1: 2014-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
2:
3: * compat/getgrouplist.c, plugins/group_file/group_file.c,
4: plugins/system_group/system_group.c:
5: deal with NULL gr_mem here too
6: [0db43ed71001]
7:
8: * NEWS, configure, configure.ac:
9: Sudo 1.8.10p3
10: [3f415a180023]
11:
12: 2014-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
13:
14: * common/event.c:
15: Fix non-blocking mode. We only want to exit the event loop when
16: poll() or select() returns 0 and there are no active events. This
17: fixes a problem on some systems where the last buffer was not being
18: written when the command exited.
19: [deb6b1a7b241]
20:
21: 2014-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
22:
23: * plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h:
24: Make get_boottime() return bool.
25: [9ff15a995d01]
26:
27: * doc/CONTRIBUTORS, plugins/sudoers/boottime.c:
28: Fix fd leak on Linux when determing boot time. This is usually
29: masked by the closefrom() call in sudo. From Jamie Anderson. Bug
30: #645
31: [0b4c430e8b88]
32:
33: 2014-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
34:
35: * doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c:
36: Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when
37: changing the user. This is the correct flag to use with a program
38: that changes the uid like su or sudo and fixes a role problem on
39: Solaris. From Gary Winiger; Bug #642
40: [ec23c3bf41bb]
41:
42: * plugins/sudoers/defaults.c:
43: pam_setcred should default to true; from Gary Winiger Bug #642
44: [23e6628ec546]
45:
46: 2014-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
47:
48: * MANIFEST, plugins/sudoers/match.c,
49: plugins/sudoers/regress/testsudoers/test6.out.ok,
50: plugins/sudoers/regress/testsudoers/test6.sh,
51: plugins/sudoers/regress/testsudoers/test7.out.ok,
52: plugins/sudoers/regress/testsudoers/test7.sh:
53: Fix matching of uids and gids broken in sudo 1.8.9.
54: [315eff4add59]
55:
56: * plugins/sudoers/testsudoers.c:
57: Fix -P option in usage()
58: [50753b6222b7]
59:
60: 2014-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
61:
62: * plugins/sudoers/check.c, plugins/sudoers/prompt.c,
63: plugins/sudoers/sudoers.h:
64: Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw
65: or targetpw is set. Bug #639
66: [dff0208d1194]
67:
68: 2014-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
69:
70: * NEWS, configure, configure.ac:
71: Sudo 1.8.10p2
72: [774ebec63b41]
73:
74: * plugins/sudoers/timestamp.c:
75: Don't write an empty timestamp record when timestamp_timeout is
76: zero. If we find an empty record in the timestamp file, overwrite it
77: with a good one, truncating the file as needed.
78: [9c226d81b660]
79:
80: 2014-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
81:
82: * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
83: Fix typos in description of the -x option. Bug #637
84: [6ff2bfaaf99d]
85:
86: 2014-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
87:
88: * NEWS, configure, configure.ac:
89: Sudo 1.8.10p1
90: [33828a3385ad]
91:
92: * plugins/sudoers/timestamp.c:
93: Fix typo/thinko that prevented "Defaults !tty_tickets" from working.
94: [f65cc29dbcc7]
95:
96: * plugins/sudoers/parse.c:
97: Fix "sudo -l command" output when the matching command is negated.
98: Bug #636
99: [b4a92803f733]
100:
101: 2014-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
102:
103: * MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c,
104: common/regress/sudo_conf/test5.err.ok,
105: common/regress/tailq/hltq_test.c:
106: The atofoo_test and hltq_test tests now display their own test error
107: rate. Display pass/fail count separately for sudo_conf and
108: sudo_parseln tests. Check stderr output for the sudo_conf test.
109: [5c814709ac70]
110:
111: * src/Makefile.in:
112: Don't run the check_ttyname test if cross compiling.
113: [874ecc1c3db0]
114:
115: * plugins/sudoers/Makefile.in:
116: CWD no longer used.
117: [13b2f3c4269b]
118:
119: * plugins/sudoers/Makefile.in:
120: Fix diff of toke and err output files in "make check"
121: [485cdf3c75e7]
122:
123: 2014-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
124:
125: * src/po/de.mo, src/po/de.po:
126: sync with translationproject.org
127: [d246c72a2350]
128:
129: 2014-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
130:
131: * configure, configure.ac:
132: Check whether ber.h is needed before ldap.h even if we are not using
133: any ber functions. Needed for older versions of nss ldap.
134: [c2310324dc34]
135:
136: * plugins/sudoers/sssd.c:
137: Fix compiler warning in debug code.
138: [8ee4cb6cafad]
139:
140: * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/ca.mo, src/po/ca.po:
141: Catalan translation for sudo from translationproject.org.
142: [d6af7d06ee36]
143:
144: 2014-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
145:
146: * NEWS:
147: Document negation fix in JSON output.
148: [37a85423ae49]
149:
150: 2014-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
151:
152: * plugins/sudoers/visudo_json.c:
153: Fix handling of '!' operator when converting sudoers. We now add a
154: "negated" boolean flag to objects that have the '!' operator.
155: [071926c10280]
156:
157: 2014-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
158:
159: * MANIFEST, NEWS, plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po:
160: Czech translation for sudoers from translationproject.org
161: [c0aae297f7c1]
162:
163: 2014-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
164:
165: * configure, configure.ac:
166: Try -libmldap before -lldap in case there is no link from
167: libibmldap.so to libldap.so. Since IBM ldap is installed under /opt
168: we should only be able to reach it if --with-ldap was given an
169: explicit path.
170:
171: Only check for ber_set_option() if LBER_OPT_DEBUG_LEVEL is defined.
172: [89d50c29d737]
173:
174: 2014-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
175:
176: * plugins/sudoers/set_perms.c:
177: Fix typo in setreuid() PERM_ROOT error message.
178: [533415f53165]
179:
180: * mkpkg:
181: No longer need to disable setresuid() on debian.
182: [96ba687c35f0]
183:
184: 2014-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
185:
186: * plugins/sudoers/timestamp.c:
187: Fix conversion of timestamp_timeout from double to struct timeval.
188: Also quiet a printf format warning on 32-bit systems.
189: [59d1f3094dda]
190:
191: 2014-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
192:
193: * MANIFEST, NEWS, plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po:
194: Serbian translation for sudoers from translationproject.org.
195: [7134b386d658]
196:
197: 2014-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
198:
199: * doc/CONTRIBUTORS:
200: Add Ingo Schwarze
201: [114cdf286987]
202:
203: * NEWS, plugins/sudoers/visudo_json.c:
204: When exporting sudoers in JSON format, use the same type of Options
205: object for both Defaults and Cmnd_Specs.
206: [caa57043e197]
207:
208: 2014-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
209:
210: * compat/inet_pton.c:
211: Silence cppcheck false positive.
212: [b2781c42a80f]
213:
214: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
215: plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po:
216: sync with translationproject.org
217: [baba43a6d682]
218:
219: * NEWS, doc/UPGRADE:
220: Mention init.d scripts on AIX and HP-UX Mention sudoers group
221: mismatch fix
222: [0259cb1f7cae]
223:
224: * INSTALL:
225: Talk about clearing files at boot time, not reboot time since it
226: happens when the system comes up, not down.
227: [e8e480bc34fd]
228:
229: * plugins/sudoers/sudoers.c:
230: We also need to open the sudoers file as root if there is a GID
231: mismatch.
232: [2fb2ba6fc4e6]
233:
234: * sudo.pp:
235: Install /etc/rc.d/init.d/sudo and /etc/rc.d/rc2.d/S90sudo for AIX
236: rpm packages.
237: [4aca1d318599]
238:
239: 2014-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
240:
241: * src/Makefile.in:
242: Remove init.d file and link in uninstall target.
243: [249a9f105cdd]
244:
245: * configure, configure.ac, sudo.pp:
246: Fix INIT_DIR for real this time.
247: [5444eb1afbc5]
248:
249: * configure, configure.ac, sudo.pp:
250: Use correct init.d dir on HP-UX. Fix pp warnings from rc.d and
251: init.d dirs.
252: [809b54ef95f8]
253:
254: * .hgignore, MANIFEST, configure, configure.ac, init.d/aix.sh.in,
255: init.d/hpux.sh.in, src/Makefile.in, sudo.pp:
256: First cut add installing an init.d file for HP-UX and AIX to remove
257: old sudo timestamp files at boot time.
258: [ec6d35c62d88]
259:
260: 2014-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
261:
262: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
263: Use .Ar macro instead of "file ..." Use ".Cm -" instead of ".Li -"
264: for the default login class. From Ingo Schwarze.
265: [f13ea603760e]
266:
267: * doc/sudo.conf.mdoc.in, doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in,
268: doc/sudoers.ldap.mdoc.in, doc/sudoers.mdoc.in,
269: doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
270: Remove some extraneous markup; from Ingo Schwarze
271: * No need to explicitly end a macro with No before | because | counts
272: as middle punctuation and falls out of the macro, anyway.
273: * No need to explicitly re-open in-line macros after | because |
274: counts as middle punctuation and the macros resume afterwards,
275: anyway.
276: * Simplify the mnemonic remarks regarding the option letters, no need
277: for manual font and spacing control with No and Ns.
278: * Trim Ns No to just Ns, it already implies No.
279: [cc63d66c6655]
280:
281: * doc/sudoers.man.in, doc/sudoers.mdoc.in:
282: Move zerowidth space in :alpha: after the colon for consistency.
283: [799f6656c6e8]
284:
285: * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
286: doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
287: doc/sudoers.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
288: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
289: doc/visudo.man.in:
290: regen
291: [14d682732b6f]
292:
293: * doc/sudo.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
294: Remove extraneous keeps in SYNOPSIS now that mandoc does implied
295: keeps when converting from mdoc to man.
296: [0f48fc289f29]
297:
298: * doc/sudoers.mdoc.in:
299: Properly escape the : in :alpha:
300: [e41d4533a55f]
301:
302: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
303: Replace some uses of .Sy with .Ar, .Ev and .Pa as appropriate. From
304: Jan Stary.
305: [90ec488905de]
306:
307: 2014-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
308:
309: * plugins/sudoers/visudo_json.c:
310: Fix indentation of Defaults entries. The initial indent should be
311: outside the loop iterating over the entries.
312: [dc493c888fb2]
313:
314: 2014-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
315:
316: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
317: plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
318: plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
319: plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
320: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
321: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
322: plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po:
323: sync with translationproject.org
324: [fc517bc0908e]
325:
326: * common/aix.c, common/alloc.c, common/atoid.c, common/atomode.c,
327: common/fatal.c, common/gidlist.c, common/sudo_conf.c,
328: common/sudo_debug.c, compat/strsignal.c, compat/strtonum.c,
329: plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c,
330: plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
331: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
332: plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c,
333: src/locale_stub.c, src/net_ifs.c, src/sesh.c, src/sudo.h:
334: We must include gettext.h before missing.h as it includes system
335: headers. Also add missing DEFAULT_TEXT_DOMAIN defines in sudoers
336: audit code that does not include sudoers.h.
337: [3ac4aa43ce40]
338:
339: * common/sudo_dso.c:
340: When emulating DSO_NEXT with shl_get() we need to skip the program's
341: handle. This used to be documented as being index -2 but now it
342: seems to be index 0. As this is not guaranteed we need to look up
343: the real handle value for PROG_HANDLE and skip it when interating
344: through all the DSOs. Fixes infinite recursion on HP-UX in the
345: getenv() replacement.
346: [ade1b3045232]
347:
348: * src/env_hooks.c:
349: Export getenv() so it is visible to shared objects we link with.
350: [1ac08446a3a7]
351:
352: 2014-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
353:
354: * common/regress/atofoo/atofoo_test.c,
355: common/regress/sudo_conf/conf_test.c,
356: common/regress/sudo_parseln/parseln_test.c,
357: common/regress/tailq/hltq_test.c,
358: plugins/sudoers/regress/parser/check_fill.c:
359: Add some initprogname() calls to the test programs.
360: [e4320585a88b]
361:
362: 2014-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
363:
364: * plugins/sudoers/po/sudoers.pot:
365: regen
366: [038d066a866d]
367:
368: * doc/UPGRADE:
369: Mention that there is now a default LDAP search filter.
370: [6351da3f8377]
371:
372: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
373: doc/sudoers.ldap.mdoc.in:
374: Minor word choice change.
375: [7e59ab3eb453]
376:
377: * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
378: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
379: plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
380: plugins/sudoers/ldap.c, plugins/sudoers/match.c:
381: Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup
382: support requires an expensive substring match on the server. If
383: netgroups are not needed, this option can be disabled to reduce the
384: load on the LDAP server.
385: [e6bd6c103390]
386:
387: 2014-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
388:
389: * plugins/sudoers/ldap.c:
390: Update copyright year.
391: [1299eed430a5]
392:
393: * NEWS:
394: Mention LDAP changes.
395: [512b1e363587]
396:
397: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
398: doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c:
399: Use a default LDAP search filter of (objectClass=sudoRole). When
400: constructing the netgroup query, add (sudoUser=*) to the query so we
401: don't fall below the 3 character OpenLDAP substring threshold.
402: Otherwise the index for sudoUser will never be used for that query.
403: Pointed out by Michael Stroeder.
404: [54856973af41]
405:
406: * plugins/sudoers/timestamp.c:
407: Don't warn about an insecure lecture dir twice. Display warnings in
408: the user's locale.
409: [2c56b8b6d6f9]
410:
411: 2014-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
412:
413: * NEWS:
414: Mention the fix for ^Z at the password prompt when sudo was started
415: in the background.
416: [352d52ad1f7d]
417:
418: * common/term.c, src/exec_pty.c:
419: In term_restore(), only restores the terminal if we are in the
420: foregroup process group. Instead of calling tcgetpgrp(), which is
421: racy, we set a temporary handler for SIGTTOU and check whether it
422: was received after a failed call to tcsetattr().
423: [94979d51daa2]
424:
425: * MANIFEST, compat/getaddrinfo.c, compat/inet_pton.c, config.h.in,
426: configure, configure.ac, doc/LICENSE, include/missing.h, mkdep.pl,
427: plugins/sudoers/interfaces.c, plugins/sudoers/match_addr.c:
428: Use inet_pton() instead of inet_aton() and include a version from
429: BIND for those without it.
430: [fe61a27c76d3]
431:
432: * common/regress/atofoo/atofoo_test.c:
433: Quiet a gcc warning.
434: [f197821892ea]
435:
436: * compat/getaddrinfo.c:
437: Need to include limits.h for USHRT_MAX.
438: [d1d8bd9a0e01]
439:
440: 2014-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
441:
442: * common/term.c, include/sudo_util.h:
443: Use bool for function return values instead of 1 or 0.
444: [99e357c0800b]
445:
446: * configure, configure.ac:
447: Warn the user if the rundir needs to be cleared in the rc files.
448: Neither AIX not HP-UX clear /var/run (if it even exists).
449: [6cdbf57a2f9e]
450:
451: * NEWS:
452: Update for sudo 1.8.9p5
453: [efb737c32615]
454:
455: * src/preserve_fds.c:
456: When the closefrom limit is greater than any of the preserved fds,
457: the pfds list will be non-empty but lastfd will be -1 triggering an
458: ecalloc(0) assertion. Instead, test for lastfd being -1 and make
459: sure we always update it, even if dup() fails. Also restore initial
460: value of lowfd after we are done relocating. Fixes bug #633
461: [a11206a31f28]
462:
463: * common/term.c:
464: Document function return values.
465: [267bc85f6fbb]
466:
467: 2014-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
468:
469: * src/exec_pty.c:
470: term_restore() now restarts itself so we don't need to do it
471: ourselves.
472: [a17e885d0b0a]
473:
474: * common/term.c:
475: syscall restarting is broken on Mac OS X when interrupted by a tty
476: signal so restart tcsetattr() by hand. For details, see.
477: http://openradar.appspot.com/radar?id=6402578615107584
478: [3997b2a0577e]
479:
480: * MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c:
481: Add regress for atobool(), atoid() and atomode()
482: [e1cbdf86d6e2]
483:
484: * plugins/sudoers/Makefile.in:
485: Add back boottime.lo
486: [0b7ddc31e13e]
487:
488: * INSTALL:
489: Mention that rundir and vardir may be the same and what to do if
490: they are.
491: [301df9a31d43]
492:
493: * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
494: plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h,
495: plugins/sudoers/timestamp.c:
496: Bring back boot time checking code and zero out time stamp files
497: that predate the boot time. This should help systems w/o /var/run
498: where the admin has setup rc.d to clear the timestamp directory.
499: [e09389a8b1ca]
500:
501: * configure, configure.ac:
502: Check libraries for inet_pton() if not in libc.
503: [9f9bd83895e8]
504:
505: 2014-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
506:
507: * configure, configure.ac:
508: Fix clock_gettime() detection when it lives in librt. Some systems
509: have inet_aton() in libresolv (older Solaris).
510: [e5f7c8bc9a81]
511:
512: * sudo.pp:
513: Avoid duplicate directories if vardir and rundir are the same.
514: [c5df5ebc191b]
515:
516: * plugins/sudoers/po/sudoers.pot:
517: regen
518: [740b2cc42fea]
519:
520: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
521: Elaborate on time stamp error message causes.
522: [2838fea2e21a]
523:
524: 2014-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
525:
526: * sudo.pp:
527: Remove the time stamp dir and its contents when uninstalling. We
528: currently leave the lecture status files installed until there is a
529: better way to detect upgrades.
530: [61532b7113ff]
531:
532: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
533: Update time stamp error messages and regen.
534: [edf570c98cd5]
535:
536: * plugins/sudoers/timestamp.c:
537: Restore warning when sudoers is unable to update the time stamp
538: file.
539: [86648a771250]
540:
541: * INSTALL, Makefile.in, configure, configure.ac, doc/sudoers.mdoc.in,
542: m4/sudo.m4, plugins/sudoers/Makefile.in, sudo.pp:
543: Replace --with-timedir and --with-lecture_dir with --with-rundir and
544: --with-vardir which are the parent directories of the time stamp and
545: lecture dirs. These directories need to be searchable by non-root so
546: that the timestampowner setting can function.
547: [5c38d77a2d0c]
548:
549: * plugins/sudoers/timestamp.c:
550: Fix use of timestampowner in the new time stamp world order. Parent
551: directories for timestampdir and lecture_dir are now created with
552: the execute bit set so that we can traverse them as non-root.
553: [9ff6f07c0a5d]
554:
555: 2014-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
556:
557: * common/Makefile.in, plugins/sample/Makefile.in,
558: plugins/sudoers/Makefile.in:
559: Regen Makefiles.
560: [59542bcdb222]
561:
562: * common/sudo_debug.c, config.h.in, include/sudo_util.h,
563: plugins/sample/sample_plugin.c:
564: Move ctim_get and mtim_get to sudo_util.h
565: [d565391f5491]
566:
567: * plugins/sudoers/timestamp.c:
568: sprinkle some debug printfs and add function header comments
569: [1842d9b8170d]
570:
571: * plugins/sudoers/timestamp.c:
572: Properly handle the case where /var/run/sudo/ts doesn't exist.
573: [895f3ad6ad60]
574:
575: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
576: fix typo
577: [50041ebb6ce6]
578:
579: * NEWS:
580: Mention "sudo -K" change.
581: [e99bd7657aae]
582:
583: * doc/UPGRADE:
584: Upgrade info for 1.8.10
585: [0867718b9af5]
586:
587: 2014-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
588:
589: * plugins/sudoers/timestamp.c:
590: Warn on ftruncate failure().
591: [d2081876da25]
592:
593: * plugins/sudoers/timestamp.c:
594: Fix checking of lecture status.
595: [e12d78234d17]
596:
597: * mkpkg:
598: Do not override timedir on Debian.
599: [283fa2e69a0a]
600:
601: * common/event.c, common/event_select.c, include/missing.h,
602: plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c,
603: plugins/sudoers/visudo.c, src/sudo_edit.c:
604: Use sudo_timeval macros and remove compat macros from missing.h
605: [1de76d8b811e]
606:
607: * INSTALL, MANIFEST, NEWS, compat/Makefile.in, compat/clock_gettime.c,
608: config.h.in, configure, configure.ac, doc/sudoers.cat,
609: doc/sudoers.man.in, doc/sudoers.mdoc.in, include/missing.h,
610: include/sudo_util.h, m4/sudo.m4, mkdep.pl, pathnames.h.in,
611: plugins/sudoers/Makefile.in, plugins/sudoers/boottime.c,
612: plugins/sudoers/check.h, plugins/sudoers/def_data.c,
613: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
614: plugins/sudoers/defaults.c, plugins/sudoers/sudoers.h,
615: plugins/sudoers/timestamp.c, src/Makefile.in:
616: Switch to new time stamp file format. Each user now has a single
617: file which may contain multiple records when per-tty time stamps are
618: in use (the default). The time stamps use a monotonic timer where
619: available and are once again stored in /var/run/sudo. The lecture
620: status is now stored separately from the time stamps in a different
621: directory.
622: [7e16eb37bacc]
623:
624: 2014-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
625:
626: * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
627: plugins/sudoers/check.c:
628: When listing a user's privileges, always prompt the user for their
629: own password, regardless of the value of target_pw, root_pw or
630: runas_pw.
631: [73a13ccc7933]
632:
633: 2014-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
634:
635: * common/atomode.c:
636: Zero out errstr when there is no error; fixes bug #632
637: [74950ef1a0dc]
638:
639: 2014-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
640:
641: * configure, configure.ac, plugins/sudoers/interfaces.c,
642: plugins/sudoers/match_addr.c:
643: Use inet_aton() instead of inet_addr() as it allows us to
644: distinguish between the address (or mask 255.255.255.255) and an
645: error. In the future we may consider switching to inet_pton() for
646: IPv4 too.
647: [b6b4e4c77e9a]
648:
649: 2014-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
650:
651: * include/missing.h:
652: Fix typo, ULONG_MAX vs. ULLONG_MAX
653: [5d274daa9fb1]
654:
655: * plugins/sudoers/sudo_nss.c:
656: Fix typo in the AIX case.
657: [ee531c950fce]
658:
659: * plugins/sudoers/sudo_nss.c:
660: Size pointer for sudo_parseln() should be size_t not ssize_t. This
661: was already correct for the nsswitch.conf case.
662: [cfaf895c1db4]
663:
664: 2014-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
665:
666: * NEWS, common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
667: doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/net_ifs.c:
668: It is now possible to disable network interface probing in sudo.conf
669: by changing the value of the probe_interfaces setting.
670: [e9dc28c7db60]
671:
672: 2014-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
673:
674: * plugins/sudoers/match_addr.c:
675: If inet_addr() returns INADDR_NONE, return false instead of
676: iterating through the interfaces looking for a match that will never
677: happen.
678: [1559c301caec]
679:
680: * configure, configure.ac, src/Makefile.in:
681: Add explicit dependency on sudoers.la to sudo target when sudoers is
682: compiled statically into the sudo binary.
683: [d08cc66e18bd]
684:
685: 2014-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
686:
687: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
688: plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
689: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
690: plugins/sudoers/sudoreplay.c, plugins/sudoers/timestr.c:
691: Do not assume localtime(), gmtime() and ctime() always return non-
692: NULL.
693: [a1b5b67436de]
694:
695: 2014-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
696:
697: * Makefile.in, common/Makefile.in, compat/Makefile.in,
698: doc/Makefile.in, include/Makefile.in,
699: plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
700: plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
701: src/Makefile.in, zlib/Makefile.in:
702: Update copyright years
703: [37d2aaa92544]
704:
705: * plugins/sudoers/visudo_json.c:
706: Eliminate dead store found by clang checker.
707: [86874d5340f1]
708:
709: * NEWS, configure, configure.ac:
710: Update for sudo 1.8.9p4
711: [f79ab7c6c1c5]
712:
713: * common/sudo_debug.c, include/sudo_debug.h, src/preserve_fds.c:
714: When relocating fds, update the debug fd if it is set so we are
715: guaranteed to get debugging output.
716: [b1deaa472aa6]
717:
718: 2014-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
719:
720: * src/exec.c:
721: If the event loop exits due to an error and we are not logging I/O,
722: kill the command if still running. Fixes a bug where sudo could exit
723: while the command was still running.
724: [844018ff8a8c]
725:
726: * src/preserve_fds.c:
727: When relocating preserved fds, start with the highest ones first to
728: avoid moving fds around more than we have to. Now uses a bitmap to
729: keep track of which fds are being preserved. Fixes a bug where the
730: debugging fd could be relocated to the same fd as the error
731: backchannel temporarily, resulting in debugging output being printed
732: to the backchannel if util@debug was enabled.
733: [55e006dbeaf3]
734:
735: * src/preserve_fds.c:
736: When restoring fds traverse list from high -> low, not low -> high
737: to avoid implicitly closing an fd we want to relocate.
738: [6351225f47d7]
739:
740: * src/exec.c:
741: If not logging I/O we may get EOF when the command is executed and
742: the other end of the backchannel is closed. Just remove the
743: backchannel event in this case or we will continue to receive the
744: event. Bug #631
745: [a204b69d91f7]
746:
747: * src/po/sr.mo, src/po/sr.po:
748: sync with translationproject.org
749: [987087ce4658]
750:
751: 2014-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
752:
753: * src/ttyname.c:
754: Fix strtonum() usage when parsing /proc/self/stat on Linux. Bug #630
755: [3448dffe9701]
756:
757: * NEWS, configure, configure.ac:
758: Update for sudo 1.8.9p3
759: [22e5a6f69999]
760:
761: * plugins/sudoers/logwrap.c:
762: Remove dead store; found by cppcheck
763: [a59833af3401]
764:
765: 2014-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
766:
767: * src/sesh.c:
768: Quiet a cppcheck warning about a negative subscript.
769: [ab98b72f5bdf]
770:
771: * src/exec_common.c, src/selinux.c, src/sesh.c, src/sudo_exec.h:
772: Make noexec parameter to sudo_execve() bool.
773: [daa75e4c248a]
774:
775: * plugins/sudoers/sudoreplay.c:
776: Quiet a few innocuous cppcheck warnings.
777: [90ffa16d27b1]
778:
779: * plugins/sudoers/sssd.c:
780: Handle in_res being NULL for sudo_debug_printf() in
781: sudo_sss_filter_result().
782: [8595cc05d2a8]
783:
784: * plugins/sudoers/iolog.c:
785: When writing length to timing file, use %u not %d as it is unsigned.
786: [a7f2fcb6919e]
787:
788: * plugins/sudoers/visudo_json.c:
789: Close export_fp in the error path too, but do not close stdout.
790: [5c918718ab45]
791:
792: * plugins/sudoers/auth/secureware.c:
793: Move right brace outside #ifdef HAVE_DISPCRYPT; found by cppcheck.
794: [f2619d2eb7a8]
795:
796: 2014-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
797:
798: * plugins/group_file/plugin_test.c:
799: Make this compile again
800: [f0ff8df475e8]
801:
802: * common/term.c:
803: Add suppression line to quiet a bogus (inconclusive) cppcheck
804: warning.
805: [065207271e5d]
806:
807: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
808: Do not leak old istack if realloc fails; found by cppcheck. Also
809: modify yyless() to avoid a harmless cppcheck warning every time it
810: is used.
811: [021077017a23]
812:
813: * Makefile.in, common/Makefile.in, compat/Makefile.in,
814: doc/Makefile.in, include/Makefile.in,
815: plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
816: plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
817: src/Makefile.in, zlib/Makefile.in:
818: Add cppcheck target to run cppcheck on all source files.
819: [d207c2ef49a2]
820:
821: 2014-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
822:
823: * NEWS, configure, configure.ac:
824: Update for sudo 1.8.9p2
825: [2e7fe6e371a4]
826:
827: * config.h.in, configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
828: m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4:
829: Update to libtool-2.4.2.418
830: [d1dbed89d733]
831:
832: * config.guess, config.sub:
833: Update from http://git.savannah.gnu.org/gitweb/?p=config.git
834: [2b5e32d23be5]
835:
836: 2014-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
837:
838: * NEWS:
839: Sudo 1.8.9 also fixes bug #617
840: [cc5c18228719]
841:
842: 2014-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
843:
844: * NEWS:
845: The fix for the hang was already in the 1.8.9 tarballs.
846: [f038ebcc1071]
847:
848: * NEWS, configure, configure.ac:
849: Update for sudo 1.8.9p1
850: [732fca0003cf]
851:
852: * common/atobool.c, common/event.c, plugins/sudoers/iolog.c,
853: plugins/sudoers/parse.h, src/exec.c, src/preserve_fds.c:
854: Update copyright year.
855: [fdeb5956810e]
856:
857: * plugins/sudoers/parse.h:
858: Go back to making the bit fields in struct cmndtag explicitly
859: signed. This fixes a problem on gcc 4.8 (at least) which appears to
860: be treating the value as unsigned by default.
861: [46b9a7bb10ac]
862:
863: * common/atobool.c:
864: Use debug_return_int() instead of bare return for debugging support.
865: [c273f822de5f]
866:
867: 2014-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
868:
869: * common/event.c:
870: Fix infinite loop that could be triggered by sudo_ev_loopbreak() and
871: sudo_ev_loopcontinue().
872: [1723561c46b0]
873:
874: * NEWS:
875: Update for 1.8.9 final.
876: [d49c14d21410]
877:
878: 2014-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
879:
880: * plugins/sudoers/iolog.c:
881: Handle a sequence file with no trailing newline.
882: [aa29306e4f6d]
883:
884: 2014-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
885:
886: * plugins/sudoers/iolog.c:
887: Truncate io log and timing files on open when recycling them. Only
888: an issue when the sequence number wraps around.
889: [01b2dfe15ff0]
890:
891: * plugins/sudoers/iolog.c:
892: Repair reading of the iolog sequence number that got broken when
893: adding stricter strtoul() checks.
894: [e0f4a11c3437]
895:
896: * src/exec.c:
897: If invoked as sudoedit we can't just exec the command directly since
898: the temporary files need to be updated before sudo exits.
899: [508503be1c4f]
900:
901: * src/preserve_fds.c:
902: Fix restoration of the close-on-exec flag when moving a relocated fd
903: back into its original position.
904: [5572f1f8b48a]
905:
906: 2014-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
907:
908: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
909: Add "see below" to reference "Secure editing" section in "Preventing
910: shell escapes".
911: [b2db990a36b3]
912:
913: 2014-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
914:
915: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
916: Add initial "Secure editing" section.
917: [0d7a192e0e25]
918:
919: * doc/LICENSE:
920: Update copyright year.
921: [4a639d9207a9]
922:
923: 2013-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
924:
925: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
926: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, src/po/eo.mo,
927: src/po/eo.po, src/po/fi.mo, src/po/fi.po:
928: sync with translationproject.org
929: [5c15a411b10d]
930:
931: * plugins/sudoers/policy.c:
932: Make user_cwd and user_tty dynamically allocated even for the
933: "unknown" case.
934: [015454bf97f8]
935:
936: 2013-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
937:
938: * configure, configure.ac:
939: Use -fstack-protector-strong in preference to -fstack-protector-all
940: or -fstack-protector.
941: [bdd1066eefc4]
942:
943: * doc/HISTORY:
944: Dell acquired Quest
945: [3d5b7d27a313]
946:
947: 2013-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
948:
949: * plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/ru.mo,
950: src/po/ru.po, src/po/vi.mo, src/po/vi.po:
951: sync with translationproject.org
952: [f964671d08ce]
953:
954: 2013-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
955:
956: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
957: plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
958: plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
959: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
960: plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
961: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
962: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
963: src/po/cs.mo, src/po/cs.po, src/po/da.mo, src/po/da.po,
964: src/po/it.mo, src/po/it.po, src/po/pl.mo, src/po/pl.po,
965: src/po/pt_BR.mo, src/po/pt_BR.po, src/po/uk.mo, src/po/uk.po,
966: src/po/zh_CN.mo, src/po/zh_CN.po:
967: sync with translationproject.org
968: [5f5becf5fb7a]
969:
970: * doc/sudoers.ldap.cat:
971: regen
972: [77745e6bc0d5]
973:
974: * NEWS:
975: Update for recent changes.
976: [365b9084268a]
977:
978: * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
979: plugins/sudoers/visudo.c:
980: Fix typo; we want setlocale(LC_ALL, "") since we are setting the
981: locale for the first time.
982: [e2b9660e9d48]
983:
984: 2013-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
985:
986: * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
987: plugins/sudoers/visudo.c:
988: Use sudoers_initlocale() in main() startup, not sudoers_setlocal()
989: as the latter assumes we are already in the user's locale which may
990: not be the case. For sudoreplay, we can just use setlocale()
991: directly as there is no sudoers locale.
