos4 shadow passwords
29286: [1eb64a5efff1]
29287:
29288: * Makefile.in:
29289: fixed clean rule
29290: [5695a2c62816]
29291:
29292: * config.h.in, configure.in:
29293: added DCE support
29294: [f53c766c1947]
29295:
29296: * tgetpass.c:
29297: DCE & KERB support
29298: [904cf436506a]
29299:
29300: * check.c:
29301: first stab at dce support
29302: [aea5ca07b1e3]
29303:
29304: * dce_pwent.c:
29305: now smells like sudo
29306: [8b3d609b49cd]
29307:
29308: * dce_pwent.c:
29309: Initial revision
29310: [b573555f2399]
29311:
29312: * check.c:
29313: skey'd sudo now works w/ normal password as well
29314: [8d038f9f6e94]
29315:
29316: 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
29317:
29318: * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
29319: getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
29320: ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
29321: parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
29322: sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
29323: version.h, visudo.c:
29324: updated version number
29325: [ba7e346d7904]
29326:
29327: * README:
29328: updated to reflect version change
29329: [1d15cf1d8cc8]
29330:
29331: * configure.in:
29332: --with options now line up ++version
29333: [08ebf625fbca]
29334:
29335: * sudo.h:
29336: removed unecesary S/Key stuff
29337: [68188cba90af]
29338:
29339: * configure.in:
29340: fixed S/Key support
29341: [f6d9cbc36618]
29342:
29343: * Makefile.in:
29344: -I stuff now goes in CPPFLAGS
29345: [7b8e53c5b046]
29346:
29347: * check.c:
29348: fixed SKey support
29349: [52c1a5cf4435]
29350:
29351: * README:
29352: updated version
29353: [bed6498a10bb]
29354:
29355: * OPTIONS:
29356: fixed description of EXEMPTGROUP
29357: [cfeead55edc2]
29358:
29359: * sudo.c:
29360: more people use _RLD_ than just alphas...
29361: [6a3c7090a6f6]
29362:
29363: * Makefile.in:
29364: replaced $man_prefix with $mandir
29365: [dc4b36a550e2]
29366:
29367: * configure.in:
29368: fixed a typo
29369: [a38a4acddcaf]
29370:
29371: * Makefile.in:
29372: now use more GNU'ish dir names
29373: [c5498391a520]
29374:
29375: * configure.in:
29376: now set *dir correctly (can override from command line)
29377: [523ff98fd438]
29378:
29379: * sudo.c:
29380: now deal with situations where we getwd() fails
29381: [88a9e61dccbb]
29382:
29383: 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
29384:
29385: * Makefile.in:
29386: added etc_dir, bin_dir, sbin_dir
29387: [75fd08d92842]
29388:
29389: * configure.in:
29390: added sbin_dir
29391: [3cb318c0d8d1]
29392:
29393: * Makefile.in:
29394: now ship a flex-generated lex.yy.c
29395: [4d083ed70dce]
29396:
29397: * Makefile.in:
29398: now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
29399: [4d51dc9c3780]
29400:
29401: * pathnames.h.in:
29402: _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
29403: [773fd163d52f]
29404:
29405: * options.h:
29406: no more error for redefining SUDOERS_OWNER
29407: [4ba336644c6a]
29408:
29409: * OPTIONS:
29410: expanded SUDOERS_OWNER section
29411: [12fae405759e]
29412:
29413: 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
29414:
29415: * visudo.c:
29416: now warn if chown(2) failed
29417: [d0d1db6e3a1f]
29418:
29419: * logging.c:
29420: better default warning for NO_SUDOERS_FILE
29421: [5260b458ac64]
29422:
29423: * sudo.c:
29424: added missing set_perms() no more cryptic message if the sudoers
29425: file is zero length, now just give a parse error
29426: [b81ea724838a]
29427:
29428: * logging.c:
29429: better diagnostics if NO_SUDOERS_FILE
29430: [877e878663c5]
29431:
29432: * sudo.c:
29433: check_sudoers() now catches sudoers files that are not readable (but
29434: are stat'able).
29435: [fea05663b3de]
29436:
29437: 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
29438:
29439: * configure.in:
29440: now add -D__STDC__ for convex cc (not gcc)
29441: [c80fc53ff51b]
29442:
29443: * configure.in:
29444: MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
29445: [fe238226a057]
29446:
29447: * Makefile.in:
29448: now uses exec_prefix & prefix from configure
29449: [f62fca5f56bd]
29450:
29451: * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
29452: parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
29453: utime.c, visudo.c:
29454: options.h is now <> instead of "" so shadow build trees can have a
29455: custom copy of options.h
29456: [e6782676099c]
29457:
29458: * check.c:
29459: user_is_exempt() is no longer a hack, it now uses getgrnam()
29460: [287f8d5356f7]
29461:
29462: * options.h:
29463: EXEMPTGROUP is now "sudo"
29464: [61487304dbe1]
29465:
29466: * configure.in:
29467: MAN_POSTINSTALL now contains a leading space
29468: [eaad4ac34012]
29469:
29470: * Makefile.in:
29471: removed leading tab if @MAN_POSTINSTALL@ not defined now removes
29472: testsudoers in clean:
29473: [e01711baceb8]
29474:
29475: * tgetpass.c:
29476: includes pwd.h to get _PASSWD_LEN definition
29477: [8ec174f263f1]
29478:
29479: 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
29480:
29481: * sudo.c:
29482: unset the KRB_CONF envariable if using kerberos so we don't get
29483: spoofed into using a bogus server
29484: [2561a0274fca]
29485:
29486: 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
29487:
29488: * parse.yacc:
29489: now explicately initialize match[] tp be FALSE
29490: [0e45e5c47766]
29491:
29492: 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
29493:
29494: * sudo.c:
29495: removed unused variable now passes -Wall
29496: [3452508bc16d]
29497:
29498: * parse.yacc:
29499: yyerror and dumpaliases are now void's now passes -Wall
29500: [2769dfb51993]
29501:
29502: * parse.lex:
29503: added prototype for yyerror
29504: [1f3f0c1b4ab4]
29505:
29506: * check.c, logging.c, parse.c:
29507: now passes -Wall
29508: [eab57e5e81d2]
29509:
29510: * interfaces.c:
29511: rmeoved unused cruft now passes -Wall
29512: [7a47e1866f4b]
29513:
29514: * Makefile.in:
29515: fixed headers that moved to emul dir
29516: [e680c1e5049b]
29517:
29518: * logging.c:
29519: fixed deref of nil pointer if no args
29520: [973b9bea432f]
29521:
29522: 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
29523:
29524: * OPTIONS:
29525: added a caveat to FQDN section
29526: [dcf6e2a5fff4]
29527:
29528: 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
29529:
29530: * Makefile.in:
29531: more $srcdir support for install targets
29532: [f6eac78436dd]
29533:
29534: * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
29535: strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
29536: don't include malloc.h if we include stdlib.h
29537: [fca2ff307cd8]
29538:
29539: * parse.yacc:
29540: local search.h now lives in emul
29541: [51c458904424]
29542:
29543: * check.c, utime.c:
29544: local utime.h now lives in emul dir
29545: [f92fc9e8c8de]
29546:
29547: * lsearch.c:
29548: local search.h now lives in emul
29549: [579efc407439]
29550:
29551: * Makefile.in:
29552: added support for building in other than the sourcedir
29553: [2ab53a43f7d4]
29554:
29555: 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
29556:
29557: * OPTIONS:
29558: annotated CSOPS_INSULTS option
29559: [9e57d45a0afa]
29560:
29561: * TROUBLESHOOTING:
29562: updated shadow passwords blurb
29563: [39b785bc7253]
29564:
29565: * sudo.c:
29566: if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
29567: passes along foo as the arguments
29568: [a91077aa8fc5]
29569:
29570: 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
29571:
29572: * parse.lex:
29573: collapsed pathname and dir sections into one -- its now less
29574: expensive
29575: [89caa03bec25]
29576:
29577: * parse.lex:
29578: fixed spacing quoting [,:\\=] now works correctly append() and
29579: fill() now take args to make the above work
29580: [09d023d9ef3a]
29581:
29582: * sudo.c:
29583: fixed a typo that caused commands with no tty on fd 0 but a tty on
29584: fd 1 to erroneously have "none" as their tty
29585: [07d2c0e7977c]
29586:
29587: 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
29588:
29589: * check.c:
29590: timestampfile is now a global static removed decl of timestampfile
29591: in remove_timestamp since we can just use the global one
29592: [f0cbdc6aab1c]
29593:
29594: * check.c:
29595: created touch() to update timestamps added USE_TTY_TICKETS support
29596: (bit of a kludge)
29597: [cee1dd0318f8]
29598:
29599: * compat.h:
29600: added _S_IFDIR and S_ISDIR
29601: [b4a51cc9628e]
29602:
29603: * OPTIONS, options.h:
29604: added USE_TTY_TICKETS
29605: [b4e22f81f25e]
29606:
29607: * parse.yacc:
29608: removed const from casts for lsearch() & lfind() to placate irix 4.x
29609: C compiler
29610: [5003081f76ea]
29611:
29612: 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
29613:
29614: * sudo.c:
29615: now only strip '/dev/' off of a tty if it starts with '/dev/'
29616: [7f62bcd24039]
29617:
29618: * pathnames.h.in:
29619: added _PATH_DEV
29620: [6375f44d1910]
29621:
29622: * configure.in:
29623: AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
29624: have termios.h
29625: [9c60391235fd]
29626:
29627: * tgetpass.c:
29628: fixed incorrect #ifdef termio uses "unsigned short" not int for
29629: c_?flag
29630: [d032e6a29845]
29631:
29632: * parse.lex, parse.yacc:
29633: fixed a spelling error
29634: [cad6a944c7b1]
29635:
29636: * Makefile.in:
29637: fixed typo
29638: [204a65403e7c]
29639:
29640: 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
29641:
29642: * Makefile.in:
29643: fixed a comment
29644: [268f760e57ad]
29645:
29646: * parse.yacc:
29647: added dotcat() to cat 2 strings w/ a dot effeciently now that we
29648: dynamically allocate strings they need to be free()'d
29649: [ec2e2152f415]
29650:
29651: * parse.lex:
29652: dynamically allocates space for strings
29653: [d10ac3533d66]
29654:
29655: * sudo.h:
29656: no more MAXCOMMANDLENGTH
29657: [e2e1219bff8a]
29658:
29659: * sudo.h:
29660: added decl of tty
29661: [c8ae81303ee5]
29662:
29663: * logging.c, sudo.c:
29664: moved tty stuff into sudo.c
29665: [e028abefeb07]
29666:
29667: 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
29668:
29669: * parse.c:
29670: fixed a logic bug. Was denying a command if user gave command line
29671: args but there were none in the sudoers file which is wrong.
29672: [7489a99b8e8a]
29673:
29674: * sudo.h:
29675: MAXCOMMMANDLEN dropped down to 1K
29676: [38ef54ba290b]
29677:
29678: * parse.lex:
29679: return foo; -> return(foo);
29680: [0e8be1b57001]
29681:
29682: * parse.yacc:
29683: fixed netgr_matches() prototype
29684: [e69f15910464]
29685:
29686: * parse.lex:
29687: added support for escaping "termination" characters
29688: [8bd4ef50f35c]
29689:
29690: * parse.c:
29691: buf is now of size MAXPATHLEN+1 since it never holds command args
29692: [2ce4b763058c]
29693:
29694: * sudo.c:
29695: fixed comments
29696: [0c74a3d2ebb0]
29697:
29698: * goodpath.c:
29699: fixed negation problem (doh!)
29700: [782814e3a2d1]
29701:
29702: * parse.yacc:
29703: fixed 2nd parameter to lfind()
29704: [63d7b1623c08]
29705:
29706: * parse.lex:
29707: now do bounds checking in fill() and append()
29708: [54381b563251]
29709:
29710: * sudo.c:
29711: include netdb.h as we should added a missing void cast added
29712: SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
29713: realloc actually moved the string instead of shrinking it
29714: [897ccdec9c06]
29715:
29716: * sample.sudoers:
29717: updated with examples of new features
29718: [9b3ed00e8aa6]
29719:
29720: * goodpath.c:
29721: now set errno to EACCES if not a regular file or not executable
29722: [2d069548a5ea]
29723:
29724: * find_path.c:
29725: if given a fully-qualified or relative path we now check it with
29726: sudo_goodpath() and error out with the appropriate error message if
29727: the file does not exist or is not executable
29728: [590f89dd8dec]
29729:
29730: * emul/search.h, lsearch.c:
29731: now use correct args for lfind
29732: [fccdcdbf020e]
29733:
29734: * logging.c:
29735: added a comment
29736: [fab9f49708ea]
29737:
29738: * insults.h:
29739: added in CSOps insults
29740: [ad8eb1862adc]
29741:
29742: * ins_csops.h:
29743: Initial revision
29744: [de5a475ec018]
29745:
29746: * tgetpass.c:
29747: added RCS id
29748: [c3ffd550a482]
29749:
29750: * sudo.h:
29751: increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
29752: [aba25c90d08a]
29753:
29754: * OPTIONS:
29755: added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
29756: [e27bd62e9ccf]
29757:
29758: * sudo.c:
29759: fixed -k load_interfaces() now gets called if FQDN is set
29760: -p now works with -s
29761: [07ca2a34bae8]
29762:
29763: * parse.c:
29764: don't try to stat() "pseudo commands" like "validate"
29765: [75527045984b]
29766:
29767: * options.h:
29768: added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
29769: [07b157a0eafd]
29770:
29771: * configure.in:
29772: added SecurID support added other insults to --with-csops
29773: [6c992ceb244c]
29774:
29775: * config.h.in:
29776: added HAVE_SECURID
29777: [e734ff617fe8]
29778:
29779: * Makefile.in:
29780: added clobber target added ins_csops.h now gets CFLAGS from
29781: configure
29782: [d1e29c7cec25]
29783:
29784: * aclocal.m4:
29785: relaxed SUDO_FULL_VOID
29786: [fb4084f27406]
29787:
29788: * visudo.c:
29789: function comment blocks are now in same style as rest of code
29790: [04a2931354c5]
29791:
29792: * testsudoers.c:
29793: added support for command line args in /etc/sudoers
29794: [bfe4e1bcc655]
29795:
29796: * sudoers.man:
29797: updated to have command args in the sudoers file
29798: [1cd34355e9ea]
29799:
29800: * sudo.man:
29801: added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
29802: [930b48023b68]
29803:
29804: 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
29805:
29806: * parse.yacc:
29807: PATH renamed to COMMAND
29808: [4e109a6de3cd]
29809:
29810: * parse.lex:
29811: it is now a parse error for directories to have args attached to
29812: them
29813: [2ab10a146b54]
29814:
29815: * logging.c:
29816: now say command args if telling user to buzz off
29817: [933de26ded8b]
29818:
29819: * sudo.c:
29820: -s no longer indicates end of args sped up loading on cmnd_args in
29821: load_cmnd()
29822: [eac99a4da862]
29823:
29824: * parse.c:
29825: removed an unreachable statement
29826: [634302623c49]
29827:
29828: * parse.lex:
29829: made more efficient by pulling out the terminators when in GOTCMND
29830: state and making them their own rule
29831: [80798f1e1166]
29832:
29833: 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
29834:
29835: * sudo.h:
29836: removed MAXLOGLEN since it is no longer used
29837: [102824196b71]
29838:
29839: * parse.lex:
29840: now allows command args
29841: [d29dfa1e5254]
29842:
29843: * parse.c:
29844: now groks command arguments
29845: [6c414cb7f105]
29846:
29847: * logging.c:
29848: now sets tty correctly when piped input
29849: [de46a30c0406]
29850:
29851: * sudo.c:
29852: fixed loading of cmnd_args (was including command name too)
29853: [15319a425ea6]
29854:
29855: * logging.c:
29856: fixed a core dump due to incorrect if construct
29857: [582363c7d7fa]
29858:
29859: 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
29860:
29861: * configure.in:
29862: only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
29863: [da591fe9b931]
29864:
29865: * aclocal.m4:
29866: fixed check for ISC
29867: [52e59f2082a7]
29868:
29869: * sudo.c:
29870: now sets cmnd_args used by log_error() and that will be used by the
29871: parse to check against command args
29872: [c6804389723b]
29873:
29874: * sudo.h:
29875: added cmnd_args
29876: [4d00446b4a8d]
29877:
29878: * logging.c:
29879: now dynamically allocate logline since we can guess at its size
29880: [4bed8c8446aa]
29881:
29882: 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
29883:
29884: * logging.c:
29885: cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
29886: "register" since the compiler knows more than I do now do a
29887: "basename" of the tty
29888: [3b1bbf0b3da1]
29889:
29890: 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
29891:
29892: * configure.in:
29893: ++version
29894: [5ce552f9a5f1]
29895:
29896: * sudo.h:
29897: added shell extern changed MODE_* to be bit masks to allow for
29898: several options together
29899: [06f9dc4f400c]
29900:
29901: * sudo.c:
29902: added -s (shell) option made MODE_* masks so we can do bitwise & and
29903: | to see if multiple flags are set.