992: [12235e50dea0]
993:
994: 2013-12-24 Todd C. Miller <Todd.Miller@courtesan.com>
995:
996: * src/preserve_fds.c, src/sudo.c, src/sudo.h:
997: Redo preserve_fds support to remap high fds so we can get the most
998: out of closefrom(). The fds are then restored after closefrom().
999: [7d712ec49db7]
1000:
1001: * plugins/sudoers/Makefile.in:
1002: Fix install-plugin when sudoers is compiled statically.
1003: [36a8bf3b588d]
1004:
1005: 2013-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
1006:
1007: * MANIFEST, common/sudo_debug.c, doc/sudo_plugin.cat,
1008: doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
1009: include/sudo_debug.h, include/sudo_plugin.h, src/Makefile.in,
1010: src/exec.c, src/exec_pty.c, src/preserve_fds.c, src/sudo.c,
1011: src/sudo.h, src/sudo_exec.h:
1012: Add support for preventing fds from getting clobbered by
1013: closefrom().
1014: [269f45964ff0]
1015:
1016: 2013-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
1017:
1018: * plugins/sudoers/Makefile.in:
1019: regen
1020: [b8f458379b5b]
1021:
1022: 2013-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
1023:
1024: * common/alloc.c:
1025: Need to include limits.h here too.
1026: [b53c6edef597]
1027:
1028: 2013-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
1029:
1030: * config.h.in, configure, configure.ac, plugins/sudoers/parse.h:
1031: No need to use __signed.
1032: [05f9648d1953]
1033:
1034: * plugins/sudoers/regress/logging/check_wrap.c:
1035: Need limits.h here too.
1036: [54aac3bbf66a]
1037:
1038: * compat/closefrom.c:
1039: Still need limits.h here.
1040: [0abc6b2be208]
1041:
1042: * plugins/sudoers/po/sudoers.pot:
1043: regen
1044: [386b47ced07f]
1045:
1046: * compat/closefrom.c:
1047: Go back to using /proc/self/fd instead of /proc/$$/fd as only AIX
1048: lacks /proc/self and it has F_CLOSEM.
1049: [b5735fbcfdce]
1050:
1051: 2013-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
1052:
1053: * plugins/sudoers/visudo_json.c:
1054: Use a switch to map digest type to name instead of an array of
1055: strings.
1056: [ab17ceb4dd60]
1057:
1058: * compat/closefrom.c:
1059: Use /dev/fd in closefrom() on FreeBSD < 8.0 and Mac OS X.
1060: [e70df3b3144b]
1061:
1062: * compat/snprintf.c:
1063: Remove _MAX and _MIN compat; we rely on missing.h for that. We
1064: already require the compiler handle long long so there's no need to
1065: use HAVE_LONG_LONG_INT everywhere.
1066: [2bda15071439]
1067:
1068: * common/ttysize.c, include/missing.h:
1069: Remove _MAX and _MIN defines that any system from the last 20 years
1070: should have. Add ULLONG_MAX in case it is missing.
1071: [2db0cee4aaa8]
1072:
1073: * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
1074: plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c:
1075: Change visudo -x to take a file name argument, which may be '-' to
1076: write the exported sudoers file to stdout.
1077: [84cb72c3c391]
1078:
1079: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/gram.c,
1080: plugins/sudoers/gram.y, plugins/sudoers/parse.c,
1081: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
1082: plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
1083: plugins/sudoers/toke.l, plugins/sudoers/visudo.c,
1084: plugins/sudoers/visudo_json.c, src/regress/ttyname/check_ttyname.c:
1085: Move symbol extern defs into sudoers.h
1086: [b631a0b57fae]
1087:
1088: * plugins/sudoers/regress/check_symbols/check_symbols.c,
1089: plugins/sudoers/regress/logging/check_wrap.c:
1090: Add missing sudo_util.h
1091: [ed0edc2e2d0c]
1092:
1093: 2013-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
1094:
1095: * plugins/sudoers/sudoreplay.c:
1096: Warn if the time stamp in the I/O log file does not fit in time_t.
1097: Warn if the info line is not well-formed instead of silently
1098: ignoring it.
1099: [37a050de5be5]
1100:
1101: 2013-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
1102:
1103: * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
1104: Rename libcommon libsudo_util
1105: [df3ffd4229e5]
1106:
1107: 2013-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
1108:
1109: * MANIFEST, common/Makefile.in, common/aix.c, common/atobool.c,
1110: common/atoid.c, common/atomode.c, common/fmt_string.c,
1111: common/gidlist.c, common/progname.c, common/setgroups.c,
1112: common/sudo_conf.c, common/term.c, common/ttysize.c,
1113: include/missing.h, include/sudo_util.h,
1114: plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
1115: plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.h,
1116: plugins/sudoers/sudoreplay.c, plugins/system_group/Makefile.in,
1117: plugins/system_group/system_group.c, src/Makefile.in, src/sudo.h:
1118: Move prototypes for functions provided by libcommon that don't have
1119: their own header files into sudo_util.h.
1120: [43f423a24416]
1121:
1122: 2013-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
1123:
1124: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/def_data.c,
1125: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
1126: plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
1127: plugins/sudoers/logging.c, plugins/sudoers/logging.h,
1128: plugins/sudoers/mkdefaults:
1129: Now that we have proper number parsing functions we should store
1130: T_UINT defaults values as unsigned int, not int.
1131: [67d8c2244f1d]
1132:
1133: * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
1134: Don't use int where we really mean enum def_tuple. When this code
1135: was written it was assumed that we may have multiple tuple types.
1136: However, that hasn't happened and probably never will.
1137: [8491f970f343]
1138:
1139: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1140: Regen after string parsing changes.
1141: [fd6bf79c3286]
1142:
1143: * common/atoid.c, common/atomode.c, compat/strtonum.c, configure,
1144: configure.ac, include/missing.h, plugins/sudoers/defaults.c,
1145: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
1146: plugins/sudoers/sudoreplay.c, src/parse_args.c, src/ttyname.c:
1147: The OpenBSD strtonum() uses very short error strings that can't be
1148: translated usefully. Convert them to longer strings on error. Also
1149: use the longer strings for atomode() and atoid().
1150: [dace028594da]
1151:
1152: 2013-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
1153:
1154: * MANIFEST, common/Makefile.in, common/atoid.c, common/atomode.c,
1155: plugins/sudoers/defaults.c, plugins/sudoers/policy.c,
1156: plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
1157: Add atomode() function for parsing a file mode.
1158: [44e29629aa5e]
1159:
1160: * common/sudo_conf.c, common/ttysize.c, compat/Makefile.in,
1161: compat/closefrom.c, compat/getaddrinfo.c, compat/strtonum.c,
1162: configure, configure.ac, include/missing.h,
1163: plugins/sudoers/boottime.c, plugins/sudoers/defaults.c,
1164: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
1165: plugins/sudoers/match_addr.c, plugins/sudoers/policy.c,
1166: plugins/sudoers/regress/logging/check_wrap.c,
1167: plugins/sudoers/regress/parser/check_addr.c,
1168: plugins/sudoers/sudoreplay.c, plugins/system_group/system_group.c,
1169: src/parse_args.c, src/sudo.c, src/ttyname.c:
1170: Use strtonum() instead of atoi(), strtol() or strtoul() where
1171: possible.
1172: [e4a1fc84b893]
1173:
1174: * MANIFEST, compat/Makefile.in, compat/strtonum.c, config.h.in,
1175: configure, configure.ac, include/missing.h, mkdep.pl:
1176: Add strtonum.c to compat for simpler number parsing.
1177: [a4c69b003da0]
1178:
1179: 2013-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
1180:
1181: * src/exec_common.c:
1182: Fix a warning on Solaris, we need to use debug_return_const_ptr.
1183: [932aa94c0cac]
1184:
1185: * plugins/sudoers/Makefile.in:
1186: check_symbols needs to link with SUDO_LIBS in order to get -lpthread
1187: on HP-UX for libldap (which uses threads). It would be better to
1188: have a separate variable for the pthread library but this is no
1189: worse than it used to be.
1190: [94591b765371]
1191:
1192: 2013-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
1193:
1194: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
1195: add missing comma
1196: [7dcbd1c6dd25]
1197:
1198: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
1199: Make -c option description more accurate.
1200: [3f305ae6037e]
1201:
1202: 2013-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
1203:
1204: * doc/CONTRIBUTORS, plugins/sudoers/sudoers.c:
1205: When checking whether a user may change the login class, just check
1206: pw_uid of the runas user, which was passed in to set_loginclass().
1207: [aaf736440441]
1208:
1209: 2013-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
1210:
1211: * plugins/sudoers/visudo_json.c:
1212: Use atoid() when parsing user/group IDs and print them as unsigned
1213: int.
1214: [40c77459a36a]
1215:
1216: 2013-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
1217:
1218: * plugins/sudoers/sudoreplay.c:
1219: Correctly parse 64-bit times in I/O log files.
1220: [d053ee75adc3]
1221:
1222: * compat/getgrouplist.c, plugins/group_file/getgrent.c,
1223: plugins/sudoers/pwutil.c,
1224: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
1225: plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
1226: Use atoid() not atoi() when parsing uids/gids.
1227: [491146596626]
1228:
1229: * plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
1230: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
1231: plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c,
1232: plugins/sudoers/sudoers.h:
1233: Better match debugging. Sprinkle const in match functions.
1234: [4cd8d793f165]
1235:
1236: 2013-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
1237:
1238: * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
1239: doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
1240: doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
1241: doc/sudo_plugin.mdoc.in:
1242: Document that plugins can be compiled statically into the sudo
1243: binary.
1244: [434061cf909f]
1245:
1246: 2013-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
1247:
1248: * plugins/sudoers/sssd.c:
1249: sudo_sss_filter_user_netgroup(): fix comment typos, break out of
1250: loop early if we match ALL or netgroup.
1251: [0691731f4b12]
1252:
1253: * plugins/sudoers/sssd.c:
1254: When filtering netgroups, use the passwd struct stashed in the
1255: handle, not user_name since we may be listing another users
1256: privileges.
1257: [f2669cf7b70c]
1258:
1259: * mkpkg:
1260: RHEL 6 and above builds sudo with SSSD support
1261: [afc3d894851e]
1262:
1263: * plugins/sudoers/sssd.c:
1264: Avoid passing NULL domainname to sudo_debug_printf().
1265: [b08abe5e6d23]
1266:
1267: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
1268: Document sssd debug subsystem.
1269: [250c3ab1bcf0]
1270:
1271: * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
1272: Document "event" debug subsystem.
1273: [85d220b48edc]
1274:
1275: * plugins/sudoers/match.c:
1276: Use atoid() instead of atoi() when parsing uids/gids so we get
1277: proper range checking.
1278: [5c3e2f3f6cb9]
1279:
1280: * plugins/sudoers/sssd.c:
1281: Add user netgroup filtering for SSSD. Previously, rules for a
1282: netgroup were applied to all even when they did not belong to the
1283: specified netgroup. RedHat Bugzilla 880150.
1284: [784848b5462c]
1285:
1286: * plugins/sudoers/sssd.c:
1287: Fix several issues found by the clang static analyzer; Daniel
1288: Kopecek
1289: [520261dd7461]
1290:
1291: 2013-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
1292:
1293: * README.LDAP:
1294: Mention how to dump sudoers info from LDAP.
1295: [a53c93790a30]
1296:
1297: * src/exec_common.c:
1298: On Solaris, disabling the proc_exec privilege appears to interfere
1299: with DAC file permissions. Adding DAC override permissions to the
1300: inheritable set works around this for commands run as root without
1301: giving extra permissions to other users. Bug #626
1302: [391ad44026c3]
1303:
1304: 2013-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
1305:
1306: * MANIFEST, common/Makefile.in, common/progname.c, compat/Makefile.in,
1307: compat/getprogname.c, configure, configure.ac, include/missing.h,
1308: mkdep.pl, plugins/sample/sample_plugin.c, plugins/sudoers/policy.c,
1309: plugins/sudoers/regress/check_symbols/check_symbols.c,
1310: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
1311: plugins/sudoers/regress/logging/check_wrap.c,
1312: plugins/sudoers/regress/parser/check_addr.c,
1313: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
1314: plugins/sudoers/visudo.c, src/parse_args.c,
1315: src/regress/ttyname/check_ttyname.c, src/sudo.c:
1316: Instead of setprogname(), add initprogname() which gets the program
1317: name for getprogname() using /proc or pstat() if possible.
1318: [e2d48d81456f]
1319:
1320: 2013-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
1321:
1322: * src/ttyname.c:
1323: Ignore EOVERFLOW from pstat_getproc(). The HP-UX kernel appears to
1324: return this in certain situations but it appears to be harmless at
1325: least insofar as retrieving the tty goes.
1326: [105bea4e1c20]
1327:
1328: * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
1329: plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
1330: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
1331: plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
1332: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
1333: plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
1334: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
1335: plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
1336: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
1337: src/po/cs.mo, src/po/cs.po, src/po/eo.mo, src/po/eo.po,
1338: src/po/fi.mo, src/po/fi.po, src/po/it.mo, src/po/it.po,
1339: src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po,
1340: src/po/ru.mo, src/po/ru.po, src/po/uk.mo, src/po/uk.po,
1341: src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
1342: Sync with translationproject.org
1343: [3694d7ad4c9d]
1344:
1345: 2013-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
1346:
1347: * plugins/sudoers/visudo.c:
1348: Add missing newline in help message after export option.
1349: [1c0bff0c181e]
1350:
1351: 2013-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
1352:
1353: * configure, configure.ac, plugins/sudoers/Makefile.in,
1354: src/Makefile.in:
1355: Do not add LIBDL to SUDO_LIBS or SUDOERS_LIBS in configure, do it in
1356: Makefile.in so we can make it last. Fixes a linking problem on
1357: Ubuntu precise.
1358: [f8d3bddbe742]
1359:
1360: 2013-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
1361:
1362: * configure, m4/ax_func_getaddrinfo.m4:
1363: Do not rely on NULL being defined for getaddrinfo() test. Fixes the
1364: check on HP-UX 11.23.
1365: [a5dcf0283693]
1366:
1367: 2013-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
1368:
1369: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1370: Regen for sudo 1.8.9b1
1371: [945f27a7aa1c]
1372:
1373: * src/po/de.mo, src/po/de.po, src/po/sr.mo, src/po/sr.po:
1374: Sync with translationproject.org
1375: [52abae16ccfa]
1376:
1377: 2013-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
1378:
1379: * INSTALL, MANIFEST, NEWS, common/Makefile.in, common/sudo_dso.c,
1380: compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, config.h.in,
1381: configure, configure.ac, include/sudo_dso.h, mkdep.pl,
1382: plugins/sudoers/Makefile.in, plugins/sudoers/group_plugin.c,
1383: plugins/sudoers/ldap.c,
1384: plugins/sudoers/regress/check_symbols/check_symbols.c,
1385: plugins/sudoers/sssd.c, plugins/system_group/Makefile.in,
1386: plugins/system_group/system_group.c, src/Makefile.in,
1387: src/env_hooks.c, src/load_plugins.c, src/preload.c, src/sudo.c,
1388: src/sudo.h:
1389: Add wrapper functions for dlopen() et al so that we can support
1390: statically compiling in the sudoers plugin but still allow other
1391: plugins to be loaded. The new --enable-static-sudoers configure
1392: option will cause the sudoers plugin to be compiled statically into
1393: the sudo binary. This does not prevent other plugins from being
1394: loaded as per sudo.conf.
1395: [9425770e9d2b]
1396:
1397: 2013-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
1398:
1399: * plugins/sudoers/visudo_json.c:
1400: Handle non-unix groups correctly. Get rid of runasuser and
1401: runasgroup types and use username and usergroup instead. The fact
1402: that the user or group is inside a Runas_List doesn't affect its
1403: underlying type.
1404: [ea1789258c11]
1405:
1406: 2013-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
1407:
1408: * plugins/sudoers/visudo_json.c:
1409: Simplify Defaults list option object. The name and value strings are
1410: superfluous.
1411: [5852b0184669]
1412:
1413: * compat/dlopen.c:
1414: Back out unintended change.
1415: [85156e49e96e]
1416:
1417: * MANIFEST, aclocal.m4, configure, configure.ac,
1418: m4/ax_func_getaddrinfo.m4:
1419: Add dedicated test for getaddrinfo(). Tru64 UNIX contains two
1420: versions of getaddrinfo and we must include netdb.h to get the
1421: proper definition.
1422: [9882e3e1e8e3]
1423:
1424: * compat/dlopen.c,
1425: plugins/sudoers/regress/check_symbols/check_symbols.c:
1426: Define RTLD_GLOBAL for older systems without it. Bug #621
1427: [ed38ac84f1da]
1428:
1429: 2013-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
1430:
1431: * compat/snprintf.c, include/missing.h:
1432: Rename snprintf replacement rpl_snprintf since we may now replace
1433: the libc version and #define rpl_snprintf snprintf in missing.h so
1434: we get our version when needed. This is consistent with how we
1435: replace glob and fnmatch.
1436: [309aa17d0dfe]
1437:
1438: * common/Makefile.in, common/regress/sudo_conf/conf_test.c,
1439: common/regress/sudo_parseln/parseln_test.c,
1440: common/regress/tailq/hltq_test.c, src/Makefile.in:
1441: libcommon tests need locale_stub.lo to link.
1442: [baae40f36de5]
1443:
1444: * MANIFEST, aclocal.m4, compat/snprintf.c, config.h.in, configure,
1445: configure.ac, m4/ax_func_snprintf.m4:
1446: Add check for C99 compliant (v)snprintf function.
1447: [79e02551543c]
1448:
1449: * compat/sig2str.c, configure, configure.ac:
1450: Include unistd.h in sig2str.c for Tru64 as it defines SIGRTMIN and
1451: SIGRTMAX in terms of sysconf(), which is prototyped in unistd.h. Bug
1452: #621; from Daniel Richard G.
1453: [2a59ccb8c966]
1454:
1455: * include/gettext.h, plugins/sudoers/locale.c, src/locale_stub.c:
1456: Add definition of U_ for --disable-nsl Don't define warning_gettext
1457: if --disable-nsl Bug #621; from Daniel Richard G.
1458: [c0054eb89c2b]
1459:
1460: 2013-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
1461:
1462: * plugins/sudoers/visudo_json.c:
1463: When merging Defaults entries we need to check the type of the next
1464: entry and not just assume it is the same as the previous one.
1465: [e97d9b9cf0d5]
1466:
1467: * plugins/sudoers/visudo_json.c:
1468: runasgroups not runasgroup in the Cmnd_Spec.
1469: [92ea5dc20e4d]
1470:
1471: * plugins/sudoers/visudo_json.c:
1472: Fix some syntax errors and change how lists are handled.
1473: [027b8dea44b2]
1474:
1475: * common/sudo_debug.c, config.h.in, configure, configure.ac,
1476: include/fatal.h, include/sudo_debug.h:
1477: Allow sudo to compile without variadic macro support in cpp.
1478: Debugging support will be limited (no file info from warnings.) From
1479: Daniel Richard G.; Bug #621
1480: [51b8b868cd4b]
1481:
1482: * Makefile.in, common/aix.c, common/fatal.c, common/gidlist.c,
1483: common/sudo_conf.c, include/fatal.h, include/gettext.h,
1484: include/missing.h, plugins/sudoers/auth/fwtk.c,
1485: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
1486: plugins/sudoers/bsm_audit.c, plugins/sudoers/defaults.c,
1487: plugins/sudoers/env.c, plugins/sudoers/group_plugin.c,
1488: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
1489: plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
1490: plugins/sudoers/logging.c, plugins/sudoers/match.c,
1491: plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
1492: plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
1493: plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c,
1494: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
1495: plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
1496: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
1497: plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, src/exec.c,
1498: src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
1499: src/locale_stub.c, src/net_ifs.c, src/parse_args.c, src/selinux.c,
1500: src/sesh.c, src/signal.c, src/solaris.c, src/sudo.c,
1501: src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
1502: Add warning_gettext() wrapper function that changes to the user
1503: locale, then calls gettext(). Add U_ macro that calls
1504: warning_gettext() instead of gettext(). Rename warning2()/error2()
1505: back to warning_nodebug()/error_nodebug().
1506: [f3bb207db201]
1507:
1508: 2013-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
1509:
1510: * common/fileops.c, compat/getaddrinfo.c, compat/mktemp.c,
1511: compat/utimes.c, configure.ac, plugins/sudoers/boottime.c,
1512: plugins/sudoers/check.c, plugins/sudoers/getdate.c,
1513: plugins/sudoers/getdate.y, plugins/sudoers/group_plugin.c,
1514: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
1515: plugins/sudoers/logging.h, plugins/sudoers/sssd.c,
1516: plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
1517: plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/preload.c,
1518: src/sudo.c, src/sudo_edit.c, src/ttyname.c, src/utmp.c:
1519: Fix some #if vs. #ifdef and remove an extraneous semicolon. Bug
1520: #624; from Daniel Richard G.
1521: [b212e4694018]
1522:
1523: * include/sudo_debug.h, plugins/sudoers/defaults.c,
1524: plugins/sudoers/ldap.c, src/exec_common.c:
1525: Add debug_return_const_str and debug_return_const_ptr for returning
1526: a const string or pointer. Using const for the normal versions
1527: produces warnings with the Tru64 compiler.
1528: [45018a149cb4]
1529:
1530: * common/event_poll.c, compat/getaddrinfo.c, config.h.in, configure,
1531: configure.ac, m4/sudo.m4:
1532: Fixes for building under Tru64; from Daniel Richard G. Bug #624
1533: [fc4a6cbae1ba]
1534:
1535: 2013-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
1536:
1537: * plugins/sudoers/logging.c:
1538: log_{fatal,warning} now logs to the debug file itself.
1539: log_{fatal,warning} now calls warningx2() after setting the locale
1540: itself instead of using the wrapper macros. This removes the only
1541: use of warningx(ngettext(...)).
1542: [930129361e0a]
1543:
1544: 2013-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
1545:
1546: * configure, configure.ac:
1547: Add -Wpointer-arith to --enable-warnings
1548: [2043ae306d1b]
1549:
1550: * configure, configure.ac:
1551: Fix more instances of #include directives where the '#' was not in
1552: column 1. From Daniel Richard G. (bug #622)
1553: [75f36f39dcab]
1554:
1555: * MANIFEST, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
1556: plugins/sudoers/Makefile.in, plugins/sudoers/visudo.c,
1557: plugins/sudoers/visudo_json.c:
1558: Add support to visudo to export sudoers in JSON format.
1559: [1697b2b4bfd2]
1560:
1561: 2013-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
1562:
1563: * plugins/sudoers/parse.h:
1564: Remove unused digest field from struct cmndspec, the digest really
1565: lives in struct sudo_command.
1566: [e9a1e2e112d6]
1567:
1568: * config.h.in, configure:
1569: Regen with autoconf 2.69
1570: [275f69f98f9e]
1571:
1572: * MANIFEST, Makefile.in, config.h.in, configure.ac, configure.in,
1573: doc/Makefile.in:
1574: Rename configure.in -> configure.ac
1575: [0aeafe425373]
1576:
1577: * MANIFEST, aclocal.m4, autogen.sh, config.h.in, configure,
1578: configure.in, ltmain.sh, m4/sudo.m4:
1579: From Daniel Richard G. (bug #622) Add an autogen.sh script that
1580: rebuilds the autoconf world. Move old aclocal.m4 contents to
1581: m4/sudo.m4. New (generayed) aclocal.m4 contains the m4_include
1582: directives. Some tests had #include directives where the '#' was not
1583: in column 1. Updated obsolete macro usage via autoupdate.
1584: [5fe8de5a56df]
1585:
1586: 2013-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
1587:
1588: * src/sudo_exec.h:
1589: Very old systems (pre XPG 4.2) may not support MSG_WAITALL. The
1590: likelihood of receiving a partial message is quite low so this is
1591: not a big deal.
1592: [900a304f9548]
1593:
1594: * configure, configure.in:
1595: HP-UX may require _XOPEN_SOURCE_EXTENDED to be defined for
1596: MSG_WAITALL to be visible.
1597: [f08b1a00a30a]
1598:
1599: * MANIFEST, plugins/sudoers/regress/visudo/test5.out.ok,
1600: plugins/sudoers/regress/visudo/test5.sh:
1601: Add regress test for bug #623
1602: [8e83cfccaf14]
1603:
1604: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
1605: Cope with a comment on the last line of the file with no newline.
1606: Bug #623
1607: [f826243bc4e6]
1608:
1609: * compat/getaddrinfo.c:
1610: Include arpa/inet.h for HP-UX; from Daniel Richard G.
1611: [d4d7a4303bae]
1612:
1613: * doc/Makefile.in:
1614: Add missing $(mansrcdir) to visudo.mdoc and visudo.man. From Daniel
1615: Richard G.
1616: [f664c8d2f961]
1617:
1618: 2013-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
1619:
1620: * include/fatal.h:
1621: In v{warning,fatal}x?() make a new copy of ap for the debug
1622: functions. It is not legal to use ap twice without reinitializing
1623: it. Noticed by Daniel Richard G.
1624: [6ca8bc48ecb3]
1625:
1626: * include/fatal.h:
1627: Remove errant warning_restore_locale() call.
1628: [4ef7aecefcbb]
1629:
1630: * include/missing.h, plugins/sudoers/logging.c:
1631: Move va_copy compat macro to missing.h
1632: [c873e4cc4c8a]
1633:
1634: * common/Makefile.in, compat/Makefile.in, mkdep.pl,
1635: plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
1636: plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
1637: src/Makefile.in, zlib/Makefile.in:
1638: Uniquify header dependencies so we don't end up with duplicates when
1639: a header file includes other headers. The header dependencies are
1640: sorted so the generated order is stable.
1641: [95747db2f07a]
1642:
1643: * compat/Makefile.in, configure, configure.in, doc/CONTRIBUTORS,
1644: mkdep.pl:
1645: Add getaddrinfo.lo to LTLIBOBJS for systems that need it. From
1646: Daniel Richard G.
1647: [e94ee99a52a9]
1648:
1649: * plugins/sudoers/testsudoers.c:
1650: Fix pasto
1651: [5262735e78e0]
1652:
1653: 2013-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
1654:
1655: * doc/sudoers.mdoc.in:
1656: Fix typo.
1657: [6b11a4eec6b6]
1658:
1659: 2013-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
1660:
1661: * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
1662: regen
1663: [995ca9f21862]
1664:
1665: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
1666: plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c:
1667: Fix warnings from -Wold-style-definition
1668: [a748c5c7b423]
1669:
1670: * configure, configure.in:
1671: Add -Wold-style-definition to --enable-warnings
1672: [0484de0deb59]
1673:
1674: * common/event_poll.c:
1675: Extra debugging for ready fds.
1676: [91fb85cdecbb]
1677:
1678: * common/event_select.c:
1679: When deleting an event, check ev->events to determine whether to
1680: remove from readfds or writefds instead of blinding removing from
1681: both. Also fix highfd adjustment.
1682: [7384db65ca9c]
1683:
1684: 2013-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
1685:
1686: * common/event_select.c:
1687: Only check an fd that is >= 0. Timeout-only events may have a
1688: negative fd.
1689: [fa0e5cbc3cc2]
1690:
1691: 2013-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
1692:
1693: * common/event.c:
1694: Don't call sudo_ev_{add,del}_impl() for timeout-only events. This
1695: makes it possible to pass sudo_ev_alloc() an fd of -1 for events
1696: only use SUDO_EV_TIMEOUT.
1697: [6838657a1a2f]
1698:
1699: 2013-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
1700:
1701: * common/alloc.c, common/event_select.c, include/sudo_event.h:
1702: Make a copy of readfds/writefds before calling select() instead of
1703: calculating it each time. Keep track of high fd in the base.
1704: [6048b78f2e94]
1705:
1706: 2013-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
1707:
1708: * doc/CONTRIBUTORS:
1709: Add Stephen Gelman
1710: [0028c7a91a4f]
1711:
1712: * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
1713: Fix sign comparison warning.
1714: [914cb36b9ed2]
1715:
1716: * plugins/sudoers/sudoreplay.c:
1717: Fix potential NULL dereference in non-interactive mode.
1718: [9233428d3f32]
1719:
1720: 2013-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
1721:
1722: * src/exec.c, src/exec_pty.c:
1723: Use MSG_WAITALL when receiving struct command_status over the Unix
1724: domain socket since we no longer use datagrams. This should avoid
1725: the need to handle incomplete reads, though in theory it is still
1726: possible.
1727: [28a92888a908]
1728:
1729: * plugins/sudoers/sudoreplay.c:
1730: SIGKILL is not catchable
1731: [79f82e4cb11d]
1732:
1733: * common/event.c, include/sudo_event.h, plugins/sudoers/sudoreplay.c:
1734: Add sudo_ev_get_timeleft() to get the amount of time left before an
1735: event times out and use it in sudoreplay.
1736: [d5b17ee30fa4]
1737:
1738: 2013-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
1739:
1740: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
1741: plugins/sudoers/sudoreplay.c:
1742: If the user presses <return> or <enter> in sudoreplay, skip to the
1743: next event. Useful for skipping past long pauses in the data.
1744: [43343f45c94d]
1745:
1746: * common/event.c, common/event_poll.c, common/event_select.c:
1747: Fix sudo_ev_scan_impl() return value in event_poll.c. Make sure we
1748: clear active flag from unprocessed events if sudo_ev_loopbreak() or
1749: sudo_ev_loopcontinue() are used. Remove bogus optimization when the
1750: timeout is zero or negative; it could prevent an I/O event from
1751: being triggered.
1752: [a13603fb3134]
1753:
1754: * plugins/sudoers/sudoreplay.c:
1755: Move session replay into its own function.
1756: [e323f7729595]
1757:
1758: * common/event.c, common/event_poll.c, common/event_select.c,
1759: include/sudo_event.h:
1760: Get rid of cur and pending pointers in struct sudo_event_base. We
1761: now pop the first event off the active queue instead of using a
1762: foreach loop with deferred removal of the event. Add
1763: SUDO_EVQ_INSERTED and SUDO_EVQ_TIMEOUTS flags to indicate that the
1764: event on the event queue and timeouts queue respectively. No longer
1765: need to compare the timeout to {0,0} or compare the event's base
1766: pointer to NULL to determine queue membership.
1767: [f2b2251fd523]
1768:
1769: * common/event_poll.c:
1770: rename sudo_ev_loop_impl() -> sudo_ev_scan_impl()
1771: [614faaff04e3]
1772:
1773: * MANIFEST, common/event.c, common/event_poll.c,
1774: common/event_select.c, compat/Makefile.in, compat/nanosleep.c,
1775: config.h.in, configure, configure.in, include/missing.h,
1776: include/sudo_event.h, mkdep.pl, plugins/sudoers/Makefile.in,
1777: plugins/sudoers/sudoreplay.c, src/exec.c, src/exec_pty.c:
1778: Add support for libevent-style timed events. Adding a timed event is
1779: currently O(n). The only consumer of timed events is sudoreplay
1780: which only used a singled one so O(n) == O(1) for now. This also
1781: allows us to remove the nanosleep compat function as we now use a
1782: timeout event instead.
1783: [db41c08e92dc]
1784:
1785: 2013-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
1786:
1787: * src/exec.c, src/exec_pty.c:
1788: Now that sudo_ev_base_free() removes all events before freeing we
1789: don't need to do this by hand.
1790: [b59d43658c5f]
1791:
1792: * common/event.c, common/event_poll.c, common/event_select.c,
1793: include/sudo_event.h:
1794: Add a list of active events in the base that the back end sets when
1795: it calls poll or select. This allows the front end to iterate over
1796: the events instead of having that code in both back ends. It will
1797: also simplify support for timeout events. Also make sure we can't
1798: touch freed memory if a callback frees its own event.
1799: [933b99b3f2bc]
1800:
1801: * common/event.c:
1802: Remove any existing events before freeing the event base.
1803: [2543c6620cf1]
1804:
1805: 2013-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
1806:
1807: * src/exec_pty.c:
1808: mon_handler() should be static
1809: [b1a62ef65c96]
1810:
1811: 2013-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
1812:
1813: * plugins/sudoers/ldap.c:
1814: If user specified start_tls and ldaps, display a warning and ignore
1815: start_tls. There's no reason to make this a fatal error.
1816: [bf446dd1e740]
1817:
1818: * src/exec_pty.c:
1819: Add missing else when the connection from the monitor to the parent
1820: sudo process is broken (due to the parent dying). Prevents a
1821: spurious "unexpected reply type on backchannel" warning.
1822: [5c44053cef08]
1823:
1824: * src/exec_pty.c:
1825: When flushing output we don't care whether we are the foreground
1826: process or not, we still need to flush to /dev/tty. If we are in the
1827: background, it is OK to get SIGTTOU.
1828: [9716892d1fb5]
1829:
1830: * plugins/sudoers/ldap.c:
1831: Should not attempt start_tls on an ldaps connection.
1832: [9d01d461c52c]
1833:
1834: 2013-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
1835:
1836: * plugins/sudoers/regress/parser/check_fill.c:
1837: Fix sign compare warning.
1838: [6130fa8df758]
1839:
1840: * doc/Makefile.in:
1841: Eliminate warning about circular dependency from GNU make.
1842: [7ed5df762089]
1843:
1844: * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
1845: src/ttyname.c:
1846: More sign compare fixes. On Solaris id_t is signed so use uid_t in
1847: the set_perms.c ID macro instead.
1848: [8166dcc50d0b]
1849:
1850: * common/fileops.c, common/lbuf.c, common/secure_path.c,
1851: common/sudo_debug.c, include/secure_path.h,
1852: plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
1853: plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.h,
1854: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
1855: plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
1856: plugins/sudoers/match_addr.c, plugins/sudoers/parse.h,
1857: plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
1858: plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c,
1859: plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
1860: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
1861: plugins/sudoers/toke_util.c, src/load_plugins.c, src/sudo.c,
1862: src/ttyname.c:
1863: Quiet sign comparision warnings.
1864: [e34f45dad10c]
1865:
1866: * configure, configure.in:
1867: Add -Wsign-compare to --enable-warnings
1868: [d560e274a6ae]
1869:
1870: * plugins/sudoers/ldap.c:
1871: Ignore SIGPIPE when connecting to the LDAP server so we can get a
1872: proper error message with the IBM LDAP libs. Also return
1873: LDAP_SUCCESS instead of 0 from most sudo_ldap_* functions that
1874: return an int.
1875: [611a4ed9b8ee]
1876:
1877: * plugins/sudoers/regress/parser/check_base64.c,
1878: plugins/sudoers/regress/parser/check_digest.c:
1879: Quiet compiler warnings.
1880: [7d82dcca7126]
1881:
1882: 2013-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
1883:
1884: * plugins/sudoers/ldap.c:
1885: sudo_ldap_parse_uri() should join multiple URIs in the string list
1886: together but it was clearing the host entry each time through the
1887: loop. Fixes a bug with multiple URI entries in ldap.conf where only
1888: the last one was being honored.
1889: [83cee19b136d]
1890:
1891: * src/exec_pty.c:
1892: Avoid a double free introduced when plugging a memory leak in
1893: safe_close(). A new ev_free_by_fd() function is used to remove and
1894: free any events sharing the specified fd. This can be used after
1895: safe_close() to make sure we don't try to select() on a closed fd.
1896: [54f48a281147]
1897:
1898: * plugins/sudoers/gram.c, plugins/sudoers/gram.y, src/exec.c:
1899: Quiet some llvm check false positives. The common idiom of using
1900: TAILQ_FIRST, TAILQ_REMOVE and free in a loop to free each entry in a
1901: TAILQ confuses llvm. Use TAILQ_FOREACH_SAFE instead (which is
1902: probably faster anyway).
1903: [bd1b8c11f416]
1904:
1905: * plugins/sudoers/auth/pam.c:
1906: If pam_open_session() fails don't call pam_getenvlist() with a NULL
1907: pam handle.
1908: [352e0329acba]
1909:
1910: * plugins/sudoers/defaults.c:
1911: Fix newly introduced use after frees found by llvm checker.
1912: [a81080230f1f]
1913:
1914: * common/event_select.c:
1915: Remove an errant list_next() call that should have been removed in
1916: the TAILQ conversion.
1917: [3bbf8d117ce4]
1918:
1919: * MANIFEST, common/Makefile.in, common/list.c,
1920: common/regress/tailq/hltq_test.c, include/list.h, include/queue.h,
1921: plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
1922: plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
1923: plugins/sudoers/gram.y, plugins/sudoers/match.c,
1924: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
1925: plugins/sudoers/regress/parser/check_fill.c,
1926: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
1927: Add "headless" tail queues and use them in place of the semi-
1928: circular lists in sudoers. Once the headless tail queue is built up
1929: it is converted to a normal TAILQ. This removes the last consumer of
1930: list.c and list.h so those can now be removed.
1931: [5986ba762a24]
1932:
1933: * common/Makefile.in, common/fatal.c, plugins/sudoers/Makefile.in,
1934: plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
1935: plugins/sudoers/env.c, plugins/sudoers/interfaces.c,
1936: plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
1937: plugins/sudoers/match_addr.c, plugins/sudoers/sudoreplay.c,
1938: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
1939: plugins/sudoers/visudo.c, src/Makefile.in, src/exec_pty.c,
1940: src/hooks.c:
1941: Use SLIST and STAILQ macros instead of doing headless singly linked
1942: lists manually. As a bonus we now use a tail queue for ldap.c and
1943: sudoreplay.c.
1944: [c31bc2d99082]
1945:
1946: * MANIFEST, common/Makefile.in, common/event.c, common/event_poll.c,
1947: common/event_select.c, common/list.c,
1948: common/regress/sudo_conf/conf_test.c, common/sudo_conf.c,
1949: doc/LICENSE, include/list.h, include/missing.h, include/queue.h,
1950: include/sudo_conf.h, include/sudo_event.h,
1951: plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c,
1952: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
1953: plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c,
1954: plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c,
1955: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c,
1956: src/Makefile.in, src/exec.c, src/exec_pty.c, src/load_plugins.c,
1957: src/sudo.c, src/sudo.h, src/sudo_plugin_int.h:
1958: Convert sudo to use BSD TAILQ macros instead of home ground tail
1959: queue functions. This includes a private queue.h header derived from
1960: FreeBSD. It is simpler to just use our own header rather than try to
1961: deal with macros that may or may not be present in various queue.h
1962: incarnations.
1963: [450bce095d7c]
1964:
1965: 2013-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
1966:
1967: * plugins/sudoers/sudoreplay.c:
1968: Fix AND operator broken by changes to fix OR.
1969: [a4d3485ee943]
1970:
1971: 2013-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
1972:
1973: * plugins/sudoers/sudoreplay.c:
1974: Fix OR operator.
1975: [f5c1c90ee284]
1976:
1977: 2013-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
1978:
1979: * src/exec_pty.c:
1980: Fix memory leak of I/O buffer events in safe_close().
1981: [08cd790cfbba]
1982:
1983: 2013-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
1984:
1985: * common/sudo_debug.c:
1986: Don't allow the debug subsystem to be initialized twice. Otherwise
1987: we can exhuast our stack when built in static mode.
1988: [fadacb6a4617]
1989:
1990: * common/event_poll.c:
1991: Make sure we do not try to usie index -1 in base->pfds[].
1992: [beeb922aba3f]
1993:
1994: 2013-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
1995:
1996: * NEWS, configure, configure.in:
1997: Bump version to 1.8.9
1998: [758dbb464796]
1999:
2000: 2013-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
2001:
2002: * src/exec_pty.c:
2003: Convert the monitor process to the event subsystem.
2004: [c4fe8e2ba53c]
2005:
2006: * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
2007: Convert the main sudo event loop to use the event subsystem. Read
2008: events for I/O buffers are added before the loop starts. Write
2009: events are added on demand as the buffers are filled.
2010: [72a603e997e0]
2011:
2012: * INSTALL, MANIFEST, common/Makefile.in, common/event.c,
2013: common/event_poll.c, common/event_select.c, common/list.c,
2014: common/sudo_debug.c, config.h.in, configure, configure.in,
2015: include/list.h, include/sudo_debug.h, include/sudo_event.h,
2016: mkdep.pl, plugins/sudoers/Makefile.in, src/Makefile.in,
2017: src/exec_pty.c:
2018: Simple event subsystem that uses poll() or select(). Basically a
2019: simplied subset of libevent2. Currently only fd events are supported
2020: (since that's all we need). The poll() backend is used by default,
2021: except on Mac OS X where poll() is broken for devices (including
2022: /dev/tty and ptys).
2023: [8773142b4117]
2024:
2025: * src/exec.c, src/exec_pty.c:
2026: Use SOCK_STREAM for socketpair, not SOCK_DGRAM so we get consistent
2027: semantics when the other end closes. This should make the conversion
2028: to poll() less problematic.
2029: [b6a321722a91]
2030:
2031: 2013-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
2032:
2033: * common/sudo_debug.c:
2034: Fix removal of trailing newlines in a debug message.
2035: [6f5ce5ac64e0]
2036:
2037: 2013-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
2038:
2039: * plugins/sudoers/visudo.c:
2040: When checking for unused Runas_Aliases, count those used as part of
2041: a Runas Group too. Fixes a false positive warning.
2042: [f13271a4a377]
2043:
2044: 2013-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
2045:
2046: * include/missing.h:
2047: Include stddef.h for rsize_t and errno_t on systems that support it
2048: natively.
2049: [bc547d47e9c6]
2050:
2051: * MANIFEST:
2052: Fix braino.
2053: [67b79747312f]
2054:
2055: * plugins/sudoers/po/da.mo, plugins/sudoers/po/de.mo,
2056: plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo,
2057: plugins/sudoers/po/it.mo, plugins/sudoers/po/pl.mo,
2058: plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/uk.mo,
2059: plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo:
2060: Rebuild message catalog files.
2061: [0a9befb0674e]
2062:
2063: * src/po/da.mo, src/po/eo.mo, src/po/fi.mo, src/po/it.mo,
2064: src/po/pl.mo, src/po/pt_BR.mo, src/po/ru.mo, src/po/uk.mo,
2065: src/po/vi.mo, src/po/zh_CN.mo:
2066: Rebuild message catalog files.
2067: [25191089ddf2]
2068:
2069: * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/cs.mo, src/po/cs.po:
2070: Czech translation for sudo from translationproject.org.
2071: [8bc0ed069ddb]
2072:
2073: 2013-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
2074:
2075: * plugins/sudoers/po/da.po, plugins/sudoers/po/de.po,
2076: plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.po,
2077: plugins/sudoers/po/it.po, plugins/sudoers/po/pl.po,
2078: plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.po,
2079: plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, src/po/da.po,
2080: src/po/eo.po, src/po/fi.po, src/po/it.po, src/po/pl.po,
2081: src/po/pt_BR.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
2082: src/po/zh_CN.po:
2083: Sync with translationproject.org
2084: [c16f9bb4579e]
2085:
2086: * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
2087: Change "next" back to 2. In the context of "next Friday" we really
2088: do want the friday of the upcoming (not current) week.
2089: Unfortunately, this means that things like "next week" and "next
2090: year" will match one more than we really want. Fixing this will
2091: require some fairly major changes to the grammar.
2092: [7f863c930121]
2093:
2094: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
2095: Mention that relative times don't always do what you might expect.
2096: [710a9b0dd36f]
2097:
2098: 2013-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
2099:
2100: * doc/CONTRIBUTORS:
2101: Add diacritical for Zdenek Behan.
2102: [78d333f88e6c]
2103:
2104: 2013-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
2105:
2106: * src/regress/ttyname/check_ttyname.c:
2107: Do not fail if ttyname() cannot determine the tty but sudo can.
2108: Should fix problems with running "make check" under pbuilder.
2109: [e6fc06a6c5cf]
2110:
2111: * plugins/sudoers/Makefile.in:
2112: Remove extraneous $$CWD; from Bdale Garbee
2113: [4d040ddd7446]
2114:
2115: 2013-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
2116:
2117: * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
2118: Make "this" and "next" qualifiers work a bit better. There is still
2119: room for improvement as "this week" will use the current time
2120: instead of the beginning of the week. That's a separate issue
2121: though.
2122: [e844c02f754a]
2123:
2124: 2013-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
2125:
2126: * common/regress/sudo_conf/conf_test.c,
2127: common/regress/sudo_parseln/parseln_test.c:
2128: Mark main() public to silence a warning on HP-UX.
2129: [ac0b869b9842]
2130:
2131: 2013-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
2132:
2133: * plugins/sudoers/po/sudoers.pot, plugins/sudoers/timestamp.c:
2134: Be specific that we are talking about the Unix epoch; bug #615
2135: [25887775371b]
2136:
2137: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/po/sudoers.pot,
2138: src/po/sudo.pot, src/selinux.c:
2139: Do not use "setup" as a verb; bug #614
2140: [17c4750aac5f]
2141:
2142: * plugins/sudoers/iolog.c:
2143: Fix logic goof when checking open() status.
2144: [76ece1445d71]
2145:
2146: * plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo,
2147: src/po/nl.po, src/po/ru.mo, src/po/ru.po:
2148: Sync with translationproject.org
2149: [21351498000f]
2150:
2151: * NEWS, plugins/sudoers/sudoreplay.c:
2152: Work around a bug in sudo 1.8.7 timing files where the indexes are
2153: off by two.
2154: [4aa0cd58af58]
2155:
2156: * MANIFEST, plugins/sudoers/iolog.c, plugins/sudoers/iolog.h,
2157: plugins/sudoers/sudoreplay.c:
2158: Repair writing of the I/O log file indices broken in sudo 1.8.7.
2159: [6a5f867884f5]
2160:
2161: 2013-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
2162:
2163: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2164: Try to improve the PAGERS noexec example a bit.
2165: [226f11118daa]
2166:
2167: 2013-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
2168:
2169: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
2170: doc/sudoers.ldap.mdoc.in:
2171: Document comment character in ldap.conf Clarify what is and is not
2172: supported in TLS_KEYPW Mention that gsk8capicmd can be used to
2173: create a stash file
2174: [fb8f06ab4458]
2175:
2176: 2013-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
2177:
2178: * NEWS:
2179: New bugs fixed for 1.8.8.
2180: [c158df7cd9d2]
2181:
2182: * plugins/sudoers/visudo.c:
2183: Fix setting of quiet flag when -q / --quiet is specified. Do not
2184: print "sudoers: parsed OK" in quiet mode.
2185: [df55acd57ce6]
2186:
2187: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
2188: plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/fi.mo,
2189: src/po/fi.po, src/po/it.mo, src/po/it.po:
2190: Updated translations from translationproject.org
2191: [e9e8abd23a28]
2192:
2193: * plugins/sudoers/check.c:
2194: Don't allow root to change its SELinux role without a password. Bug
2195: #611
2196: [f8b599acb29d]
2197:
2198: 2013-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
2199:
2200: * NEWS:
2201: Mention new Mac OS X symbol interposition.
2202: [98293b7c4e0f]
2203:
2204: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
2205: src/po/eo.po, src/po/fr.mo, src/po/fr.po:
2206: Updated translations from translationproject.org
2207: [865be7454354]
2208:
2209: * config.h.in, configure, configure.in, src/sudo_noexec.c:
2210: Add configure checks for the exec functions we will dummy out. This
2211: is only really needed on Mac OS X when symbol interposition is being
2212: performed but won't hurt elsewhere.
2213: [49c20cf6bab0]
2214:
2215: 2013-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
2216:
2217: * config.h.in, configure, configure.in, src/Makefile.in,
2218: src/sudo_noexec.c:
2219: Fix installation of sudo_noexec on Mac OS X. Use library symbol
2220: interposition on Mac OS X 10.4 and higher so we don't need to set
2221: DYLD_FORCE_FLAT_NAMESPACE=1.
2222: [a82999dff8e6]
2223:
2224: 2013-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
2225:
2226: * plugins/sudoers/ldap.c:
2227: Fix error display from ldap_ssl_client_init(). There are two error
2228: codes. The return value can be decoded via ldap_err2string() but the
2229: ssl reason code cannot (you have to look it up in a table online).
2230: [0267125ce9f0]
2231:
2232: 2013-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
2233:
2234: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
2235: doc/sudoers.ldap.mdoc.in:
2236: Fix typo in tls_key example for Tivoli
2237: [36599f424ac4]
2238:
2239: * src/parse_args.c:
2240: Don't escape '$' when running "sudo -i command". Bug #564
2241: [17542d52f714]
2242:
2243: * plugins/sudoers/iolog_path.c:
2244: Fix typo in comment.
2245: [d0510ed5eaba]
2246:
2247: * plugins/sudoers/auth/pam.c:
2248: Fix comment.
2249: [4e89e0bfd6af]
2250:
2251: * plugins/sudoers/timestr.c, plugins/sudoers/visudo.c:
2252: Quiet some gcc -Wformat=2 false positives
2253: [28a2014b9822]
2254:
2255: 2013-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
2256:
2257: * plugins/sudoers/auth/pam.c:
2258: Remove now-obsolete arg to env_merge()
2259: [ba015cf5d935]
2260:
2261: * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
2262: plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
2263: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
2264: plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
2265: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
2266: src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po,
2267: src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
2268: src/po/zh_CN.mo, src/po/zh_CN.po:
2269: Updated translations from translationproject.org
2270: [72b6aeaba505]
2271:
2272: * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/fr.mo, src/po/fr.po:
2273: French translation for sudo from translationproject.org.
2274: [a72321771860]
2275:
2276: * plugins/sudoers/logging.h:
2277: Add __printflike to audit_failure.
2278: [1686b3699d41]
2279:
2280: * include/missing.h:
2281: Use __nonnull__ attribute in __printflike.
2282: [d123613a1fb6]
2283:
2284: 2013-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
2285:
2286: * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
2287: When merging the PAM environment, allow environment variables set in
2288: PAM to override ones set by sudo as long as they do not match the
2289: env_keep or env_check lists.
2290: [f3c64967fed7]
2291:
2292: * plugins/sudoers/auth/pam.c:
2293: Call pam_getenvlist() after we've opened the session to get the
2294: session-specific environment variables.
2295: [b413fb9e1c77]
2296:
2297: 2013-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
2298:
2299: * NEWS:
2300: option not flag
2301: [08c31af7b818]
2302:
2303: * compat/getopt_long.c, config.h.in, configure, configure.in:
2304: Don't redefine opterr, optind, optopt, optarg in getopt_long.c. Add
2305: a check for optreset which is a BSD extension and provide a
2306: definition in getopt_long.c if it is not present.
2307: [3393e8d83400]
2308:
2309: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2310: regen
2311: [f38f65830118]
2312:
2313: * plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c:
2314: Use lower case for the long option arguments to match the manual.
2315: This is inconsistent with GNU but it is better to match the sudo
2316: documentation.
2317: [8fac2d64f5d2]
2318:
2319: * NEWS:
2320: Sudo 1.8.8
2321: [105c73752474]
2322:
2323: * src/parse_args.c:
2324: Use lower card for the long option arguments to match the manual.
2325: This is inconsistent with GNU but it is better to match the sudo
2326: documentation.
2327: [af243dd39850]
2328:
2329: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
2330: doc/sudo_plugin.mdoc.in:
2331: Describe how remote command execution can be implemented.
2332: [3eba7f93b7f6]
2333:
2334: * doc/sudoers.ldap.cat:
2335: Bump version.
2336: [0ee7f02f3627]
2337:
2338: 2013-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
2339:
2340: * src/sudo.c:
2341: Make it a fatal error if the plugin returns invalid or out of range
2342: command info.
2343: [8a7e56c7584a]
2344:
2345: * plugins/sudoers/policy.c:
2346: Use strtol() instead of atoi() and perform error checking of
2347: parameters passed from the sudo front-end.
2348: [05e05be3c6c4]
2349:
2350: * plugins/sudoers/auth/pam.c:
2351: It is not possible for auth to be NULL here.
2352: [771500e776e9]
2353:
2354: * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
2355: Initialize user_runhost and user_srunhost to user_host and
2356: user_shost in visudo and testsudoers.
2357: [c47cca74e1fc]
2358:
2359: * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
2360: common/error.c, common/fatal.c, common/gidlist.c, common/lbuf.c,
2361: common/list.c, common/sudo_conf.c, common/sudo_debug.c,
2362: compat/Makefile.in, compat/getopt_long.c, include/error.h,
2363: include/fatal.h, plugins/sudoers/Makefile.in,
2364: plugins/sudoers/bsm_audit.c, plugins/sudoers/hexchar.c,
2365: plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
2366: plugins/sudoers/regress/check_symbols/check_symbols.c,
2367: plugins/sudoers/regress/logging/check_wrap.c,
2368: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
2369: src/Makefile.in, src/locale_stub.c, src/net_ifs.c,
2370: src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h:
2371: Rename error.h -> fatal.h now that there is no error() function.
2372: [3a3827f10f04]
2373:
2374: * common/sudo_debug.c, include/sudo_debug.h:
2375: Add support to the debug subsystem for zero-length strings. This can
2376: happen for things like warning(NULL) or fatal(NULL) where we just
2377: want to log the errno string.
2378: [3ed739c5cc91]
2379:
2380: * include/error.h:
2381: Add __printflike for vfatal, vfatalx, vwarning and vwarningx.
2382: [57e65ed595d2]
2383:
2384: * plugins/sudoers/audit.c:
2385: Need to include gettext.h for BSM audit.
2386: [a87fda2d0123]
2387:
2388: * common/alloc.c, plugins/sudoers/env.c, src/exec_common.c,
2389: src/parse_args.c, src/sudo.c:
2390: Change some fatalx(NULL) that should be fatal(NULL).
2391: [8b1efda9f578]
2392:
2393: * include/error.h, include/missing.h:
2394: Use __printf0like for warning() and fatal() since the fmt string may
2395: be NULL.
2396: [858a890f00ad]
2397:
2398: * compat/pw_dup.c:
2399: Quiet a gcc "used uninitialized in this function" false positive.
2400: [98f47f89ce60]
2401:
2402: * mkpkg:
2403: Enable bsm audit on Mac OS X and Solaris >= 11.
2404: [8607488f986c]
2405:
2406: * plugins/sudoers/bsm_audit.c:
2407: Fix compilation on Solaris 11.
2408: [01aa46298ed7]
2409:
2410: * plugins/sudoers/bsm_audit.c:
2411: Add missing missing.h
2412: [080de69a55a1]
2413:
2414: * plugins/sudoers/sudoers.c:
2415: Move the -C (user_closefrom) check until after set_cmnd() so that
2416: closefrom_override can be used in a command-specific Defaults line.
2417: Fixes bug #610 from Mengtao Sun.
2418: [413565c6ff6b]
2419:
2420: 2013-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
2421:
2422: * src/exec.c:
2423: If not using a pty and the child process gets SIGTTOU or SIGTTIN and
2424: sudo is the foreground process, make the child the foreground
2425: process and continue it.
2426: [5ff433443bc4]
2427:
2428: * src/sudo.c:
2429: If sudo is not setuid and was not invoked with a full path, look in
2430: the user's PATH for the sudo binary to give a better error message.
2431: [a740129a38f0]
2432:
2433: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
2434: plugins/sudoers/logging.c, plugins/sudoers/match.c,
2435: plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c,
2436: plugins/sudoers/sudoers.h:
2437: Add limited support for "sudo -l -h other_host". Since group lookups
2438: are done on the local host, rules that use group membership may be
2439: incorrect if the group database is not synchronized between hosts.
2440: [2c8b222a5f7f]
2441:
2442: * src/parse_args.c:
2443: Fix parsing of "-h host" when used in conjunction with the -l flag.
2444: [62f3d726d52b]
2445:
2446: * configure, configure.in, doc/fixman.sh, doc/fixmdoc.sh,
2447: doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
2448: doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
2449: doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c,
2450: plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.c,
2451: src/sudo_usage.h.in:
2452: Simplify usage messages a bit and make --help output more closely
2453: resemble GNU usage wrt long options. Sync usage and man page
2454: SYNOPSYS sections and improve long options in the manual pages. Now
2455: that we have long options we don't need to give the mnemonic for the
2456: single-character options in the description.
2457: [17b7e386955a]
2458:
2459: 2013-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
2460:
2461: * plugins/sudoers/logging.c:
2462: Fix setting of mailer argv[0] to basename of mailerpath. No need to
2463: strdup() mailerpath as it is not modified.
2464: [8843cdd958ee]
2465:
2466: * plugins/sudoers/logging.c:
2467: Make sure the mailer exists and is a regular file before trying to
2468: exec it.
2469: [b73d6214014f]
2470:
2471: * plugins/sudoers/timestamp.c:
2472: If tty_tickets are enabled but there is no tty, use a ticket file
2473: based on the parent pid.
2474: [75408bd61ced]
2475:
2476: * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
2477: doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/parse_args.c:
2478: Allow default plugin dir to be configured in sudo.conf.
2479: [478883594cc5]
2480:
2481: * doc/CONTRIBUTORS:
2482: UTF8 for Ruusamae, Elan; from Tae Wong
2483: [02e0c95b4fa6]
2484:
2485: 2013-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
2486:
2487: * MANIFEST, common/regress/sudo_conf/test5.in,
2488: common/regress/sudo_conf/test5.out.ok,
2489: common/regress/sudo_conf/test6.in,
2490: common/regress/sudo_conf/test6.out.ok, common/sudo_conf.c,
2491: doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
2492: plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, src/sudo.c:
2493: Don't allow max_groups to be set to zero, it just complicates things
2494: needlessly. Fixes an assertion in visudo when there is a group-
2495: based Defaults entry.
2496: [d62a8ea32db9]
2497:
2498: 2013-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
2499:
2500: * MANIFEST, common/Makefile.in, common/gidlist.c,
2501: plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, src/sudo.c,
2502: src/sudo.h:
2503: Refactor code to parse list of gids into its own function that is
2504: shared by the sudo front-end and the sudoers module. Make uid/gid
2505: parse error be fatal, not just a warning.
2506: [da3b2b06605c]
2507:
2508: * common/atoid.c:
2509: Add function comment block.
2510: [09a324de716f]
2511:
2512: * common/atoid.c:
2513: Default text domain is now sudo, not sudoers.
2514: [1acb1da6f304]
2515:
2516: * common/Makefile.in:
2517: Update dependency for atoid.lo
2518: [5e367cd44288]
2519:
2520: * common/atoid.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
2521: plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, src/sudo.c,
2522: src/sudo.h:
2523: Add endpointer and separator args to atoid()
2524: [2077e4ed8578]
2525:
2526: 2013-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
2527:
2528: * compat/getgrouplist.c:
2529: Use private version of atoid() to avoid a dependency on libcommon.a
2530: (since that already depends on libreplace.a).
2531: [7c12d63b0560]
2532:
2533: * doc/CONTRIBUTORS:
2534: More UTF8 in names; from Tae Wong
2535: [512b263f51c8]
2536:
2537: * compat/getgrouplist.c, plugins/sudoers/iolog.c,
2538: plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h:
2539: Use atoid() in more places.
2540: [06f4ae57c707]
2541:
2542: * MANIFEST, common/Makefile.in, common/atoid.c,
2543: plugins/sudoers/Makefile.in, plugins/sudoers/atoid.c:
2544: Move atoid() to common so it can be used in src and compat too.
2545: [095d730701e4]
2546:
2547: * compat/closefrom.c:
2548: Avoid a crash on Mac OS X 10.8 (at least) when we close
2549: libdispatch's fds out from under it before executing the command.
2550: Switch to just setting the close on exec flag instead.
2551: [349ebf4987df]
2552:
2553: * doc/CONTRIBUTORS:
2554: Convert to last, first for easier sorting and use UTF8 (including a
2555: BOM).
2556: [8c30d221bd75]
2557:
2558: * plugins/sudoers/atoid.c:
2559: Add atoid() function to convert a string to an id_t (uid, gid or
2560: pid). We have to be careful to choose() either strtol() or strtoul()
2561: depending on whether the string appears to be signed or unsigned.
2562: Always using strtoul() is unsafe on 64-bit platforms since the uid
2563: might be represented as a negative number and (unsigned long)-1 on a
2564: 64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem
2565: with uids larger than 0x7fffffff on 32-bit platforms.
2566: [5d818e399157]
2567:
2568: * MANIFEST, config.h.in, configure, configure.in,
2569: plugins/sudoers/Makefile.in, plugins/sudoers/policy.c,
2570: plugins/sudoers/sudoers.h:
2571: Add atoid() function to convert a string to an id_t (uid, gid or
2572: pid). We have to be careful to choose() either strtol() or strtoul()
2573: depending on whether the string appears to be signed or unsigned.
2574: Always using strtoul() is unsafe on 64-bit platforms since the uid
2575: might be represented as a negative number and (unsigned long)-1 on a
2576: 64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem
2577: with uids larger than 0x7fffffff on 32-bit platforms.
2578: [cd92246a710f]
2579:
2580: * plugins/sudoers/sudoers.c:
2581: Avoid "perm stack underflow" error when logging the unknown uid
2582: error.
2583: [871514c713b7]
2584:
2585: * plugins/sudoers/set_perms.c:
2586: In rewind_perms() there is nothing to do if perm_stack_depth == 0.
2587: [98de335f47f0]
2588:
2589: 2013-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
2590:
2591: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
2592: plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c,
2593: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in:
2594: Add pam_setcred sudoers option to allow the user to control whether
2595: pam_setcred() is called on the user's behalf.
2596: [4260a8e43073]
2597:
2598: * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
2599: doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
2600: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
2601: plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
2602: Add pam_service and pam_login_service sudoers settings to control
2603: the service name passed to pam_start.
2604: [5ea0e3588f3a]
2605:
2606: * mkpkg:
2607: Newer Xcode places the SDKs under Xcode.app
2608: [4b54379d5c45]
2609:
2610: 2013-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
2611:
2612: * MANIFEST, common/Makefile.in, common/zero_bytes.c,
2613: compat/Makefile.in, compat/memset_s.c, config.h.in, configure,
2614: configure.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
2615: doc/sudo_plugin.mdoc.in, include/missing.h, include/sudo_plugin.h,
2616: mkdep.pl, plugins/sudoers/Makefile.in,
2617: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
2618: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
2619: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
2620: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
2621: plugins/sudoers/logging.c, plugins/sudoers/sha2.c,
2622: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
2623: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
2624: src/Makefile.in, src/conversation.c, src/sudo.h, src/sudo_edit.c,
2625: src/tgetpass.c:
2626: Implement memset_s() and use it instead of zero_bytes(). A new
2627: constant, SUDO_CONV_REPL_MAX, is defined by the plugin API as the
2628: max conversation reply length. This constant can be used as a max
2629: value for memset_s() when clearing passwords filled in by the
2630: conversation function.
2631: [264ec146028e]
2632:
2633: 2013-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
2634:
2635: * plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
2636: plugins/system_group/Makefile.in:
2637: Do not try to install plugins when shared modules are disabled
2638: (sudoers already had the check).
2639: [3d582c042042]
2640:
2641: * plugins/sudoers/Makefile.in:
2642: Update dependencies to take into account compat/getopt.h and
2643: compat/dlfcn.h.
2644: [301fb31cd121]
2645:
2646: * src/Makefile.in:
2647: Update dependencies now that sudo_usage.h is always included from
2648: the build dir.
2649: [c1ff70ec9515]
2650:
2651: 2013-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
2652:
2653: * plugins/sudoers/ldap.c:
2654: Add some warnings and debugging to sasl ccname handling.
2655: [467f415861f0]
2656:
2657: * plugins/sudoers/ldap.c:
2658: Fix write loop invariant in sudo_krb5_copy_cc_file()
2659: [6948cf6e9b9f]
2660:
2661: 2013-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
2662:
2663: * plugins/sudoers/ldap.c:
2664: Strip off leading FILE: or WRFILE: prefix before trying to copy the
2665: user's credential cache.
2666: [56c16feab62f]
2667:
2668: 2013-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
2669:
2670: * src/sudo.c:
2671: Instead of setting RLIMIT_NPROC to unlimited when sudo initializes,
2672: just save RLIMIT_NPROC in exec_setup() before the final setuid() and
2673: restore it immediately after. We don't need to modify RLIMIT_NPROC
2674: for simple euid changes, just for changing the real (and saved) uids
2675: before we exec. This also means we no longer need to worry about
2676: _SC_CHILD_MAX returning -1. Bug #565
2677: [1372f1909039]
2678:
2679: 2013-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
2680:
2681: * plugins/sudoers/ldap.c, src/preload.c:
2682: Now that the ldap code runs with the real and effective uid set to
2683: 0, it is not possible for the gssapi libs to find the user's krb5
2684: credential cache file. To work around this, we make a temporary copy
2685: of the user's credential cache specified by KRB5CCNAME (opened with
2686: the user's effective uid) and point gssapi to it. To set the
2687: credential cache file name, we dynamically look up
2688: gss_krb5_ccache_name() and use it if available, otherwise fall back
2689: to setting KRB5CCNAME.