29904: [01f8143010ad]
29905:
29906: * check.c:
29907: added securid support
29908: [909e078005fe]
29909:
29910: 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
29911:
29912: * logging.c:
29913: removed a bunch of unnecesary strncpy()'s and replaced with strcat()
29914: [644506b57d61]
29915:
29916: 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
29917:
29918: * Makefile.in, version.h:
29919: ++version
29920: [3cd6f1fbc3d9]
29921:
29922: 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
29923:
29924: * parse.yacc:
29925: fixed free() of an uninitialized pointer (yuck)
29926: [8c404ee502ee]
29927:
29928: * testsudoers.c:
29929: added netgr_matches
29930: [e7c9fa2f774c]
29931:
29932: * parse.c:
29933: cleaned up netgr_matches
29934: [8108f00b810e]
29935:
29936: 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
29937:
29938: * RUNSON:
29939: updated for 1.3.4
29940: [4741704310a1]
29941:
29942: 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
29943:
29944: * Makefile.in:
29945: now installs sudoers.man -- really should clean this up though.
29946: [455631d45a1d]
29947:
29948: * Makefile.in:
29949: added sudoers.cat and sudoers.man
29950: [0bdedd6c7363]
29951:
29952: * sudo.man:
29953: pulled out stuff on the sudoers file format into a separate man page
29954: [de215d999cb9]
29955:
29956: * sudoers.man:
29957: Initial revision
29958: [f25eafbb7095]
29959:
29960: * HISTORY:
29961: fixed up my email address
29962: [254fbf80be74]
29963:
29964: * configure.in:
29965: added checks for innetgr and getdomainname
29966: [24a99cb7e97e]
29967:
29968: * visudo.c:
29969: added dummy netgr_matches function
29970: [1841ff2c01da]
29971:
29972: * parse.c:
29973: added netgr_matches
29974: [ec90db6a97b8]
29975:
29976: * parse.lex, parse.yacc:
29977: added NETGROUP support
29978: [c9dd93e3bc4b]
29979:
29980: * config.h.in:
29981: added HAVE_INNETGR & HAVE_GETDOMAINNAME
29982: [14abd494d875]
29983:
29984: 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
29985:
29986: * sudo.c:
29987: rewrote clean_env() that has rm_env() builtin
29988: [55cb43818a95]
29989:
29990: 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
29991:
29992: * check.c:
29993: now cast uid to long in sprintf
29994: [b549eea40aeb]
29995:
29996: * OPTIONS:
29997: added _INSULTS suffix to HAL & GOONS end
29998: [ed620d0aad30]
29999:
30000: * options.h:
30001: added _INSULTS suffix to HAL & GOONS
30002: [9f72e9b83afd]
30003:
30004: * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
30005: converted to new scheme of insult "unions" end
30006: [2f6d2b412132]
30007:
30008: * sudo.c:
30009: now uses MAX_UID_T_LEN
30010: [c1df79e0f389]
30011:
30012: * configure.in:
30013: added SUDO_UID_T_LEN !l
30014: [195f0b9f5f84]
30015:
30016: * config.h.in:
30017: added MAX_UID_T_LEN
30018: [73f42ae4f14d]
30019:
30020: * check.c:
30021: now use MAX_UID_T_LEN
30022: [df9c063234cb]
30023:
30024: * aclocal.m4:
30025: added check for max len of uid_t fixed sco vs. isc check
30026: [d558f36d2223]
30027:
30028: 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
30029:
30030: * configure.in:
30031: corrected version
30032: [828dd1571e86]
30033:
30034: * configure.in:
30035: added sco support
30036: [af1e2f616638]
30037:
30038: * aclocal.m4:
30039: hack to check for sco
30040: [549ab99a9a43]
30041:
30042: * interfaces.c:
30043: removed #include <net/route.h> since it was hosing some OS's
30044: [ac78a7c04005]
30045:
30046: 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
30047:
30048: * find_path.c:
30049: fixed prreadlink() prototype
30050: [b380fe1f2b11]
30051:
30052: * check.c:
30053: added parens in #if's
30054: [e96ade691b82]
30055:
30056: * configure.in:
30057: added SPW_ prefix
30058: [a302683a1483]
30059:
30060: * sudo.h:
30061: moved SPW_* to config.h.in
30062: [6b3be70e34cf]
30063:
30064: * sudo.c:
30065: added a set of parens
30066: [8188d735d695]
30067:
30068: * config.h.in:
30069: added SPW_*
30070: [5ead6371cf60]
30071:
30072: * sudo.h:
30073: added SPW_* reordered error codes
30074: [dead25b4ed0a]
30075:
30076: * check.c:
30077: moved SPW_* to sudo.h
30078: [ca51fb04caf4]
30079:
30080: 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
30081:
30082: * sudo.c:
30083: SPW_AUTH -> SPW_SECUREWARE
30084: [6b512b2bc5dc]
30085:
30086: * logging.c:
30087: GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
30088: [defdd0944e2f]
30089:
30090: * configure.in:
30091: AUTH -> SECUREWARE
30092: [d1f8a17001dd]
30093:
30094: * check.c:
30095: SPW_AUTH -> SPW_SECUREWARE
30096: [af0e8d8b89b2]
30097:
30098: * check.c:
30099: now uses SHADOW_TYPE to make shadow pw support more readable and
30100: modular. It's a start...
30101: [8c2a59667014]
30102:
30103: * configure.in:
30104: added autodetection of shadow passwords
30105: [85f81fa54b1b]
30106:
30107: * sudo.c:
30108: now uses SHADOW_TYPE define
30109: [355e5dc09b07]
30110:
30111: * config.h.in:
30112: added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
30113: [c0c06e83e483]
30114:
30115: * aclocal.m4:
30116: added SUDO_CHECK_SHADOW
30117: [464301301639]
30118:
30119: 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
30120:
30121: * configure.in:
30122: define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
30123: memmove() since we dno longer use it...
30124: [8aefa87d7d31]
30125:
30126: * CHANGES:
30127: updated
30128: [ce97b3fd7182]
30129:
30130: * logging.c:
30131: added BROKEN_SYSLOG support
30132: [a45c3bca36f6]
30133:
30134: * config.h.in:
30135: added BROKEN_SYSLOG
30136: [6f6abf0a6268]
30137:
30138: * check.c:
30139: now only bitch it timestamp > time_now + 2 * timeout to allow for a
30140: machine udpating its time from a server
30141: [546bc8d35325]
30142:
30143: * sudo.man:
30144: added 2 security notes updated Nieusma's email addr
30145: [616756c56977]
30146:
30147: * lsearch.c:
30148: changed a memmove() to memcpy() since we don't have to worry about
30149: overlapping segments.
30150: [30baa478526b]
30151:
30152: 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
30153:
30154: * interfaces.c:
30155: cleanup up the loop when interfaces are groped in so that it is
30156: readable
30157: [1fa39446bd69]
30158:
30159: * Makefile.in, version.h:
30160: ++version
30161: [b46bd2b1770f]
30162:
30163: 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
30164:
30165: * CHANGES:
30166: annotated 124-126
30167: [b82a2b3ec7ce]
30168:
30169: 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
30170:
30171: * check.c:
30172: fixed permissions check on /tmp/.odus
30173: [cc2431a65468]
30174:
30175: 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
30176:
30177: * check.c:
30178: fixed some comments
30179: [8896d09b4fda]
30180:
30181: * check.c:
30182: now checks owner & mode of timedir also checks for bogus dates on
30183: timestamp file
30184: [a0fad5df5b0a]
30185:
30186: * OPTIONS:
30187: updated TIMEOUT info
30188: [033cc22d9e04]
30189:
30190: * logging.c, sudo.h:
30191: added BAD_STAMPDIR and BAD_STAMPFILE
30192: [31d9ce691101]
30193:
30194: * compat.h:
30195: added definition of S_IRWXU
30196: [ff2dab091a9b]
30197:
30198: * CHANGES:
30199: updated
30200: [a40df90284f1]
30201:
30202: 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
30203:
30204: * interfaces.c:
30205: added #ifdef to make it compile on strange arches
30206: [4a127f12afce]
30207:
30208: 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
30209:
30210: * aclocal.m4:
30211: fixed check for fulkl void impl.
30212: [b6f2a4a361d8]
30213:
30214: * check.c:
30215: added mssing "static"
30216: [520552f2772b]
30217:
30218: * insults.h:
30219: replaced #elif with #else #if constructs for ancient C compilers
30220: [39ab2d365b57]
30221:
30222: * INSTALL:
30223: updated irix c2 & kerb5 info
30224: [ae79b99b4905]
30225:
30226: * configure.in:
30227: added shadow pw support for irix
30228: [632469d9c528]
30229:
30230: 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
30231:
30232: * BUGS, TODO:
30233: updated
30234: [2a96bb18ac30]
30235:
30236: * CHANGES:
30237: last changes for sudo 1.3.3
30238: [c1c0cd1034b8]
30239:
30240: * configure.in:
30241: now calls SUDO_SOCK_SA_LEN
30242: [14ea78159d45]
30243:
30244: * config.h.in:
30245: added HAVE_SA_LEN
30246: [cc2a346aa905]
30247:
30248: * aclocal.m4:
30249: added SUDO_SOCK_SA_LEN
30250: [456a2025644a]
30251:
30252: * interfaces.c:
30253: now works with ip implementations that use sa_len in sockaddr
30254: [90be6e028077]
30255:
30256: * INSTALL:
30257: added note about buggy AIX compiler
30258: [c0f6d427e4e4]
30259:
30260: * interfaces.c:
30261: now include sys/time.h for AIX
30262: [2510858ab38b]
30263:
30264: 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
30265:
30266: * Makefile.in:
30267: getcwd -> getwd
30268: [66085ebca98e]
30269:
30270: * interfaces.c:
30271: now works for ISC and others. yay.
30272: [f336d4ffc927]
30273:
30274: 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
30275:
30276: * Makefile.in, version.h:
30277: version++
30278: [836cffc2078d]
30279:
30280: 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
30281:
30282: * aclocal.m4:
30283: fixed test for full void impl
30284: [fb004107e7b9]
30285:
30286: * sudo.c:
30287: now check to see that st_dev is non-zero before assuming that we are
30288: being spoofed
30289: [1b0e1c30c506]
30290:
30291: 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
30292:
30293: * aclocal.m4, configure.in:
30294: SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
30295: [4953379bfb01]
30296:
30297: 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
30298:
30299: * aclocal.m4:
30300: fixed include file order for SUDO_FUNC_UTIME_POSIX
30301: [ff64ab7df44f]
30302:
30303: * logging.c:
30304: added cast for ttyname()
30305: [444f05f56758]
30306:
30307: * configure.in:
30308: fixed typo
30309: [de068e748431]
30310:
30311: * check.c:
30312: now deal correctly with all known variation of utime() -- yippe
30313: [b778a4195a89]
30314:
30315: * configure.in:
30316: added SUDO_FUNC_UTIME_POSIX
30317: [cf635f2269d6]
30318:
30319: * aclocal.m4:
30320: added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
30321: [d79593be4b73]
30322:
30323: * config.h.in:
30324: added HAVE_UTIME_POSIX
30325: [c67b4ac0dca5]
30326:
30327: * check.c:
30328: fixed a typo
30329: [b14df5680f59]
30330:
30331: * check.c:
30332: no longer assume !HAVE_UTIME_NULL means old BSD utime()
30333: [0aeaf4b2f38b]
30334:
30335: * check.c:
30336: fixed fascist C compiler warning
30337: [c61ddf2f1f93]
30338:
30339: * interfaces.c:
30340: now set strioctl.ic_timout in STRSET() now initialize num_interfaces
30341: to 0 (just to be anal)
30342: [c54cc2ba0052]
30343:
30344: 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
30345:
30346: * sudo.h:
30347: increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
30348: [74cf585a54fb]
30349:
30350: * logging.c:
30351: added tty logging
30352: [e27d8dcfbd78]
30353:
30354: * interfaces.c:
30355: reworked the ISC code
30356: [bcf57ce8ae69]
30357:
30358: * Makefile.in, version.h:
30359: updated version
30360: [032941c9b94d]
30361:
30362: * check.c:
30363: now expect old-style utime(3) if utime() can't take NULL as an arg
30364: [018dd4a73030]
30365:
30366: * configure.in:
30367: added check for utime.h
30368: [0b76e8feb618]
30369:
30370: * config.h.in:
30371: added HAVE_UTIME_H
30372: [62ee42feda46]
30373:
30374: * Makefile.in:
30375: added CPPFLAGS STATIC_FLAGS -> LDFLAGS
30376: [fa3201d294e1]
30377:
30378: * configure.in:
30379: now search for kerb libs and includes
30380: [cc332401e571]
30381:
30382: * check.c:
30383: added support for utime(2)'s that can't take a NULL parameter
30384: [98797fedf69f]
30385:
30386: * utime.c:
30387: moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
30388: [6ce6d825fb44]
30389:
30390: * configure.in:
30391: added utime(s) stuff
30392: [a2afb744403e]
30393:
30394: * check.c:
30395: now use utime()
30396: [48902240a51e]
30397:
30398: * config.h.in:
30399: added HAVE_UTIME and HAVE_UTIME_NULL
30400: [9a56ab65d4f4]
30401:
30402: 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
30403:
30404: * utime.c:
30405: now use HAVE_UTIME_NULL
30406: [e3944de09a92]
30407:
30408: * emul/utime.h, utime.c:
30409: Initial revision
30410: [a2cbf2ef3427]
30411:
30412: * check.c:
30413: need to setuid(0) to make kerb4 stuff work.