2690: [8b86c134541a]
2691:
2692: 2013-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
2693:
2694: * doc/sudo.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
2695: doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in,
2696: doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c,
2697: plugins/sudoers/visudo.c:
2698: Long option support for visudo and sudoreplay.
2699: [91427968be71]
2700:
2701: 2013-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
2702:
2703: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/Makefile.in,
2704: src/parse_args.c, src/sudo.c, src/sudo_usage.h.in:
2705: Add support for long options and fix inclusion of sudo_usage.h with
2706: modern gcc broken in 8597:1fcb7ba13018.
2707: [d13134819944]
2708:
2709: * src/Makefile.in:
2710: Add rule to rebuild sudo_usage.h when the .in file changes.
2711: [59a32899e251]
2712:
2713: * compat/Makefile.in, mkdep.pl, src/Makefile.in:
2714: Add make rules for building getopt_long.c
2715: [5f57593b3a8b]
2716:
2717: * src/parse_args.c:
2718: Make "-h hostname" work. Optional args in GNU getopt() only work
2719: when there is no space between the option flag and the argument.
2720: [b8258659cabb]
2721:
2722: 2013-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
2723:
2724: * MANIFEST, compat/getopt.h, compat/getopt_long.c, config.h.in,
2725: configure, configure.in, doc/LICENSE, src/parse_args.c:
2726: Use getopt_long() so we can make the -h flag take an optional
2727: argument. Includes a version for those without it.
2728: [d1dd66c8a86b]
2729:
2730: 2013-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
2731:
2732: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
2733: Document that the -h option can be used specify a host name for
2734: future plugins.
2735: [8470c74cf326]
2736:
2737: * include/sudo_plugin.h, src/parse_args.c, src/sudo_usage.h.in:
2738: Overload -h option to specify an optional hostname for remote
2739: access. This is future-proofing; no policy plugins currently support
2740: this.
2741: [0e01d8c3c623]
2742:
2743: * configure, configure.in:
2744: Bump version to 1.8.8
2745: [a1155bfaa28f]
2746:
2747: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
2748: doc/sudo_plugin.mdoc.in:
2749: Document the remote_host setting (-h host)
2750: [c737db906f5d]
2751:
2752: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2753: fix "the the"
2754: [0025464a3942]
2755:
2756: * src/parse_args.c, src/sudo.c, src/sudo.h:
2757: Do not error out if arg to -U option cannot be resolved, that is for
2758: the plugin to decide. There is no need for runas_user and
2759: runas_group to be global, make them local to parse_args() instead.
2760: [fb02a62a72ba]
2761:
2762: * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/pt_BR.mo,
2763: plugins/sudoers/po/pt_BR.po, src/po/es.mo, src/po/es.po,
2764: src/po/pt_BR.mo, src/po/pt_BR.po:
2765: Sync with translationproject.org
2766: [e8f4772d918a]
2767:
2768: 2013-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
2769:
2770: * doc/TROUBLESHOOTING:
2771: Remove old bits about sudo setuid problems that should have been
2772: cleaned up in changeset 7917:fa4894896d8a. Also update the mode of
2773: sudo to 04755 to match current packaging.
2774: [1e3904cdc2de]
2775:
2776: * plugins/sudoers/auth/pam.c:
2777: Go back to ignoring the return value of pam_setcred() since with
2778: stacked PAM auth modules a failure from one module may override
2779: PAM_SUCCESS from another. If the first module in the stack fails,
2780: the others may be run (and succeed) but an error will be returned.
2781: This can cause a spurious warning on systems with non-local users
2782: (e.g. pam_ldap or pam_sss) where pam_unix is consulted first.
2783: [b6022e26135a]
2784:
2785: * src/net_ifs.c:
2786: Remove unused variable.
2787: [93dde7d82fde]
2788:
2789: * NEWS:
2790: Fix typo
2791: [5ef79671c2c7]
2792:
2793: 2013-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
2794:
2795: * plugins/sudoers/sssd.c:
2796: Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest().
2797: From Dan Harnett.
2798: [4a0af6f12765]
2799:
2800: 2013-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
2801:
2802: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2803: Fix formatting typo; from Eric S. Raymond
2804: [058b533ba460]
2805:
2806: 2013-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
2807:
2808: * mkpkg:
2809: Use -gxcoff on aix so dbx can be used to debug sudo.
2810: [4950e019ed2d]
2811:
2812: 2013-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
2813:
2814: * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
2815: Fix typo; bug 605
2816: [41f7b46a6e51]
2817:
2818: 2013-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
2819:
2820: * src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo,
2821: src/po/tr.mo:
2822: Regen .mo files that were out of date.
2823: [9e25a254f9db]
2824:
2825: 2013-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
2826:
2827: * NEWS, configure, configure.in:
2828: On Solaris 11 and higher, tag binaries for ASLR if supported by the
2829: linker.
2830: [a2a6cafa3e60]
2831:
2832: * mkpkg:
2833: No longer need to disable PIE on Solaris.
2834: [cf90019ae67e]
2835:
2836: 2013-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
2837:
2838: * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING:
2839: Restrict default creation of PIE binaries (-fPIE and -pie) to Linux.
2840: OpenBSD also supports PIE but enables it by default so we don't need
2841: to do anything. This fixes problems on systems with a version of GNU
2842: ld that accepts -pie but where the run-time linker doesn't actually
2843: support PIE. Also verify that a trivial PIE binary works unless PIE
2844: is explicitly enabled.
2845: [3c5f125efeb1]
2846:
2847: 2013-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
2848:
2849: * aclocal.m4, configure, configure.in:
2850: Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld
2851: where we can end up crashing due to malloc() failures. Sems OK when
2852: Using Sun as and ld.
2853: [b8ba412102ab]
2854:
2855: * NEWS:
2856: Update with final changes.
2857: [78ff6d2ed47a]
2858:
2859: 2013-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
2860:
2861: * configure, configure.in:
2862: Add -fPIE to PIE_LDFLAGS as per gcc manual.
2863: [fe900cbb0780]
2864:
2865: 2013-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
2866:
2867: * common/Makefile.in, compat/Makefile.in:
2868: Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs
2869: [f84bc7482b78]
2870:
2871: * MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c,
2872: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
2873: plugins/sudoers/regress/visudo/test4.out.ok,
2874: plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c:
2875: Replace sequence number-based cycle detection in visudo with a
2876: "used" flag in struct alias. The caller is required to call
2877: alias_put() when it is done with the alias. Inspired by a patch from
2878: Daniel Kopecek.
2879: [0bdbac1b3b39]
2880:
2881: 2013-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
2882:
2883: * plugins/sudoers/iolog.c:
2884: Eliminate a few relocations related to sudoers_io.
2885: [18e9e2cc3367]
2886:
2887: * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po:
2888: Sync with translationproject.org
2889: [f38cc128a2ad]
2890:
2891: 2013-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
2892:
2893: * src/ttyname.c:
2894: Clarify a comment.
2895: [7a045ee06e95]
2896:
2897: 2013-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
2898:
2899: * src/ttyname.c:
2900: Handle d_type == DT_UNKNOWN when resolving the device to a name and
2901: sprinkle some more debugging.
2902: [8774133747d9]
2903:
2904: 2013-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
2905:
2906: * doc/TROUBLESHOOTING:
2907: Add message about disabling PIE if sudo gets SIGSEGV.
2908: [c786af2a6751]
2909:
2910: * plugins/sudoers/check.h, plugins/sudoers/timestamp.c:
2911: No longer store the ctime of a devpts tty. The handling of ctime on
2912: devpts in Linux has been changed to conform to POSIX. As a result we
2913: can no longer assume that the ctime will stay unchanged throughout
2914: the life of the session. We store the session ID in the time stamp
2915: file so there is a much smaller chance of the time stamp file being
2916: reused by a new login. While here, store the uid/gid in the
2917: timestamp file too for good measure.
2918: [7028b21f7a9b]
2919:
2920: * configure, configure.in:
2921: PIE is broken on FreeBSD/arm
2922: [f232c60d6229]
2923:
2924: * mkpkg:
2925: Add explicit sendmail path for Linux since we may not have sendmail
2926: installed in the build chroot.
2927: [1ba2f84f4ff0]
2928:
2929: 2013-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
2930:
2931: * common/sudo_debug.c, plugins/sudoers/iolog.c,
2932: plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c:
2933: Quiet a few -Wunused-result compiler warnings.
2934: [ef12afb61423]
2935:
2936: 2013-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
2937:
2938: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2939: Mention what SHA-2 formats are supported.
2940: [bf298d0fdf8a]
2941:
2942: * doc/CONTRIBUTORS:
2943: List code and translations separately.
2944: [826547bc1295]
2945:
2946: 2013-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
2947:
2948: * MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
2949: plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
2950: plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po:
2951: Sync with translationproject.org
2952: [9499a6f438b8]
2953:
2954: * plugins/sudoers/po/sudoers.pot:
2955: regen
2956: [cce449e284a6]
2957:
2958: * Makefile.in:
2959: Fix c-format for fatal/fatalx
2960: [4ad81d3faaeb]
2961:
2962: 2013-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
2963:
2964: * Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
2965: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
2966: plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h:
2967: Change some error/errorx -> fatal/fatalx in comments and xgettext
2968: flags.
2969: [9d9b64fa2ec9]
2970:
2971: * NEWS:
2972: There is now a Turkish translation of sudoers.
2973: [701c5af6aa76]
2974:
2975: * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
2976: plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
2977: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
2978: plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
2979: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
2980: plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
2981: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
2982: plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
2983: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
2984: Updated translations from translationproject.org including new
2985: Turkish translation.
2986: [9cedbb50d90f]
2987:
2988: 2013-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
2989:
2990: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
2991: Document that sudoers will re-use existing I/O log paths unless they
2992: are mktemp-style with trailing X's.
2993: [4f43bd13d9e7]
2994:
2995: * NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat,
2996: doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
2997: doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c,
2998: plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
2999: Allow ldap_conf and ldap_secret to be specified as plugin arguments
3000: in sudo.conf
3001: [37c6c425b565]
3002:
3003: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
3004: doc/sudoers.ldap.mdoc.in:
3005: sudoers_debug is now deprecated in favor of the sudo debugging
3006: framework.
3007: [1195be1ec254]
3008:
3009: * plugins/sudoers/ldap.c:
3010: Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use
3011: SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the
3012: debug file with the ldap subsystem. The sudoers_debug setting in
3013: ldap.conf is still honored for now but will be removed in a future
3014: release.
3015: [cfa42b4b913e]
3016:
3017: 2013-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
3018:
3019: * plugins/sudoers/sudoers2ldif:
3020: Add support for converting sudoers files with SHA-2 command digests.
3021: [dc0d03485946]
3022:
3023: * doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg,
3024: plugins/sudoers/sudoers2ldif:
3025: Add copyright notice to scripts
3026: [5e8bd4e6083f]
3027:
3028: * MANIFEST, plugins/sudoers/regress/sudoers/test14.in,
3029: plugins/sudoers/regress/sudoers/test14.out.ok,
3030: plugins/sudoers/regress/sudoers/test14.toke.ok:
3031: Add regress for SHA-2 digests.
3032: [0b258c2a2a95]
3033:
3034: * compat/getgrouplist.c:
3035: Solaris maps negative gids to GID_NOBODY.
3036: [57050e5c750f]
3037:
3038: * plugins/sudoers/visudo.c:
3039: Clear up an llvm checker warning which appears to be a false
3040: positive and fix an old XXX while I'm at it.
3041: [9ee13133e596]
3042:
3043: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
3044: doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
3045: Correct last change date
3046: [3bc1fa5b0f76]
3047:
3048: * plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c:
3049: No need to translate this error message.
3050: [4d9941970a26]
3051:
3052: * doc/UPGRADE:
3053: Mention .sl vs. .so extension handling on HP-UX Mention group
3054: membership changes Fix typos
3055: [40ac0efbdb2b]
3056:
3057: * aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c,
3058: common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c,
3059: common/setgroups.c, common/term.c, common/ttysize.c,
3060: compat/Makefile.in, compat/dlopen.c, compat/endian.h,
3061: compat/getline.c, compat/getprogname.c, compat/isblank.c,
3062: compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c,
3063: compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
3064: compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
3065: compat/strsignal.c, compat/utimes.c, doc/Makefile.in,
3066: include/Makefile.in, include/alloc.h, include/fileops.h,
3067: include/gettext.h, include/lbuf.h, include/missing.h,
3068: include/sudo_plugin.h, pathnames.h.in,
3069: plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
3070: plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in,
3071: plugins/sudoers/alias.c, plugins/sudoers/audit.c,
3072: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
3073: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
3074: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
3075: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
3076: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
3077: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
3078: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c,
3079: plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
3080: plugins/sudoers/defaults.h, plugins/sudoers/env.c,
3081: plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
3082: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
3083: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
3084: plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
3085: plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c,
3086: plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c,
3087: plugins/sudoers/logging.h, plugins/sudoers/match.c,
3088: plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
3089: plugins/sudoers/parse.h, plugins/sudoers/prompt.c,
3090: plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c,
3091: plugins/sudoers/redblack.h,
3092: plugins/sudoers/regress/check_symbols/check_symbols.c,
3093: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
3094: plugins/sudoers/regress/logging/check_wrap.c,
3095: plugins/sudoers/regress/parser/check_addr.c,
3096: plugins/sudoers/regress/parser/check_fill.c,
3097: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
3098: plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h,
3099: plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
3100: plugins/sudoers/toke.h, plugins/sudoers/toke.l,
3101: plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c,
3102: plugins/sudoers/visudo.c, plugins/system_group/Makefile.in,
3103: plugins/system_group/system_group.c, src/Makefile.in,
3104: src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c,
3105: src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c,
3106: src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h,
3107: src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c,
3108: src/utmp.c:
3109: Update copyright years.
3110: [5c6d72661bad]
3111:
3112: * plugins/sudoers/mon_systrace.h:
3113: Systrace support was removed long ago.
3114: [10a038a2da77]
3115:
3116: 2013-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
3117:
3118: * MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok,
3119: plugins/sudoers/regress/sudoers/test9.toke.out.ok:
3120: Remove some files that were mistakenly added.
3121: [833502da26de]
3122:
3123: * common/sudo_debug.c, config.h.in, configure, configure.in,
3124: plugins/sudoers/boottime.c, plugins/sudoers/iolog.c,
3125: plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
3126: plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c:
3127: Use time(&now) instead of now = time(NULL) when storing the current
3128: time in a time_t (better compiler error checking). Better parsing
3129: and printing of 64-bit time_t on 32-bit platforms.
3130: [c227dc72c04e]
3131:
3132: 2013-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
3133:
3134: * src/ttyname.c:
3135: Don't check the tty of the parent process. Now that we get the
3136: controlling tty device number from the kernel there is no need. If
3137: the process has really disassociated from the tty then reporting
3138: "unknown" is appropriate.
3139: [62fb66e565db]
3140:
3141: 2013-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
3142:
3143: * common/error.c:
3144: Use EXIT_FAILURE instead of 1 as the fatal() exit value.
3145: [ed94c2c5e88a]
3146:
3147: * src/sesh.c:
3148: Change remaining errorx -> fatalx
3149: [3f6d70e19303]
3150:
3151: 2013-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
3152:
3153: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
3154: plugins/sudoers/sudoers.h:
3155: Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an
3156: error if the entry already exists in the cache.
3157: [94d45970400a]
3158:
3159: * plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot:
3160: Change "foo: failed" to just "foo" since we print the string form of
3161: errno. Gets rids of some useless translations.
3162: [476f37349dbc]
3163:
3164: 2013-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
3165:
3166: * plugins/sudoers/match.c:
3167: Fix pasto in debug_decl
3168: [08650186a239]
3169:
3170: * plugins/sudoers/Makefile.in:
3171: regen
3172: [acf4c34fba2c]
3173:
3174: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
3175: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
3176: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c,
3177: plugins/sudoers/logging.h, plugins/sudoers/parse.c,
3178: plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
3179: Rename log_error() -> log_warning() for consistency with
3180: warning()/fatal()
3181: [474ed5a0e335]
3182:
3183: * plugins/sudoers/auth/API:
3184: The NO_EXIT flag was removed a while ago.
3185: [e0a4be270226]
3186:
3187: * common/aix.c, common/alloc.c, common/error.c, include/error.h,
3188: plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
3189: plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c,
3190: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
3191: plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
3192: plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
3193: plugins/sudoers/pwutil.c,
3194: plugins/sudoers/regress/check_symbols/check_symbols.c,
3195: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
3196: plugins/sudoers/regress/logging/check_wrap.c,
3197: plugins/sudoers/regress/parser/check_addr.c,
3198: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
3199: plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
3200: plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c,
3201: src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c,
3202: src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c,
3203: src/utmp.c:
3204: Rename error/errorx -> fatal/fatalx and remove the exit value as it
3205: was always 1.
3206: [ea66f58c4da5]
3207:
3208: * NEWS:
3209: digests are supported in sudoers ldap too
3210: [77d6c25f7653]
3211:
3212: * plugins/sudoers/regress/check_symbols/check_symbols.c:
3213: Print test failures to stdout like the final count so the outputis
3214: not displayed out of order.
3215: [f541b78ecb93]
3216:
3217: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
3218: plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo,
3219: plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo,
3220: src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po,
3221: src/po/it.po, src/po/tr.po:
3222: Sync with translationproject.org
3223: [cbd70678b99f]
3224:
3225: * Makefile.in:
3226: Check for any uncommitted changes in dist target and add force-dist
3227: target that omit check-dist.
3228: [78dc3f41e37e]
3229:
3230: 2013-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
3231:
3232: * src/regress/ttyname/check_ttyname.c:
3233: Fix logic bug when checking tty via ttyname().
3234: [279aee076194]
3235:
3236: * compat/endian.h:
3237: Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and
3238: __BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX)
3239: [fe35e0b04502]
3240:
3241: * plugins/sudoers/po/sudoers.pot:
3242: regen
3243: [0ddebccd3045]
3244:
3245: * NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat,
3246: doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
3247: doc/sudoers.man.in, doc/sudoers.mdoc.in:
3248: Document digest support.
3249: [d794c7b9a7bc]
3250:
3251: * MANIFEST, plugins/sudoers/Makefile.in,
3252: plugins/sudoers/regress/parser/check_base64.c:
3253: Simple bas64 decode unit test.
3254: [344b0df0fe50]
3255:
3256: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c,
3257: plugins/sudoers/match.c, plugins/sudoers/parse.h:
3258: Move base64_decode into its own source file.
3259: [30497e7f88bc]
3260:
3261: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
3262: Only check year against 2038 if time_t is 32-bit.
3263: [9c1f2e3fc3ba]
3264:
3265: 2013-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
3266:
3267: * plugins/sudoers/ldap.c, plugins/sudoers/parse.h,
3268: plugins/sudoers/sssd.c:
3269: Add digest support for sudoers in ldap and sss.
3270: [314937b5e59e]
3271:
3272: * INSTALL, configure, configure.in:
3273: Error out in configure if the compiler doesn't support "long long".
3274: [d3645c1d50d1]
3275:
3276: * plugins/sudoers/match.c, plugins/sudoers/toke.c,
3277: plugins/sudoers/toke.l:
3278: Include stdint.h or inttypes.h before sha2.h
3279: [20ad1c20313d]
3280:
3281: * common/lbuf.c:
3282: Simplify lbuf append functions by moving the realloc code into
3283: lbuf_expand(). We now expand as needed each time bytes need to be
3284: written to the lbuf. Also handle a NULL pointer being passed in for
3285: paranoia's sake.
3286: [6283ee562ef4]
3287:
3288: * plugins/sudoers/iolog.c:
3289: Zero out struct iolog_details early to avoid a potential (though
3290: unlikely) dereference of stack garbage if we hit a fatal error
3291: before iolog_deserialize_info() is called.
3292: [2eeca8be05fb]
3293:
3294: 2013-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
3295:
3296: * sudo.pp:
3297: Update copyright year.
3298: [b843c6a43238]
3299:
3300: * plugins/sudoers/sudoers_version.h:
3301: Bump SUDOERS_GRAMMAR_VERSION for new digest support.
3302: [188556fb8156]
3303:
3304: * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
3305: plugins/sudoers/gram.y, plugins/sudoers/match.c,
3306: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3307: Sanity check digest in parser so visudo can catch errors. Add base64
3308: support
3309: [b8586d5cc7ed]
3310:
3311: * MANIFEST, compat/endian.h, config.h.in, configure, configure.in,
3312: plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c:
3313: For big endian architectures just use memcpy() instead of BE macros
3314: in a loop.
3315: [c71a0f4a8a8e]
3316:
3317: 2013-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
3318:
3319: * MANIFEST, config.h.in, configure, configure.in,
3320: plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
3321: plugins/sudoers/gram.h, plugins/sudoers/gram.y,
3322: plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c,
3323: plugins/sudoers/match.c, plugins/sudoers/parse.h,
3324: plugins/sudoers/regress/parser/check_digest.c,
3325: plugins/sudoers/regress/parser/check_digest.out.ok,
3326: plugins/sudoers/sha2.h, plugins/sudoers/sssd.c,
3327: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
3328: plugins/sudoers/toke_util.c:
3329: Initial implementation of checksum support in sudoers. Currently
3330: supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format
3331: validation in parser and base64 support. checksum support for ldap
3332: sudoers
3333: [b8f196346eca]
3334:
3335: 2013-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
3336:
3337: * doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h:
3338: SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public
3339: domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai
3340: respectively.
3341: [7511d07c0a83]
3342:
3343: 2013-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
3344:
3345: * NEWS:
3346: Add sudo 1.8.6p8
3347: [0666fd0321ae]
3348:
3349: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot:
3350: Add missing "not" in error message when mixing standalone and non-
3351: standalone authentication methods.
3352: [7eba4439db73]
3353:
3354: * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c:
3355: Check for crypt() returning NULL. Traditionally, crypt() never
3356: returned NULL but newer versions of eglibc have a crypt() that does.
3357: Bug #598
3358: [887b9df243df]
3359:
3360: * plugins/sudoers/auth/pam.c:
3361: Better PAM error messages
3362: [fd7eda53cdd7]
3363:
3364: * plugins/sudoers/auth/kerb5.c:
3365: Better error messages
3366: [98142874a2f4]
3367:
3368: * plugins/sudoers/bsm_audit.c:
3369: Use same error message for getauid() failure.
3370: [07f0d88cb1df]
3371:
3372: * plugins/sudoers/sssd.c:
3373: Start warning with a lower case letter for consistency and to match
3374: existing translated strings.
3375: [b719ac52c9e3]
3376:
3377: 2013-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
3378:
3379: * mkpkg:
3380: Disable PIE on Solaris where it is not really supported.
3381: [c36c84cdcc7a]
3382:
3383: * src/ttyname.c:
3384: AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit
3385: before we try to match it against st_rdev.
3386: [5dab449fb962]
3387:
3388: * src/ttyname.c:
3389: Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes
3390: a problem finding the tty name when it is not in /dev/pts.
3391: [6c205d087fa0]
3392:
3393: * compat/snprintf.c:
3394: Support %lld and %llu
3395: [feabfa06c954]
3396:
3397: * .hgignore, MANIFEST, src/Makefile.in,
3398: src/regress/ttyname/check_ttyname.c:
3399: Add ttyname test.
3400: [e987038f8c07]
3401:
3402: 2013-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
3403:
3404: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
3405: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
3406: plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
3407: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
3408: plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
3409: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
3410: src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po,
3411: src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
3412: src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po,
3413: src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
3414: Sync with translationproject.org
3415: [4d7b73b22079]
3416:
3417: * plugins/sudoers/timestamp.c:
3418: Log timestampfile to debug file.
3419: [e997281146c0]
3420:
3421: * plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot:
3422: Don't add the "Password: " string we look up in the PAM text domain
3423: to the sudoers.pot file.
3424: [771b52244abf]
3425:
3426: 2013-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
3427:
3428: * plugins/sudoers/po/sudoers.pot:
3429: Synce with regcomp() error message change.
3430: [fc6d3dfb8eb8]
3431:
3432: * plugins/sudoers/sudoreplay.c:
3433: Be consistent with error message when regcomp() fails.
3434: [de6c69ba04e4]
3435:
3436: 2013-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
3437:
3438: * plugins/sudoers/regress/testsudoers/test5.out.ok,
3439: plugins/sudoers/regress/testsudoers/test5.sh:
3440: Use group -1 instead of 1 as the invalid group since the running
3441: user might have group 1 as their default group.
3442: [71404a9fa75d]
3443:
3444: * plugins/sudoers/Makefile.in:
3445: PWD may be a shell builtin, use CWD instead.
3446: [c443105c5091]
3447:
3448: 2013-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
3449:
3450: * plugins/sudoers/check.c:
3451: Split up check_user().
3452: [ce7cc0767589]
3453:
3454: 2013-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
3455:
3456: * config.h.in, configure.in:
3457: Cosmetic fixes in the comments.
3458: [640abee43c14]
3459:
3460: 2013-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
3461:
3462: * configure, configure.in:
3463: Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status
3464: message for visibility checks when the test fails.
3465: [99665477ee55]
3466:
3467: * config.h.in:
3468: regen
3469: [00c22606719a]
3470:
3471: * configure, configure.in:
3472: We no longer use mbr_check_membership() and setrlimit64() is AIX-
3473: specific.
3474: [43caf685a1f1]
3475:
3476: * Makefile.in:
3477: The first (all) target must be by itself or some makes will choose
3478: the run the entire target list.
3479: [16cf3def49f5]
3480:
3481: * configure, configure.in:
3482: Do exec_prefix expansion when enable_shared even if noexec is not
3483: enabled.
3484: [7ed28cb32d8d]
3485:
3486: * compat/getgrouplist.c:
3487: Use free() not efree() since we don't include alloc.h here
3488: [1a008737be24]
3489:
3490: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
3491: regen
3492: [b939f941346f]
3493:
3494: * plugins/sudoers/regress/testsudoers/test2.sh,
3495: plugins/sudoers/regress/testsudoers/test3.sh,
3496: plugins/sudoers/regress/testsudoers/test5.sh:
3497: Pass in expected gid to testsudoers in addition to the uid that
3498: matches the test sudoers files.
3499: [6a1710e8cac1]
3500:
3501: 2013-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
3502:
3503: * include/missing.h:
3504: Tru64 5.x does declare innetgr() and getdomainname().
3505: [c75598e69c7e]
3506:
3507: * plugins/sudoers/match.c:
3508: Fix compilation when getdomainame() is not present.
3509: [e831b017a962]
3510:
3511: * config.h.in, configure.in, include/missing.h:
3512: Move SET/CLR/ISSET from config.h.in to missing.h
3513: [3a3dd29fd7f0]
3514:
3515: * configure, configure.in:
3516: Fix getgrouplist() check.
3517: [12a2adf60e98]
3518:
3519: * MANIFEST:
3520: No more timestamp.h
3521: [5677e26afc0f]
3522:
3523: * plugins/sudoers/check.c:
3524: Neded sys/time.h for struct timeval in struct sudo_tty_info.
3525: [aceaadd8c400]
3526:
3527: * plugins/sudoers/Makefile.in:
3528: regen depends
3529: [21675a8b67e5]
3530:
3531: * NEWS:
3532: Mention libibmldap on HP-UX
3533: [75b4e4b22950]
3534:
3535: * NEWS, plugins/sudoers/match.c:
3536: Instead of checking the domain name explicitly for "(none)", just
3537: check for illegal characters.
3538: [ce35dda811db]
3539:
3540: * plugins/sudoers/visudo.c:
3541: Only warn once when we are unable to open the sudoers file.
3542: [9e27e3aa5b10]
3543:
3544: * plugins/sudoers/sudoers.c:
3545: Fall back to opening /dev/tty to determine whether there is a tty if
3546: the system doesn't have kernel support for determing the tty.
3547: [2775bcf9a9b5]
3548:
3549: * compat/getprogname.c:
3550: Update guard to take __progname into account
3551: [60eae3f20232]
3552:
3553: * compat/snprintf.c:
3554: Some older systems have inttypes.h but not stdint.h
3555: [ed1ef160015f]
3556:
3557: * compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c,
3558: compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c,
3559: compat/getline.c, compat/getprogname.c, compat/glob.c,
3560: compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
3561: compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
3562: compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
3563: compat/strsignal.c, compat/utimes.c:
3564: Add guards in compat source files. Not really needed since we only
3565: include them in the Makefile if they are needed but should not hurt
3566: either.
3567: [8cbd3b4595b9]
3568:
3569: 2013-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
3570:
3571: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
3572: Don't include gram.h in gram.y, its contents are already included.
3573: Move sudoerserror to the end of gram.y so COMMENT is declared when
3574: we need to use it.
3575: [7d72ebdd7222]
3576:
3577: 2013-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
3578:
3579: * config.h.in, configure.in:
3580: Remove some pre-ANSI cruft.
3581: [6a95704b2116]
3582:
3583: * plugins/sudoers/match.c:
3584: Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h
3585: when it is set.
3586: [da40c550ffed]
3587:
3588: * NEWS, plugins/sudoers/iolog_path.c:
3589: We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but
3590: just leave it as-is.
3591: [9a22de140d28]
3592:
3593: 2013-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
3594:
3595: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
3596: Add missing semicolon in rule.
3597: [817d3f1b2a21]
3598:
3599: * plugins/sudoers/sudoers.c:
3600: Now that we can determine the terminal even when file descriptors
3601: are redirected we can check user_ttypath rather than opening
3602: /dev/tty when enforcing requiretty.
3603: [56a28bc09041]
3604:
3605: * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
3606: plugins/sudoers/sudoers.h:
3607: Stash umask in struct sudo_user so we don't need to look it up
3608: later.
3609: [9f85749199dc]
3610:
3611: * plugins/sudoers/sudoers.c:
3612: Minor cosmetic change
3613: [c373e106ed49]
3614:
3615: * plugins/sudoers/regress/parser/check_addr.c:
3616: No longer need to declare interfaces
3617: [d7ff7e579557]
3618:
3619: * plugins/sudoers/logging.c:
3620: Fix compilation in SUDOERS_NO_SEQ case
3621: [9a6db9247534]
3622:
3623: * plugins/sudoers/regress/parser/check_addr.c:
3624: No longer need to define sudo_printf
3625: [578ad13c3546]
3626:
3627: * plugins/sudoers/check.c, plugins/sudoers/check.h,
3628: plugins/sudoers/timestamp.c:
3629: Pass auth_pw to the timestamp functions.
3630: [f603649177d6]
3631:
3632: * plugins/sudoers/iolog_path.c:
3633: Fix SUDOERS_NO_SEQ
3634: [17881f9bcd68]
3635:
3636: * plugins/sudoers/locale.c:
3637: Don't need all of sudoers.h in here
3638: [c518150c6483]
3639:
3640: * plugins/sudoers/sudoers.c:
3641: Don't need to include sudoers_version.h here.
3642: [8abb31102119]
3643:
3644: 2013-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
3645:
3646: * plugins/sudoers/check.c:
3647: DEFAULT_LECTURE is no longer used.
3648: [f565c00a68c1]
3649:
3650: * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
3651: Move sudo_conv into policy.c
3652: [f699aee7136b]
3653:
3654: * plugins/sudoers/pwutil.c:
3655: cosmetic fixes
3656: [930e60389ca8]
3657:
3658: * plugins/sudoers/match.c:
3659: RHEL (and perhaps other Linux distros) use the string "(none)"
3660: instead of an empty string when there is no actual NIS-style domain
3661: name. Bug #596
3662: [11aec11489ac]
3663:
3664: * plugins/sudoers/match.c:
3665: Fix return values when NAME_MATCH is defined.
3666: [ce030be9ccef]
3667:
3668: 2013-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
3669:
3670: * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h:
3671: Update copyright year.
3672: [7e4b8d49addd]
3673:
3674: * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
3675: plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h:
3676: Add sudo_set_grlist(), currently unused by the back end.
3677: [b37ac1d0e8fc]
3678:
3679: * plugins/sudoers/pwutil.c:
3680: Remove unused macros, fix a debug_decl
3681: [6136fb4a0d3b]
3682:
3683: * include/missing.h:
3684: Tru64 Unix doesn't prototype innetgr() or getdomainname().