30414: [c6cfda4039d7]
30415:
30416: * tgetpass.c:
30417: no more special case for kerberos
30418: [4a5c33145be9]
30419:
30420: * config.h.in:
30421: took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
30422: emulation)
30423: [a607ee43e650]
30424:
30425: * compat.h:
30426: no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
30427: kerberos
30428: [02fb274cc136]
30429:
30430: * check.c:
30431: now use private ticket file for kerberos support to avoid trouncing
30432: on system one
30433: [28d8b6b812c7]
30434:
30435: 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
30436:
30437: * sudo.h:
30438: added SPOOF_ATTEMPT & cmnd_st
30439: [d3b42a1f4d0d]
30440:
30441: * sudo.c:
30442: added anti-spoofing support
30443: [ab1e2aa44a57]
30444:
30445: * parse.c:
30446: now use global cmnd_st
30447: [47018265a1a6]
30448:
30449: * logging.c:
30450: added SPOOF_ATTEMPT suypport
30451: [7bbe9dd2a021]
30452:
30453: * testsudoers.c, visudo.c:
30454: added void casts where appropriate
30455: [f191441ba333]
30456:
30457: * parse.yacc:
30458: fixed up spacing and added void casts where appropriate
30459: [15d886fc809c]
30460:
30461: * sudo.c:
30462: fixed problem with "-p prompt" but no args
30463: [6fc048261a3e]
30464:
30465: 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
30466:
30467: * sudo.man:
30468: added BUGS and annotated -l description
30469: [e5c506de2603]
30470:
30471: * sudo.h:
30472: validate() now takes a flag
30473: [26627becc60a]
30474:
30475: * sudo.c:
30476: validate() now takes a flag added -l
30477: [a4f7bb97fe54]
30478:
30479: * parse.yacc:
30480: added support for -l
30481: [e7a9b10b0ad3]
30482:
30483: * parse.c:
30484: validate() now takes a flag that says whether or not to check the
30485: command
30486: [9e1e67f4e281]
30487:
30488: 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
30489:
30490: * logging.c:
30491: now deals with Argv == 1
30492: [0acb637ab635]
30493:
30494: * sudo.man:
30495: added -p option
30496: [e60382fc0561]
30497:
30498: * sudo.c:
30499: added prompt support reworked parse_args()
30500: [2f605267ed4a]
30501:
30502: * sudo.h:
30503: added prompt
30504: [5ab021bdb419]
30505:
30506: * options.h:
30507: added PASSPROMPT
30508: [614727ff44a2]
30509:
30510: * check.c:
30511: now use BUFSIZ as length of kerb password added kpass so pass is
30512: always a char * now use prompt global when asking for a password
30513: [76be09af784f]
30514:
30515: * tgetpass.c:
30516: now use BUFSIZ as _PASSWD_LEN if using kerberos
30517: [1e907eed312b]
30518:
30519: * OPTIONS:
30520: added PASSPROMPT
30521: [ddb2f405ce40]
30522:
30523: 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
30524:
30525: * configure.in:
30526: only look for -lufc or -lcrypt if crypt() not in libc
30527: [9717d315661f]
30528:
30529: * check.c:
30530: don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
30531: (unknown user) silently fail
30532: [2b48693d4ee9]
30533:
30534: * INSTALL:
30535: added kerb4 note
30536: [986e393f740c]
30537:
30538: * tgetpass.c:
30539: HAVE_KERBEROS -> HAVE_KERB4
30540: [e438bfb5e6aa]
30541:
30542: * check.c:
30543: removed debugging printf
30544: [1cf9f5cbffa5]
30545:
30546: * configure.in:
30547: KERBEROS -> KERB4 added checks for setreuid & setresuid
30548: [01e9945beb1e]
30549:
30550: * config.h.in:
30551: HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
30552: [0e0bb5b8ac3e]
30553:
30554: * compat.h:
30555: added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
30556: with setresuid if applic
30557: [9dae24c47696]
30558:
30559: * check.c:
30560: HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
30561: no setreuid() or a broken one
30562: [1fca642bdb8e]
30563:
30564: 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
30565:
30566: * configure.in:
30567: added kerberos support
30568: [da5639b9b8e7]
30569:
30570: * config.h.in:
30571: added HAVE_KERBEROS
30572: [fcc5be550e65]
30573:
30574: * tgetpass.c:
30575: added KERBEROS support (long passwords)
30576: [303ba6924dd2]
30577:
30578: * check.c:
30579: added kerberos support
30580: [e40afe98fc1d]
30581:
30582: 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
30583:
30584: * sudo.h:
30585: added MODE_BACKGROUND
30586: [9b483c932016]
30587:
30588: * sudo.man:
30589: escaped dashes added -b option
30590: [62e84f1a7714]
30591:
30592: * sudo.c:
30593: added -b option
30594: [7e78aaefeb95]
30595:
30596: * check.c:
30597: added crypt() for osf/1 3.x enhanced secuiry
30598: [e9aa5abdb7d5]
30599:
30600: * configure.in:
30601: now check for -lcrypt
30602: [5cb9c67e9fa2]
30603:
30604: * interfaces.c:
30605: added ENXIO like EADDRNOTAVAIL
30606: [74223bb1ba75]
30607:
30608: 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
30609:
30610: * configure.in:
30611: now emulate getwd(), not getcwd()
30612: [3e5439d9a5f4]
30613:
30614: * sudo.c:
30615: getcwd() -> getwd()
30616: [6392a96a658e]
30617:
30618: * getwd.c:
30619: getcwd -> getwd
30620: [1b0ab9bae11e]
30621:
30622: 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
30623:
30624: * ins_2001.h, ins_classic.h, ins_goons.h:
30625: Initial revision
30626: [86db60d8cf00]
30627:
30628: * insults.h:
30629: broke out insults into separate include files
30630: [0a01993bd38a]
30631:
30632: * OPTIONS, options.h:
30633: added GOONS
30634: [e283203c6515]
30635:
30636: * Makefile.in:
30637: added ins_2001.h ins_classic.h ins_goons.h
30638: [2a39cd6a4cd2]
30639:
30640: * Makefile.in, version.h:
30641: ++version
30642: [05ebf4f5e41a]
30643:
30644: * visudo.c:
30645: moved signal handler setup to setup_signals()
30646: [3dd976c04540]
30647:
30648: * sudo.h:
30649: added load_interfaces()
30650: [af2d473b09e2]
30651:
30652: * sudo.c:
30653: moved load_interfaces to interfaces.c
30654: [5c8c138e5d4c]
30655:
30656: * parse.yacc:
30657: added clearaliases
30658: [aeb4ff301daa]
30659:
30660: * OPTIONS, options.h:
30661: added FAST_MATCH
30662: [f49ea3d1b525]
30663:
30664: * parse.lex:
30665: now uses clearaliases variable
30666: [a2dda415bf61]
30667:
30668: * interfaces.c:
30669: Initial revision
30670: [a1990e3f5c69]
30671:
30672: * Makefile.in:
30673: added interfaces.[co]
30674: [1e8e5984de97]
30675:
30676: * testsudoers.c:
30677: now uses ip addrs and netmasks via load_interfaces()
30678: [54b8f7a6835e]
30679:
30680: * sudo.c:
30681: now remove IFS instead of setting to "sane" value
30682: [ce7eec9f115e]
30683:
30684: 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
30685:
30686: * parse.c:
30687: added FAST_MATCH
30688: [816d4f5fe81a]
30689:
30690: 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
30691:
30692: * Makefile.in:
30693: sudo_goodpath.c-> goodpath.c
30694: [a5072c4e1de2]
30695:
30696: * sudo.c:
30697: added Andy's new ISC changes
30698: [caa6bbee358e]
30699:
30700: 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
30701:
30702: * OPTIONS:
30703: added a sentence to SECURE_PATH info
30704: [cad6e1569d15]
30705:
30706: * BUGS:
30707: added one
30708: [4b35cf699a83]
30709:
30710: * CHANGES:
30711: updated
30712: [5fded9dc62f0]
30713:
30714: * RUNSON:
30715: updated
30716: [33cb993cfd39]
30717:
30718: 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
30719:
30720: * RUNSON:
30721: updated for beta3
30722: [a05dc6a91995]
30723:
30724: * Makefile.in, version.h:
30725: ++version
30726: [54aaf3fadc75]
30727:
30728: * aclocal.m4:
30729: sendmail is now looked for in �/usr/ucblib
30730: [231ac1a4662f]
30731:
30732: * sudo.c:
30733: fixed indentation
30734: [fb137400c8c2]
30735:
30736: * aclocal.m4:
30737: fixed a typo
30738: [e03f1acc468b]
30739:
30740: * sudo.c:
30741: updated ISC mods
30742: [070290d4754b]
30743:
30744: * configure.in:
30745: added unixware case
30746: [e90250bae0d9]
30747:
30748: * check.c:
30749: user_is_exempt is no longer hidden
30750: [1a341765b8af]
30751:
30752: * RUNSON:
30753: updated
30754: [a9c4898b26dd]
30755:
30756: * aclocal.m4:
30757: isc and riscos changes
30758: [98b5d86585d1]
30759:
30760: * OPTIONS:
30761: added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
30762: [e1ecc464ce4b]
30763:
30764: * Makefile.in:
30765: fixed a typo and added testsudoers stuff
30766: [435d60e163dc]
30767:
30768: * testsudoers.c:
30769: Initial revision
30770: [6ce14a448662]
30771:
30772: 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
30773:
30774: * parse.yacc:
30775: applied fixed patch from Chris
30776: [cd6144203d13]
30777:
30778: 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
30779:
30780: * Makefile.in:
30781: fixed a typo
30782: [34f8a54ba041]
30783:
30784: * parse.yacc:
30785: added a set of braces for bison
30786: [f0e43b938914]
30787:
30788: * parse.yacc:
30789: merged in Chris' changes to dekludge the parser.
30790: [82d6e373ab1c]
30791:
30792: * logging.c:
30793: send_mail() was calling find_path() which is wrong since find_path()
30794: stores cmnd in a static var. Anyhow, it doesn't make much sense
30795: since MAILER should always be fully qualified
30796: [6eae6a0b8098]
30797:
30798: 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
30799:
30800: * sample.sudoers:
30801: added User_Alias stuff
30802: [aaba8c8e918d]
30803:
30804: * aclocal.m4:
30805: SUDO_NEXT now looks for /usr/lib/NextStep/software_version
30806: [52bd81f34b32]
30807:
30808: * RUNSON:
30809: added DEC UNIX 3.0 w/ gcc
30810: [7daf570775b5]
30811:
30812: * visudo.c:
30813: Exit was being used in places where exit should be used
30814: [6026a89c07ed]
30815:
30816: * sudoers:
30817: added "User alias specification"
30818: [a487b6e234f8]
30819:
30820: * parse.yacc:
30821: fixed probs caused by making nslots and naliases a size_t
30822: [0be919384f3f]
30823:
30824: * RUNSON:
30825: added KSR, upped rev to 1.3.1b2
30826: [ce04ee6faadf]
30827:
30828: * logging.c, parse.yacc:
30829: 1024 -> BUFSIZ
30830: [cd6dda45fa11]
30831:
30832: * parse.yacc:
30833: void * -> VOID * naliases and nslots are now size_t to appease
30834: lsearch on 64-bit machines
30835: [bf2f807c0dc1]
30836:
30837: 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
30838:
30839: * TODO:
30840: did a bunch of things and added a bunch :-)
30841: [42afd957b829]
30842:
30843: * PORTING:
30844: updated
30845: [972f95c85776]
30846:
30847: * visudo.man:
30848: closer to BSD manpage style
30849: [07ae88f50325]
30850:
30851: * sudo.man:
30852: closer to standard BSD man format
30853: [372c28dcc135]
30854:
30855: * compat.h, config.h.in, emul/search.h, insults.h, options.h,
30856: pathnames.h.in, sudo.h, version.h:
30857: added RCS id
30858: [c0ec90b81002]
30859:
30860: * sudo.h:
30861: removed crufty #defines that are no longer used
30862: [35e2b4b477f0]
30863:
30864: * BUGS:
30865: fixed a bug
30866: [5bb3e1bee85e]
30867:
30868: * sudo.man:
30869: updated based on sudo changes
30870: [e65de1cae438]
30871:
30872: * parse.yacc:
30873: now allow ALL keyword in User_Aliases now allow ALL keyword as well
30874: as a NAME or ALIAS
30875: [1fb31404dd0f]
30876:
30877: * CHANGES:
30878: updated
30879: [b24018ac610b]
30880:
30881: * sudo.c:
30882: now sets SUDO_COMMAND and SUDO_GID envariables.
30883: [e9d791557fb7]
30884:
30885: * aclocal.m4:
30886: fixed bug with full void impl check
30887: [35715301023c]
30888:
30889: * parse.yacc:
30890: fixed User_Alias supoprt
30891: [4c30dfbaaa07]
30892:
30893: * parse.yacc:
30894: added stubs for User_Alias support
30895: [f4afbd247edf]
30896:
30897: * sudo.c:
30898: now sets removes # bogus interfaces from num_interfaces
30899: [6f077fac9ab1]
30900:
30901: * parse.lex:
30902: added User_Alias support
30903: [bc7997e5df85]
30904:
30905: 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
30906:
30907: * Makefile.in:
30908: removed extraneous TODO
30909: [bc87a3b14d6d]
30910:
30911: 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
30912:
30913: * visudo.c:
30914: ntwk_matches -> addr_matches
30915: [475044e288b8]
30916:
30917: * parse.yacc:
30918: ntwk_matches -> addr_matches
30919: [dd1f4093fd2d]
30920:
30921: * parse.c:
30922: ntwk_matches -> addr_matches now use inet_addr() not inet_network()
30923: (which expects octet boundaries) fixes for OSF (sizeof(int) !=
30924: sizeof(long))
30925: [acd2f556940f]
30926:
30927: * sudo.c:
30928: took out debugging info
30929: [044023063eca]
30930:
30931: * aclocal.m4:
30932: OS was being set to unknown before non-uname based host checks.
30933: This caused no checks to happen since $OS was not zero-length.
30934: [335a7267479d]
30935:
30936: * sudo.c:
30937: fixed loading of interfaces struct still has debugging info in
30938: though
30939: [2d1a18998c1e]
30940:
30941: * parse.c:
30942: fixed typo
30943: [175674a3a9fa]
30944:
30945: 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
30946:
30947: * Makefile.in:
30948: ++version
30949: [55d191b5daa3]
30950:
30951: * version.h:
30952: ++
30953: [d7d1f115696a]
30954:
30955: * visudo.c:
30956: removed extraneous extern decl of "top
30957: [50355621047d]
30958:
30959: * visudo.c:
30960: now zeros "top"
30961: [4e683210345b]
30962:
30963: * parse.yacc:
30964: removed parser_cleanup (no need for it now)
30965: [afa59f222b6c]
30966:
30967: * parse.lex:
30968: now calls reset_aliases() directly
30969: [3a23cbd60fc0]
30970:
30971: 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
30972:
30973: * OPTIONS:
30974: added a sentence to SECURE_PATH description
30975: [c5bf75b85af0]
30976:
30977: * parse.c:
30978: fixed my stupid bug where I used NAMLEN on something I wanted to
30979: just get the name from. argh.
30980: [111f460f6540]
30981:
30982: 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
30983:
30984: * lsearch.c:
30985: fixed argument order of memmove() that i hosed when converting from
30986: bcopy(). arghh.
30987: [2f5336045c8b]
30988:
30989: * Makefile.in:
30990: finally fixed DISTFILES line
30991: [a1b419e73a63]
30992:
30993: * Makefile.in:
30994: tabs -> spaces
30995: [280fb03e5764]
30996:
30997: * Makefile.in:
30998: added missing files to DISTFILES
30999: [991fc1cd2263]
31000:
31001: * Makefile.in:
31002: SUPPORTED -> RUNSON
31003: [7580e65b05fb]
31004:
31005: 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
31006:
31007: * TODO:
31008: updated
31009: [fe764a29c1cc]
31010:
31011: * RUNSON:
31012: updated for pl5b1 release
31013: [aefc35bd2291]
31014:
31015: * BUGS, TODO:
31016: updated
31017: [8f0ea249b687]
31018:
31019: * check.c:
31020: fixed bug where if you hit return at first sudo prompt it would
31021: still log as a failure
31022: [24539c854692]
31023:
31024: * CHANGES:
31025: updated
31026: [251cc7b3ede4]
31027:
31028: * aclocal.m4:
31029: better test for bogus void * implementation
31030: [efe23180cb88]
31031:
31032: * logging.c:
31033: added PASSWORDS_NOT_CORRECT
31034: [bd12c73f83f7]
31035:
31036: * check.c:
31037: added PASSWORDS_NOT_CORRECT stuff]
31038: [90de391a979f]
31039:
31040: * sudo.h:
31041: added PASSWORDS_NOT_CORRECT
31042: [727fbeb76fc5]
31043:
31044: * tgetpass.c:
31045: moved pathnames.h
31046: [4f910e5a8df7]
31047:
31048: * sudo.c:
31049: removed some unused vars and fixed up uid2str
31050: [70e92c7f9076]
31051:
31052: * putenv.c:
31053: moved compat.h
31054: [b271091586f6]
31055:
31056: * getcwd.c, getwd.c:
31057: added pathnames.h
31058: [6f25218f133f]
31059:
31060: 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
31061:
31062: * parse.yacc:
31063: fixed a typo I introduced in the last checkin :-(
31064: [62c3af75c4fe]
31065:
31066: * parse.lex:
31067: can't have #ifdef's where N is defined so just do this the broken
31068: way for AIX
31069: [c5648a5594e4]
31070:
31071: * parse.yacc:
31072: better hack from Chris (but still a hack)
31073: [6b6d8aed93f3]
31074:
31075: * parse.lex:
31076: stupid hack for broken aix lex
31077: [efc3f9e5280e]
31078:
31079: * tgetpass.c:
31080: now includes compat.h �
31081: [401822173f77]
31082:
31083: * visudo.c:
31084: now includes fcntl.h
31085: [63865c2f8ac6]
31086:
31087: * compat.h:
31088: added FD_SET and FD_ZERO for 4.2BSD
31089: [00c5597c0bb0]
31090:
31091: * parse.yacc:
31092: dirty hack to fix parser bug. i don't really like this but it works
31093: for now...
31094: [5b8bbdc81569]
31095:
31096: * sudo.c:
31097: uid2str is now static like the prototype says
31098: [f2a97b5cb870]
31099:
31100: 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
31101:
31102: * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
31103: updated
31104: [6f79c3e92716]
31105:
31106: * RUNSON:
31107: Initial revision
31108: [12a09ef9e884]
31109:
31110: * sudo.c:
31111: check_sudoers now returns an error code and sudo calls inform_user
31112: and log_error based on the return value.