3685: [585ac1874dfe]
3686:
3687: * include/missing.h:
3688: Whitespace fixes
3689: [0bb28cd91d97]
3690:
3691: * common/error.c:
3692: Don't need to include setjmp.h here, error.h already includes it.
3693: [fd05ab00e186]
3694:
3695: 2013-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
3696:
3697: * compat/Makefile.in, plugins/sudoers/Makefile.in:
3698: regen depends
3699: [57991f5e16b4]
3700:
3701: * plugins/sudoers/check.h:
3702: Rename guard define.
3703: [ccf4dba241d6]
3704:
3705: * plugins/sudoers/check.c, plugins/sudoers/check.h,
3706: plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
3707: Move contents of timestamp.h into check.h.
3708: [c139757a9283]
3709:
3710: * plugins/sudoers/sudoers.h:
3711: expand_prompt() is now in prompt.c sudo_printf extern is now in
3712: error.h
3713: [219bd74ca62b]
3714:
3715: * plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h,
3716: plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h,
3717: plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h,
3718: plugins/sudoers/insults.h, plugins/sudoers/interfaces.h,
3719: plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
3720: plugins/sudoers/parse.h, plugins/sudoers/pwutil.h,
3721: plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
3722: plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h,
3723: plugins/sudoers/toke.h:
3724: Change multiple inclusion guards to be _SUDOERS_FOO_H
3725: [faace6d55e78]
3726:
3727: 2013-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
3728:
3729: * MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
3730: src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po:
3731: New Dutch translation for sudo and sudoers New Turkish translation
3732: for sudo From translationproject.org
3733: [bc918b7b23a4]
3734:
3735: 2013-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
3736:
3737: * config.h.in, configure, configure.in:
3738: Fix a typo in a comment and make sure we don't mistakenly include
3739: _PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in
3740: [694d12ac70ec]
3741:
3742: 2013-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
3743:
3744: * plugins/sudoers/Makefile.in:
3745: Don't build check_symbols if we are linking sudoers in statically.
3746: [f6602723bab7]
3747:
3748: * configure, configure.in:
3749: Use $host_os not $host when we only care about the os name and
3750: version.
3751: [05e4f4fcba06]
3752:
3753: * aclocal.m4, configure, configure.in:
3754: Suppress duplicate -L and -I flags.
3755: [228f2f581aed]
3756:
3757: * common/Makefile.in, compat/regress/fnmatch/fnm_test.c:
3758: Fix regress tests on non-OpenBSD platforms.
3759: [9d91bc859c50]
3760:
3761: * configure, configure.in:
3762: If we find sasl/sasl.h there's no need to check for sasl.h too
3763: [889efaa86012]
3764:
3765: * aclocal.m4, configure, configure.in:
3766: Add -R flags at the very end after configure link tests are done
3767: since we can only count on libtool to accept -R, the compiler front
3768: end may not. Also unify the libldap and libibmldap tests using
3769: AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by
3770: libibmldap (but is not an explicit dependency).
3771: [ab1451894351]
3772:
3773: 2013-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
3774:
3775: * configure, configure.in:
3776: Back out changes that broke detection of skey, opie and ldap
3777: libraries.
3778: [ffa82b8f8641]
3779:
3780: * plugins/sudoers/regress/testsudoers/test1.sh,
3781: plugins/sudoers/regress/testsudoers/test2.sh,
3782: plugins/sudoers/regress/testsudoers/test3.sh,
3783: plugins/sudoers/regress/testsudoers/test4.sh,
3784: plugins/sudoers/regress/testsudoers/test5.sh,
3785: plugins/sudoers/regress/visudo/test1.sh,
3786: plugins/sudoers/regress/visudo/test2.sh,
3787: plugins/sudoers/regress/visudo/test3.sh:
3788: Add explicit "exit 0" to prevent the check target from ending
3789: prematurely.
3790: [cca411b492bd]
3791:
3792: * plugins/sudoers/Makefile.in:
3793: Fix exit values in check target so we don't have to ignore errors.
3794: [cbc429c409e9]
3795:
3796: * plugins/sudoers/Makefile.in:
3797: Fail a test if there is unexpected stderr output.
3798: [4fc24d536bec]
3799:
3800: * MANIFEST:
3801: Fix path to sudo.conf manuals; remove non-existant test2.err.ok
3802: [6b8bcd60dd85]
3803:
3804: * src/load_plugins.c:
3805: Fix compilation in dynamic mode.
3806: [679856fa0774]
3807:
3808: * configure, configure.in:
3809: On HP-UX, libibmldap has a hidden dependency on libCsup
3810: [22994709d77c]
3811:
3812: * compat/dlopen.c:
3813: Pass BIND_VERBOSE to shl_load()
3814: [0060b9cfa9ab]
3815:
3816: * configure, configure.in:
3817: Only create static helper libs when --disable-shared is specified.
3818: [1fcdb1a437e0]
3819:
3820: * src/load_plugins.c:
3821: Ubreak static build.
3822: [4ac9f96be285]
3823:
3824: * INSTALL, aclocal.m4, configure, configure.in:
3825: Replace --with-rpath and --with-blibpath with --disable-rpath. Now
3826: that we use libtool for linking we can just use the -R flag and have
3827: libtool translate it to the proper linker flag.
3828: [09798fad6888]
3829:
3830: 2013-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
3831:
3832: * src/exec_pty.c:
3833: Bump I/O buffer size 32K
3834: [4ef793225309]
3835:
3836: 2013-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
3837:
3838: * configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
3839: doc/sudo.conf.mdoc.in:
3840: Document sesh Path setting.
3841: [34b0b903b4f8]
3842:
3843: * src/exec.c, src/exec_common.c:
3844: Move exec_cmnd to exec.c to fix a compilation issue with sesh.c
3845: [06aa1956f38d]
3846:
3847: * common/sudo_conf.c, configure, configure.in, include/sudo_conf.h,
3848: src/selinux.c:
3849: Make sesh path configurable in sudo.conf
3850: [91d331f273b7]
3851:
3852: * configure, configure.in:
3853: Use -fno-pie and -nopie if supported when --disable-pie is
3854: specified.
3855: [777138c04dcc]
3856:
3857: 2013-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
3858:
3859: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
3860: Document direct execution of the command if the policy plugin has no
3861: close function.
3862: [6a14145c6e80]
3863:
3864: 2013-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
3865:
3866: * plugins/sudoers/auth/pam.c:
3867: Only delete creds if we actually established them. Print an error if
3868: pam_setcred() fails and we actually authenticated.
3869: [1e015314903b]
3870:
3871: * common/Makefile.in, plugins/group_file/Makefile.in:
3872: regen
3873: [dd8cee2a5e1b]
3874:
3875: * common/alloc.c, include/alloc.h:
3876: Convert efree() to a macro that just casts to void * and does
3877: free(). If the system free() can't handle free(NULL) this may crash
3878: but C89 was a long time ago.
3879: [efd0ff9270fb]
3880:
3881: * configure, configure.in:
3882: Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS.
3883: Fixes a problem with errno sometimes not being set on error on HP-
3884: UX.
3885: [54b419d58320]
3886:
3887: * common/sudo_debug.c:
3888: Fix debug logging from the plugin when there is no error number.
3889: This was broken in the big debugging reorg for 1.8.7.
3890: [2ea7e145e928]
3891:
3892: 2013-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
3893:
3894: * configure, configure.in, plugins/group_file/Makefile.in,
3895: plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
3896: plugins/system_group/Makefile.in, src/load_plugins.c:
3897: Always install plugins with a .so extension regardless of what
3898: extension the system uses for shared libraries. That way the
3899: group_plugin sudoers setting can be shared between heterogenous
3900: systems.
3901: [a7e6ecff6fdf]
3902:
3903: * plugins/sudoers/match.c:
3904: Mac OS X has netgroup functions in netdb.h.
3905: [243881a974aa]
3906:
3907: * plugins/sudoers/parse.h:
3908: Tags in struct cmndtag can be set to IMPLIED as well.
3909: [cb6926988cc8]
3910:
3911: * plugins/sudoers/parse.c:
3912: Quiet a compiler warning.
3913: [14e608c2001d]
3914:
3915: * plugins/sudoers/testsudoers.c:
3916: Quiet an llvm checker warning.
3917: [2eeb9f3d08f3]
3918:
3919: * plugins/sudoers/parse.c:
3920: Quiet gcc -Wuninitialized false positive
3921: [643ad987503d]
3922:
3923: 2013-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
3924:
3925: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
3926: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
3927: doc/sudoers.mdoc.in:
3928: Document group_file and system_group plugins.
3929: [b56511e79230]
3930:
3931: * NEWS:
3932: Sudo 1.8.7
3933: [e95183b8fa27]
3934:
3935: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
3936: Try to clarify that sudoedit in sudoers should not include a leading
3937: pathname.
3938: [7b2beac92a9c]
3939:
3940: * plugins/sudoers/pwutil_impl.c:
3941: Make sure groupname_len is at least 32 just to be on the safe side.
3942: It is better to allocate a little extra and not need it than to have
3943: to reallocate and start over.
3944: [6d3e1ba47de9]
3945:
3946: * include/alloc.h, include/missing.h:
3947: Add __malloc_like macro to apply __malloc__ attribute to emalloc,
3948: ecalloc and estrdup. It cannot be applied to realloc since that may
3949: return the same pointer.
3950: [8d70cb81d1f1]
3951:
3952: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3953: Fix potential double free in an error path.
3954: [657573feb6a4]
3955:
3956: * src/exec_pty.c:
3957: When running the command in a pty, defer the call to exec_setup()
3958: until just before we exec the command. This is consistent with the
3959: non-pty path. As a side effect, the monitor process runs as root and
3960: not the runas user.
3961: [e2a7f8c7ee4c]
3962:
3963: 2013-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
3964:
3965: * compat/closefrom.c:
3966: Update copyright year.
3967: [9b652af4dfc0]
3968:
3969: 2013-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
3970:
3971: * compat/closefrom.c:
3972: Use pst_highestfd from pstat_getproc() on HP-UX.
3973: [09f3fea46a3d]
3974:
3975: 2013-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
3976:
3977: * Makefile.in, common/Makefile.in, doc/Makefile.in,
3978: plugins/sudoers/Makefile.in:
3979: Clean up generated test files and other minor housekeeping.
3980: [f5f4fdd908e1]
3981:
3982: * plugins/sudoers/iolog.c:
3983: Add back gettimeofday() call inadvertantly removed in e1abb9810a83
3984: [675cce8401ae]
3985:
3986: * config.h.in, configure, configure.in, src/ttyname.c:
3987: Use pstat() on HP-UX to determine the tty device.
3988: [2884af22a9df]
3989:
3990: * plugins/sudoers/auth/pam.c:
3991: Fix PAM compilation: def_pam_session, not just pam_session.
3992: [5417d7acc6ea]
3993:
3994: * doc/fixmdoc.sh:
3995: Don't remove the -S option description when trimming out selinux.
3996: Bug #592
3997: [8a94f2cfa0a0]
3998:
3999: 2013-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
4000:
4001: * NEWS:
4002: Update for Sudo 1.8.6p7
4003: [0858a73e9c40]
4004:
4005: 2013-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
4006:
4007: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
4008: Document when sudo may exec the command directly instead of forking.
4009: [da41951edc28]
4010:
4011: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
4012: doc/sudo_plugin.mdoc.in:
4013: Document that close and version be NULL for plugin API >= 1.3 and
4014: that sudo may execute the command directly if there is no close, or
4015: pty or timeout needed.
4016: [e5f929ddeaf8]
4017:
4018: * plugins/sudoers/auth/sudo_auth.c:
4019: Fix debug_decl for sudo_auth_begin_session and
4020: sudo_auth_end_session.
4021: [58243392c0df]
4022:
4023: * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
4024: doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
4025: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
4026: plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
4027: Add pam_session sudoers option.
4028: [d994465db9f1]
4029:
4030: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c,
4031: plugins/sudoers/sudoers.h:
4032: Dummy out close function if there is no end_session for the auth
4033: method and the front-end can handle a NULL close function. Avoids
4034: the extra sudo process when we don't actually need it.
4035: [74886d5b0fb6]
4036:
4037: 2013-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
4038:
4039: * Makefile.in, aclocal.m4:
4040: Add m4/ to paths m4_include parameters so we don't need to use
4041: autoconf's -I flag.
4042: [4fd86e7a84f3]
4043:
4044: * src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h,
4045: src/sudo_plugin_int.h:
4046: If the policy plugin does not provide a close function, there is no
4047: command timeout and no pty is required, skip the event loop and just
4048: exec the command directly.
4049: [ad532f107170]
4050:
4051: * src/sudo.c:
4052: Do not crash if the plugin close and version functions are not
4053: defined. If there is no policy close function, simply print a
4054: warning that the command was not found.
4055: [c789a9dd54e8]
4056:
4057: 2013-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
4058:
4059: * plugins/sudoers/parse.c:
4060: Fix typos in selinux/solaris privs specific code.
4061: [9af3999361b4]
4062:
4063: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
4064: doc/sudo_plugin.mdoc.in, src/parse_args.c:
4065: Pass the default plugin directory to the plugin via the settings
4066: list. Could be used by a stacking plugin.
4067: [688e771fc145]
4068:
4069: * plugins/sudoers/timestamp.c:
4070: Completely ignore time stamp file if it is set to the epoch,
4071: regardless of what gettimeofday() returns.
4072: [df58842af660]
4073:
4074: * doc/CONTRIBUTORS:
4075: Add Nikolai Kondrashov
4076: [df59791438f9]
4077:
4078: * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
4079: Use userpw_matches() for username matching so #uid works for
4080: sudoRunAsUser.
4081: [a124062334df]
4082:
4083: * plugins/sudoers/sssd.c:
4084: Avoid calling realloc3() with a zero size parameter when all
4085: retrieved sssd rules fail. Otherwise we'll get a run-time error due
4086: to malloc(0) checking.
4087: [84dfcb73ebd7]
4088:
4089: * plugins/sudoers/sssd.c:
4090: Do not send error mail if a user is not found in SSSD. Local users
4091: can run sudo too. From Nikolai Kondrashov
4092: [3d2ae99ee468]
4093:
4094: 2013-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
4095:
4096: * MANIFEST, common/regress/sudo_conf/test4.in,
4097: common/regress/sudo_conf/test4.out.ok:
4098: Test setting disable_coredump to illegal value.
4099: [3c71c6c49027]
4100:
4101: * common/sudo_conf.c:
4102: Fix atobool() usage.
4103: [d40c9f4d06b0]
4104:
4105: * common/regress/sudo_conf/conf_test.c:
4106: Remove unused variable.
4107: [328b524b365b]
4108:
4109: * plugins/sudoers/sudoers.c:
4110: Make "sudo -l non_existent_command" warn that non_existent_command
4111: doesn't exist, not the "list" pseudo-command.
4112: [9dc0388fc4f3]
4113:
4114: * plugins/sudoers/parse.c:
4115: Make sudoers file long list output better match the format used by
4116: ldap sudoers. Tags are now converted to options and there is a
4117: single command per line.
4118: [6e6dc3f20d84]
4119:
4120: * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
4121: doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
4122: Use the correct the sudoers policy symbol names and undo an editor
4123: goof committed when adding max_groups to sudo.conf.
4124: [2a6f7ddf5cc3]
4125:
4126: * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
4127: For "sudo -l" start a new line if the runas list changes to make the
4128: output easier to read.
4129: [7dc3d724c924]
4130:
4131: 2013-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
4132:
4133: * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
4134: For "sudo -l" and "sudo -ll" only print the runas info for
4135: subsequent commands in a list if the runas info has changed. If we
4136: have new runas info, print out the tags again so as to be less
4137: confusing to the user. For "sudo -ll" set the line continuation
4138: indent to 8.
4139: [b5ec02fe7fc1]
4140:
4141: 2013-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
4142:
4143: * MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat,
4144: doc/sudoers.man.in, doc/sudoers.mdoc.in,
4145: plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
4146: plugins/group_file/group_file.c, plugins/group_file/group_file.exp,
4147: plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in,
4148: plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
4149: plugins/sample_group/sample_group.c,
4150: plugins/sample_group/sample_group.exp:
4151: Rename sample_group plugin to group_file. Install group_file and
4152: system_group plugins by default.
4153: [951b3e446fae]
4154:
4155: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
4156: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
4157: plugins/sudoers/def_data.in, plugins/sudoers/iolog.c,
4158: plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
4159: plugins/sudoers/sudoers.h:
4160: Add maxseq sudoers option to limit the max number of I/O log files.
4161: [e1abb9810a83]
4162:
4163: 2013-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
4164:
4165: * plugins/sudoers/iolog.c:
4166: Log lines and columns in the iolog file.
4167: [03adb6230e05]
4168:
4169: 2013-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
4170:
4171: * MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c,
4172: common/regress/sudo_conf/test1.in,
4173: common/regress/sudo_conf/test1.out.ok,
4174: common/regress/sudo_conf/test2.in,
4175: common/regress/sudo_conf/test2.out.ok,
4176: common/regress/sudo_conf/test3.in,
4177: common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c,
4178: include/sudo_conf.h, plugins/sudoers/sudoreplay.c,
4179: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c,
4180: src/sudo.c:
4181: Add simple regress tests for sudo.conf parsing.
4182: [3c36b61bf61c]
4183:
4184: * src/sudo.c:
4185: Always display the I/O plugin version as long as its open functions
4186: doesn't return an error. Previously it was only displayed if the
4187: plugin open returned 1.
4188: [4b0277db3f8c]
4189:
4190: * plugins/sudoers/pwutil_impl.c:
4191: Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead
4192: of poking around in struct utmpx.
4193: [2c0cc5c42958]
4194:
4195: * plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c:
4196: #include "sudo_usage.h" not <sudo_usage.h> so we get the one in the
4197: build directory and not the src dir when using a separate build
4198: directory.
4199: [1fcb7ba13018]
4200:
4201: 2013-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
4202:
4203: * common/fileops.c:
4204: If a line was longer that 0x80000000 the bit hack to round to the
4205: next power of two would roll over to zero.
4206: [f4f729cf6f0f]
4207:
4208: * plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c,
4209: plugins/sudoers/sudoers.h, src/sudo.c:
4210: Use max_groups in front-end and plugin.
4211: [bf1e74166831]
4212:
4213: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
4214: doc/sudo_plugin.mdoc.in, src/parse_args.c:
4215: Pass max_groups to plugin in settings list.
4216: [d7d76e8651f4]
4217:
4218: * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
4219: doc/sudo.conf.mdoc.in, include/sudo_conf.h:
4220: Add max_groups setting to sudo.conf (currently unused) and remove
4221: unused return value from setters.
4222: [f6494f71e1f0]
4223:
4224: 2013-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
4225:
4226: * INSTALL:
4227: Reorganize configure options
4228: [23475de8039f]
4229:
4230: 2013-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
4231:
4232: * NEWS:
4233: Add Sudo 1.8.6p7
4234: [5192fc511cbe]
4235:
4236: 2013-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
4237:
4238: * INSTALL.configure:
4239: Sync with autoconf 2.68
4240: [985e5c8efa4e]
4241:
4242: * INSTALL, README:
4243: Remove obsolete OS notes and move build requirements to INSTALL.
4244: [bf0dd53ca164]
4245:
4246: 2013-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
4247:
4248: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
4249: doc/sudo_plugin.mdoc.in:
4250: Sort elements of the settings, user_info and command_info lists.
4251: [663062ada5b7]
4252:
4253: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
4254: Remove trailing white space
4255: [027916a6c8e7]
4256:
4257: * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
4258: plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
4259: Store the session ID in the tty ticket file too. A tty may only be
4260: in one session at a time so if the session ID doesn't match we
4261: ignore the ticket.
4262: [4eb2cb8df48b]
4263:
4264: 2013-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
4265:
4266: * plugins/sudoers/sudoers.c, src/sudo.c:
4267: Move tzset() call from sudoers plugin to sudo front end.
4268: [3c058dad8772]
4269:
4270: * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
4271: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
4272: doc/sudoers.ldap.mdoc.in:
4273: Mention line continuation
4274: [399873f8c805]
4275:
4276: * MANIFEST, common/Makefile.in, common/fileops.c,
4277: common/regress/sudo_parseln/parseln_test.c,
4278: common/regress/sudo_parseln/test1.in,
4279: common/regress/sudo_parseln/test1.out.ok,
4280: common/regress/sudo_parseln/test2.in,
4281: common/regress/sudo_parseln/test2.out.ok,
4282: common/regress/sudo_parseln/test3.in,
4283: common/regress/sudo_parseln/test3.out.ok,
4284: common/regress/sudo_parseln/test4.in,
4285: common/regress/sudo_parseln/test4.out.ok,
4286: common/regress/sudo_parseln/test5.in,
4287: common/regress/sudo_parseln/test5.out.ok,
4288: common/regress/sudo_parseln/test6.in,
4289: common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c,
4290: include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c,
4291: plugins/sudoers/sudo_nss.c:
4292: Add line continuation support to sudo_parseln() and make it use
4293: getline() instead of fgets() internally.
4294: [d02bf3973fc5]
4295:
4296: 2013-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
4297:
4298: * plugins/sample/sample_plugin.c:
4299: Fix memory leak in error path; found by llvm checker
4300: [d090c26a5b00]
4301:
4302: * plugins/sudoers/sudoreplay.c:
4303: Remove useless store detected by llvm checker.
4304: [12a4db91651a]
4305:
4306: * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in,
4307: src/load_plugins.c, sudo.pp:
4308: Sudo now stores its libexec files in a "sudo" subdirectory instead
4309: of in libexec itself. For backwards compatibility, if the plugin is
4310: not found in the default plugin directory, sudo will check the
4311: parent directory default directory ends in "/sudo".
4312: [5de67de76489]
4313:
4314: * plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c,
4315: plugins/system_group/system_group.c:
4316: Add missing __dso_public to plugin structs so they are exported.
4317: [dde703577621]
4318:
4319: * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
4320: Mention that sudoers has its own plugins too.
4321: [0a6c6203b512]
4322:
4323: 2013-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
4324:
4325: * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
4326: Correct last change date.
4327: [45894291d792]
4328:
4329: * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
4330: doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
4331: doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
4332: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
4333: doc/sudoers.mdoc.in:
4334: Remove duplicated sudo.conf info in the sudo, sudoers and
4335: sudo_plugin manuals and cross-reference the new sudo.conf manual.
4336: [b808ba29cf3a]
4337:
4338: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
4339: Fix typos
4340: [0e70964150c6]
4341:
4342: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
4343: doc/sudoers.ldap.mdoc.in:
4344: Fix some typos.
4345: [94ae045cfbc6]
4346:
4347: * MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
4348: doc/sudo.conf.mdoc.in:
4349: Add standalone sudo.conf manual page.
4350: [d64d949b700c]
4351:
4352: * doc/sample.sudo.conf:
4353: add group_source example
4354: [118c1ba1c014]
4355:
4356: * configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in,
4357: doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
4358: doc/sudoers.man.in, doc/sudoers.mdoc.in:
4359: Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf.
4360: [f5bd6006dc1c]
4361:
4362: * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo,
4363: src/po/it.po:
4364: Sync with translationproject.org
4365: [a6f2b9aac371]
4366:
4367: 2013-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
4368:
4369: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
4370: plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo,
4371: src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo,
4372: src/po/vi.po:
4373: Sync with translationproject.org
4374: [ba546666969d]
4375:
4376: 2013-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
4377:
4378: * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo,
4379: plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po,
4380: src/po/es.po, src/po/gl.po:
4381: Sync with translationproject.org
4382: [cdc454e34c03]
4383:
4384: 2013-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
4385:
4386: * NEWS:
4387: Clarify ttyname changes.
4388: [cbf2f80fe582]
4389:
4390: * NEWS:
4391: Add 1.8.6p6
4392: [3aa591e98b3b]
4393:
4394: * src/ttyname.c:
4395: Remove ttyname() fall back code on systems where we can query the
4396: kernel for the tty device via /proc or sysctl(). If there is no
4397: controlling tty, it is better to just treat the tty as unknown
4398: rather than to blindly use what is hooked up to std{in,out,err}.
4399: [b2bd3005d2e4]
4400:
4401: 2013-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
4402:
4403: * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c:
4404: Add group_source setting in sudo.conf to allow the admin to specify
4405: how a user's groups are looked up. Legal values are static (just the
4406: kernel list from getgroups), dynamic (whatever the group database
4407: includes) and adaptive (only use group db if kernel group list is
4408: full).
4409: [87a5b02e22ad]
4410:
4411: * plugins/sudoers/policy.c:
4412: Pass back exec_background to front end if it is enabled in sudoers.
4413: [8230e1cd0bbd]
4414:
4415: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
4416: Mention that exec_background is for 1.8.7 and higher only.
4417: [fdf0d5a3e182]
4418:
4419: 2013-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
4420:
4421: * MANIFEST:
4422: Add missing test files.
4423: [1165389aa5e6]
4424:
4425: * plugins/sudoers/regress/visudo/test3.err.ok,
4426: plugins/sudoers/regress/visudo/test3.out.ok,
4427: plugins/sudoers/regress/visudo/test3.sh:
4428: Add regress test for bug 361
4429: [54c7fb61b82d]
4430:
4431: * plugins/sudoers/iolog.c:
4432: Add __dso_public to extern declaration of declaration to match
4433: actual definition.
4434: [4695ded501e6]
4435:
4436: * NEWS:
4437: Add 1.8.6p5
4438: [b07b28c5c4d7]
4439:
4440: 2013-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
4441:
4442: * MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok,
4443: plugins/sudoers/regress/visudo/test2.out.ok,
4444: plugins/sudoers/regress/visudo/test2.sh:
4445: Add test for visudo cycle check core dump; test case from Daniel
4446: Kopecek
4447: [41074541147a]
4448:
4449: * plugins/sudoers/visudo.c:
4450: Fix potential stack overflow due to infinite recursion in alias
4451: cycle detection. From Daniel Kopecek.
4452: [d7e018a87434]
4453:
4454: * common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c:
4455: Ignore duplicate entries in sudo.conf and report the line number
4456: when there is an error. Warn, don't abort if there is more than one
4457: policy plugin.
4458: [dfcb5a698f0a]
4459:
4460: * plugins/sudoers/tsgetgrpw.c:
4461: Use strtoul() not atoi().
4462: [58a52cf9b6b8]
4463:
4464: 2013-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
4465:
4466: * compat/Makefile.in:
4467: regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo
4468: [9b44e9d26d16]
4469:
4470: * compat/nss_dbdefs.h:
4471: Fix typo that breaks the build on HP-UX.
4472: [b9ab6ba23485]
4473:
4474: * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in,
4475: configure, configure.in:
4476: Use nss_search() to implement getgrouplist() where available. Tested
4477: on Solaris and HP-UX. We need to include a compatibility header for
4478: HP-UX which uses the Solaris nsswitch implementation but doesn't
4479: ship nss_dbdefs.h.
4480: [d29dbc4dc06d]
4481:
4482: 2013-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
4483:
4484: * src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h:
4485: Remove extra flag to sudo_sigaction(). We want to trap the signal
4486: regardless of whether or not it is ignored by the underlying command
4487: since there's no way to know what signal handlers the command will
4488: install. Now we just use sudo_sigaction() to set a flag in
4489: saved_signals[] to indicate whether a signal needs to be restored
4490: before exec.
4491: [c042d52c7192]
4492:
4493: 2013-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
4494:
4495: * compat/getgrouplist.c, config.h.in, configure, configure.in:
4496: Use _getgroupsbymember() on Solaris to get the groups list. Fixes
4497: performance problems with the getgroupslist() compat on Solaris
4498: systems with network-based group databases.
4499: [287d3ae2ce8d]
4500:
4501: 2013-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
4502:
4503: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
4504: doc/sudo_plugin.mdoc.in:
4505: Document signal handler behavior in plugin API 1.3
4506: [20dc9d1c105f]
4507:
4508: * MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c,
4509: src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h:
4510: Move signal code into its own source file and add sudo_sigaction()
4511: wrapper that has an extra flag to check the saved_signals list to
4512: only install the handler if the signal is not already ignored. Bump
4513: plugin API version for the new front-end signal behavior.
4514: [5d2f27a1b404]
4515:
4516: * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h,
4517: src/sudo_exec.h:
4518: Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute
4519: the command. If we get SIGINT or SIGQUIT, call the plugin close()
4520: functions as if the command was interrupted. If we get SIGTSTP,
4521: uninstall the handler and deliver SIGTSTP to ourselves.
4522: [332baf3a81b7]
4523:
4524: * src/exec.c, src/exec_pty.c:
4525: Rename handle_signals() to dispatch_signals(). Block other signals
4526: in handler() so we don't have to worry about the write() being
4527: interrupted.
4528: [666e95c9a0f1]
4529:
4530: 2013-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
4531:
4532: * src/tgetpass.c:
4533: Rename signal handler to avoid name clash with one in exec.c
4534: [8913101a29b6]
4535:
4536: 2013-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
4537:
4538: * src/sudo.c:
4539: Add missing call to save_signals().
4540: [47d075d7326b]
4541:
4542: 2013-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
4543:
4544: * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
4545: Fill in the comment block at the top of the .pot files and preserve
4546: it when regenerating them.
4547: [6449497b76db]
4548:
4549: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
4550: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
4551: doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
4552: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
4553: plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
4554: Add exec_background option in plugin command info and a sudoers
4555: option to match. When set, commands are started in the background
4556: and automatically foregrounded as needed. There are issues with some
4557: ill-mannered programs (like Linux su) so this is not the default.
4558: [c0b32b0938f2]
4559:
4560: * common/Makefile.in:
4561: regen
4562: [2b2b220e7aea]
4563:
4564: * src/Makefile.in:
4565: Add SESH_OBJS variable for sesh object files.
4566: [d3e04ae8fd1f]
4567:
4568: * configure.in, doc/LICENSE, plugins/sudoers/redblack.c:
4569: Update copyright year.
4570: [61a0f0cedb13]
4571:
4572: * src/exec_pty.c:
4573: Always resume the command in the foreground if sudo itself is the
4574: foreground process. This helps work around poorly behaved programs
4575: that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At
4576: worst, sudo will go into the background but upon resume the command
4577: will be runnable. Otherwise, we can get into a situation where the
4578: command will immediately suspend itself.
4579: [c368ac3eb2e4]
4580:
4581: * configure, configure.in:
4582: Use -fstack-protector-all in preference to -fstack-protector where
4583: supported.
4584: [f930c95ceb51]
4585:
4586: 2013-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
4587:
4588: * configure, configure.in:
4589: Only test for -fstack-protector and -fvisibility=hidden on GNU
4590: compatible compilers.
4591: [796f4696d863]
4592:
4593: 2013-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
4594:
4595: * NEWS:
4596: Add Sudo 1.8.6p4
4597: [8a928de8e717]
4598:
4599: * common/Makefile.in, compat/Makefile.in, configure, configure.in,
4600: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
4601: plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
4602: src/Makefile.in:
4603: Break out stack smashing protector options into SSP_CFLAGS and
4604: SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
4605: [01be114fc9fb]
4606:
4607: 2013-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
4608:
4609: * doc/CONTRIBUTORS, plugins/sudoers/redblack.c:
4610: In rbrepair(), make sure we never try to change the color of the
4611: sentinel node, which is the first entry, not the root. From Michael
4612: King
4613: [3fc4dc4004ec]
4614:
4615: 2012-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
4616:
4617: * src/exec_pty.c:
4618: No need to restore default signal handler for SIGSTOP as it is not
4619: catchable. Attempting to do so is harmless but sigaction() will fail
4620: and set errno to EINVAL which makes it looks like there is an error.
4621: [be7c0b759e9a]
4622:
4623: * src/exec.c:
4624: Print SIGCONT_FG and SIGCONT_BG properly in debug output.
4625: [93e59e301c8f]
4626:
4627: 2012-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
4628:
4629: * configure, configure.in:
4630: Disable PIE on FreeBSD/ia64, otherwise sudo will segfault.
4631: [9ed48f696595]
4632:
4633: 2012-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
4634:
4635: * include/missing.h:
4636: Add howmany() macro since some systems have this in sys/param.h
4637: which we no longer include.
4638: [2c5efaa16c45]
4639:
4640: 2012-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
4641:
4642: * plugins/sudoers/regress/sudoers/test11.toke.out.ok:
4643: Remove errant file.
4644: [a91699beffc6]
4645:
4646: 2012-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
4647:
4648: * plugins/sudoers/regress/check_symbols/check_symbols.c,
4649: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
4650: plugins/sudoers/regress/logging/check_wrap.c,
4651: plugins/sudoers/regress/parser/check_addr.c,
4652: plugins/sudoers/regress/parser/check_fill.c:
4653: Remove obsolete sudoers_cleanup() stubs.