31113: [340eca188d9a]
31114:
31115: * logging.c, sudo.h:
31116: added entries for new errors
31117: [6050d8542e1f]
31118:
31119: * parse.c:
31120: now set uid to that of SUDOERS_OWNER while parsing sudoers file
31121: [3683c42bc9b0]
31122:
31123: * Makefile.in:
31124: took out testsudoers �
31125: [65317d49db48]
31126:
31127: * sudo.c:
31128: now explicately checks that it is setuid root
31129: [2fe1be60ef6a]
31130:
31131: * sudo.c:
31132: If a user has no passwd entry sudo would segv (writing to a garbage
31133: pointer). Now allocate space before writing :-)
31134: [d08e7eb5e5ef]
31135:
31136: * configure.in:
31137: reordered AC_CHECK_FUNCS
31138: [4c82e56c6f4f]
31139:
31140: * config.h.in:
31141: fixed memset macro
31142: [77ede6b714ab]
31143:
31144: * tgetpass.c, visudo.c:
31145: bzero -> memset
31146: [1a005bb322c8]
31147:
31148: * logging.c:
31149: bzero -> memset when a parse error is logged the line number of the
31150: error is now logged too
31151: [a42d68047723]
31152:
31153: * INSTALL:
31154: added Sunos to blurb about c2 security
31155: [af750a1d131e]
31156:
31157: * configure.in:
31158: added a SUN4 define for C2 security
31159: [6ad5b23a3eb0]
31160:
31161: * config.h.in:
31162: bcopy -> memmove bzero -> memset
31163: [5494460c8464]
31164:
31165: * lsearch.c:
31166: bcopy -> memmove char * -> VOID *
31167: [a15f5c316e16]
31168:
31169: * check.c:
31170: added support for sunos with C2 security
31171: [03fea5bb21e6]
31172:
31173: * OPTIONS, options.h:
31174: reordered
31175: [1686265af3e1]
31176:
31177: * pathnames.h.in:
31178: _PATH_SUDO_LOGFILE now set based on configure
31179: [5867b58e4a04]
31180:
31181: * configure.in:
31182: added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
31183: [1984d9fd1b5c]
31184:
31185: * config.h.in:
31186: added _SUDO_PATH_LOGFILE
31187: [dd3eebe62580]
31188:
31189: * aclocal.m4:
31190: added SUDO_LOGFILE to find where to put sudo.log added
31191: SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
31192: SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
31193: [c589a515a99a]
31194:
31195: 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
31196:
31197: * TROUBLESHOOTING:
31198: Initial revision
31199: [f42f1baba3a8]
31200:
31201: * sudo.c:
31202: now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
31203: to work around a problem is trusted hpux shadow passwords. yuck.
31204: [ae1f13b54687]
31205:
31206: * parse.yacc:
31207: backed out a change in malloc/realloc
31208: [ab868db0ad69]
31209:
31210: * parse.yacc:
31211: now include stdlib.h
31212: [957eef0631eb]
31213:
31214: * visudo.c:
31215: now do an freopen() of the stmp file so that yyin will always point
31216: to the same thing. This is important for flex since we are doing a
31217: YY_NEWFILE
31218: [44558922fd3e]
31219:
31220: * parse.yacc:
31221: replaced yywrap() with parser_cleanup() since yywrap() needs to be
31222: in parse.lex to be able to use YY_NEW_FILE. sigh.
31223: [12dd09921074]
31224:
31225: * parse.lex:
31226: now have a rule that matches anything that doesn't match an
31227: explicite rule. well, you know what i mean (. matches anything not
31228: yet matched). However, this means that there is input still queued
31229: up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
31230: into parse.lex and it calls parser_cleanup() which is most of the
31231: old yywrap() sigh.
31232: [7f4042bc48d6]
31233:
31234: * SUPPORTED:
31235: no longer used
31236: [8f220be4da94]
31237:
31238: * getcwd.c, getwd.c:
31239: moved compat.h to be the last include file
31240: [9f3a65e2d485]
31241:
31242: * parse.yacc:
31243: fixed type of aliascmp() args
31244: [1c27eb989bdf]
31245:
31246: * find_path.c:
31247: NULL -> '\0'
31248: [5c8d8cf1692e]
31249:
31250: * parse.yacc:
31251: added casts to lfind and lsearch args for irix
31252: [61027ddeecf8]
31253:
31254: * Makefile.in:
31255: bsdinstall -> install-sh
31256: [61de6612c5a5]
31257:
31258: * INSTALL:
31259: added info about make realclean
31260: [29c6324d727f]
31261:
31262: * Makefile.in:
31263: updated VERSION added dependencies for visudo.cat
31264: [09077d7229d4]
31265:
31266: * version.h:
31267: -> pl5b1
31268: [5d21c7ad1a41]
31269:
31270: * sudo.c:
31271: took out -l
31272: [fc1478d81b38]
31273:
31274: * Makefile.in:
31275: now there is a real visudo.man and visudo.cat
31276: [58aeac43a6dd]
31277:
31278: * sudo.man:
31279: took out visudo stuff
31280: [4a6ac4393343]
31281:
31282: * visudo.man:
31283: Initial revision
31284: [cba348843db8]
31285:
31286: * parse.c, parse.lex, parse.yacc:
31287: updated copyright
31288: [ffa16b70944a]
31289:
31290: * README:
31291: updated for pl5
31292: [a26e423e9e5f]
31293:
31294: * sudo.man:
31295: updated Nieusma & Hieb email addresses
31296: [f0083e71989d]
31297:
31298: * INSTALL:
31299: updated to include options.h and OPTIONS
31300: [ee59e2b76c94]
31301:
31302: * CHANGES, TODO:
31303: updated
31304: [51e011ad5220]
31305:
31306: * BUGS:
31307: eliminated bug #1 (yay)
31308: [e7e88515494e]
31309:
31310: * configure.in:
31311: sunos no longer gets linked statically
31312: [2e5b3ff3108f]
31313:
31314: 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
31315:
31316: * parse.lex:
31317: prototype now uses __P()
31318: [68ecdcab4c70]
31319:
31320: * parse.lex:
31321: make fill() non-ansi
31322: [d6509972260b]
31323:
31324: * parse.c:
31325: made -v (validate) work
31326: [13c9d520638c]
31327:
31328: * logging.c:
31329: now gives host
31330: [f04859cdba5a]
31331:
31332: * find_path.c:
31333: don't check for execute/statable if fq or relative path given
31334: [4bbe851f3973]
31335:
31336: * parse.c:
31337: added a cast
31338: [345c308f72f3]
31339:
31340: * visudo.c:
31341: now include ctype.h for islower and tolower macros
31342: [582c0aa332d5]
31343:
31344: * goodpath.c:
31345: moved _S_IFMT & _S_ISREG to compat.h
31346: [828e4ca4e7b4]
31347:
31348: * sudo.c:
31349: moved a set of parens
31350: [5783474ecf37]
31351:
31352: * strdup.c:
31353: now include compat.h
31354: [75e2036b94af]
31355:
31356: * emul/search.h:
31357: void * -> VOID *
31358: [cedcfaf04161]
31359:
31360: * parse.yacc:
31361: now cast malloc & realloc return vals added search for HAVE_LSEARCH
31362: now use strcmp if no strcasecmp available
31363: [d6a42bc3d4ae]
31364:
31365: * lsearch.c:
31366: void * -> VOID *
31367: [886adc44f607]
31368:
31369: * config.h.in:
31370: removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
31371: HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
31372: [3b50d7fb4349]
31373:
31374: * compat.h:
31375: added _S_IFMT, _S_IFREG, and S_ISREG
31376: [73d506c7d53c]
31377:
31378: * aclocal.m4:
31379: took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
31380: to most SUDO_* macros
31381: [8442155f5936]
31382:
31383: * Makefile.in:
31384: no more -I.
31385: [63462f195bd4]
31386:
31387: * configure.in:
31388: various 1.x ro 2.x autoconf changes now check for strcasecmp now use
31389: AC_INSTALL_PROG instead of custom one added check for fully woorking
31390: void implementation
31391: [5ac6b6e6230f]
31392:
31393: * Makefile.in:
31394: added lsearch & search.h visudo links into $(LIBOBJS)
31395: [bc119cda4598]
31396:
31397: * aclocal.m4:
31398: partial 1.x to 2.x changes added SUDO_FULL_VOID
31399: [1194d01fa5c5]
31400:
31401: * visudo.c:
31402: whatnow_help was prototyped to be static be was not declared as
31403: such
31404: [0f85489dd426]
31405:
31406: * configure.in:
31407: autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
31408: for dirent/dir/ndir.h
31409: [7408f3854948]
31410:
31411: * parse.c:
31412: now use groovy gnu autoconf macro AC_HEADER_DIRENT
31413: [e465db9f5dfa]
31414:
31415: * getcwd.c, getwd.c:
31416: MAXPATHLEN -> MAXPATHLEN+1
31417: [714d87424e21]
31418:
31419: * emul/search.h, lsearch.c:
31420: Initial revision
31421: [55d79482c535]
31422:
31423: 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
31424:
31425: * parse.yacc:
31426: eliminated bison warnings
31427: [61ca0a96da22]
31428:
31429: * parse.lex:
31430: added missing case
31431: [6be0f849747c]
31432:
31433: * visudo.c:
31434: now iincludes signal.h
31435: [221e0fcc144f]
31436:
31437: * parse.yacc:
31438: only clear data structures on a parse error
31439: [7b1c0f1a4527]
31440:
31441: * visudo.c:
31442: whatnow() now gives help on invalid input
31443: [e5a4cd88c587]
31444:
31445: * visudo.c:
31446: added a whatnow() function (sort of like mh)
31447: [932d9b145f1c]
31448:
31449: * parse.yacc:
31450: kill_aliases -> reset_aliases yywrap() now cleans up by calling
31451: reset_aliases() and clearing top took reset stuff out of yyerror()
31452: since it doesn't beling there (and doesn't work anyway). errorlineno
31453: is now initially set to -1 so we can set it to the first error that
31454: occurrs (it was getting set to the last)
31455: [2f71f95a974c]
31456:
31457: * parse.lex:
31458: added a void cast
31459: [18ae6042dce4]
31460:
31461: * visudo.c:
31462: rewrote from scratch based on 4.3BSD vipw.c
31463: [2f6814f18576]
31464:
31465: 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
31466:
31467: * sudo.c, sudo.h:
31468: removed ocmnd
31469: [a31735f41ad4]
31470:
31471: * sudo.h:
31472: no more sudo_realpath() and find_path() changed params
31473: [8e85c3b39159]
31474:
31475: * sudo.c:
31476: find_path() changed since no more realpath()
31477: [b25366c7f2ee]
31478:
31479: * parse.yacc:
31480: on error, errorlineno is set to the line where the error occurred
31481: added kill_aliases() to free the aliases struct now clean up in
31482: yyerror() so we can reparse cleanly
31483: [2342f578c27a]
31484:
31485: * options.h, parse.c:
31486: no more USE_REALPATH
31487: [cfc59babeaff]
31488:
31489: * logging.c:
31490: changed to use new find_path()
31491: [91c7a38e7751]
31492:
31493: * find_path.c:
31494: removed all the realpath() stuff
31495: [cc21a43a8562]
31496:
31497: * Makefile.in:
31498: sudo_realpath.c -> sudo_goodpath.c
31499: [03a9b1ddec2f]
31500:
31501: * visudo.c:
31502: now works correctly with utk parser
31503: [08aa554a0ce8]
31504:
31505: * goodpath.c:
31506: Initial revision
31507: [1ea607e1ffb2]
31508:
31509: * sudo_realpath.c:
31510: eliminated a compiler warning
31511: [198bcccc55b6]
31512:
31513: * sudo.c:
31514: elinated compiler warning
31515: [e2384f9a878b]
31516:
31517: * sudo_realpath.c:
31518: added sudo_goodpath()
31519: [43878c4cc540]
31520:
31521: * sudo.h:
31522: added prototype for sudo_goodpath
31523: [23e8627a2265]
31524:
31525: * parse.c:
31526: added support for /sys/dir.h
31527: [eca897087741]
31528:
31529: * options.h:
31530: USE_REALPATH turned off
31531: [620ac8b63d85]
31532:
31533: * find_path.c:
31534: added calls to sudo_goodpath()
31535: [ad170904fbcd]
31536:
31537: * configure.in:
31538: added check for dirent.h
31539: [7964a8c26855]
31540:
31541: * config.h.in:
31542: added HAVE_DIRENT_H
31543: [1f785fec7e19]
31544:
31545: * configure.in:
31546: added in linux shadow pass stuff �
31547: [e585a5785f50]
31548:
31549: 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
31550:
31551: * visudo.c:
31552: added back host, user, cmnd, parse_error
31553: [0ec19f3d64f4]
31554:
31555: * visudo.c:
31556: added in utk changes plus some minor cosmetic changes
31557: [c5c1921c8a58]
31558:
31559: * sudo.c, sudo_realpath.c:
31560: added void casts for printf's
31561: [9c6ff11c0082]
31562:
31563: * options.h:
31564: added a define of USE_REALPATH
31565: [db3711c9efc5]
31566:
31567: * configure.in:
31568: there is no more visudoers/Makefile
31569: [36e1bc1f78d0]
31570:
31571: * Makefile.in:
31572: added in utk changes (visudo is now built from the toplevel)
31573: [76203d4b345d]
31574:
31575: * find_path.c:
31576: added (void) casts to printf's
31577: [dd5cb1e060ac]
31578:
31579: * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
31580: merged in utk changes
31581: [35563307fd8e]
31582:
31583: 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
31584:
31585: * find_path.c:
31586: now check to see that what we are trying to run is a file (or a link
31587: to a file, we do a stat(2) so there is no diff)
31588: [05889c4bcace]
31589:
31590: 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
31591:
31592: * CHANGES:
31593: updated
31594: [3e8047bb26fb]
31595:
31596: * Makefile.in:
31597: aclocal.m4 -> acsite.m4 make realclean updated for new autoconf �
31598: [0bdbaa7c4c7d]
31599:
31600: * sudo.man:
31601: added myself as maintainer
31602: [77a9d75aab84]
31603:
31604: 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
31605:
31606: * sudo.c:
31607: changed setegid -> setgid
31608: [7f4788d73b6f]
31609:
31610: 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
31611:
31612: * configure.in:
31613: fixed the test for irix 5.x to skip bad libs
31614: [bfef896de013]
31615:
31616: * aclocal.m4:
31617: now initialize OS and OSREV
31618: [cc302756e440]
31619:
31620: 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
31621:
31622: * configure.in:
31623: irix5 changes
31624: [ac985b23f5f2]
31625:
31626: * configure.in:
31627: AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
31628: compatibility
31629: [0cf8c92a06d7]
31630:
31631: 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
31632:
31633: * visudo.c:
31634: use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
31635: thing wrt yyrestart (grrrr)
31636: [18e8eabfbb82]
31637:
31638: 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
31639:
31640: * Makefile.in:
31641: added visudoers/compat.h to DISTFILES
31642: [db23b574b034]
31643:
31644: * configure.in:
31645: fixed an echo
31646: [7cbc0462b89d]
31647:
31648: * sudo.c:
31649: added ocmnd declaration adjusted for find_path()'s new parameters
31650: [d929cd156474]
31651:
31652: * sudo.h:
31653: added ocmnd extern adjusted find_path() prototype
31654: [e0004daf5d3c]
31655:
31656: * parse.c:
31657: cmndcmp() now takes 3 arguments and checks against the qualified as
31658: well as the unqualified pathname. more code that should use
31659: cmndcmp() but did not, now does
31660: [6f70a8c17bee]
31661:
31662: * options.h:
31663: added to a comment
31664: [7a78680426b2]
31665:
31666: * logging.c:
31667: changed to use new find_path() parameter passing
31668: [840981d30db4]
31669:
31670: * find_path.c:
31671: find_path() now takes 2 copyout parameters (one for the qualified
31672: pathname and one for the unqualified pathname). The third parameter
31673: may be NULL.
31674: [851503b005e9]
31675:
31676: * configure.in:
31677: no longer munge pathnames.h
31678: [427d8796c5a9]
31679:
31680: * pathnames.h.in:
31681: changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
31682: as a result, pathnames.h does not need to be run through configure
31683: and the user can override the configured values easily.
31684: [2e378f2ebe88]
31685:
31686: * config.h.in:
31687: added _SUDO_PATH_* entries
31688: [0857de7cebab]
31689:
31690: * aclocal.m4:
31691: _PATH* -> _SUDO_PATH_*
31692: [7601193f56cc]
31693:
31694: * Makefile.in:
31695: updated DISTFILES and HDRS .o's now depend on config.h
31696: [39d8601965cf]
31697:
31698: 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
31699:
31700: * compat.h:
31701: removed extraneous #endif
31702: [27d4c5f2ce7e]
31703:
31704: * aclocal.m4:
31705: added SUDO_PROG_MV
31706: [76dda3bdd816]
31707:
31708: * configure.in:
31709: added SUDO_PROG_MV added riscos and isc os types took out
31710: -DSHORT_MESSAGE from --with-csops since it is now the default
31711: [68c206ad976e]
31712:
31713: * sudo.c:
31714: move the include of id.h to compat.h now includes options.h
31715: [45a1eaafb3a8]
31716:
31717: * sudo.h:
31718: moved compatibility #defines to compat.h
31719: [0eee27057698]
31720:
31721: * pathnames.h.in:
31722: added _PATH_MV
31723: [e830797ab320]
31724:
31725: * config.h.in:
31726: move __P to compat.h
31727: [188e12e0ba93]
31728:
31729: * getcwd.c, getwd.c, putenv.c:
31730: now includes compat.h
31731: [c72cb6d73981]
31732:
31733: * compat.h:
31734: Initial revision
31735: [d4d2f359ae03]
31736:
31737: 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
31738:
31739: * sudo.h:
31740: pull user-configurable stuff out and put in options.h
31741: [ef929467b070]
31742:
31743: 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
31744:
31745: * parse.lex, parse.yacc, visudo.c:
31746: now includes options.h
31747: [e36d7c82add1]
31748:
31749: * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
31750: sudo_setenv.c:
31751: now includes options.h
31752: [f186ba03de07]
31753:
31754: * Makefile.in:
31755: added visudoers/options.h
31756: [e5350c476494]
31757:
31758: * OPTIONS, options.h:
31759: Initial revision
31760: [9b6b5001e318]
31761:
31762: * Makefile.in:
31763: added OPTIONS and options.h
31764: [25448341e16a]
31765:
31766: * logging.c:
31767: changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
31768: [5dd6385dd1d3]
31769:
31770: * check.c, sudo.h:
31771: changed PASSWORD_TIMEOUT to minutes
31772: [0ec6aab98738]
31773:
31774: 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
31775:
31776: * visudo.c:
31777: now only do Editor +line_num if line_num != 0
31778: [b69f04b5e3c7]
31779:
31780: 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
31781:
31782: * visudo.c:
31783: now use mv if rename(2) fails
31784: [83210dca1bab]
31785:
31786: * BUGS:
31787: added a visudo bug
31788: [d61a806f9aa7]
31789:
31790: * check.c:
31791: expanded comment
31792: [641f2cba94cb]
31793:
31794: 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
31795:
31796: * check.c:
31797: fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
31798: [7a11135039a8]
31799:
31800: 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
31801:
31802: * sudo.c:
31803: added mips & isc support
31804: [e258dc053119]
31805:
31806: * parse.c:
31807: added support for non-root owned sudoers file
31808: [fea07e65a0fc]
31809:
31810: * check.c:
31811: added exempt group support
31812: [928fb4bd9ad5]
31813:
31814: * sudo.h:
31815: added set_perms() support added SUDOERS_OWNER so can have non-root
31816: own sudoers file added exempt group support added isc support
31817: [61c578d31fc1]
31818:
31819: * visudo.c:
31820: now copy sudoers to temp file via read/write (not stdio) now chown
31821: new sudoers file to SUDOERS_OWNER
31822: [a5176c59df70]
31823:
31824: 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
31825:
31826: * configure.in:
31827: added skey support
31828: [35a8d2fabdb7]
31829:
31830: * sudo_realpath.c:
31831: be_* -> setperms()
31832: [a1631d686e1c]
31833:
31834: * sudo.h:
31835: fixed typo added set_perms support added skey support added
31836: seteuid()/setegid() emulation for AIX
31837: [c0c8d6771406]
31838:
31839: * sudo.c:
31840: be_* -> setperms() now check to make sure sudoers file is owned by
31841: root nread/write by only root
31842: [13ab1e261f1a]
31843:
31844: * logging.c, parse.c:
31845: be_* -> setperms()
31846: [21499d845c8f]
31847:
31848: * check.c:
31849: be_* -> set_perms() added skey support
31850: [df51b56871c1]
31851:
31852: 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
31853:
31854: * Makefile.in:
31855: ++version
31856: [3c1abbe4e43c]
31857:
31858: * version.h:
31859: ++
31860: [1d2f9b540a95]
31861:
31862: 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
31863:
31864: * sudo.c:
31865: now sets IFS
31866: [eabbb41b9f08]
31867:
31868: * insults.h:
31869: fixed typo
31870: [c7997f19216e]
31871:
31872: 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
31873:
31874: * config.h.in:
31875: added HAVE_SKEY
31876: [da948ec4186b]
31877:
31878: 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
31879:
31880: * CHANGES:
31881: updated
31882: [f4b55ab007ea]
31883:
31884: * Makefile.in:
31885: ++version
31886: [0489068b8c95]
31887:
31888: * version.h:
31889: ++
31890: [d189faedf423]
31891:
31892: * sudo.c:
31893: now bail if ARgv[1] > MAXPATHLEN
31894: [0cea8ecc9dc2]
31895:
31896: * configure.in:
31897: added function check for tcgetattr(3)
31898: [e03289b22c2f]
31899:
31900: * config.h.in:
31901: only define HAVE_TERMIOS_H if you have tcgetattr(3)
31902: [757eab83d1a2]
31903:
31904: * config.h.in:
31905: added check for tcgetattr
31906: [c5ae92715930]
31907:
31908: 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
31909:
31910: * CHANGES:
31911: updated
31912: [cbc419883108]
31913:
31914: 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
31915:
31916: * parse.lex:
31917: now only include unistd.h for linux
31918: [e9adeab95ef0]
31919:
31920: 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
31921:
31922: * Makefile.in:
31923: added visudo.8 generation
31924: [d6a3f0f887f8]
31925:
31926: * configure.in:
31927: added -Wl,-bI:./aixcrypt.exp to aix flags
31928: [72594a21edcf]
31929:
31930: 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
31931:
31932: * BUGS:
31933: added one
31934: [9993a349e096]
31935:
31936: * CHANGES:
31937: updated
31938: [297b31ec4cdd]
31939:
31940: * README:
31941: added mailing list info
31942: [10372f94a2b2]
31943:
31944: * parse.yacc:
31945: now use sudolineno instead of yylineno fixed bison warnings
31946: [25a83e62057b]
31947:
31948: * configure.in:
31949: now use -no_library_replacement for osf don't make a static binary
31950: for hpux >= 9.0
31951: [1fa7b892f1a3]
31952:
31953: * tgetpass.c:
31954: added string.h/strings.h inclusion
31955: [71faa98fc0a1]
31956:
31957: * config.h.in:
31958: added ssize_t def
31959: [406284bd1ac0]
31960:
31961: * parse.lex:
31962: added inclusion of string.h/strings.h
31963: [6985b1df5d09]
31964:
31965: * aclocal.m4:
31966: fixed uname | sed (needed to quote the '[')
31967: [4cd2d3415c1a]
31968:
31969: * parse.lex:
31970: replaced yylineno with sudolineno fixed bison syntax errors
31971: [0bd31a5fab26]
31972:
31973: * visudo.c:
31974: changed yylineno to sudolineno since yylineno cannot be counted
31975: upon.
31976: [38c30104d0ae]
31977:
31978: * TODO:
31979: updated
31980: [5d4746f1a752]
31981:
31982: * parse.c:
31983: added code to support command listings
31984: [030172e133fd]
31985:
31986: * sudo.c:
31987: added code for -l flag
31988: [801dbbc82778]
31989:
31990: * sudo.man:
31991: fixed typo added info for -l flag
31992: [8916ca945d65]
31993:
31994: * configure.in:
31995: AC_SSIZE_T -> SUDO_SSIZE_T
31996: [c61f7f47013f]
31997:
31998: * aclocal.m4:
31999: added SUDO_SSIZE_T
32000: [0ccdb77be84d]
32001:
32002: * sudo.h:
32003: added MODE_LIST
32004: [9b2bd844c76c]
32005:
32006: * configure.in:
32007: added AC_SSIZE_T
32008: [35cca208f9b5]
32009:
32010: * find_path.c, sudo_realpath.c:
32011: readlink() is now declared as returning ssize~_t
32012: [0640a08d1407]
32013:
32014: * configure.in:
32015: added -laud for OSF c2
32016: [b7539c905efc]
32017:
32018: 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
32019:
32020: * Makefile.in, visudo.c:
32021: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
32022: [067fd9bcb5e1]
32023:
32024: * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
32025: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
32026: [fc46e7c7110a]
32027:
32028: * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
32029: parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
32030: sudo_setenv.c, tgetpass.c, version.h:
32031: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
32032: [d1d4fbc53a98]
32033:
32034: 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
32035:
32036: * Makefile.in:
32037: ++version
32038: [b7066d97633f]
32039:
32040: * version.h:
32041: ++
32042: [65ec69d88110]
32043:
32044: * logging.c:
32045: added host to alertmail messages
32046: [d973c19ce777]
32047:
32048: * CHANGES, TODO:
32049: udpated
32050: [5a65eb16faeb]
32051:
32052: * logging.c:
32053: fixed logging problem where mail would not say which user it was
32054: [35723edcc5d2]
32055:
32056: * configure.in:
32057: added -laud for gcc if osf & c2
32058: [18f1e0ae5548]
32059:
32060: * check.c:
32061: moved set_auth_parameters to sudo.c
32062: [d23112fe01db]
32063:
32064: * sudo.c:
32065: added set_auth_parameters for osf
32066: [eb70f65214ac]
32067:
32068: * configure.in:
32069: cleaned up -static stuff
32070: [01e9575f0422]
32071:
32072: * Makefile.in:
32073: ++version
32074: [7ac3bff5c770]
32075:
32076: * version.h:
32077: ++
32078: [10a4ff478469]
32079:
32080: * sudo.c:
32081: changed setenv() to sudo_setenv()
32082: [40a78abb9946]
32083:
32084: * check.c:
32085: fixed osf problem
32086: [3d69b118efb8]
32087:
32088: * configure.in:
32089: added OSF C2 stuff
32090: [38cff3ad4093]
32091:
32092: * CHANGES:
32093: updated
32094: [cd341dd0581a]
32095:
32096: * check.c:
32097: added osf auth support & removed some extra spaces
32098: [a448cdd81514]
32099:
32100: * INSTALL, SUPPORTED:
32101: added osf C2 stuff
32102: [f70484796146]
32103:
32104: 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
32105:
32106: * TODO:
32107: added 2 suggestions
32108: [695fbdbd86e6]
32109:
32110: * Makefile.in:
32111: removed README.v1.3.1 and added VERSION stuff
32112: [f69403eb04c6]
32113:
32114: * version.h:
32115: pl1
32116: [21580c0f8cb1]
32117:
32118: 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
32119:
32120: * version.h:
32121: 1.3.1final
32122: [630114970298]
32123:
32124: * Makefile.in:
32125: added HISTORY
32126: [901bff251614]
32127:
32128: * sudo.man:
32129: mention HISTPRY file
32130: [86dbcfd4326e]
32131:
32132: * sudo.c:
32133: use sizeof instead of a constant in 1 place
32134: [d819604c68ca]
32135:
32136: * parse.yacc:
32137: added unistd.h
32138: [6f9500f9fe7e]
32139:
32140: * parse.lex:
32141: added unistd.h
32142: [468b81a276eb]
32143:
32144: * README:
32145: udpated
32146: [7e275618923a]
32147:
32148: * HISTORY:
32149: Initial revision
32150: [5db1b0a3939b]
32151:
32152: 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
32153:
32154: * version.h:
32155: ++
32156: [7dfbb4a810bb] [SUDO_1_3_1]
32157:
32158: * CHANGES:
32159: updated
32160: [7820ee610bf8]
32161:
32162: * sudo_setenv.c:
32163: added unistd.h include
32164: [30cf2b654525]
32165:
32166: 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
32167:
32168: * sudo.c:
32169: added sys/time.h for AIX
32170: [199fc8caf3a3]
32171:
32172: 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
32173:
32174: * configure.in:
32175: added check for -lsocket and sys/sockio.h
32176: [f9abfbb31031]
32177:
32178: * config.h.in:
32179: took out libshadow check and added in sys/sockio.h check
32180: [0c4b0393ac80]
32181:
32182: * sudo.c:
32183: now include sockio.h instead of ioctl.h if it exists "sudo -" now
32184: gets a better error message
32185: [53041bea5483]
32186:
32187: * sample.sudoers:
32188: now has a dir and subnet entry
32189: [56b820f65438]
32190:
32191: 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
32192:
32193: * sudo.c:
32194: removed if_ether.h
32195: [b4f64507493e]
32196:
32197: * TODO:
32198: added an item
32199: [ea2a1bb6922a]
32200:
32201: * sudo.man:
32202: added network and ip addresses to man page
32203: [01c85016511f]
32204:
32205: * sudo.c:
32206: no error if can't get interfaces or netmask since networking may not
32207: be in the kernel.