4654: [89153025a2ae]
4655:
4656: * common/alloc.c, common/atobool.c, common/fileops.c,
4657: common/fmt_string.c, common/lbuf.c, common/secure_path.c,
4658: common/sudo_conf.c, common/sudo_debug.c, common/term.c,
4659: compat/closefrom.c, compat/getcwd.c, compat/glob.c,
4660: compat/snprintf.c, include/missing.h,
4661: plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
4662: plugins/sample_group/plugin_test.c,
4663: plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
4664: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
4665: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
4666: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
4667: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
4668: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
4669: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
4670: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
4671: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
4672: plugins/sudoers/env.c, plugins/sudoers/find_path.c,
4673: plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
4674: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4675: plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c,
4676: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
4677: plugins/sudoers/logging.c, plugins/sudoers/match.c,
4678: plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
4679: plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
4680: plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
4681: plugins/sudoers/redblack.c,
4682: plugins/sudoers/regress/parser/check_addr.c,
4683: plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
4684: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
4685: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4686: plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
4687: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
4688: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
4689: plugins/system_group/system_group.c, src/conversation.c, src/exec.c,
4690: src/exec_common.c, src/exec_pty.c, src/get_pty.c,
4691: src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c,
4692: src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c:
4693: Don't include <sys/param.h>. We only needed it for MAXPATHLEN,
4694: MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and
4695: HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
4696: MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
4697: [f4807d46f504]
4698:
4699: * include/missing.h, plugins/sudoers/match.c,
4700: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
4701: Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN
4702: (sys/param.h or netdb.h).
4703: [2544f5e306dd]
4704:
4705: 2012-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
4706:
4707: * plugins/sudoers/logging.c:
4708: Move debug_decl() in log_failure() to be after the variable
4709: declarations for C89.
4710: [f48d2035ab44]
4711:
4712: 2012-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
4713:
4714: * common/error.c, include/error.h, plugins/sudoers/iolog.c,
4715: plugins/sudoers/logging.c, plugins/sudoers/policy.c,
4716: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
4717: Cannot wrap sigsetjmp() or we end up returning to the wrong place.
4718: Use a macro instead.
4719: [749ee6acdad8]
4720:
4721: 2012-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
4722:
4723: * plugins/sudoers/policy.c:
4724: Fix return in sudoers_policy_open that should be debug_return.
4725: [a78b795b6846]
4726:
4727: 2012-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
4728:
4729: * src/ttyname.c:
4730: Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case
4731: too.
4732: [acfa891c229e]
4733:
4734: * src/solaris.c:
4735: Quiet a gcc warning and add comment about needing to keep the handle
4736: open.
4737: [f954f228960f]
4738:
4739: 2012-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
4740:
4741: * INSTALL:
4742: mention --disable-shared
4743: [6954d39e2d0f]
4744:
4745: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
4746: doc/sudo_plugin.mdoc.in:
4747: Add missing command_info argument in I/O plugin open() prototype.
4748: Bug #579
4749: [72beb07aba0e]
4750:
4751: 2012-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
4752:
4753: * plugins/sudoers/gram.c:
4754: Regen for proper line numbers.
4755: [6cf6e132e764]
4756:
4757: * configure, configure.in:
4758: Add locale_stub.o to SUDO_OBJS, not locale_stub.lo.
4759: [d604dc8ca38a]
4760:
4761: * common/sudo_printf.c:
4762: Include missing.h for __printflike.
4763: [a33640600faf]
4764:
4765: * plugins/sudoers/iolog.c:
4766: Saner loop invariant in io_mkdirs (cosmetic only).
4767: [dc30274afe38]
4768:
4769: * MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c,
4770: configure, configure.in, include/error.h, mkdep.pl,
4771: plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
4772: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
4773: plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
4774: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
4775: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
4776: src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c,
4777: src/sesh.c:
4778: Move warn/error into common and make static builds work.
4779: [4d3f374f4e4c]
4780:
4781: * MANIFEST, common/Makefile.in, common/sudo_debug.c,
4782: common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in,
4783: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4784: plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
4785: plugins/sudoers/policy.c,
4786: plugins/sudoers/regress/check_symbols/check_symbols.c,
4787: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
4788: plugins/sudoers/regress/logging/check_wrap.c,
4789: plugins/sudoers/regress/parser/check_addr.c,
4790: plugins/sudoers/regress/parser/check_fill.c,
4791: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
4792: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
4793: src/Makefile.in, src/conversation.c, src/sesh.c:
4794: Move _sudo_printf from src/conversation.c to common/sudo_printf.c.
4795: Add sudo_printf function pointer that is initialized to
4796: _sudo_printf() instead of requiring a sudo_conv function pointer
4797: everywhere. The plugin will reset sudo_printf to point to the
4798: version passed in via the plugin open function. Now plugin_error.c
4799: can just call sudo_printf in all cases. The sudoers binaries no
4800: longer need their own version of sudo_printf.
4801: [9b09d3f63790]
4802:
4803: * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
4804: plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
4805: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
4806: Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't
4807: need error_jmp to be extern. Also add plugin_clearjmp() that clears
4808: a flag so error()/errorx() knows when to call exit() vs. longjmp().
4809: [5a4617148e70]
4810:
4811: * plugins/sudoers/set_perms.c:
4812: Let warning() call gettext() for us.
4813: [ab8d502ba4ac]
4814:
4815: * include/error.h, plugins/sudoers/plugin_error.c, src/error.c:
4816: Do locale swapping in the warning()/error() macros themselves
4817: instead of in the underlying functions.
4818: [4cd205540e17]
4819:
4820: * common/alloc.c, common/list.c, include/error.h,
4821: plugins/sudoers/env.c, plugins/sudoers/plugin_error.c,
4822: plugins/sudoers/regress/check_symbols/check_symbols.c,
4823: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
4824: src/hooks.c:
4825: Rename warning2()/error2() -> warning_nodebug()/error_nodebug().
4826: [48346393634d]
4827:
4828: * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
4829: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
4830: plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c,
4831: plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
4832: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
4833: plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
4834: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
4835: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
4836: plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c,
4837: src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
4838: src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
4839: src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
4840: Call gettext() on parameters for warning()/warningx() instead of
4841: having warning() do it for us.
4842: [c71088bc9d3e]
4843:
4844: * Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c,
4845: plugins/sudoers/gram.y, plugins/sudoers/toke.c,
4846: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
4847: Call gettext() in sudoerserror() in the user's locale and pass the
4848: untranslated string to it.
4849: [cdbfc231b848]
4850:
4851: * plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
4852: plugins/sudoers/logging.h, plugins/sudoers/sudoers.c,
4853: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
4854: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
4855: Allow sudoers programs (visudo, sudoreplay, visudo) to use
4856: plugin_error.c instead of the error.c from the front-end. This means
4857: sudoers_setlocale() needs to be independent of the sudo_user struct
4858: and the defaults table. The sudoers locale is now updated via a
4859: callback.
4860: [e356f5f8cd6a]
4861:
4862: * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
4863: plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
4864: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
4865: Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c
4866: Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers
4867: warning/error functions work when sudo_conv is NULL
4868: [7365ee24a779]
4869:
4870: * src/error.c:
4871: No need to change locale in front-end warning()/error().
4872: [23dc1df7f93b]
4873:
4874: * plugins/sudoers/tsgetgrpw.c:
4875: Ignore bad lines in passwd/group file instead if stopping processing
4876: when we hit one.
4877: [79b790559075]
4878:
4879: * plugins/sudoers/regress/testsudoers/test2.sh,
4880: plugins/sudoers/regress/testsudoers/test3.sh,
4881: plugins/sudoers/regress/testsudoers/test5.sh:
4882: Bash doesn't let you set UID to use MYUID instead.
4883: [5be56335f059]
4884:
4885: * plugins/sudoers/visudo.c:
4886: Avoid NULL deref for unknown Defaults in strict mode.
4887: [545c21c1e7d6]
4888:
4889: * common/sudo_conf.c, common/sudo_debug.c:
4890: See DEFAULT_TEXT_DOMAIN
4891: [3d723e1d27db]
4892:
4893: 2012-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
4894:
4895: * .hgignore:
4896: Add signame.c and mksigname.
4897: [d59bbf423f00]
4898:
4899: * plugins/sudoers/Makefile.in:
4900: Fold preinstall into install-plugin and pass the path to the plugin
4901: binary to the preinstall command.
4902: [2c2205af8bb7]
4903:
4904: * pp:
4905: sync with upstream
4906: [a4b7336b3256]
4907:
4908: * src/sudo.h:
4909: repair spacing
4910: [f5c1255ce514]
4911:
4912: 2012-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
4913:
4914: * common/sudo_debug.c:
4915: Set group on sudo_debug when creating it to gid 0 so systems without
4916: BSD group semantics don't get the invoking user's group.
4917: [7dda01196554]
4918:
4919: * plugins/sudoers/iolog.c:
4920: Rename mkdir_parents() io_mkdirs() and add a flag to specify whether
4921: path is a temporary, in which case the final component is created
4922: via mkdtemp() instead of mkdir().
4923: [79c0c4e7ed58]
4924:
4925: * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h:
4926: For PERM_ROOT set egid to 0 so log files are not created with the
4927: gid of the user.
4928: [5b964ea43474]
4929:
4930: * plugins/sudoers/logging.c:
4931: Add calls to set_perms(PERM_ROOT) becore logging to a file. We
4932: should already be root but since we cache the current permission
4933: status it is basically free. That way, if more of sudoers runs as
4934: non-root in the future logging will still work correctly.
4935: [c591d4973f41]
4936:
4937: * common/sudo_conf.c, config.h.in, configure, configure.in,
4938: include/gettext.h, plugins/sudoers/locale.c,
4939: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
4940: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
4941: src/error.c, src/exec.c, src/sesh.c, src/sudo.c:
4942: #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it.
4943: [41f6bb4926f4]
4944:
4945: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
4946: doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
4947: doc/sudo_plugin.mdoc.in:
4948: Mention that sudo.conf is parsed in the C locale.
4949: [f711c416e30c]
4950:
4951: * common/sudo_conf.c:
4952: Parse sudo.conf in the "C" locale.
4953: [776658f651ea]
4954:
4955: * plugins/sudoers/locale.c, plugins/sudoers/logging.h,
4956: plugins/sudoers/sudoers.h:
4957: Fix compilation on systems w/o setlocale()
4958: [6940d1c1c1ce]
4959:
4960: * doc/TROUBLESHOOTING:
4961: Sudo now includes a workaround for the Solaris 11 locale issue.
4962: [ab93787a552c]
4963:
4964: 2012-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
4965:
4966: * include/gettext.h, plugins/sudoers/iolog_path.c,
4967: plugins/sudoers/locale.c,
4968: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
4969: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
4970: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
4971: src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h:
4972: Always include locale.h from gettext.h so we no longer need to
4973: include locale.h from the .c files.
4974: [93d39182ccfa]
4975:
4976: * MANIFEST, config.h.in, configure, configure.in, mkdep.pl,
4977: plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c,
4978: src/solaris.c, src/sudo.c, src/sudo.h:
4979: Add os-specific initialization functions for solaris (workaround
4980: setuid locale problem in Solaris 11) and openbsd (set malloc_options
4981: if SUDO_DEVEL). Also move set_project() to solaris.c.
4982: [1d6581afbaf4]
4983:
4984: 2012-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
4985:
4986: * plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
4987: plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
4988: plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
4989: Avoid strerror() when possible and just rely on warning/error to
4990: handle errno in the proper locale.
4991: [bf612caae97c]
4992:
4993: * plugins/sudoers/logging.c:
4994: Set sudoers locale in log_allowed()
4995: [2dd0ac704cae]
4996:
4997: * plugins/sudoers/check.c:
4998: Make the sudo lecture translatable.
4999: [3cdfc183d72d]
5000:
5001: * Makefile.in:
5002: Add the values of badpass_message, passprompt and mailsub to
5003: sudoers.pot so they can be translated.
5004: [51cbe8adcb94]
5005:
5006: * plugins/sudoers/logging.c:
5007: Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked
5008: up by xgettext.
5009: [c5b74115caf0]
5010:
5011: 2012-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
5012:
5013: * plugins/sudoers/check.c, plugins/sudoers/prompt.c,
5014: plugins/sudoers/sudoers.h:
5015: Make expand_prompt() args const and free the prompt when we are done
5016: with it.
5017: [995ef8519fe6]
5018:
5019: * plugins/sudoers/policy.c:
5020: Fix cut and pasto
5021: [e002921c1d15]
5022:
5023: * plugins/sudoers/defaults.c, plugins/sudoers/logging.c:
5024: Expand def_mailsub in the sudoers locale, not the user's.
5025: [a4775f2fb385]
5026:
5027: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
5028: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
5029: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
5030: plugins/sudoers/env.c, plugins/sudoers/iolog.c,
5031: plugins/sudoers/locale.c, plugins/sudoers/logging.c,
5032: plugins/sudoers/logging.h, plugins/sudoers/parse.c,
5033: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
5034: plugins/sudoers/timestamp.c:
5035: Call gettext inside log_error et al instead of having the caller do
5036: it. This way we can display any messages to the user in their own
5037: locale but log in the sudoers local.
5038: [286e0444f785]
5039:
5040: * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
5041: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
5042: plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
5043: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
5044: plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
5045: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
5046: plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
5047: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
5048: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
5049: plugins/sudoers/visudo.c, src/error.c, src/exec.c,
5050: src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
5051: src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
5052: src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
5053: Display warning/error messages in the user's locale.
5054: [00a04165c0cf]
5055:
5056: * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c,
5057: plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
5058: audit_failure() now calls gettext itself using the sudoers locale.
5059: [d77f1d78799a]
5060:
5061: * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
5062: plugins/sudoers/sudoers.c:
5063: Convert setlocale() to sudoers_setlocale() in the sudoers module.
5064: This only converts existing uses, there are more places where we
5065: need to sprinkle sudoers_setlocale() calls.
5066: [8ee0cbf0d0a9]
5067:
5068: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
5069: plugins/sudoers/locale.c, plugins/sudoers/logging.h,
5070: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5071: Add simple locale switching to make it easy to switch from the
5072: user's locale to the sudoers locale without making excessive
5073: setlocale() calls when we don't need to.
5074: [5c61582fdeee]
5075:
5076: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
5077: plugins/sudoers/plugin_error.c, src/error.c:
5078: Add variants of warn/error and sudo_debug_printf that take a va_list
5079: instead of a variable number of args.
5080: [00392bdc063c]
5081:
5082: * INSTALL, doc/TROUBLESHOOTING:
5083: Document Solaris 11 locale issues and workarounds.
5084: [05f7d34af3ae]
5085:
5086: * Makefile.in, configure, configure.in:
5087: Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8
5088: locales. Make links from localdir/lang -> localdir/lang.UTF-8
5089: [5ca9326480e2]
5090:
5091: 2012-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
5092:
5093: * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
5094: plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
5095: Do not inform the user that the command was not permitted by the
5096: policy if they do not successfully authenticate. This is a
5097: regression introduced in sudo 1.8.6.
5098: [c1279df08bfb]
5099:
5100: * plugins/sudoers/Makefile.in:
5101: Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup
5102: the rpath in HP-UX SOM shared libraries for the LDAP libs.
5103: [b07185657b42]
5104:
5105: * src/parse_args.c:
5106: The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A.
5107: [22c73cbe3ff9]
5108:
5109: 2012-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
5110:
5111: * INSTALL, configure, configure.in:
5112: Allow the user to specify and alternate libtool
5113: [c9d6fc9521fd]
5114:
5115: 2012-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
5116:
5117: * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c:
5118: Allow sudo to be build with sss support without also including ldap
5119: support. From Stephane Graber.
5120: [b992a80ebea1]
5121:
5122: 2012-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
5123:
5124: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c,
5125: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
5126: plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
5127: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
5128: plugins/sudoers/visudo.c:
5129: Refactor policy plugin interface code from sudoers.c into policy.c
5130: [393e62910b8a]
5131:
5132: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
5133: Refactor command_info setting into its own function.
5134: [a952b948324c]
5135:
5136: * plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
5137: plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c,
5138: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
5139: Make interfaces pointer private to interfaces.c and add
5140: get_interfaces() accessor.
5141: [b69b9334ed3c]
5142:
5143: 2012-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
5144:
5145: * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
5146: plugins/sudoers/sudoers.h:
5147: Make user_cwd const since it is either a string literal or passed in
5148: from the front-end.
5149: [90751b81e8bc]
5150:
5151: * configure, configure.in:
5152: sudo 1.8.7
5153: [bf727adb8af0]
5154:
5155: * plugins/sudoers/sudoers.c:
5156: Avoid nested strtok() calls.
5157: [9d9f22ab52a9]
5158:
5159: 2012-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
5160:
5161: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
5162: plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h:
5163: Move expand_prompt() into its own source file for easier unit
5164: testing.
5165: [b419b48a436f]
5166:
5167: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
5168: plugins/sudoers/check.h, plugins/sudoers/sudoers.h,
5169: plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
5170: Make check.c independent of the underlying timestamp implementation.
5171: [895071bd6065]
5172:
5173: * plugins/sudoers/iolog_path.c:
5174: Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled.
5175: [8ac38f02dd6d]
5176:
5177: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
5178: Use a list for the possible values of Tag_Spec with a minimal indent
5179: to improve readability. In the pod version, these were =head3. Also
5180: use .St -p1003.1 instead of just POSIX when talking about glob() and
5181: fnmatch().
5182: [361a6f7a5c44]
5183:
5184: 2012-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
5185:
5186: * src/ttyname.c:
5187: sudo_ttyname_dev() is unused if there is no /proc or sysctl().
5188: [6598dbf81e16]
5189:
5190: * compat/mksiglist.c, compat/mksigname.c,
5191: compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c,
5192: plugins/sample_group/plugin_test.c,
5193: plugins/sudoers/regress/check_symbols/check_symbols.c,
5194: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
5195: plugins/sudoers/regress/logging/check_wrap.c,
5196: plugins/sudoers/regress/parser/check_addr.c,
5197: plugins/sudoers/regress/parser/check_fill.c,
5198: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
5199: plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c:
5200: Explicitly mark main() as public in executables to avoid an HP-UX ld
5201: warning.
5202: [72a40ce218be]
5203:
5204: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
5205: Remove grep from SEE ALSO section.
5206: [c7cafee1621f]
5207:
5208: * common/alloc.c:
5209: If vasprintf() fails, just use the errno it sets instead of assuming
5210: ENOMEM.
5211: [1be5bfdc0cab]
5212:
5213: 2012-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
5214:
5215: * doc/TROUBLESHOOTING:
5216: Mention HP-UX pam.conf settings.
5217: [8b8e745b49fd]
5218:
5219: 2012-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
5220:
5221: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
5222: plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c,
5223: plugins/sudoers/timestamp.h:
5224: Split off timestamp functions into their own source file.
5225: [d5833332511d]
5226:
5227: 2012-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
5228:
5229: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
5230: Mention how !foo is not the same as ALL,!foo
5231: [51f8e470757d]
5232:
5233: 2012-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
5234:
5235: * src/exec_pty.c:
5236: Start commands in the background when I/O logging is enabled. We
5237: can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2)
5238: which returns EINTR on signal instead of restarting automatically.
5239: [83b1d59146f7]
5240:
5241: * src/exec_pty.c:
5242: Handle SIGCONT_FG and SIGCONT_BG when converting signal number to
5243: string in deliver_signal().
5244: [2cefea7a976e]
5245:
5246: 2012-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
5247:
5248: * src/exec_pty.c:
5249: Fix running commands that need the terminal in the background when
5250: I/O logging is enabled. E.g. "sudo vi &". When the command is
5251: foregrounded, it will now resume properly.
5252: [0bc13a253429]
5253:
5254: * plugins/sudoers/match.c:
5255: Add rudimentary support for name-based matching as a compile-time
5256: option. This unsafe when used in conjunction with the '!' operator.
5257: [f93bc8e6db15]
5258:
5259: 2012-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
5260:
5261: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c,
5262: plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c:
5263: Split out implementation-specific back end code out of pwutil.c into
5264: pwutil_impl.c. This will allow the main pwutil code to be used for
5265: lookup methods other than getpw* and getgr*.
5266: [999c2dde60e4]
5267:
5268: 2012-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
5269:
5270: * NEWS, configure, configure.in:
5271: sudo 1.8.6p3
5272: [97fef3d9ed65]
5273:
5274: 2012-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
5275:
5276: * doc/fixman.sh:
5277: Don't use embedded newline when matching, use \n. This got expanded
5278: at some point. Bug #573
5279: [6652f834b8f5]
5280:
5281: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
5282: Rename yyerror() to sudoerserror() to match yacc prefix changes. Not
5283: really needed due to the #defines that yacc makes but it is less
5284: confusing this way as the lexer calls sudoerserror().
5285: [a0577be6527d]
5286:
5287: * common/alloc.c, plugins/sample_group/plugin_test.c,
5288: plugins/sudoers/env.c, plugins/sudoers/toke.c,
5289: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
5290: src/exec_common.c, src/parse_args.c, src/sudo.c:
5291: No need to translate "unable to allocate memory" when we can just
5292: use the system translation via strerror().
5293: [377499e5827c]
5294:
5295: * plugins/sudoers/sudoreplay.c:
5296: Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not
5297: all file systems support d_type. Bug #572
5298: [8b861c62945f]
5299:
5300: * plugins/sudoers/sudoreplay.c:
5301: Avoid calling fclose(NULL) in the error path when we cannot open an
5302: I/O log file.
5303: [9401d5c4bb05]
5304:
5305: 2012-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
5306:
5307: * NEWS, configure, configure.in:
5308: Sudo 1.8.6p2
5309: [6e32496280f2]
5310:
5311: * src/exec.c:
5312: When setting the signal handler for SIGTSTP to the default value in
5313: non-I/O log mode, store the old handler value for when we restore it
5314: after resume.
5315: [242628694e42]
5316:
5317: * plugins/sudoers/env.c:
5318: Replace the guts of sudo_setenv_nodebug() with our old setenv.c
5319: which supports non-standard BSD and glibc semantics. sudo_setenv()
5320: now simply calls sudo_setenv2().
5321: [57ffb6c9efaa]
5322:
5323: 2012-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
5324:
5325: * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
5326: doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in:
5327: Document non-Unix group support in LDAP sudoers.
5328: [33c89f3aeee6]
5329:
5330: * plugins/sudoers/ldap.c:
5331: Enable non-Unix group support for LDAP sudoers. We now check for
5332: non-Unix groups and netgroups with the same query in the second
5333: pass. Bug #571
5334: [eb98fdff54d9]
5335:
5336: 2012-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
5337:
5338: * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
5339: plugins/sudoers/gram.h, plugins/sudoers/parse.c,
5340: plugins/sudoers/regress/parser/check_fill.c,
5341: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
5342: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
5343: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
5344: plugins/sudoers/visudo.c:
5345: Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers.
5346: [cb6c0d93215e]
5347:
5348: 2012-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
5349:
5350: * NEWS:
5351: Mention support for SUCCESS=return in /etc/nsswitch.conf
5352: [ef1f35aa0863]
5353:
5354: * NEWS, configure, configure.in:
5355: sudo 1.8.6p1
5356: [73a5e1f004b3]
5357:
5358: 2012-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
5359:
5360: * plugins/sudoers/env.c:
5361: Avoid setting LOGNAME, USER and USERNAME variables twice when
5362: set_logname is enabled.
5363: [0de4f5fbd1d4]
5364:
5365: * plugins/sudoers/env.c:
5366: Fix duplicate detection in sudo_putenv(), do not prune out the
5367: variable we just set when overwriting an existing instance. Fixes
5368: bug #570
5369: [854ee714c831]
5370:
5371: * plugins/sudoers/env.c:
5372: Add some debuggging
5373: [a25cd3305823]
5374:
5375: 2012-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
5376:
5377: * plugins/sudoers/sudo_nss.c:
5378: Disable word wrap in list mode when stdout is a pipe to make "sudo
5379: -l | grep ..." more useful. Adapted from a diff by Daniel Kopecek.
5380: [65ade04511fd]
5381:
5382: * common/lbuf.c:
5383: Print a trailing newline in lbuf_print() when there is not enough
5384: space to do word wrapping and the lbuf does not end with a newline.
5385: [c0200e19cd09]
5386:
5387: * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
5388: Add support for [SUCCESS=return] in nsswitch.conf; from Daniel
5389: Kopecek
5390: [5c480316e3ce]
5391:
5392: * MANIFEST:
5393: Add sssd.c
5394: [9cadd014ef97]
5395:
5396: 2012-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
5397:
5398: * plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo,
5399: plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo,
5400: plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo,
5401: src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo:
5402: regen .po files
5403: [62423d4d143d]
5404:
5405: * MANIFEST, plugins/sudoers/po/vi.mo:
5406: Add Vietnamese sudoers translation from translationproject.org
5407: [33666a605525]
5408:
5409: * NEWS:
5410: mention PIE
5411: [05032e5304c6]
5412:
5413: * MANIFEST, plugins/sudoers/po/vi.po:
5414: Add Vietnamese sudoers translation from translationproject.org
5415: [015c2204bae2]
5416:
5417: 2012-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
5418:
5419: * Makefile.in, compat/Makefile.in, mkdep.pl:
5420: Add missing signame dependency
5421: [e493bfb01929]
5422:
5423: * src/exec.c, src/ttyname.c:
5424: Silence compiler warnings.
5425: [1c5374b66d9b]
5426:
5427: * MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c,
5428: config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
5429: src/exec.c, src/exec_pty.c:
5430: Replace strsigname() with sig2str(), emulating it as needed.
5431: [1e348cca1fa6]
5432:
5433: * config.h.in, configure, configure.in, src/utmp.c:
5434: Use fseeko() for legacy utmp handling if available.
5435: [b4bbd8d2c0e9]
5436:
5437: 2012-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
5438:
5439: * compat/strsigname.c, config.h.in, configure, configure.in:
5440: Detect sys_sigabbrev[] and use it in place of sys_signame[] if
5441: present. For some reason glibc does not declare sys_sigabbrev so we
5442: must add an extern definition of our own.
5443: [b38f3fbd7078]
5444:
5445: * compat/strsignal.c, compat/strsigname.c:
5446: Handle NULL entries in sys_siglist and sys_signame.
5447: [a388959d9654]
5448:
5449: * compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c,
5450: compat/mksigname.h, compat/strsignal.c, compat/strsigname.c:
5451: Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name}
5452: [711e41aba59a]
5453:
5454: 2012-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
5455:
5456: * NEWS:
5457: sync
5458: [5a2522488754]
5459:
5460: * src/exec.c:
5461: Pass on SIGTSTP to the command if it was sent by a user process (not
5462: the kernel or the terminal) when we are not I/O logging and set the
5463: default SIGTSTP handler when we re-send the signal to ourself,
5464: restoring our handler after we resume.
5465: [4259c47e31c0]
5466:
5467: * src/exec.c:
5468: Shells typically change their process group when they start up so
5469: that they can implement job control. Most well-behaved shells change
5470: the pgrp back to its original value before suspending so we must not
5471: try to restore in that case, lest we race with the child upon
5472: resume, potentially stopping sudo with SIGTTOU while the command
5473: continues to run. Some shells, such as pdksh, just suspend the shell
5474: by sending SIGSTOP to themselves without restoring the pgrp. In this
5475: case we need to change the pgrp back for them. Should fix bug #568
5476: [6ac6751ffd17]
5477:
5478: 2012-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
5479:
5480: * MANIFEST, compat/Makefile.in, compat/mksigname.c,
5481: compat/mksigname.h, compat/strsignal.c, compat/strsigname.c,
5482: config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
5483: src/exec.c, src/exec_pty.c:
5484: Use strsigname() to print signal names in the debug output. If the
5485: system has no strsigname(), use our own.
5486: [0735f18906b9]
5487:
5488: 2012-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
5489:
5490: * plugins/sudoers/regress/testsudoers/test5.inc,
5491: plugins/sudoers/regress/testsudoers/test5.sh:
5492: Remove generated file and change path for temporary include file.
5493: [4e9fa830c6b5]
5494:
5495: * plugins/sudoers/Makefile.in:
5496: When running regress tests, list pass/fail rate for each dir
5497: (testsudoers and visudo) instead of the total. Also prevent the
5498: result files from clobbering each other by keeping them in the
5499: relevant directories.
5500: [6aac53baff7d]
5501:
5502: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5503: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5504: Don't print an error message in yyerror() if open_sudoers() fails,
5505: we've already printed an error message. Also restore the check for
5506: sudoers_warnings in yyerror().
5507: [aa6036df5fb2]
5508:
5509: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5510: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
5511: plugins/sudoers/toke.l:
5512: Avoid printing the >>> parse error <<< message for testsudoers when
5513: the -t flag is specified.
5514: [76f3433c8992]
5515:
5516: 2012-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
5517:
5518: * plugins/sudoers/parse.c:
5519: Fix NULL deref when an entry has no Runas_Entry
5520: [4b14983ff6e7]
5521:
5522: * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
5523: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
5524: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
5525: src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po,
5526: src/po/zh_CN.mo, src/po/zh_CN.po:
5527: sync with translationproject.org
5528: [440e9c9b37de]
5529:
5530: * NEWS:
5531: sync
5532: [3142ba2dce60]
5533:
5534: * plugins/sudoers/check.c:
5535: Correct the check_user() comment header.
5536: [73da30308fff]
5537:
5538: * plugins/sudoers/auth/sudo_auth.c:
5539: Change a log_fatal() into log_error() when no auth methods are
5540: configured. The caller already checks the return value.
5541: [05f5c39793a7]
5542:
5543: * plugins/sudoers/logging.c:
5544: Add missing debug_return
5545: [3a76bb7c2fe7]
5546:
5547: 2012-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
5548:
5549: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
5550: doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
5551: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
5552: doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
5553: doc/sudoers.man.in, doc/sudoers.mdoc.in:
5554: Make the capitalization consistent for .Ss and .Sx
5555: [5c5735ee4b2f]
5556:
5557: * doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat,
5558: doc/sudo.man.in, doc/sudo.mdoc.in:
5559: Add COMMAND EXECUTION section that describes how sudo runs the
5560: command, the extra sudo processes and signal handling.
5561: [dff2d88e984e]
5562:
5563: 2012-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
5564:
5565: * Makefile.in:
5566: Happy Easter
5567: [4b9d697c6b83]
5568:
5569: 2012-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
5570:
5571: * compat/Makefile.in:
5572: Don't echo the awk command when building siglist.in
5573: [21daa72921e6]
5574:
5575: * doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
5576: doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
5577: Cosmetic changes.
5578: [19259528e9ad]
5579:
5580: * doc/Makefile.in:
5581: The HISTORY, LICENSE and CONTRIBUTORS files are not longer
5582: generated.
5583: [ea6ac9e981e6]
5584:
5585: * MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po,
5586: plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo,
5587: plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po,
5588: plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po,
5589: src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po,
5590: src/po/uk.po, src/po/vi.po:
5591: Sync with translationproject.org and add Italian sudoers
5592: translation.
5593: [9276740aea59]
5594:
5595: 2012-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
5596:
5597: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
5598: Expand description of fqdn to talk about systems where the hosts
5599: file is searched before DNS.
5600: [4ee812ca6116]
5601:
5602: 2012-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
5603:
5604: * doc/Makefile.in:
5605: For cat pages there is nothing to make unless DEVEL is set.
5606: [fab4a5b68708]
5607:
5608: * configure, configure.in, doc/Makefile.in:
5609: Always use mandoc to format cat pages and remove now-extraneous
5610: nroff configure tests.
5611: [5747f4ed5762]
5612:
5613: * pp:
5614: sync polypkg from git
5615: [89ddf6ea3e3f]
5616:
5617: * plugins/sudoers/sudoers.c:
5618: Use AI_FQDN instead of AI_CANONNAME if available since "canonical"
5619: is not always the same as "fully qualified".
5620: [7c1d9c098386]
5621:
5622: 2012-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
5623:
5624: * doc/sudoers.mdoc.in:
5625: Fix some typos. Describe error messages not related to policy
5626: permissions.
5627: [f5ebf9030d85]
5628:
5629: * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
5630: plugins/sudoers/visudo.c:
5631: Add new check_defaults() function to check (but not update) the
5632: Defaults entries. Visudo can now use this instead of update_defaults
5633: to check all the defaults regardless instead of just the global
5634: Defaults entries.
5635: [3fa879ce1b65]
5636:
5637: 2012-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
5638:
5639: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
5640: Document sudoers log format.
5641: [08998a7061ab]
5642:
5643: * NEWS:
5644: Update for sudo 1.8.5p3
5645: [6e102a5d4e8d]
5646:
5647: * src/load_plugins.c:
5648: Add missing check for I/O plugin API version when checking for the
5649: presence of I/O plugin hooks.
5650: [ef05c7eeaf81]
5651:
5652: * src/hooks.c:
5653: Can't call debug code in the process_hooks_xxx functions() since
5654: ctime() may look up the timezone via the TZ environment variable.
5655: [2179fb26bd8e]
5656:
5657: 2012-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
5658:
5659: * src/exec_common.c, src/sesh.c, src/utmp.c:
5660: Include signal.h before sudo_exec.h since it uses sigset_t * in the
5661: fork_pty prototype.
5662: [94fc0d859600]
5663:
5664: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
5665: doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
5666: doc/visudo.man.in, doc/visudo.mdoc.in:
5667: Remove OPTIONS section; options now go inside DESCRIPTION
5668: [a619fc58a746]
5669:
5670: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
5671: regen
5672: [44719d80bc06]
5673:
5674: * MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
5675: plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
5676: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
5677: plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
5678: plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
5679: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
5680: plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
5681: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
5682: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
5683: src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po,
5684: src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po:
5685: Sync with translationproject.org and add new Slovenian translation.
5686: [34b4b966bbac]
5687:
5688: * common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
5689: plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c,
5690: plugins/sudoers/testsudoers.c:
5691: Reduce the number of "internal error, foo overflow" messages that
5692: need to be translated.
5693: [93ffa2b3d53f]
5694:
5695: * NEWS:
5696: Mention HP-UX reboot fix.
5697: [1e39b5aa32ac]
5698:
5699: * INSTALL, NEWS, common/sudo_debug.c, configure, configure.in,
5700: doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in,
5701: plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c,
5702: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
5703: Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers
5704: data source. From Daniel Kopecek and Pavel Brezina.
5705: [3f85e95d6928]
5706:
5707: 2012-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
5708:
5709: * common/sudo_conf.c, src/load_plugins.c:
5710: If sudo.conf contains an I/O plugin but no policy plugin, use
5711: sudoers for the policy plugin. If a policy plugin is specified
5712: without an I/O plugin, only the policy plugin will be loaded.
5713: [ea192df2439d]
5714:
5715: * doc/Makefile.in, doc/sudoers.man.in:
5716: Do not modify the .Os section when building the .man.in file from
5717: .mdoc.in.
5718: [a9f9628e147f]
5719:
5720: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
5721: Add a note about wildcards matching multiple words and include an
5722: example. Also mention that for sudoedit, a wildcard in command line
5723: args does not match a slash.
5724: [fcb9fbac14e0]
5725:
5726: 2012-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
5727:
5728: * src/exec_pty.c, src/sudo_exec.h:
5729: Fix a comment, update a variable name in a prototype; all cosmetic.
5730: [e89f10cbd6e1]
5731:
5732: * plugins/sudoers/iolog.c:
5733: Cast 2nd argument of lseek() to off_t if it is a constant for
5734: systems with 64-bit off_t but without a proper lseek() prototype.
5735: [d8779da135d0]
5736:
5737: * compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
5738: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5739: plugins/sudoers/visudo.c:
5740: Fix some warnings from clang checker-267
5741: [1e44ef7860b5]
5742:
5743: * plugins/sample/sample_plugin.c:
5744: Fix memory leak found by clang checker-267
5745: [f8a43617fdfb]
5746:
5747: 2012-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
5748:
5749: * src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h:
5750: If we receive a signal from the command we executed, do not forward
5751: it back to the command. This fixes a problem with BSD-derived
5752: versions of the reboot command which send SIGTERM to all other
5753: processes, including the sudo process. Sudo would then deliver
5754: SIGTERM to reboot which would die before calling the reboot() system
5755: call, effectively leaving the system in single user mode.
5756: [4ffab9ab9e98]
5757:
5758: 2012-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
5759:
5760: * doc/fixman.sh, doc/fixmdoc.sh:
5761: Remove section about Solaris 10 on other systems. Add missing
5762: sudoers.man.in bit to fixman.sh.
5763: [176559199ba7]
5764:
5765: 2012-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
5766:
5767: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
5768: Expand section on Solaris privileges.
5769: [3a1bfa2f1743]
5770:
5771: * NEWS:
5772: Expand a bit on the Solaris priv set changes.
5773: [bffb78b4a520]
5774:
5775: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5776: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
5777: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
5778: The second argument to init_parser() is now bool.
5779: [fb727a4fb651]
5780:
5781: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
5782: Fix printing of parse error message to stderr.
5783: [dea6b420b84f]
5784:
5785: * plugins/sudoers/check.c, plugins/sudoers/defaults.c,
5786: plugins/sudoers/match.c, plugins/sudoers/parse.c,
5787: plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
5788: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
5789: If a command matches using an empty Runas_List (i.e. Runas_List is
5790: present but empty) and the -u option was not specified, set runas_pw
5791: to user_pw instead of using runas_default. This is intended to be
5792: used in conjunction with the Solaris Privilege Set support for rules
5793: that grant privileges without changing the user.
5794: [e84a081f3c11]
5795:
5796: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
5797: plugins/sudoers/gram.c, plugins/sudoers/gram.h,
5798: plugins/sudoers/gram.y, plugins/sudoers/match.c,
5799: plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h:
5800: Add support for parsing an empty Runas_List, which only allows the
5801: command to be run as the invoking user. This can be used in
5802: conjunction with the Solaris Privilege Set support to grant
5803: privileges without changing the user.
5804: [dc34373792fc]
5805:
5806: 2012-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
5807:
5808: * doc/fixman.sh:
5809: Fix HP-UX, just use ".TH name section" like the vendor manuals.
5810: [559738237c92]
5811:
5812: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5813: Fix compilation on Solaris
5814: [2d310302207c]
5815:
5816: * .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh,
5817: doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh,
5818: doc/sudoers.mdoc.sh:
5819: Generate a sed script file when munging *.mdoc or *.man instead of
5820: passing sed expressions on the command line. Older seds do not
5821: support \n in a replacement so generate and run a sed script
5822: instead.
5823: [0bcce3f1ca18]
5824:
5825: * doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in,
5826: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in,
5827: doc/visudo.man.in:
5828: Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION"
5829: [fe0f10b63776]
5830:
5831: 2012-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
5832:
5833: * src/exec.c:
5834: When checking whether a signal is user-generated, compare si_code
5835: against SI_USER instead of <= 0 since on HP-UX, terminal-related
5836: signals get a code of 0.
5837: [4e9021243343]
5838:
5839: * src/sudo.c:
5840: SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX
5841: interchangably. This causes problems when setting RLIMIT_NPROC to
5842: RLIM_INFINITY due to a bug in bash where bash tries to honor the
5843: value of _SC_CHILD_MAX but treats a value of -1 as an error, and
5844: uses a default value of 32 instead.
5845:
5846: Previously, we just checked RLIMIT_NPROC and, if it was unlimited,
5847: restored the previous value of RLIMIT_NPROC. However, that makes it
5848: impossible to set nproc to unlimited. We now only restore the nproc
5849: resource limit if sysconf(_SC_CHILD_MAX) is negative. In most cases,
5850: pam_limits will set RLIMIT_NPROC for us.
5851: [cb71cc8d0b08]
5852:
5853: 2012-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
5854:
5855: * plugins/sudoers/ldap.c:
5856: Active Directory apparently requires that tenths of a second be
5857: present in a date so append .0 to the "now" value in the time
5858: filter. Also remove space for the global AND from TIMEFILTER_LENGTH
5859: since it was not being used consistently. Buffers of
5860: TIMEFILTER_LENGTH now need to account for the terminating NUL byte.
5861: [d28619ff6e45]
5862:
5863: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5864: Fix SELinux build
5865: [cc0d1f4e851b]
5866:
5867: 2012-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
5868:
5869: * MANIFEST:
5870: Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
5871: were not being kept in sync.
5872: [fc3ad1847cb1]
5873:
5874: * doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod,
5875: doc/license.pod:
5876: Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
5877: were not being kept in sync.
5878: [950363dffe3a]
5879:
5880: 2012-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
5881:
5882: * plugins/sudoers/logging.c:
5883: Fix printing of the permission denied message to standard error when
5884: a user is not allowed to run a command. This got broken by the
5885: recent logging changes.
5886: [b7af63da3ca1]
5887:
5888: * plugins/sudoers/sudoers_version.h:
5889: Bump grammar version for Solaris privs.
5890: [2a2baf024477]
5891:
5892: * doc/schema.ActiveDirectory:
5893: Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder
5894: were added. From David Hicks.
5895: [3fc432a8edb4]
5896:
5897: 2012-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
5898:
5899: * plugins/sudoers/Makefile.in:
5900: Remove lex.yy.c when building toke.c
5901: [72bb9e62b289]
5902:
5903: * doc/Makefile.in:
5904: Fix building docs in a build dir.
5905: [7a6f435af022]
5906:
5907: * doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod,
5908: doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod,
5909: doc/sudoreplay.pod, doc/visudo.pod:
5910: Remove pod versions of the manual; we now use mdoc.
5911: [5c967d2dd5db]
5912:
5913: * MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh,
5914: doc/sudoers.man.sh, doc/sudoers.mdoc.sh:
5915: Add post-processing scripts to strip out login class, BSD auth,
5916: SELinux and privilege set bits when they are not supported.
5917: [d0d51f72f597]
5918:
5919: * NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in,
5920: doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in,
5921: doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod,
5922: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
5923: plugins/sudoers/def_data.in, plugins/sudoers/gram.c,
5924: plugins/sudoers/gram.h, plugins/sudoers/gram.y,
5925: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
5926: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5927: plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
5928: plugins/sudoers/toke.l, src/sudo.c, src/sudo.h:
5929: Merge in Solaris privilege support by Darren Moffat and John
5930: Zolnowsky
5931: [3aa0a64f2f5c]
5932:
5933: 2012-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
5934:
5935: * doc/contributors.pod:
5936: Sync with CONTRIBUTORS file
5937: [9a0852306ad9]
5938:
5939: * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
5940: doc/sudoers.man.in, doc/sudoreplay.man.in:
5941: Regen .man.in files with my private mandoc.
5942: [dc3c9fc449eb]
5943:
5944: * doc/Makefile.in:
5945: add MANDOC variable
5946: [35527e66afc5]
5947:
5948: 2012-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
5949:
5950: * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
5951: doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in:
5952: Regen .man.in files with hacked mandoc to avoid issues with historic
5953: nroff.
5954: [d45cfa7d665f]
5955:
5956: 2012-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
5957:
5958: * doc/sudo.mdoc.in, doc/sudoers.mdoc.in:
5959: Fix groff warnings.
5960: [111d522ca807]
5961:
5962: * doc/Makefile.in:
5963: Fix dependencies for .man.in files.
5964: [aefeffe1af2b]
5965:
5966: * .hgignore:
5967: Add doc/*.mdoc to ignore file
5968: [1e4de6ef2ad8]
5969:
5970: * INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in,
5971: doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
5972: doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
5973: doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
5974: doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
5975: doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
5976: doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
5977: doc/visudo.man.in, doc/visudo.mdoc.in:
5978: Build .man.in and .cat files from .mdoc.in files. Add new --with-man
5979: and --with-mdoc configure options.
5980: [c963fd7e8f80]
5981:
5982: 2012-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
5983:
5984: * doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in,
5985: doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
5986: Sudo manuals formatted in mdoc, to replace the pod versions.
5987: [e6dca4030451]
5988:
5989: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5990: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
5991: doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod,
5992: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
5993: doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod:
5994: More minor costmetic fixes.
5995: [a7287a68385a]
5996:
5997: 2012-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
5998:
5999: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
6000: Minor cosmetic fixes.
6001: [9c48bdaf3946]
6002:
6003: 2012-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
6004:
6005: * plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot:
6006: Use "a password is required" instead of "password required" when the
6007: -n flag is used and we need to read a password.
6008: [a3c30fc41648]
6009:
6010: 2012-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
6011:
6012: * NEWS:
6013: Mention logging changes.
6014: [8238fd6e02e8]
6015:
6016: * plugins/sudoers/po/sudoers.pot:
6017: regen
6018: [e2cf634ba63b]
6019:
6020: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6021: Document that other mail_* flags have precedence over mail_badpass.
6022: [9f4cc9188f40]
6023:
6024: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
6025: plugins/sudoers/logging.c, plugins/sudoers/logging.h,
6026: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
6027: Move log_denial() calls and logic to log_failure(). Move
6028: authentication failure logging to log_auth_failure(). Both of these
6029: call audit_failure() for us.
6030:
6031: This subtly changes logging for commands that are denied by sudoers
6032: but where the user failed to enter the correct password. Previously,
6033: these would be logged as "N incorrect password attempts" but now are
6034: logged as "command not allowed". Fixes bug #563
6035: [cad35f0b3ad7]
6036:
6037: 2012-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
6038:
6039: * common/aix.c:
6040: Do not set a resource limit to zero when we are unable to fetch a
6041: value from /etc/security/limits.
6042: [62bfb0a7895e]
6043:
6044: 2012-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
6045:
6046: * sudo.pp:
6047: Add "Provides: sudo" to debian sudo-ldap package
6048: [beb8afa0beb2]
6049:
6050: 2012-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
6051:
6052: * configure, configure.in, zlib/Makefile.in:
6053: Define NO_VIZ for zlib when gcc doesn't support symbol visibility
6054: attributes.
6055: [9fdcbf526386]
6056:
6057: * configure, configure.in:
6058: Use the autoconf cache when checking for symbol export control
6059: support.
6060: [03c2cce8711f]
6061:
6062: * INSTALL, common/Makefile.in, compat/Makefile.in, configure,
6063: configure.in, mkpkg, plugins/sample/Makefile.in,
6064: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6065: plugins/system_group/Makefile.in, src/Makefile.in:
6066: Add configure check for building PIE executables instead of doing it
6067: in mkpkg.
6068: [02b5b78ef258]
6069:
6070: * sudo.pp:
6071: MacOS pp backend doesn't like modes longer than 4 characters.
6072: [01b49022bf01]
6073:
6074: 2012-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
6075:
6076: * configure, configure.in:
6077: Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding
6078: -fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool
6079: will strip -fstack-protector from the linker flags and we always
6080: link with libtool.
6081: [0a0a0250ac2b]
6082:
6083: 2012-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
6084:
6085: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
6086: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
6087: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
6088: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
6089: Regen for sudo 1.8.6
6090: [1657ee28b496]
6091:
6092: * NEWS, doc/sudoers.ldap.pod:
6093: Document improved Tivoli Directory Server support.
6094: [fb411edf4687]
6095:
6096: * config.h.in, configure, configure.in, plugins/sudoers/ldap.c:
6097: Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf
6098: option to specify Tivoli key db password. Allow TLS ciphers to be
6099: configured for Tivoli.
6100: [737e17c91e60]
6101:
6102: 2012-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
6103:
6104: * plugins/sudoers/ldap.c:
6105: Tivoli Directory Server 6.3 libs always return a (bogus) error when
6106: setting LDAP_OPT_CONNECT_TIMEOUT.
6107: [504406637c38]
6108:
6109: * NEWS:
6110: Update
6111: [687a755604e8]
6112:
6113: * plugins/sudoers/ldap.c:
6114: Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the
6115: same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a
6116: set an ldap option fatal.
6117: [17cf93ae3304]
6118:
6119: 2012-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
6120:
6121: * plugins/sudoers/sudoers.c:
6122: Zero pointers in sudo_user struct after freeing, just in case.
6123: [8eff1f80b943]
6124:
6125: * plugins/sudoers/sudoers.c:
6126: Free user_gids in close function if it has not already been freed.
6127: [cbce28877f37]
6128:
6129: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
6130: plugins/sudoers/sudoers.h:
6131: Defer group ID to name resolution until we actually need it.
6132: [463e75b81e89]
6133:
6134: * src/sudo.c:
6135: It is safe to read in sudo.conf before calling user_info().
6136: [3290b6434e3c]
6137:
6138: * plugins/sudoers/env.c, plugins/sudoers/ldap.c:
6139: Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to
6140: prevent potential truncation. Bug #562.
6141: [29d9fc4e0c4e]
6142:
6143: 2012-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
6144:
6145: * sudo.pp:
6146: If installing with installp, error out if there is already an
6147: instance of the rpm package installed.
6148: [ec24c6faba22]
6149:
6150: * mkpkg:
6151: Add --disable-nls for AIX
6152: [192ac2f7d65e]
6153:
6154: 2012-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
6155:
6156: * sudo.pp:
6157: Debian sudo-ldap packages should now depend on libldap-2.4-2, not
6158: libldap2.
6159: [cbcec71e6b58]
6160:
6161: 2012-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
6162:
6163: * sudo.pp:
6164: Add Homepage and Bugs to debian control file.
6165: [0f19d7d14e66]
6166:
6167: 2012-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
6168:
6169: * mkpkg:
6170: fix typo when setting aix_freeware
6171: [2fd6feb50195]
6172:
6173: * common/Makefile.in, compat/Makefile.in, configure, configure.in,
6174: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
6175: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6176: plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in:
6177: Don't run regress tests or sudoers sanity check (using the newly-
6178: built visudo) when cross compiling. Bug #560
6179: [0c4e3f68b2f5]
6180:
6181: * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
6182: plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map,
6183: plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in,
6184: plugins/sample_group/sample_group.exp,
6185: plugins/sample_group/sample_group.map,
6186: plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
6187: plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map,
6188: plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in,
6189: plugins/system_group/system_group.exp,
6190: plugins/system_group/system_group.map,
6191: plugins/system_group/system_group.sym:
6192: Rename foo.sym -> foo.exp Remove foo.map from the repo and generate
6193: it on demand Use a loader option file for HP-UX ld to explicitly
6194: export symbols
6195: [2402ff5302ab]
6196:
6197: * src/Makefile.in:
6198: Remove extraneous backslash
6199: [8ca054de138c]
6200:
6201: * plugins/sudoers/regress/check_symbols/check_symbols.c:
6202: Don't check for errorx as an exported symbols as it is now a macro.
6203: Check for user_in_group() instead.
6204: [7b02c8ecd3ea]
6205:
6206: 2012-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
6207:
6208: * configure, configure.in:
6209: Adjust ld map file support to use an anonymous scope to match the
6210: updated .map files.
6211: [49be44282d9e]
6212:
6213: 2012-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
6214:
6215: * config.h.in, configure, configure.in, include/gettext.h:
6216: Older versions of Solaris lack ngettext()
6217: [028af10dfa5f]
6218:
6219: * configure, configure.in:
6220: Move the check for -static-libgcc until after AC_LANG_WERROR has
6221: been called and use AX_CHECK_COMPILE_FLAG().
6222: [a7b09120e7ff]
6223:
6224: * include/gettext.h:
6225: Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H
6226: [3aa2780d4a4e]
6227:
6228: * include/error.h, include/sudo_debug.h:
6229: Fix gcc 2.x variant macro support.
6230: [8e71c2370997]
6231:
6232: * plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c:
6233: Fix compilation on gcc 2.95 and other compilers that only allow
6234: variable declarations at the beginning of a block.
6235: [9d80c802bb46]
6236:
6237: * configure, configure.in, plugins/sudoers/Makefile.in:
6238: Link check_symbols with SUDO_LIBS to make sure we link with the
6239: requisite libraries to successfully dlopen sudoers.so. This is
6240: needed on HP-UX where a program dlopen()ing a shared object that
6241: uses pthreads must also be linked with pthreads (and HP-UX LDAP uses
6242: pthreads).
6243: [b8961cd82337]
6244:
6245: * plugins/sudoers/regress/check_symbols/check_symbols.c:
6246: Add check for exported local symbols. This will cause a "make check"
6247: failure on systems where we don't support symbol hiding.
6248: [8aa549389bb1]
6249:
6250: * configure, configure.in:
6251: Additional ${foo} -> $(foo) Makefile tweaks.
6252: [046bbde18f52]
6253:
6254: * plugins/sample/sample_plugin.map,
6255: plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map,
6256: plugins/system_group/system_group.map:
6257: No need to provide a name for the scope in the map file since we
6258: don't use the it for versioning.
6259: [5ed4b997560d]
6260:
6261: 2012-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
6262:
6263: * MANIFEST, plugins/sudoers/Makefile.in,
6264: plugins/sudoers/regress/check_symbols/check_symbols.c:
6265: Add regress test for symbol visibility.
6266: [9adddd4e0518]
6267:
6268: 2012-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
6269:
6270: * NEWS, configure, configure.in:
6271: sudo 1.8.6
6272: [57008a7afb77]
6273:
6274: * configure, configure.in, include/missing.h:
6275: Add support for controlling symbol visibility using the HP and
6276: Solaris C compilers.
6277: [46d5b468979e]
6278:
6279: * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
6280: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
6281: plugins/sudoers/sudoers.h:
6282: Use the expanded io log dir when updating the sequence number.
6283: Includes a workaround for older versions of sudo where the sequence
6284: number was stored in the unexpanded io log dir.
6285: [210797dab9a8]
6286:
6287: 2012-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
6288:
6289: * src/parse_args.c:
6290: Simplify "sudo -s" argv rewriting.
6291: [7be143dae7c5]
6292:
6293: * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
6294: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6295: plugins/system_group/Makefile.in, src/Makefile.in,
6296: src/sudo_noexec.map:
6297: Don't use a map file for sudo_noexec.so since Solaris ld doesn't
6298: allow '*' in the global section. The libtool export flag is now
6299: added to LT_LDFLAGS instead of commenting/uncommenting lines.
6300: [38fc37a66b04]
6301:
6302: 2012-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
6303:
6304: * config.h.in, configure, configure.in, include/missing.h:
6305: The visibility attribute was actually added in gcc 3.3.x, not 4.0.
6306: Just assume that if -fvisibility=hidden works that the attribute is
6307: usable.
6308: [d3904d6faf14]
6309:
6310: * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
6311: plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
6312: plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
6313: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
6314: plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map,
6315: plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c,
6316: plugins/system_group/system_group.c:
6317: Export group cache from sudoers.so for system_group.so to use.
6318: [16695d207fc5]
6319:
6320: * MANIFEST, configure, configure.in, include/missing.h,
6321: plugins/sample/Makefile.in, plugins/sample/sample_plugin.map,
6322: plugins/sample_group/Makefile.in,
6323: plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in,
6324: plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
6325: plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in,
6326: plugins/system_group/system_group.map, src/sudo_noexec.c,
6327: src/sudo_noexec.map:
6328: Use gcc's visibility attribute to specify when symbols are visible
6329: or hidden, if available. If not available, use an ELF version script
6330: if it is supported. If all else fails, fall back to using libtool's
6331: -export-symbols.
6332: [64e889921727]
6333:
6334: 2012-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
6335:
6336: * sudo.pp:
6337: Add mode for installed locale files but leave the directories with
6338: default mode and owner.
6339: [142237dbb31f]
6340:
6341: 2012-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
6342:
6343: * mkpkg, sudo.pp:
6344: Install AIX packages under /opt/freeware with links in /usr/bin and
6345: /usr/sbin. This matches the layout of the sudo package from AIX
6346: freeware.
6347: [0b79d47bbe01]
6348:
6349: * Makefile.in, configure, configure.in, plugins/sample/Makefile.in,
6350: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6351: plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp:
6352: Install shared objects with mode 0644 except on HP-UX which needs
6353: the executable bit set.
6354: [ae416af0ba6c]
6355:
6356: * Makefile.in, doc/Makefile.in, include/Makefile.in,
6357: plugins/sudoers/Makefile.in, src/Makefile.in:
6358: Make installed file modes consistent with the file modes in the sudo
6359: package.
6360: [307386373289]
6361:
6362: 2012-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
6363:
6364: * doc/sudoers.pod:
6365: Add "%:" prefix when talking about QAS non-Unix group support.
6366: [7cb25f6861f8]
6367:
6368: * pp, sudo.pp:
6369: Fix packaging of symbolic links on HP-UX when the link source
6370: already exists in the filesystem.
6371: [c9bb48031596]
6372:
6373: * mkpkg:
6374: Only specify prefix if we are overriding the default value. Fixes
6375: the man dir (/usr/local/man vs. /usr/local/share/man).
6376: [65351b6c1697]
6377:
6378: * sudo.pp:
6379: Fix setting of sudoedit_man variable.
6380: [9beed9ae5bba]
6381:
6382: * doc/Makefile.in:
6383: Echo the command when linking the sudoedit manual.
6384: [6c83b5657b55]
6385:
6386: 2012-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
6387:
6388: * mkpkg, sudo.pp:
6389: Build .deb packages with selinux support.
6390: [3fd9cb1b4526]
6391:
6392: 2012-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
6393:
6394: * sudo.pp:
6395: Don't list paths for unstripped binaries in the lintial overrides.
6396: [4c8e16f1773b]
6397:
6398: * pp:
6399: Add support for Installed-Size header in control file, required by
6400: newer debian versions.
6401: [e97d76234bee]
6402:
6403: * pp:
6404: Fix extended description in .deb files.
6405: [d35e27ace146]
6406:
6407: * sudo.pp:
6408: Add Depends, Replaces and Conflicts headers for .deb packages.
6409: [76eb6c4b3278]
6410:
6411: 2012-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
6412:
6413: * plugins/sudoers/sudo_nss.c:
6414: If there are no privs to print, write the message to the lbuf
6415: instead of printing it directly.
6416: [ecd56226abb7]
6417:
6418: 2012-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
6419:
6420: * sudo.pp:
6421: Set -e in %pos and %preun for debian to quiet a lintian warning.
6422: [8bb908514df9]
6423:
6424: * doc/Makefile.in, src/Makefile.in, sudo.pp:
6425: Install sudoedit and the sudoedit manual as symbolic links, not hard
6426: links and package them as such.
6427: [f317ff3cf3e7]
6428:
6429: * sudo.pp:
6430: Make sudo binary permissions 755 instead of 111 Add lintian
6431: overrides file for .deb files.
6432: [991cd7d7f0e1]
6433:
6434: * configure, configure.in, doc/Makefile.in, mkpkg:
6435: Replace out of date MAN_POSTINSTALL with MANCOMPRESS and
6436: MANCOMPRESSEXT which can be used to compress the installed manual
6437: pages. Compress the man pages for .deb files to appease lintian.
6438: [4e34083b41d2]
6439:
6440: * sudo.pp:
6441: Debian fixes:
6442: * fix modes to be more in line with what Debian expects
6443: * add section
6444: * install LICENSE as copyright and ChangeLog as changelog
6445: * create stub changelog.debian
6446: [7f6c5647f588]
6447:
6448: * pp:
6449: Fix find command to properly skip files in the DEBIAN dir when
6450: building md5sums.
6451: [8918bde941fa]
6452:
6453: * pp, sudo.pp:
6454: Use a debian-compliant package maintainer field.
6455: [fc51a94170eb]
6456:
6457: 2012-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
6458:
6459: * plugins/sudoers/sudoreplay.c:
6460: No need to loop over atomic_writev(), it guarantees to write all
6461: data or return an error.
6462:
6463: Fix handling of stdout/stderr that contains "\r\n" and handle a
6464: "\r\n" pair that spans a buffer.
6465: [8aaf02d90c45]
6466:
6467: 2012-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
6468:
6469: * NEWS:
6470: Update for sudo 1.8.5p2
6471: [d369d4d40a19]
6472:
6473: * plugins/sudoers/sudoreplay.c:
6474: Instead of doing extra write()s when replaying stdout, build up a
6475: vector for writev() instead. This results in far fewer system calls.
6476: [303d866c025c]
6477:
6478: 2012-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
6479:
6480: * src/env_hooks.c, src/sudo.h, src/tgetpass.c:
6481: Provide unhooked version of getenv() and use it when looking up
6482: DISPLAY and SUDO_ASKPASS in the environment.
6483: [04dbdccf4a14]
6484:
6485: 2012-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
6486:
6487: * plugins/sudoers/sudoreplay.c:
6488: When replaying a log of stdout or stderr, do newline to carriage
6489: return + linefeed conversion. We cannot have termios do this for us
6490: since we've disabled output postprocessing (POST) when setting raw
6491: mode.
6492: [61352a7d996f]
6493:
6494: 2012-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
6495:
6496: * configure, configure.in:
6497: When checking for -fstack-protector, treat warnings as fatal errors.
6498: [4124cd12d511]
6499:
6500: 2012-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
6501:
6502: * configure, configure.in:
6503: Fix test for -z relro
6504: [548bdb6f5c4a]
6505:
6506: * MANIFEST:
6507: Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4
6508: [ed063264a2a1]
6509:
6510: * INSTALL, aclocal.m4, configure, configure.in,
6511: m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4:
6512: Build with -fstack-protector and link with -zrelo where supported.
6513: Added --disable-hardening option to disable hardening options.
6514: [0b6c1a1ceb03]
6515:
6516: 2012-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
6517:
6518: * plugins/sudoers/Makefile.in,
6519: plugins/sudoers/regress/testsudoers/test1.sh,
6520: plugins/sudoers/regress/testsudoers/test2.sh,
6521: plugins/sudoers/regress/testsudoers/test3.sh,
6522: plugins/sudoers/regress/testsudoers/test4.out.ok,
6523: plugins/sudoers/regress/testsudoers/test4.sh,
6524: plugins/sudoers/regress/testsudoers/test5.inc,
6525: plugins/sudoers/regress/testsudoers/test5.out.ok,
6526: plugins/sudoers/regress/testsudoers/test5.sh,
6527: plugins/sudoers/testsudoers.c:
6528: Add tests for sudoers mode, owner and group checks.
6529: [a7607443aba0]
6530:
6531: * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
6532: If sudoers_mode is group-readable but the actual sudoers file is
6533: not, open the file as uid 0, not uid 1. This fixes a problem when
6534: sudoers has a more restrictive mode than what sudo expects to find.
6535: In older versions, sudo would silently chmod the file to add the
6536: group-readable bit.
6537: [c056b6003e6f]
6538:
6539: * INSTALL, common/secure_path.c, config.h.in, configure, configure.in:
6540: No longer throw an error if sudoers is a symbolic link. Deprecated
6541: the --with-stow option as that is now (effectively) the default.
6542: [8ce783e54886]
6543:
6544: 2012-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
6545:
6546: * plugins/sudoers/Makefile.in,
6547: plugins/sudoers/regress/testsudoers/test2.inc,
6548: plugins/sudoers/regress/testsudoers/test2.out.ok,
6549: plugins/sudoers/regress/testsudoers/test2.sh,
6550: plugins/sudoers/regress/testsudoers/test3.d/root,
6551: plugins/sudoers/regress/testsudoers/test3.out.ok,
6552: plugins/sudoers/regress/testsudoers/test3.sh:
6553: Add basic tests for #include and #includedir
6554: [b303e4218951]
6555:
6556: * plugins/sudoers/testsudoers.c:
6557: Add -U sudoers_uid option to testsudoers.
6558: [3f8ed13501ba]
6559:
6560: 2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
6561:
6562: * NEWS, configure, configure.in:
6563: Update for 1.8.5p1
6564: [c33c49bf5b4b]
6565:
6566: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
6567: Fix #includedir; from Mike Frysinger
6568: [d4833d4e39a0]
6569:
6570: * plugins/sudoers/check.c:
6571: Don't prompt for a password if the user is in the exempt group, is
6572: root, or is running the command as themselves even if the -k option
6573: was specified. This makes "sudo -k command" consistent with the
6574: behavior one would get if the user ran "sudo -k" immediately before
6575: running the command.
6576: [632b3961df00]
6577:
6578: 2012-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
6579:
6580: * INSTALL:
6581: Fix capitalization
6582: [7258aa977caf]
6583:
6584: * mkpkg:
6585: Build PIE executable on Mac OS X 10.5 and above.
6586: [2a5c7ef92182]
6587:
6588: 2012-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
6589:
6590: * NEWS:
6591: Update for sudo 1.8.4p5
6592: [21164f508b68]
6593:
6594: * plugins/sudoers/match_addr.c:
6595: Add missing break between AF_INET and AF_INET6 in
6596: addr_matches_if_netmask()
6597: [672a4793931a]
6598:
6599: * plugins/sudoers/mon_systrace.c:
6600: Move systrace monitor code to the attic
6601: [d6faf4754e9c]
6602:
6603: 2012-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
6604:
6605: * src/exec.c:
6606: The pointer to the siginfo_t struct in a signal handler may be NULL.