32208: [50b8890e2134]
32209:
32210: * parse.c:
32211: nwo check for interfaces == NULL
32212: [dc1b3eef0db2]
32213:
32214: * parse.c:
32215: fixed a bug that caused directory specs in a Cmnd_Alias to fail if
32216: the last entry in the spec failed (ie: it was only looking at the
32217: last entry). CLeaned things up by adding the cmndcmp() function--all
32218: neat & tidy
32219: [007e93578e5e]
32220:
32221: * CHANGES:
32222: added one
32223: [40e8a2cef497]
32224:
32225: 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
32226:
32227: * sudo.c:
32228: now do two passes to skip bogus interfaces (lo0, etc)
32229: [465e30aecaf7]
32230:
32231: * parse.lex, parse.yacc, visudo.c:
32232: added include of netinet/in.h
32233: [11e3816ed362]
32234:
32235: * logging.c, sudo_realpath.c, sudo_setenv.c:
32236: added ninclude of netinet/in.h
32237: [daccfa40fe1e]
32238:
32239: * check.c, find_path.c, getcwd.c, getwd.c:
32240: added include of netinet/in.h
32241: [0222f95e06ad]
32242:
32243: * version.h:
32244: ++
32245: [d6b0cfa35a38]
32246:
32247: * sudo.h:
32248: added interfaces global
32249: [ba52fa8ad75e]
32250:
32251: * parse.c:
32252: now uses new interfaces global
32253: [17473ad5ecba]
32254:
32255: * sudo.c:
32256: now ip addresses are gleaned fw/o dns
32257: [8828bb2007e0]
32258:
32259: 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
32260:
32261: * sudo.c:
32262: added load_ip_addrs() to load the ip_addrs global var
32263: [60c825f04238]
32264:
32265: * parse.c:
32266: added hostcmp() to compare hostnames, ip addrs, and network addrs
32267: [ab0e40e37537]
32268:
32269: * sudo.h:
32270: added ip_addrs def added load_ip_addrs prototype
32271: [c41c565d0777]
32272:
32273: 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
32274:
32275: * CHANGES:
32276: updated
32277: [2a128dbe9bcb]
32278:
32279: * Makefile.in:
32280: removed multiple entries in DISTFILES
32281: [2490f4f371e6]
32282:
32283: * visudo.c:
32284: ansified the !STDC_HEADERS decls
32285: [646ba06d17ae]
32286:
32287: * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
32288: don't do malloc decl if gnuc
32289: [f1bad1925f98]
32290:
32291: * sudo.c:
32292: can't use getopt(3) since it munges args to the command to be run as
32293: root don't do malloc decl if gnuc
32294: [38e78f6da14e]
32295:
32296: * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
32297: sudo_realpath.c, sudo_setenv.c:
32298: ansi-fied !STDC_HEADER function prottypes
32299: [51d8cad89976]
32300:
32301: * getcwd.c, getwd.c:
32302: added missing paren
32303: [6a1fae70e27e]
32304:
32305: * Makefile.in:
32306: added putenv.c to DISTFILES
32307: [a5e4523eabbb]
32308:
32309: * sudo_setenv.c:
32310: added params to func decls when STDC_HEADERS is not defined now can
32311: count on putenv() being there
32312: [fd587796189b]
32313:
32314: * sudo_realpath.c:
32315: took out errno decl since sudo.h does it for us fixed up a next cc
32316: warning added params to func decls when STDC_HEADERS is not defined
32317: [70fa5152ace6]
32318:
32319: * sudo.h:
32320: took out environ extern added local declaratio of putenv() if local
32321: version is needed
32322: [a84bae6c020d]
32323:
32324: * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
32325: added params to func decls when STDC_HEADERS is not defined
32326: [f406f0e47ac0]
32327:
32328: * config.h.in:
32329: added memcpy check check to see that ansi vs bsd macros are ntot
32330: already defiend before defining (ie: avoid redefinition)
32331: [879ae026e19f]
32332:
32333: * configure.in:
32334: removed fluff setenv check plus check w/ replace for putenv if also
32335: no setenv
32336: [e3c03814ad4b]
32337:
32338: * putenv.c:
32339: Initial revision
32340: [3cff63e2dc1b]
32341:
32342: 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
32343:
32344: * sudo_setenv.c:
32345: Initial revision
32346: [4d637631fa6b]
32347:
32348: * sudo.h:
32349: rm'd s realp[ath added sudo_realpath and sudo_setenv
32350: [07ba001ff57e]
32351:
32352: * sudo.c:
32353: now use sudo_setenvc
32354: [fd81e04d5ef0]
32355:
32356: * configure.in:
32357: added puteenv and setenv, removed realpath
32358: [27bfacfb513b]
32359:
32360: * config.h.in:
32361: added putenv & setenv
32362: [515f14eaf6e4]
32363:
32364: * Makefile.in:
32365: added sudo_setenv
32366: [217731a717c5]
32367:
32368: * version.h:
32369: ++
32370: [eadb346d7129]
32371:
32372: 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
32373:
32374: * configure.in:
32375: added MAN_POSTINSTALL and /usr/share/catman for irix
32376: [2a9496c1bdba]
32377:
32378: * Makefile.in:
32379: added MAN_POSTINSTALL
32380: [89b0d4695529]
32381:
32382: * CHANGES:
32383: added
32384: [48c021ba8a70]
32385:
32386: * sudo.man:
32387: added SUDO_* plus new options
32388: [c0759cff5683]
32389:
32390: * CHANGES:
32391: added one
32392: [7d44a3922d56]
32393:
32394: * configure.in:
32395: took out shadow lib
32396: [07cf3de18701]
32397:
32398: * TODO:
32399: adde done
32400: [a27a578e8afe]
32401:
32402: * visudo.c:
32403: now use yyrestart() if flex now reset yylineno to 0
32404: [77d67ce0b677]
32405:
32406: * Makefile.in:
32407: support for installing a cat page instead of a man page if no nroff
32408: [44671c0fc0fa]
32409:
32410: * configure.in:
32411: now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
32412: to determine whether or not to install a cat or man page
32413: [0562d069c135]
32414:
32415: * config.h.in:
32416: added HAVE_FLEX
32417: [c5490bae39d3]
32418:
32419: * sudo.c:
32420: not set ret to MODE_RUN initially
32421: [88b4983c195b]
32422:
32423: * find_path.c:
32424: made command (and therefor cmnd dynamically allocated)
32425: [95b82e32b6de]
32426:
32427: * TODO:
32428: did #8
32429: [fb6f41308cdf]
32430:
32431: * version.h:
32432: ++
32433: [14112ecab5ae]
32434:
32435: * sudo_realpath.c:
32436: changed bufs from MAXPATHLEN to MAXPATHLEN+1
32437: [0ad4f34e55c0]
32438:
32439: * sudo.h:
32440: added MODE_ removed validate_only and added remove_timestamp()
32441: [dd5f99c57728]
32442:
32443: * sudo.c:
32444: usage() now takes an int (exit value) added parse_args() to parse
32445: command line arguments moved call to find_path() from load_globals
32446: to new function load_cmnd() removed validate_only global -- now use
32447: the concept of "modes" added -h and -k options
32448: [c3887090b28a]
32449:
32450: * parse.c:
32451: no longer use global validate_only now checks for command called
32452: "validate" removed check for non-fully qualified commands since that
32453: is done by find_path
32454: [7d56fbd26369]
32455:
32456: * find_path.c:
32457: changed MAXPATHLEN r to MAXPATHLEN+1
32458: [a86e8664d971]
32459:
32460: * find_path.c:
32461: fixed off by one error with MAXPATHLEN and fixed a comment
32462: [58adcef8c981]
32463:
32464: * check.c:
32465: check_timestamp no longer runs reminder(), it is implied in the
32466: return val added remove_timestamp()
32467: [42ab5a77066f]
32468:
32469: * CHANGES:
32470: updated
32471: [8e69b31df024]
32472:
32473: 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
32474:
32475: * BUGS:
32476: fixed on
32477: [bc34f1ac4280]
32478:
32479: * sudo_realpath.c:
32480: took out old_errno
32481: [a168d00a0768]
32482:
32483: * CHANGES:
32484: updated
32485: [04ba80922df7]
32486:
32487: 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
32488:
32489: * logging.c:
32490: moved send_mail to after syslog
32491: [4d4188087834]
32492:
32493: * sudo.c:
32494: now set SUDO_ envariables
32495: [e5963f1bd3bb]
32496:
32497: 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
32498:
32499: * version.h:
32500: ++
32501: [2a4534845d8c]
32502:
32503: * sudo_realpath.c:
32504: now print error if chdir fails
32505: [0d75c8973d49]
32506:
32507: * find_path.c:
32508: removed an XXX
32509: [e2077bcb35aa]
32510:
32511: 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
32512:
32513: * CHANGES:
32514: updated
32515: [e30a2b39b41a]
32516:
32517: * configure.in:
32518: no more static binaries for aix
32519: [77a0beb6bd80]
32520:
32521: 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
32522:
32523: * INSTALL:
32524: fixed typo
32525: [ba5e0d391bc4]
32526:
32527: * sudo_realpath.c:
32528: took out stuff not needed for sudo now does be_root/be_user itself
32529: now uses cwd global
32530: [4f6d4641d793]
32531:
32532: * version.h:
32533: +=2
32534: [97da927b297c]
32535:
32536: * logging.c, sudo.c:
32537: be_root/be_user is now down in sudo_realpath()
32538: [f331662fa50f]
32539:
32540: * logging.c, sudo.h:
32541: now works with 4.2BSD syslog (blech)
32542: [98e39d89dd36]
32543:
32544: * find_path.c:
32545: now use sudo_realpath()
32546: [ab436a8ebd02]
32547:
32548: * config.h.in:
32549: took out realpth() stuff since we now use sudo_realpath()
32550: [8de5ef9f6044]
32551:
32552: * configure.in:
32553: ultrix enhanced sec
32554: [815fb7fffcc0]
32555:
32556: * SUPPORTED:
32557: added ultrix enhanced sec.
32558: [6466766c8062]
32559:
32560: * INSTALL:
32561: updated
32562: [d681a634297a]
32563:
32564: * check.c:
32565: ultrix enhanced security suport
32566: [f10c8decbcc2]
32567:
32568: * Makefile.in:
32569: added sudo_realpath.c
32570: [6b9bcd3be022]
32571:
32572: * CHANGES:
32573: updated
32574: [2fa8084c1b53]
32575:
32576: * tgetpass.c:
32577: increased passwd len to 24 for c2 security
32578: [ec64838be62d]
32579:
32580: * BUGS:
32581: updated BUGS
32582: [ca00d8fec2ce]
32583:
32584: 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
32585:
32586: * check.c:
32587: now use user global var
32588: [568769719013]
32589:
32590: * configure.in:
32591: took out -ls
32592: [490a44180d5f]
32593:
32594: 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
32595:
32596: * configure.in:
32597: added AFS libs
32598: [4fb40c8c01ba]
32599:
32600: * sudo.h:
32601: user is now a char * added epasswd
32602: [27a919fafdfb]
32603:
32604: * sudo.c:
32605: added tzset() to load_globals added epasswd (encrypted password)
32606: global made user dynamically allocated
32607: [b99ef9bdbfce]
32608:
32609: * configure.in:
32610: added tzset test
32611: [27592dd1214b]
32612:
32613: * config.h.in:
32614: added HAVE_TZSET
32615: [b13f4213f3d0]
32616:
32617: * check.c:
32618: cleaned up encrypted passwd grab somewhat
32619: [c8ba9a4db38a]
32620:
32621: * configure.in:
32622: fixed AFS typo
32623: [2bfcbce237b6]
32624:
32625: * INSTALL:
32626: added AFS not
32627: [80c67329393c]
32628:
32629: * CHANGES:
32630: udpated
32631: [2f09ecdd5d31]
32632:
32633: * logging.c:
32634: can now log to both syslog & a file
32635: [4d5c0932bc01]
32636:
32637: * sudo.h:
32638: added BOTH_LOGS
32639: [623c539be824]
32640:
32641: * CHANGES:
32642: updated
32643: [a1c7f5ef3616]
32644:
32645: * configure.in:
32646: --with-AFS
32647: [28718d8f5daf]
32648:
32649: * config.h.in:
32650: added HAVE_AFS
32651: [2e32bb4e63e4]
32652:
32653: * check.c:
32654: added afs changes
32655: [fe4d0ff320a2]
32656:
32657: * sudo.h:
32658: removed AFS stuff :-)
32659: [a40387e6fa27]
32660:
32661: * tgetpass.c:
32662: include sys/select for AIX
32663: [f32c5a8f2c84]
32664:
32665: * sudo.h:
32666: added AFS
32667: [da2ab3dd0348]
32668:
32669: * version.h:
32670: ++
32671: [452d4dfe25af]
32672:
32673: 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
32674:
32675: * CHANGES, SUPPORTED:
32676: updated
32677: [e7dfe6f23a37]
32678:
32679: * logging.c:
32680: can now have MAILER undefined
32681: [1d33b98b35e1]
32682:
32683: * INSTALL:
32684: new sub-note about MAILER
32685: [d35c636a0574]
32686:
32687: * sudo.man:
32688: added blurb about password timeout
32689: [70c2ee50de20]
32690:
32691: * configure.in:
32692: convex c2 changes
32693: [367138a6232e]
32694:
32695: * aclocal.m4:
32696: took out duplicate define of _CONVEX_SOURCE
32697: [647182138450]
32698:
32699: * Makefile.in:
32700: added OSDEFS
32701: [7fdcd50602d1]
32702:
32703: * config.h.in:
32704: added spaces
32705: [f2b8a05e48f3]
32706:
32707: * tgetpass.c:
32708: added a goto if fgets fails
32709: [68a6586d9c45]
32710:
32711: * sudo.h:
32712: use __hpux not hpux convex c2 stuff
32713: [5c377a8d5f34]
32714:
32715: * sudo.c:
32716: use __hpux not hpux
32717: [9363bc0f9f9e]
32718:
32719: * logging.c:
32720: convex c2 stuff
32721: [ea5630975ac4]
32722:
32723: * config.h.in:
32724: define ansi-ish cpp os defines if non-ansi are defined for hpux &
32725: convex
32726: [664f53a5e786]
32727:
32728: * INSTALL:
32729: updated to say we support sonvex C2
32730: [5f2f8b87013e]
32731:
32732: * check.c:
32733: added convex c2 support
32734: [9a665d4918fa]
32735:
32736: 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
32737:
32738: * tgetpass.c:
32739: no more ioctl never returns NULL uses fgets() and select() to
32740: timeout
32741: [b333e6d63e97]
32742:
32743: 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
32744:
32745: * configure.in:
32746: things were testing -n "$GCC" instead of -z "$GCC"
32747: [059a9b15ede2]
32748:
32749: * tgetpass.c:
32750: now works + uses fgets()
32751: [353d7ebcb7bb]
32752:
32753: 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
32754:
32755: * tgetpass.c:
32756: select doesn't seem to recognize a single '\n' as input waiting so
32757: we can;t use it, sigh.
32758: [f76e3218b835]
32759:
32760: 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
32761:
32762: * PORTING:
32763: updated tgetpass() blurb
32764: [95baac736b49]
32765:
32766: * configure.in:
32767: added --with-getpass
32768: [42ac0bdf58ed]
32769:
32770: * Makefile.in:
32771: added tgetpass stuff
32772: [e2b38c635663]
32773:
32774: * tgetpass.c:
32775: now uses stdio
32776: [36af8ff66e35]
32777:
32778: * version.h:
32779: ++
32780: [4e81c9db19bd]
32781:
32782: 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
32783:
32784: * PORTING:
32785: updated ,.
32786: [54f523770a05]
32787:
32788: * config.h.in:
32789: added USE_GETPASS && HAVE_C2_SECURITY
32790: [86b355cb2953]
32791:
32792: * configure.in:
32793: fixed a test aded --with-C2 and --with-tgetpass
32794: [abf6181588ef]
32795:
32796: * check.c:
32797: added hpux C2 shit
32798: [20d4177ffa88]
32799:
32800: * Makefile.in:
32801: took out tgetpass.*
32802: [cc82fd9984b4]
32803:
32804: * INSTALL:
32805: added C2 blurb
32806: [1d2bfc35e4b6]
32807:
32808: 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
32809:
32810: * configure.in:
32811: no termio(s) for ultrix since it is broken
32812: [d3e82e835350]
32813:
32814: * check.c:
32815: added a space (yeah, anal)
32816: [05e4b31ca68c]
32817:
32818: * realpath.c, sudo_realpath.c:
32819: fixed it (duh, rtfm)
32820: [f13097cb8cb6]
32821:
32822: 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
32823:
32824: * config.h.in:
32825: took out bsd signal stuff for irix
32826: [e179cdafc97a]
32827:
32828: * visudo.c:
32829: comments in #endif
32830: [e3a629190f5e]
32831:
32832: * configure.in:
32833: don't define BSD signals for irix
32834: [3ce57bffb7f0]
32835:
32836: * TODO:
32837: did some...
32838: [274241cd0f74]
32839:
32840: * CHANGES:
32841: updated
32842: [8f29fc755faf]
32843:
32844: * realpath.c, sudo_realpath.c:
32845: took out unneeded code by changing where a strings was terminated
32846: [b5564d62d30e]
32847:
32848: 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
32849:
32850: * realpath.c, sudo_realpath.c:
32851: fix bug where /dirname would return NULL
32852: [b85f470daf26]
32853:
32854: * sudo.h:
32855: move __P to config.h
32856: [7763c0ff3f28]
32857:
32858: * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
32859: added errno definition
32860: [4cc9d2d9782a]
32861:
32862: * config.h.in:
32863: added __P
32864: [ca06f5aa58f3]
32865:
32866: * config.h.in:
32867: added HAVE_FCHDIR
32868: [206d714641e0]
32869:
32870: * strdup.c:
32871: now include stdio
32872: [0d8458da0e1d]
32873:
32874: * realpath.c, sudo_realpath.c:
32875: now works if no fchdir
32876: [e035911b6722]
32877:
32878: * visudo.c:
32879: define SA_RESETHAND to null if not defined
32880: [afec03e84342]
32881:
32882: * configure.in:
32883: added check & replace
32884: [c1a65481441c]
32885:
32886: * configure.in:
32887: took out -static for nextstep -- it doesn't work
32888: [fa1a1a611743]
32889:
32890: 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
32891:
32892: * logging.c:
32893: moved #endif to where it belongs
32894: [07d3a8972097]
32895:
32896: * SUPPORTED:
32897: correction
32898: [0c1ecba3e5a3]
32899:
32900: * configure.in:
32901: now checks for strdup realpath getcwd bzero
32902: [f029a1917515]
32903:
32904: * config.h.in:
32905: emulate bzero
32906: [d792352e44a3]
32907:
32908: * visudo.c:
32909: added posic signals
32910: [2ed0005f90fc]
32911:
32912: * tgetpass.c:
32913: bzero cast
32914: [6d91b1a1526f]
32915:
32916: * logging.c:
32917: added posix signals
32918: [67ede9c22a05]
32919:
32920: * configure.in:
32921: removed BROKEN_GETPASS added new srcs toreplace missing functions
32922: [cf44274bb1c8]
32923:
32924: * config.h.in:
32925: added posix signal stuff
32926: [a3c1c98fe8ef]
32927:
32928: * Makefile.in:
32929: added new srcs
32930: [b6a079afee47]
32931:
32932: * visudo.c:
32933: updated useag
32934: [589ed091c44f]
32935:
32936: * tgetpass.c:
32937: now uses posix signals
32938: [30f74964074f]
32939:
32940: * PORTING:
32941: updated sto reflect major changes
32942: [bcfc309e017b]
32943:
32944: * CHANGES, TODO:
32945: updated
32946: [23aacbd54278]
32947:
32948: * tgetpass.c:
32949: uses sysconf() if available
32950: [a27431c90bab]
32951:
32952: * sudo.h:
32953: added PASSWORD_TIMEOUT + prototypes for new functions
32954: [d7473c2f77c4]
32955:
32956: * realpath.c, sudo_realpath.c:
32957: for those w/o this in libc
32958: [1e47aa7a9d46]
32959:
32960: * getcwd.c, getwd.c:
32961: Initial revision
32962: [c90dea57a84f]
32963:
32964: * find_path.c:
32965: rewrote to use realpath(3) - nis now all my code
32966: [d2c3bb8fb37d]
32967:
32968: * config.h.in:
32969: added HAVE_REALPATH
32970: [02c10352a8c7]
32971:
32972: * check.c:
32973: now use tgetpass
32974: [b5c021fc179f]
32975:
32976: * Makefile.in:
32977: added LIBOBJS use tgetpass.c
32978: [230a7b3eeaa3]
32979:
32980: 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
32981:
32982: * tgetpass.c:
32983: works now :-)
32984: [025e7a3875ba]
32985:
32986: * tgetpass.c:
32987: Initial revision
32988: [3316ab33b230]
32989:
32990: * pathnames.h.in:
32991: added /dev/tty
32992: [29242585e53f]
32993:
32994: 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
32995:
32996: * version.h:
32997: incremented
32998: [f2e54b48280f]
32999:
33000: * sudo.c:
33001: always use getcwd
33002: [c6068e8a4029]
33003:
33004: * config.h.in:
33005: added check for getwd
33006: [ab1e102ad673]
33007:
33008: * configure.in:
33009: replace strdup & realpath & getcwd if missing
33010: [b0eb14f2a1c3]
33011:
33012: * pathnames.h.in:
33013: added _PATH_PWD
33014: [309d2388f69a]
33015:
33016: * aclocal.m4:
33017: added SUDO_PROG_PWD
33018: [e16e85deb96c]
33019:
33020: * strdup.c:
33021: Initial revision
33022: [810efdc15007]
33023:
33024: * realpath.c, sudo_realpath.c:
33025: Initial revision
33026: [d85eee438e09]
33027:
33028: 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
33029:
33030: * configure.in:
33031: quoted quare brackets
33032: [d0e7ca111d98]
33033:
33034: 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
33035:
33036: * sudo.c:
33037: no need to strdup() a constant
33038: [a8c44712df9a]
33039:
33040: * CHANGES:
33041: updated
33042: [71364129cca0]
33043:
33044: * sudo.man:
33045: added validate
33046: [0bb198095a26]
33047:
33048: * sudo.c:
33049: added -v to usage
33050: [31ea71f11dbb]
33051:
33052: * parse.c, sudo.c, sudo.h:
33053: added validate_only stuff
33054: [9bcd853d3c90]
33055:
33056: 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
33057:
33058: * configure.in:
33059: now finds sed
33060: [6374bb0d3f28]
33061:
33062: * aclocal.m4:
33063: $OSREV is now an int
33064: [ace0666d66cf]
33065:
33066: 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
33067:
33068: * configure.in:
33069: added mtxinu to caser
33070: [73a776887b16]
33071:
33072: * sudo.h:
33073: added EXEC macro
33074: [2e8eb28b710a]
33075:
33076: * sudo.c:
33077: now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
33078: [56afb4f658d5]
33079:
33080: * logging.c:
33081: changed mail_argv[] def now use EXEC() macro
33082: [ddcabd28edb1]
33083:
33084: * check.c:
33085: took out crypt() definition
33086: [0e657724cf5f]
33087:
33088: * version.h:
33089: upped the version
33090: [62c5d66119fc]
33091:
33092: * configure.in:
33093: always look for -lnsl
33094: [d7b594f0313b]
33095:
33096: * aclocal.m4:
33097: added an echo
33098: [1caae3491dc5]
33099:
33100: * sudo.h:
33101: SHORT_MESSAGE is now the default
33102: [cfce35c3119a]
33103:
33104: * config.h.in:
33105: fixed typo
33106: [6499a564bf75]
33107:
33108: * configure.in:
33109: added missing AC_DEFINE(SVR4) for solaris
33110: [feef0b17b94f]
33111:
33112: * sudo.man:
33113: documented the -v flag
33114: [a6429f2bc2cf]
33115:
33116: * SUPPORTED:
33117: updated
33118: [088886e79540]
33119:
33120: * check.c:
33121: proto-ized crypt()
33122: [801e4ff5b121]
33123:
33124: * config.h.in:
33125: added LIBSHADOW undef
33126: [8df588e9ee2b]
33127:
33128: * configure.in:
33129: nwo set OS to be lowercase
33130: [561ebed833e4]
33131:
33132: 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
33133:
33134: * configure.in:
33135: now use SUDO_OSTYPE to set $OS
33136: [0e60aee23098]
33137:
33138: * aclocal.m4:
33139: now use uname to determine os
33140: [99705e58d400]
33141:
33142: * visudo.c:
33143: added prototypes & moved sig handler around
33144: [1f0bc8d23b51]
33145:
33146: * sudo.h:
33147: added prototyppes
33148: [be3935a2b163]
33149:
33150: * check.c, logging.c, sudo.c:
33151: added prototypes
33152: [2079b4605ab8]
33153:
33154: * parse.c:
33155: added comment
33156: [a34d147d8399]
33157:
33158: * config.h.in:
33159: nwo use _BSD_SIGNALS not _BSD_COMPAT
33160: [63663195f047]
33161:
33162: * aixcrypt.exp:
33163: Initial revision
33164: [890aed08357e]
33165:
33166: * Makefile.in:
33167: added aixcrypt.exp
33168: [1005a183105f]
33169:
33170: * parse.lex, parse.yacc:
33171: moved config.h to top of includes
33172: [9569c49aa5f3]
33173:
33174: 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
33175:
33176: * find_path.c:
33177: now don't bitch if get EACCESS (treat like EPERM)
33178: [dbeffb638de4]
33179:
33180: * visudo.c:
33181: added -v flag and usage()
33182: [4d44ed60ed75]
33183:
33184: * version.h:
33185: fixed a typo
33186: [cf3f9347ae41]
33187:
33188: * sudo.c:
33189: cast Argv to a const for exec added -v flag
33190: [d11b6efc0e45]
33191:
33192: * logging.c:
33193: mail_argv is now a const
33194: [93bb5d90bb6f]
33195:
33196: * configure.in:
33197: only set RETSIGTYPE if it is not set already
33198: [c97aac260b77]
33199:
33200: * aclocal.m4:
33201: now defines & STDC_HEADERS for Irix
33202: [9c2b24ad1fc5]
33203:
33204: * Makefile.in:
33205: added version.h
33206: [9f79e880229a]
33207:
33208: * insults.h, sudo.h:
33209: prevent multiple inclusion
33210: [d68c8a9243ce]
33211:
33212: * version.h:
33213: Initial revision
33214: [dbb39c5ef8d9]
33215:
33216: * parse.lex, parse.yacc:
33217: now includes config.h
33218: [f117e036a56b]
33219:
33220: * aclocal.m4:
33221: now talks about sunos 4.x
33222: [c9054aa92d4e]
33223:
33224: * visudo.c:
33225: calls to Exit now pass an arg
33226: [a92104670551]
33227:
33228: 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
33229:
33230: * visudo.c:
33231: signal handler now takes an int argument
33232: [26f480c41523]
33233:
33234: * CHANGES:
33235: updated
33236: [8c166a9d796b]
33237:
33238: * sudo.c:
33239: ok, the getcwd() is now *really* done as the user
33240: [ab86cf85134a]
33241:
33242: * configure.in:
33243: changed AIX STATIC_FLAGS
33244: [b9c0a3ba5663]
33245:
33246: * aclocal.m4:
33247: solaris now defines SVR4
33248: [c3e20cac96f5]
33249:
33250: * sudo.h:
33251: added cwd and fixed stupid core dump that makes no sense. sigh.
33252: [7a9755436dbb]
33253:
33254: * sudo.c:
33255: moved getcwd stuff into load_globals
33256: [ec2bc90df1f3]
33257:
33258: * parse.c:
33259: took out externs that are in suod.h
33260: [93c4b3f856d7]
33261:
33262: * logging.c:
33263: moved cwd into load_globals
33264: [050de754d228]
33265:
33266: * find_path.c:
33267: moved cwd stuff
33268: [22f3f3b4c34d]
33269:
33270: * Makefile.in:
33271: fixed make distclean & realclean
33272: [c9964d89bcef]
33273:
33274: * TODO:
33275: updated .,
33276: [e513581ef0e3]
33277:
33278: * CHANGES:
33279: added solaris changes
33280: [505d930daf27]
33281:
33282: * aclocal.m4:
33283: added solaris changes, need to rework
33284: [33f20fb16c49]
33285:
33286: * configure.in:
33287: cleaned up for solaris
33288: [2fb8cfa05d0f]
33289:
33290: * logging.c:
33291: reinstall reapchild signal handler for non-bsd signals
33292: [3d1dc545113d]
33293:
33294: * sudo.h:
33295: took out getdtablesize() emulation for HP-UX (no longer needed)
33296: [1fc83d170f34]
33297:
33298: * sudo.c:
33299: support for HAVE_SYSCONF
33300: [50ca2a7a224a]
33301:
33302: * visudo.c:
33303: added <fcntl.h> for solaris & reorg'd the includes + minor prettying
33304: up /
33305: [0a570e826dd4]
33306:
33307: * config.h.in:
33308: added HAVE_SYSCONF
33309: [2b9a9f3a4e94]
33310:
33311: 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
33312:
33313: * configure.in:
33314: now tells you what os you are running /.
33315: [06c6332a895b]
33316:
33317: * aclocal.m4:
33318: took out extra ','
33319: [e8c75ce59f4a]
33320:
33321: 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
33322:
33323: * config.h.in:
33324: added _BSD_COMPAT
33325: [73c5099806c2]
33326:
33327: * aclocal.m4:
33328: fixed for irix5
33329: [1047d1f6c0eb]
33330:
33331: * CHANGES:
33332: updated
33333: [1bc4969fee96]
33334:
33335: * sudo.c:
33336: uid seinitialized to -2
33337: [8d7812b1878b]
33338:
33339: 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
33340:
33341: * sudo.c:
33342: now removes LIBPATH for AIX
33343: [075392eb1dd9]
33344:
33345: 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
33346:
33347: * configure.in:
33348: now uses ufc if it finds it
33349: [ab6ce30a5958]
33350:
33351: 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
33352:
33353: * sudo.h:
33354: no longer define yyval & yylval since yacc does it
33355: [09d250aea50a]
33356:
33357: * parse.lex:
33358: now defines yylval as extenr
33359: [8ec2b88952bc]
33360:
33361: * configure.in:
33362: BROKEN_GETPASS is now an OPTION
33363: [3714f4bb8312]
33364:
33365: * config.h.in:
33366: took out BROKEN_GETPASS
33367: [9c4f6aa50137]
33368:
33369: * Makefile.in:
33370: took out big comment
33371: [4c13cff0e556]
33372:
33373: * README:
33374: updated
33375: [b8b9902b620d]
33376:
33377: * Makefile.in:
33378: took out README.beta
33379: [ed2cd861e82b]
33380:
33381: * SUPPORTED:
33382: Initial revision
33383: [2fffc51e6606]
33384:
33385: * INSTALL:
33386: now reference SUPPORTED .,
33387: [d112c30be1f2]
33388:
33389: * config.h.in:
33390: now check for convex OR __convex__
33391: [a0e5701a3069]
33392:
33393: * aclocal.m4:
33394: now check for convex or __convex__
33395: [5dae2bfbe3bc]
33396:
33397: * Makefile.in:
33398: added dist target
33399: [400a54de57db]
33400:
33401: * aclocal.m4:
33402: use __convex__
33403: [58a19470ed0b]
33404:
33405: * find_path.c:
33406: now use _S_* stat stuff to be ansi-like
33407: [28cce560e048]
33408:
33409: * INSTALL:
33410: updated for configure directions
33411: [a034ccc7c30a]
33412:
33413: * Makefile.in:
33414: distclean now removes config.h and pathnames.h
33415: [300f2349b4ab]
33416:
33417: * CHANGES:
33418: updated
33419: [646f7e9430c1]
33420:
33421: * TODO:
33422: fixed typoe
33423: [70fd6361b2bc]
33424:
33425: * visudo.c:
33426: updated version
33427: [cf13d87d789f]
33428:
33429: * Makefile.in:
33430: updated version
33431: [8c5dacc27a7a]
33432:
33433: * config.h.in, pathnames.h.in:
33434: added copyright header
33435: [747ce3d3d6b7]
33436:
33437: * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
33438: parse.yacc, sudo.c, sudo.h:
33439: udpated version
33440: [4751c39bad18]
33441:
33442: * visudo.c:
33443: udpated to use configure + pathnames.h
33444: [d45dff76a1cd]
33445:
33446: * aclocal.m4:
33447: updated
33448: [f05a367a55be]
33449:
33450: * Makefile.in, config.h.in, configure.in:
33451: updated
33452: [524778598879]
33453:
33454: * sudo.h:
33455: now works with configure
33456: [83fc40e533f4]
33457:
33458: * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
33459: updated to work with configure + pathnames.h
33460: [cb67fa6ab52d]
33461:
33462: * Makefile.in:
33463: added LEXLIB
33464: [f43cad4ab0a2]
33465:
33466: 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
33467:
33468: * COPYING:
33469: updated gnu general licence to versio 2
33470: [2b0b56112ddc]
33471:
33472: * config.h.in, pathnames.h.in:
33473: Initial revision
33474: [4b586f39ec2d]
33475:
33476: * sudo.h:
33477: changed to work with configure
33478: [13f3506ddf16]
33479:
33480: 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
33481:
33482: * Makefile.in, aclocal.m4, configure.in:
33483: Initial revision
33484: [a8636ae77371]
33485:
33486: * visudo.c:
33487: now uses defines used by configure
33488: [de438d118993]
33489:
33490: 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
33491:
33492: * find_path.c:
33493: sudo won't bitch about EPERM now, for real
33494: [ce26d9ef7e3f]
33495:
33496: 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
33497:
33498: * logging.c:
33499: renamed exec_argv to eliminate a libc name clash with ksros
33500: [bcb4350d8411]
33501:
33502: * CHANGES:
33503: corrected
33504: [dae68d422efd]
33505:
33506: * logging.c, sudo.c, sudo.h:
33507: execve -> execv
33508: [40cc2c4bdb15]
33509:
33510: * TODO:
33511: upated
33512: [9275a8b8fc45]
33513:
33514: * PORTING:
33515: added 2 mroe items
33516: [6cbb5c56993c]
33517:
33518: * CHANGES:
33519: updated
33520: [73f34f8e571a]
33521:
33522: * sudo.h:
33523: added UMASK and mode_t declaration
33524: [7c2015e1d171]
33525:
33526: * sudo.c:
33527: added UMASK
33528: [d37be7523680]
33529:
33530: * logging.c:
33531: now opens log file with mode 077
33532: [0825cc3ee841]
33533:
33534: * check.c:
33535: saved current umask ans restores it
33536: [659c1aaae8e8]
33537:
33538: * sudo.h:
33539: added MAXLOGFILELEN
33540: [34331c7dee90]
33541:
33542: * logging.c:
33543: split long log lines. FOr syslog, split into multiple entries, for
33544: a log file, indent the extra for readability
33545: [72c9e4cdba6e]
33546:
33547: 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
33548:
33549: * CHANGES:
33550: added changes
33551: [81196833673d]
33552:
33553: * sudo.h:
33554: MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
33555: [1aa69e903840]
33556:
33557: 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
33558:
33559: * TODO:
33560: added input from Brett M Hogden <hogden@rge.com>
33561: [80f01fc88ce9]
33562:
33563: 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
33564:
33565: * sudo.c:
33566: added rmenv() to remove stuff from environ. can now uses execvp()
33567: OR execve() becuase of this.