6607: [41a4ee934b53]
6608:
6609: 2012-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
6610:
6611: * plugins/sudoers/pwutil.c:
6612: Fix an alignment problem on NetBSD systems with a 64-bit time_t and
6613: strict alignment. Based on a patch from Martin Husemann.
6614: [1e5ba3c18f17]
6615:
6616: * include/missing.h:
6617: Add offsetof macro for those without it.
6618: [e44cb51d2587]
6619:
6620: * MANIFEST:
6621: add system_group plugin
6622: [6169793b510c]
6623:
6624: 2012-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
6625:
6626: * compat/dlopen.c:
6627: Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX.
6628: [85bd03bc5d94]
6629:
6630: 2012-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
6631:
6632: * NEWS:
6633: Mention system_group plugin
6634: [05393dd4bdb8]
6635:
6636: * Makefile.in, plugins/sudoers/Makefile.in,
6637: plugins/system_group/Makefile.in:
6638: update depends
6639: [6feb0b824fc4]
6640:
6641: * plugins/system_group/system_group.c:
6642: Only call gr_delref() when use sudo's password caching functions.
6643: [1103442e21fa]
6644:
6645: * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in:
6646: Add missing dependency on libreplace.la
6647: [05bfd9d4657f]
6648:
6649: * compat/dlopen.c:
6650: Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and
6651: PROG_HANDLE.
6652: [2382d0693acc]
6653:
6654: * Makefile.in, configure, configure.in,
6655: plugins/system_group/Makefile.in,
6656: plugins/system_group/system_group.c,
6657: plugins/system_group/system_group.sym:
6658: Add group plugin that does lookups by name using the system group
6659: database.
6660: [2ddbb604112f]
6661:
6662: * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo,
6663: src/po/pl.po:
6664: sync with translationproject.org
6665: [4ef05df4226d]
6666:
6667: 2012-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
6668:
6669: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
6670: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
6671: plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
6672: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
6673: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
6674: src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po,
6675: src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
6676: src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po,
6677: src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
6678: src/po/zh_CN.mo, src/po/zh_CN.po:
6679: sync with translationproject.org
6680: [115c3f828fc5]
6681:
6682: 2012-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
6683:
6684: * sudo.pp:
6685: Add mode for docdir and use '-' (default) for localedir mode. Fixes
6686: a problem on Linux when building in a directory with the setgid bit
6687: set.
6688: [582279c8bcb1]
6689:
6690: 2012-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
6691:
6692: * pp:
6693: Match CentOS 6.0
6694: [1e99ef210f98]
6695:
6696: 2012-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
6697:
6698: * NEWS:
6699: Update with recent changes
6700: [c5fc220ba696]
6701:
6702: * pp:
6703: Fix version check on AIX
6704: [d272e39112f4]
6705:
6706: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
6707: regen
6708: [72b23509465a]
6709:
6710: * plugins/sudoers/ldap.c:
6711: Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP
6712: SDK.
6713: [87b685e70b9a]
6714:
6715: * plugins/sudoers/ldap.c:
6716: Fix printing of invalid uri
6717: [645aa53acdde]
6718:
6719: * plugins/sudoers/auth/pam.c:
6720: Pass PAM_SILENT when deleting creds to remove an annoying warning
6721: message on Solaris.
6722: [1dd0301ef293]
6723:
6724: 2012-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
6725:
6726: * src/utmp.c:
6727: Fix the setutxent and endutxent compatibility defines (this time
6728: correctly) when only setutent and endutent are available.
6729: [d136d2867db9]
6730:
6731: * plugins/sudoers/ldap.c:
6732: sudo_ldap_set_options_global() should not take an LDAP handle as an
6733: argument since the options affect the global settings.
6734: [1dc39b9d20f2]
6735:
6736: * mkpkg:
6737: Debian sudo has not been built with --with-exempt=sudo since 1.6.8.
6738: [c7716291a856]
6739:
6740: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
6741: plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c,
6742: src/sudo.h:
6743: Call the policy's init_session() function before we fork the child.
6744: That way, the session is created and destroyed in the same process,
6745: which is needed by some modules, such as pam_mount.
6746: [ece552ba002e]
6747:
6748: * doc/TROUBLESHOOTING:
6749: Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is
6750: not specified.
6751: [bd293e100b28]
6752:
6753: * plugins/sudoers/auth/pam.c:
6754: Delete creds after closing the PAM session.
6755: [5158d726d6a5]
6756:
6757: * plugins/sudoers/ldap.c:
6758: Provide a more useful error message if using a Mozilla-style LDAP
6759: SDK and you forgot to specify TLS_CERT in ldap.conf.
6760: [7cb78feb899c]
6761:
6762: * src/exec_pty.c:
6763: Add missing initialization of a sigaction structure when I/O
6764: logging. Fixes a potential problem when suspending the command.
6765: [f4480f2ba816]
6766:
6767: * plugins/sudoers/ldap.c:
6768: Split global and per-connection LDAP options into separate arrays.
6769: Set global LDAP options before calling ldap_initialize() or
6770: ldap_init(). After we have an LDAP handle, set the per-connection
6771: options. Fixes a problem with OpenLDAP using the nss crypto backend;
6772: bug #342
6773: [265c9d2dc12b]
6774:
6775: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
6776: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
6777: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
6778: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
6779: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
6780: src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po,
6781: src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
6782: sync with translationproject.org
6783: [6d7fe44be21e]
6784:
6785: 2012-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
6786:
6787: * src/sudo.c, src/sudo.h:
6788: Move struct passwd pointer into struct command details.
6789: [d6fb1eff2065]
6790:
6791: 2012-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
6792:
6793: * pp:
6794: Sync with upstream for Mac OS X (and other) fixes.
6795: [c2f4998d01b0]
6796:
6797: * mkpkg:
6798: Only built Mac intel universal binary on an intel machine.
6799: [0009e0b7e5a8]
6800:
6801: * src/Makefile.in:
6802: Do not pass libtool the -static-libtool-libs option when building
6803: sudo and sesh. Otherwise, libtool may prefer a static version of an
6804: installed library over a dynamic one when linking.
6805: [6fbac9adc885]
6806:
6807: 2012-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
6808:
6809: * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo,
6810: plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po:
6811: Add German translation for sudo Add Croatian translation for sudoers
6812: [fa4da1a6530c]
6813:
6814: * plugins/sudoers/iolog.c:
6815: typo fix in comment
6816: [abd721d1288e]
6817:
6818: 2012-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
6819:
6820: * NEWS:
6821: Update with recent changes
6822: [6fa11e8448b9]
6823:
6824: * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
6825: Sort xgettext output by file name.
6826: [f650841810f0]
6827:
6828: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
6829: Clarify what "sudoreplay -l" displays and mention that it is sorted.
6830: [84031c117bd6]
6831:
6832: * config.h.in, configure, configure.in, src/ttyname.c:
6833: Use AC_HEADER_MAJOR to determine where major/minor are defined.
6834: [3c949650a223]
6835:
6836: * config.h.in, configure, configure.in, src/ttyname.c:
6837: Include sys/mkdev.h if present instead of sys/sysmacros.h for
6838: minor(). This is needed on Solaris (at least) where the makedev
6839: macros in sysmacros.h are obsolete and library functions should be
6840: used instead.
6841: [343928acf81e]
6842:
6843: * mkpkg:
6844: When building on Mac OS X, only set SDK_FLAGS if specified osversion
6845: doesn't match host.
6846: [d84c6efac872]
6847:
6848: 2012-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
6849:
6850: * src/ttyname.c:
6851: Add back buf and tty variables for _ttyname() case that were
6852: inadvertantly removed.
6853: [a4a820b22a44]
6854:
6855: 2012-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
6856:
6857: * plugins/sudoers/po/sudoers.pot:
6858: regen
6859: [5446b12c1250]
6860:
6861: * configure, configure.in:
6862: Remove b8 from version number.
6863: [5adc4dcec061]
6864:
6865: * src/ttyname.c:
6866: remove some XXX
6867: [187579a5f593]
6868:
6869: * src/ttyname.c:
6870: When looking for a device match, do a breadth-first search instead
6871: of depth-first. We already special case /dev/pts/ so chances are
6872: good that if it is not a pseudo-tty it is in the base of /dev/. Also
6873: avoid a stat(2) when possible if struct dirent has d_type.
6874: [0183f8a1b278]
6875:
6876: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
6877: src/sudo.c, src/sudo.h:
6878: Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list.
6879: [f0574d878491]
6880:
6881: * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo,
6882: src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo,
6883: src/po/vi.mo:
6884: sync with translationproject.org
6885: [4527ea78fbd5]
6886:
6887: * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po,
6888: src/po/hr.mo, src/po/hr.po:
6889: New Croatian and Galician translations from translationproject.org
6890: [ad4bd924b4de]
6891:
6892: * src/ttyname.c:
6893: Add depth-first traversal of /dev/ for the /proc case when not
6894: /dev/pts/N
6895: [499bd3456774]
6896:
6897: * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c:
6898: If struct dirent has d_type, use it to avoid an extra stat().
6899: [741dabbe4bcd]
6900:
6901: * plugins/sudoers/sudoreplay.c:
6902: Sort output of "sudoreplay -l"
6903: [c0615795bd4b]
6904:
6905: 2012-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
6906:
6907: * plugins/sudoers/sudoreplay.c:
6908: Fix duplicate free introduced in last rev
6909: [efdaabe69d75]
6910:
6911: 2012-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
6912:
6913: * plugins/sudoers/auth/pam.c:
6914: Instead of treating ^C from tgetpass() specially, always return
6915: AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL
6916: like PAM_AUTH_ERR which Mac OS X returns this when there is no tty.
6917: [a3b17298d4d0]
6918:
6919: * config.h.in, configure, configure.in, src/ttyname.c:
6920: Rototill code to determine the tty. For Linux, we now look up the
6921: tty device in /proc/pid/stat instead of trying to open
6922: /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given
6923: device number to a string. On BSD, we can use devname(). On Solaris,
6924: _ttyname_dev() does what we want. TODO: write /dev/ traversal code
6925: for the generic sudo_ttyname_dev().
6926: [6b22be4d09f0]
6927:
6928: 2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
6929:
6930: * src/ttyname.c:
6931: Define PRNODEV for those w/o it.
6932: [f17290e64559]
6933:
6934: * config.h.in, configure, configure.in, src/ttyname.c:
6935: Check for SVR4-style struct psinfo.pr_ttydev and use that to
6936: determine the tty if std{in,out,err} are not ttys.
6937: [76ad33a91f4b]
6938:
6939: * src/ttyname.c:
6940: Better support for SVR4-style /proc entries where we can't use
6941: ttyname() on the /proc/pid/fd/[0-2] entries. We can, however,
6942: attempt to map the device number back to the correct pseudo-tty
6943: slave device.
6944: [4f9f48cc79eb]
6945:
6946: * src/ttyname.c:
6947: When trying to determine the tty name, check parent's stderr in
6948: addition to its stdin and stdout.
6949: [604644056c7d]
6950:
6951: * src/exec_pty.c:
6952: Treat a tty read failure like EOF as it usually means the pty has
6953: gone away. Handle write() on the tty returning EIO.
6954: [16957f4a706f]
6955:
6956: * src/exec.c, src/exec_pty.c:
6957: Linux select() may return ENOMEM if there is a kernel resource
6958: shortage. Older Solaris select() may return EIO instead of EBADF
6959: when the tty goes away. If we get an unhandled select() failure,
6960: kill the child and exit cleanly.
6961: [d93940a311ab]
6962:
6963: * src/ttyname.c:
6964: Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might
6965: block in open.
6966: [a9f809d09d52]
6967:
6968: 2012-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
6969:
6970: * plugins/sudoers/set_perms.c:
6971: Fix restoration of AIX permissions.
6972: [30c717115988]
6973:
6974: * src/parse_args.c:
6975: Allow the -k flag to be used along with the -i and -s flags.
6976: [0653b17c97f1]
6977:
6978: * plugins/sudoers/sudoreplay.c:
6979: Plug memory leak in parse_logfile() in the error path.
6980: [9cce86fa833b]
6981:
6982: * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
6983: src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po,
6984: src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po,
6985: src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
6986: src/po/zh_CN.mo, src/po/zh_CN.po:
6987: sync with translationproject.org
6988: [14af43d0b170]
6989:
6990: 2012-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
6991:
6992: * compat/regress/glob/globtest.c, config.h.in, configure,
6993: configure.in, plugins/sudoers/match.c:
6994: Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the
6995: glob() and fnmatch() results to be consistent.
6996: [4226750d73c2]
6997:
6998: 2012-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
6999:
7000: * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in,
7001: src/ttysize.c:
7002: Move ttysize.c to common so sudoreplay can use it.
7003: [b4a0aa514cd4]
7004:
7005: * plugins/sudoers/sudoreplay.c:
7006: If I/O log file includes rows + cols, warn if the user's tty is not
7007: big enough.
7008: [b980ef89efff]
7009:
7010: * plugins/sudoers/sudoreplay.c:
7011: Fix printing of TSID in "sudoreplay -l"
7012: [4221e3e108b4]
7013:
7014: * common/sudo_debug.c, include/sudo_debug.h,
7015: plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c,
7016: src/exec_pty.c:
7017: Log the process id in the debug file output. Since we don't want to
7018: keep calling getpid(), stash the value at init time and when we
7019: fork().
7020: [2782d30c024d]
7021:
7022: * src/exec_pty.c:
7023: Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It
7024: is better to receive EIO from read()/write() than to be suspended
7025: when we don't expect it. Fixes a problem when our terminal is
7026: revoked which can happen when, e.g. our sshd is killed
7027: unceremoniously. Also, only change the value of "alive" from true to
7028: false, never from false to true. It is possible for us to receive
7029: notification of the child having stopped after it is already dead.
7030: This does not mean it has risen from the grave.
7031: [26c9fe8ce0f9]
7032:
7033: * src/exec_pty.c:
7034: Distinguish between signals we received from the parent vs. those
7035: delivered explicitly to the monitor process in debugging info.
7036: [40716cb180e5]
7037:
7038: 2012-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
7039:
7040: * plugins/sudoers/check.c:
7041: In Solaris 11, /dev/pts under the "dev" filesystem, not "devices".
7042: Update tty_is_devpts() to match so we can determine when the tty has
7043: been reused.
7044: [2689665df027]
7045:
7046: * common/sudo_debug.c, include/error.h, include/sudo_debug.h:
7047: Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf()
7048: and use a new flag, SUDO_DEBUG_FILENO to specify when to use it.
7049: This allows consumers of sudo_debug_printf() to log that data
7050: without having to specify it manually.
7051: [7c94c4879208]
7052:
7053: * src/exec_pty.c:
7054: Make this compile after last change.
7055: [ee09034f3266]
7056:
7057: * src/exec_pty.c:
7058: Don't try to restore the terminal if we are not the foreground
7059: process. Otherwise, we may be stopped by SIGTTOU when we try to
7060: update the terminal settings when cleaning up.
7061: [c48b24335456]
7062:
7063: * src/exec.c:
7064: If select() return EBADF in the main event loop, one of the ttys
7065: must have gone away so perform any I/O we can and close the bad fds.
7066: [3bc8678c03ce]
7067:
7068: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
7069: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
7070: plugins/sudoers/toke.l:
7071: Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the
7072: function, file and line number in the debug log for warning() and
7073: error().
7074: [894cd131f11d]
7075:
7076: 2012-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
7077:
7078: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
7079: src/conversation.c:
7080: Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno.
7081: Use this flag when wrapping error() and warning() so the debug
7082: output includes the error string.
7083: [1e2c67adaf1f]
7084:
7085: 2012-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
7086:
7087: * NEWS:
7088: Update for sudo 1.8.5
7089: [7d2b62b823fe]
7090:
7091: * plugins/sudoers/po/sudoers.pot:
7092: regen
7093: [718ad9de92cd]
7094:
7095: * doc/CONTRIBUTORS:
7096: sync
7097: [f48013aea641]
7098:
7099: * plugins/sudoers/pwutil.c:
7100: Use ecalloc()
7101: [fabd23c1f271]
7102:
7103: * src/exec_pty.c:
7104: Don't need zero_bytes() after ecalloc()
7105: [1a9d95cd10ef]
7106:
7107: * config.h.in, configure, configure.in, src/sudo_noexec.c:
7108: Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to
7109: sudo_noexec.c.
7110: [cbaa1d4b0f8a]
7111:
7112: * src/utmp.c:
7113: Fix compat setutxent and endutxent macros for systems with
7114: setutent() but not setutxent(). From Gustavo Zacarias
7115: [d7ce622fc5f2]
7116:
7117: 2012-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
7118:
7119: * configure.in:
7120: Add ignore_result definition to AH_BOTTOM
7121: [8d4096838a98]
7122:
7123: * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c,
7124: plugins/sudoers/iolog.c, plugins/sudoers/toke.c,
7125: plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c,
7126: src/exec.c, src/exec_pty.c, src/tgetpass.c:
7127: Fix compiler warnings on some platforms and provide a better method
7128: of defeating gcc's warn_unused_result attribute.
7129: [9a8f804fcc75]
7130:
7131: * configure, configure.in:
7132: Fix building the builtin zlib from a build dir. When a zlib dir was
7133: specified, prepend its include path instead of appending so we get
7134: the right zlib headers.
7135: [5f61d591b186]
7136:
7137: * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h,
7138: zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c,
7139: zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h,
7140: zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in,
7141: zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
7142: Update zlib to version 1.2.6
7143: [173c4bc4d4fc]
7144:
7145: 2012-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
7146:
7147: * include/missing.h:
7148: g/c __unused which is no longer used
7149: [7ef3f23edcd6]
7150:
7151: * src/env_hooks.c:
7152: Fix compilation if RTLD_NEXT is not defined.
7153: [d5605f468b71]
7154:
7155: * src/po/sr.mo, src/po/sr.po:
7156: sync with translationproject.org
7157: [27d559f7985d]
7158:
7159: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
7160: doc/sudoers.man.in:
7161: regen
7162: [f9f63ce478b6]
7163:
7164: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
7165: regen
7166: [59035d82d15a]
7167:
7168: * Makefile.in:
7169: Ignore Project-Id-Version when comparing pot files.
7170: [22feb9ede46b]
7171:
7172: * plugins/sudoers/bsm_audit.c:
7173: Use error() instead of log_fatal()
7174: [54130bda4b50]
7175:
7176: * plugins/sudoers/env.c:
7177: Fix signedness of didvar in env_update_didvar()
7178: [77048a80b3e4]
7179:
7180: * plugins/sudoers/iolog.c:
7181: Quiet a compiler warning on some platforms.
7182: [8fdcaece0400]
7183:
7184: * compat/fnmatch.c:
7185: cast ctype(3) function/macro arguments from char to unsigned char to
7186: avoid potential negative subscripting.
7187: [bdcf7eef21ef]
7188:
7189: * common/setgroups.c:
7190: Quiet a warning on systems where the gids array in setgroups() is
7191: not prototyped as being const, even though it really is.
7192: [fdd758c6302d]
7193:
7194: * src/env_hooks.c:
7195: Quiet a compiler warning on systems where the argument to putenv(3)
7196: is const.
7197: [51bae2193b53]
7198:
7199: * plugins/sudoers/sudoreplay.c:
7200: Undo an incorrect int -> bool conversion.
7201: [b9a4ce320f14]
7202:
7203: * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
7204: src/po/sv.mo, src/po/sv.po:
7205: Add Swedish sudo and sudoers translations from
7206: translationproject.org
7207: [f7ce1de9073f]
7208:
7209: * plugins/sudoers/env.c:
7210: No need to preserve ODMDIR on AIX now that we always read
7211: /etc/environment.
7212: [4aa04b2f0125]
7213:
7214: 2012-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
7215:
7216: * doc/sudoers.pod, plugins/sudoers/env.c:
7217: When initializing the environment for env_reset, start out with the
7218: contents of /etc/environment on AIX and login.conf on BSD.
7219: [5717bdc321e2]
7220:
7221: * doc/TROUBLESHOOTING, src/sudo.c:
7222: If we are not running with an effective uid of 0, try to give the
7223: user enough information to debug the problem.
7224: [fa4894896d8a]
7225:
7226: * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
7227: Quiet a clang-analyzer false positive.
7228: [c4c0c1b9c8b0]
7229:
7230: * src/tgetpass.c:
7231: If there is nothing to read from the askpass program, set errno to
7232: EINTR. This makes the cancel button behave like the user entered ^C
7233: at the password prompt when PAM is used.
7234: [594302cb9caf]
7235:
7236: * src/sudo.h, src/tgetpass.c:
7237: Fetch the value of "askpass" from the sudo conf struct.
7238: [4593ee8f1bd3]
7239:
7240: * common/sudo_conf.c:
7241: Fix matching of "Path askpass" and "Path noexec"
7242: [4df28d62afb9]
7243:
7244: 2012-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
7245:
7246: * plugins/sudoers/visudo.c:
7247: Quiet a clang-analyzer dead store warning.
7248: [dd90bf385a3f]
7249:
7250: * plugins/sudoers/sudoers.c:
7251: If the "timestampowner" user cannot be resolved, use ROOT_UID
7252: instead of exiting with a fatal error.
7253: [8d62aae99715]
7254:
7255: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
7256: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
7257: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c,
7258: plugins/sudoers/check.c, plugins/sudoers/env.c,
7259: plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
7260: plugins/sudoers/logging.h, plugins/sudoers/parse.c,
7261: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
7262: Remove the NO_EXIT flag to log_error() and add a log_fatal()
7263: function that exits and is marked no_return. Fixes false positives
7264: from static analyzers and is easier for humans to read too.
7265: [a0fe785c2a3d]
7266:
7267: 2012-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
7268:
7269: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
7270: src/po/eo.po:
7271: sync with translationproject.org
7272: [df5e8777de13]
7273:
7274: 2012-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
7275:
7276: * src/po/da.mo, src/po/da.po:
7277: sync with translationproject.org
7278: [629d99548b78]
7279:
7280: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
7281: sync with translationproject.org
7282: [9d122a2860d6]
7283:
7284: 2012-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
7285:
7286: * src/po/it.mo, src/po/it.po:
7287: sync with translationproject.org
7288: [6397593b15cf]
7289:
7290: * common/sudo_conf.c, plugins/sudoers/alias.c,
7291: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
7292: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
7293: plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c,
7294: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
7295: plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c,
7296: src/load_plugins.c:
7297: Use ecalloc() when allocating structs.
7298: [8b5888868db2]
7299:
7300: * common/alloc.c, include/alloc.h:
7301: Add ecalloc() and commented out recalloc(). Use inline strnlen()
7302: instead of strlen() in estrndup().
7303: [7fb9aa46c1e0]
7304:
7305: 2012-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
7306:
7307: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
7308: plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
7309: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
7310: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
7311: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
7312: src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
7313: src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
7314: src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
7315: src/po/zh_CN.mo, src/po/zh_CN.po:
7316: sync with translationproject.org
7317: [45a032c37334]
7318:
7319: 2012-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
7320:
7321: * plugins/sudoers/set_perms.c:
7322: Remove unused label
7323: [2660bb0c1313]
7324:
7325: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
7326: Document what changed in each plugin API revision
7327: [59b30a6fc4d1]
7328:
7329: * plugins/sudoers/set_perms.c:
7330: Remove bogus optimization that could lead to a double free of the
7331: group list.
7332: [b0bfbd2a83a8]
7333:
7334: 2012-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
7335:
7336: * doc/TROUBLESHOOTING:
7337: Expand AIX /etc/security/privcmds entry.
7338: [9f3f072e034e]
7339:
7340: * NEWS:
7341: Update for sudo 1.8.5
7342: [086049011f25]
7343:
7344: * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat,
7345: doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
7346: doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat,
7347: doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h,
7348: include/sudo_plugin.h, src/load_plugins.c, src/sudo.c,
7349: src/sudo_plugin_int.h:
7350: Rename plugin "args" to "options"
7351: [f25624951bd2]
7352:
7353: * doc/CONTRIBUTORS:
7354: Add Lithuanian and Vietnamese translators
7355: [2b4c075b69e3]
7356:
7357: * Makefile.in:
7358: Ignore comments when comparing new and old pot files.
7359: [f872999347b3]
7360:
7361: * src/Makefile.in:
7362: regen
7363: [c8193b1b11c7]
7364:
7365: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in:
7366: regen
7367: [15e3c17e8a3a]
7368:
7369: * doc/sudo_plugin.pod, include/sudo_plugin.h,
7370: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
7371: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c,
7372: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c,
7373: src/sudo.c, src/sudo.h:
7374: Pass a pointer to user_env in to the init_session policy plugin
7375: function so session setup can modify the user environment as needed.
7376: For PAM authentication, merge the PAM environment with the user
7377: environment at init_session time. We no longer need to swap in the
7378: user_env for environ during session init, nor do we need to disable
7379: the env hooks at init_session time.
7380: [3f5277b359d8]
7381:
7382: * plugins/sample/sample_plugin.c:
7383: Add explicit NULL entries for init_session, register_hooks and
7384: deregister_hooks with appropriate comments.
7385: [727a57978b40]
7386:
7387: * compat/pw_dup.c:
7388: Quiet a gcc "used uninitialized in this function" false positive.
7389: [f14b68379ce9]
7390:
7391: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7392: We should always call warning() with a format string or a string
7393: literal. In this case, the argument (path) is not user-controlled.
7394: [e9ef51224024]
7395:
7396: 2012-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
7397:
7398: * src/selinux.c:
7399: Include sudo_exec.h for the sudo_execve() prototype.
7400: [769e58065edc]
7401:
7402: * config.h.in, configure, configure.in:
7403: Add check for pam_getenvlist()
7404: [36bde3f26c60]
7405:
7406: * common/sudo_conf.c:
7407: Set args to NULL in default plugin info struct when there is no
7408: Plugin line in sudo.conf.
7409: [93ec67708f01]
7410:
7411: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
7412: regen
7413: [a9287677795c]
7414:
7415: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
7416: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
7417: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
7418: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
7419: regen
7420: [a242769d7962]
7421:
7422: * configure, configure.in:
7423: Bump version to 1.8.5
7424: [e8618f0c2505]
7425:
7426: * doc/sudo_plugin.pod:
7427: Document hooks API
7428: [e6ad07d27958]
7429:
7430: 2012-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
7431:
7432: * sudo.pp:
7433: Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris.
7434: [fd72340042d3]
7435:
7436: * include/sudo_plugin.h:
7437: Use sudo_hook_fn_t in struct sudo_hook.
7438: [938f93112d6e]
7439:
7440: * doc/TROUBLESHOOTING:
7441: If cross compiling, --host must include the OS in the tuple. E.g.
7442: --host powerpc-unknown-linux
7443: [b8c010070c1e]
7444:
7445: 2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
7446:
7447: * plugins/sudoers/parse.c:
7448: Fix bogus int -> bool conversion; tags can have a value of -1.
7449: [e63d6434a303]
7450:
7451: * plugins/sudoers/env.c:
7452: Add env_should_keep() and env_should_delete() wrapper functions to
7453: simplify things a bit and hide the fact that matches_env_check() is
7454: not bool.
7455: [7a03d7a12b50]
7456:
7457: * sudo.pp:
7458: Fix application of debian-specific sudoers mods when building
7459: packages as non-root.
7460: [34bf4c52c425]
7461:
7462: * plugins/sudoers/env.c:
7463: matches_env_check() returns int, not boolean
7464: [0ad915b8d5cb]
7465:
7466: * src/sudo_edit.c:
7467: Fix compilation when seteuid() is not available.
7468: [8a722f998000]
7469:
7470: * src/ttyname.c:
7471: Simply move the free of ki_proc outside the realloc() loop.
7472: [217b786da760]
7473:
7474: * src/ttyname.c:
7475: Bring back the erealloc() for the ENOMEM loop and just zero the
7476: pointer after we free it.
7477: [29a016e45127]
7478:
7479: * src/ttyname.c:
7480: Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
7481: [266e08844065]
7482:
7483: 2012-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
7484:
7485: * plugins/sudoers/set_perms.c:
7486: Use normal error path if unable to set sudoers gid.
7487: [01c816918c99]
7488:
7489: * plugins/sudoers/set_perms.c:
7490: Make this work again on systems w/o seteuid().
7491: [2e67f7421e97]
7492:
7493: 2012-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
7494:
7495: * plugins/sudoers/set_perms.c:
7496: Fix compilation if no seteuid/setreuid/setresuid available.
7497: [d0b3c1f88eb4]
7498:
7499: * plugins/sudoers/set_perms.c:
7500: Better error messages, and added debugging throughout. Fixed
7501: seteuid() version of set_perms()/restore_perms(). Fixed logic bug in
7502: AIX version of restore_perms(). Added checks to avoid changing
7503: uid/gid when we don't have to. Never set gid/uid state to -1, use
7504: the old value instead.
7505: [29188d469b5c]
7506:
7507: * src/exec_pty.c, src/ttyname.c:
7508: Fix format string warning on Solaris with gcc 3.4.3.
7509: [d1eeb6e1dd0f]
7510:
7511: * src/sudo.c:
7512: Always declare environ now that we swap it around unilaterally.
7513: [aaa3e92e7d0d]
7514:
7515: * src/Makefile.in:
7516: Honor LDFLAGS when linking sesh; from Vita Cizek
7517: [498b41438f6e]
7518:
7519: * src/sesh.c:
7520: Include alloc.h for estrdup() prototype; from Vita Cizek
7521: [93203655a320]
7522:
7523: 2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
7524:
7525: * plugins/sudoers/sudoers.c:
7526: Don't read /etc/environment on Linux when using PAM, PAM should set
7527: the environment variables as needed via pam_env.
7528: [b1ef62cb2d40]
7529:
7530: * INSTALL:
7531: Fix editor goof.
7532: [0c3dd3bb8b57]
7533:
7534: * src/hooks.c, src/sudo.c, src/sudo.h:
7535: Disable environment hooks after we get user_env back to make sure a
7536: plugin can't to modify user_env after we "own" it. This is kind of a
7537: hack but we don't want the init_session plugin function to modify
7538: user_env.
7539: [8e6d119452a5]
7540:
7541: * src/hooks.c, src/sudo.c:
7542: Add support for deregistering hooks. If an I/O log plugin fails to
7543: initialize, deregister its hooks (if any).
7544: [ac00c93900c5]
7545:
7546: 2012-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
7547:
7548: * plugins/sudoers/sudoers.c, src/sudo.c:
7549: Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook
7550: setenv.
7551: [e75469dd9908]
7552:
7553: * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in,
7554: compat/setenv.c, compat/unsetenv.c, config.h.in, configure,
7555: configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl,
7556: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c,
7557: plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c,
7558: plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c,
7559: src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h,
7560: src/sudo_plugin_int.h:
7561: Initial cut at a hooks implementation. The plugin can register hooks
7562: for getenv, putenv, setenv and unsetenv. This makes it possible for
7563: the plugin to trap changes to the environment made by authentication
7564: methods such as PAM or BSD auth so that such changes are reflected
7565: in the environment passed back to sudo for execve().
7566: [61cffa06f863]
7567:
7568: 2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
7569:
7570: * MANIFEST, src/po/vi.mo, src/po/vi.po:
7571: Add Vietnamese sudo translation from translationproject.org
7572: [96df426790d5]
7573:
7574: 2012-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
7575:
7576: * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod,
7577: doc/sudoers.pod:
7578: List sudo_noexec.so not noexec.so in the sample sudo.conf
7579: [53844e190ec5]
7580:
7581: * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
7582: doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h,
7583: include/sudo_plugin.h, plugins/sample/sample_plugin.c,
7584: plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
7585: plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c,
7586: src/sudo_plugin_int.h:
7587: Add support for plugin args at the end of a Plugin line in
7588: sudo.conf. Bump the minor number accordingly and update the
7589: documentation. A plugin must check the sudo front end's version
7590: before using the plugin_args parameter since it is only supported
7591: for API version 1.2 and higher.
7592: [587f1f819536]
7593:
7594: 2012-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
7595:
7596: * plugins/sudoers/Makefile.in:
7597: update depends
7598: [6d2da44e11e5]
7599:
7600: * MANIFEST:
7601: secure_path.c is in common, not compat
7602: [619c4a663dde]
7603:
7604: * configure, configure.in:
7605: Add check for variadic macro support in cpp.
7606: [756854caf675]
7607:
7608: 2012-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
7609:
7610: * common/secure_path.c, common/sudo_conf.c, include/secure_path.h,
7611