33568: [e7fc2535bd67]
33569:
33570: * logging.c:
33571: now uses execvp() OR execve()
33572: [56391aa1f99d]
33573:
33574: * sudo.h:
33575: added USE_EXECVE
33576: [f21f38050b95]
33577:
33578: * sudo.h:
33579: added environ
33580: [6b805e23c6f6]
33581:
33582: * find_path.c:
33583: now ignore EPERM
33584: [c8fd7117a1d7]
33585:
33586: * sudo.h:
33587: moved some func decls out of sudo.h and into sudo.c as statics /.
33588: [5f555c267d27]
33589:
33590: * CHANGES:
33591: updated
33592: [431f478af320]
33593:
33594: * sudo.h:
33595: took out Envp
33596: [6f722be7793d]
33597:
33598: 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
33599:
33600: * BUGS:
33601: Initial revision
33602: [4a8ecf0da95c]
33603:
33604: 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
33605:
33606: * CHANGES:
33607: added SECURE_PATH
33608: [1c72cb222609]
33609:
33610: * sudo.c, sudo.h:
33611: added SECURE_PATH
33612: [5bf5357a63c5]
33613:
33614: * sudo.h:
33615: added SECURE_PATH
33616: [3976a74405ac]
33617:
33618: * INSTALL:
33619: added sample.sudoers note
33620: [1b395d29aaeb]
33621:
33622: * sudoers:
33623: Initial revision
33624: [485888d07477]
33625:
33626: 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
33627:
33628: * find_path.c:
33629: fixed typo
33630: [bfc3cc4d41ca]
33631:
33632: * PORTING:
33633: took out SAVED_UID garbage
33634: [b7c2d3469661] [SUDO_1_3_0]
33635:
33636: * INSTALL:
33637: mentioned HAL
33638: [253d6695df90]
33639:
33640: * sudo.h:
33641: added HAL line
33642: [29ec1a4ac6de]
33643:
33644: * insults.h:
33645: added HAL insults
33646: [7d7c96d77c74]
33647:
33648: * TODO:
33649: updated
33650: [aa2ed9790586]
33651:
33652: * logging.c:
33653: more verbose error if mailer not found
33654: [fca47fd00cb6]
33655:
33656: * check.c:
33657: now do getpwent as root for soem shadow password systems (bsdi)
33658: [e0339e110d46]
33659:
33660: 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
33661:
33662: * sudo.h:
33663: took out SAVED_UID garbade
33664: [fcb0e81dcdb5]
33665:
33666: * sudo.c:
33667: took out SAVED_UID garbage since it don't work
33668: [507e9513e9c2]
33669:
33670: 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
33671:
33672: * README:
33673: updated
33674: [d2b6b253dae5]
33675:
33676: * insults.h:
33677: added a missing space :-)
33678: [8940ea991f87]
33679:
33680: * sudo.c, sudo.h:
33681: took out multimax cruft
33682: [c2606b365181]
33683:
33684: * INSTALL:
33685: minor update
33686: [05fb6ee73131]
33687:
33688: * PORTING:
33689: finished
33690: [c4ac47c84dc5]
33691:
33692: * sudo.c:
33693: fixed a typo + indentation
33694: [7eab40aae8fa]
33695:
33696: 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
33697:
33698: * sudo.h:
33699: took outumoved some defines to the config file ,. ,.
33700: [defff05beb52]
33701:
33702: * PORTING:
33703: Initial revision
33704: [c803e9127959]
33705:
33706: * TODO:
33707: did #6
33708: [c6fa1c946c31]
33709:
33710: * sudo.h:
33711: added HAS_SAVED_UID
33712: [6a88a39c0a07]
33713:
33714: * sudo.c:
33715: put back AIX cruft
33716: [a24d2507ddd4]
33717:
33718: 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
33719:
33720: * sudo.c:
33721: aix changes
33722: [1663915f754a]
33723:
33724: 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
33725:
33726: * CHANGES:
33727: updated
33728: [a8cc73747cae]
33729:
33730: * check.c, logging.c, parse.c, sudo.c, sudo.h:
33731: now is only root when abs necesary
33732: [3c9d12c5cdfe]
33733:
33734: * check.c:
33735: added missing %s\n
33736: [609320b72d89]
33737:
33738: 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
33739:
33740: * install-sh:
33741: Initial revision
33742: [b5bba140a175]
33743:
33744: * TODO:
33745: updated
33746: [c9d2eba602af]
33747:
33748: * CHANGES:
33749: updated
33750: [932f1fc3bb14]
33751:
33752: * sudo.c:
33753: now removed _RLD_* for alphas
33754: [54a36e648158]
33755:
33756: * INSTALL:
33757: updated for new config scheme
33758: [61c8ae800444]
33759:
33760: * find_path.c:
33761: more verbose eror messages
33762: [b4fd123db42d]
33763:
33764: 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
33765:
33766: * TODO:
33767: now have solaris
33768: [371002fbf266]
33769:
33770: * sudo.h:
33771: define __svr4__ for SOLARIS
33772: [0b5cf5ed936d]
33773:
33774: * check.c:
33775: added svr4 junk for shadow pws for solaris 2.x
33776: [91ed58f21618]
33777:
33778: * check.c, sudo.c:
33779: took out setuid(0) and setreuid(udi) garbage. Its not needed since
33780: we start out setuid with the correct perms.
33781: [07689e782b0b]
33782:
33783: * check.c, sudo.c, sudo.h:
33784: now use setreuid()
33785: [7d64d685d78e]
33786:
33787: 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
33788:
33789: * sudo.man:
33790: revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
33791: sectoin
33792: [b26967b1e19b]
33793:
33794: * visudo.c:
33795: now uses ENV_EDITOR if you want to use the EDITOR envar
33796: [a4f8fcb9bd1d]
33797:
33798: * sudo.h:
33799: now uses ENV_EDITOR if you want to use the EDITOR envar >> .
33800: [028cc55c4328]
33801:
33802: 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
33803:
33804: * INSTALL:
33805: rewrote most of this
33806: [a6750923f9c9]
33807:
33808: * README:
33809: minor update + spell fix
33810: [a411717a7249]
33811:
33812: * sudo.h:
33813: added all options that are in the Makefile
33814: [6db3b3b841b3]
33815:
33816: * getpass.c:
33817: now use USE_TERMIO #define for sgi & hpux
33818: [b91f89ae6be1]
33819:
33820: * TODO:
33821: todo: posix sigs
33822: [4548a56eb2ef]
33823:
33824: 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
33825:
33826: * check.c, find_path.c:
33827: always include strings.h
33828: [1fc20bda92c0]
33829:
33830: * visudo.c:
33831: added STATICEDITOR
33832: [0596f820716e]
33833:
33834: * sudo.h:
33835: sgi has vi in /usr/bin too
33836: [94203b62bfd9]
33837:
33838: * sudo.man:
33839: added VISUAL
33840: [87c2844c4cac]
33841:
33842: 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
33843:
33844: * sudo.h:
33845: sue /usr/bin/vi on some systems
33846: [e3ad9190f35e]
33847:
33848: * sudo.c:
33849: fixed warning (include strings.h)
33850: [0b896de4d8a0]
33851:
33852: * sudo.man:
33853: added John_Rouillard@dl5000.bc.edu's changes (new features)
33854: [f41b4205a8cf]
33855:
33856: * CHANGES:
33857: changes from John_Rouillard@dl5000.bc.edu
33858: [6bdef8e948d5]
33859:
33860: * visudo.c:
33861: added EDITOR envar
33862: [5c4bf716de21]
33863:
33864: * check.c, find_path.c, parse.c, sudo.c:
33865: added patches from John_Rouillard directory spec
33866: uses EDITOR
33867: [f62a435f8c41]
33868:
33869: 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
33870:
33871: * getpass.c:
33872: added flush for hpux
33873: [07cfdd6a7b55]
33874:
33875: 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
33876:
33877: * sudo.c:
33878: no longer assume malloc returns a char *
33879: [7480bd2756f3]
33880:
33881: * sudo.c:
33882: alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
33883: gets removed correctly
33884: [8587166c6ac8]
33885:
33886: * sudo.h:
33887: added STD_HEADERS macro
33888: [480f5a9a516c]
33889:
33890: * sudo.c:
33891: now uses STD_HEADERS macor for ansi
33892: [c5018806fd59]
33893:
33894: * find_path.c:
33895: now uses STD_HEADERS macro
33896: [ad821e0788ea]
33897:
33898: * check.c:
33899: niceties for C compiler bitches -- no real change
33900: [0fc0b1a5fb64]
33901:
33902: 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
33903:
33904: * visudo.c:
33905: now doesn't fclose a file never opened.
33906: [ee888ec9427d]
33907:
33908: 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
33909:
33910: * sudo.man:
33911: added visudo line
33912: [698d51c66407]
33913:
33914: * sudo.man:
33915: added error stuff added me in there...
33916: [d202fd34b906]
33917:
33918: * CHANGES:
33919: noted insults
33920: [998a22c2230c]
33921:
33922: * INSTALL:
33923: added blurb about reading stuff
33924: [e71db100798f]
33925:
33926: * sudo.h:
33927: added insults
33928: [c110431cec56]
33929:
33930: * insults.h:
33931: corrected somments and removed newlines
33932: [493706fd488c]
33933:
33934: * check.c:
33935: now uses insults
33936: [6d23cf06a0ef]
33937:
33938: * insults.h:
33939: Initial revision
33940: [83153c26b4a3]
33941:
33942: * INSTALL:
33943: added dec syslog note
33944: [555437273237]
33945:
33946: * sample.sudoers:
33947: added real stuff in there
33948: [53442a7fba78]
33949:
33950: * TODO:
33951: added a todo
33952: [c630472bd4dc]
33953:
33954: * TODO:
33955: added one
33956: [806464453284]
33957:
33958: 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
33959:
33960: * sample.sudoers:
33961: Initial revision
33962: [7db0a9f1ca8f]
33963:
33964: * sudo.man:
33965: updated with changes
33966: [d9bf254c6c08]
33967:
33968: * sudo.man:
33969: Initial revision
33970: [dd6f11174ac6]
33971:
33972: * indent.pro:
33973: Initial revision
33974: [dbfbb494fad9]
33975:
33976: * CHANGES, COPYING, INSTALL, README, TODO:
33977: Initial revision
33978: [6d98f489a079]
33979:
33980: * visudo.c:
33981: updated version number and took out jeff's old addr since it is no
33982: good
33983: [ee47c24818cb]
33984:
33985: * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
33986: sudo.c, sudo.h:
33987: updated version number and took out jeff's email (since it is
33988: invalid)
33989: [54616458a52e]
33990:
33991: 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
33992:
33993: * check.c:
33994: added fflush()
33995: [145c881f4fb4]
33996:
33997: 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
33998:
33999: * find_path.c:
34000: now return NULL instead pf��of exiting for nopn��n-fatal errors
34001: [8bc74f8cb1ae]
34002:
34003: 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
34004:
34005: * check.c:
34006: new banner
34007: [5387ab2af516]
34008:
34009: * parse.lex:
34010: now sudo.h gets included first
34011: [2acb01c18e18]
34012:
34013: 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
34014:
34015: * parse.lex:
34016: now can use flex
34017: [164d3839adf0]
34018:
34019: * sudo.h:
34020: linux patch
34021: [f1b6b1b1a2ca]
34022:
34023: * sudo.c:
34024: hpux 9 fix, removes SHLIB_PATH linux patch
34025: [67611dc1737f]
34026:
34027: * check.c:
34028: linux diff
34029: [c24536682397]
34030:
34031: 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
34032:
34033: * find_path.c:
34034: stat now ignores EINVAL
34035: [c7761a5dc642]
34036:
34037: 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
34038:
34039: * find_path.c, sudo.c:
34040: now declare strdup as extern
34041: [6b7d6f8784b5]
34042:
34043: 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
34044:
34045: * visudo.c:
34046: reformatted with indent + by hand
34047: [9d43084e4990]
34048:
34049: * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
34050: used indent to "fix" coding style
34051: [489ffacbdc70]
34052:
34053: * find_path.c:
34054: now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
34055: move the code that does this into the loop body. makes it messier
34056: tho. hmmm.
34057: [c4d22b48da9a]
34058:
34059: 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
34060:
34061: * find_path.c:
34062: redid the fix for non-executable files in an easier to read way plus
34063: some minor aethetic changes
34064: [84fe337f1426]
34065:
34066: * find_path.c:
34067: fixed bug with non-executable tings of same name in path introduced
34068: by checkig errno after stat(2).
34069: [c2a812cfcbc1]
34070:
34071: 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
34072:
34073: * sudo.c:
34074: fixed off by one error
34075: [fabb7cee0041]
34076:
34077: * find_path.c:
34078: now handles decending below '/' correctly
34079: [5d2ddfc0b220]
34080:
34081: * sudo.c:
34082: now actually builds Envp instead of munging envp
34083: [bdc4b08f6898]
34084:
34085: 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
34086:
34087: * parse.yacc:
34088: now includes sys/param.h
34089: [efbb494ab4de]
34090:
34091: * visudo.c:
34092: now includes sys/param.h
34093: [ad6c91d59958]
34094:
34095: * sudo.h:
34096: fixed ifndef -> ifdef
34097: [7aebe822d863]
34098:
34099: * qualify.c:
34100: make more like find_path.c
34101: [853b2dab2e03]
34102:
34103: * find_path.c:
34104: rewritten by millert
34105: [c6a043cc11b3]
34106:
34107: * sudo.h:
34108: fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
34109: about new defines in the comment
34110: [39ffefce3aec]
34111:
34112: * logging.c:
34113: now uses USE_CWD
34114: [fa0f3b118bb3]
34115:
34116: * sudo.h:
34117: added delc for clean_envp() and Envp
34118: [a12034e300c2]
34119:
34120: * sudo.c:
34121: now rips LD_* env vars out of envp and passed sanitized Envp to exec
34122: [d201a218e056]
34123:
34124: * logging.c:
34125: now uses execve()
34126: [f3e01032cd33]
34127:
34128: * find_path.c:
34129: ENOTDIR is ok now too (in case part of the path is bogus)
34130: [b5cbbb201bb5]
34131:
34132: * qualify.c:
34133: now works correctly (ttaltotal rewrite)
34134: [0c25d64a5c68]
34135:
34136: * parse.lex:
34137: now includes sys/param.h didn't match trailing / -- fix from
34138: rouilj@cs.umb.edu
34139: [b6363ba110af]
34140:
34141: 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
34142:
34143: * sudo.c:
34144: moved around the #ifndef _AIX
34145: [7d4330950c20]
34146:
34147: * check.c, logging.c, parse.c:
34148: Initial revision
34149: [c101e9572d7f]
34150:
34151: 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
34152:
34153: * qualify.c:
34154: Initial revision
34155: [5a5f21d0e0bf]
34156:
34157: 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
34158:
34159: * find_path.c:
34160: now works if you do sudo bin/test
34161: [07835120ce43]
34162:
34163: * find_path.c:
34164: works
34165: [c3da8b5efa20]
34166:
34167: 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
34168:
34169: * sudo.h:
34170: Initial revision
34171: [28a1caa38b72]
34172:
34173: * visudo.c:
34174: Initial revision
34175: [0e5cd7c3cdbe]
34176:
34177: * parse.lex, parse.yacc:
34178: Initial revision
34179: [5f2d0cccb06b]
34180:
34181: 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
34182:
34183: * sudo.c:
34184: took out errno.h
34185: [7466431a2655]
34186:
34187: * sudo.c:
34188: now spews error if exec fails and exits with -1
34189: [e5c41ea725c1]
34190:
34191: * sudo.c:
34192: Initial revision
34193: [8aeabe39a0c2]
34194:
34195: * find_path.c:
34196: now only execs files with (an) executable bit set.
34197: [0a451f9c0e58]
34198:
34199: * find_path.c:
34200: Initial revision
34201: [02a534891a35]
34202:
34203: 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
34204:
34205: * getpass.c:
34206: added nice comment
34207: [ea8b2aaa9389]
34208:
34209: * getpass.c:
34210: now works on sgi's
34211: [bf2b7c6d0960]
34212:
34213: * getpass.c:
34214: Initial revision
34215: [9f4de251c1b5]
34216:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ChangeLog CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo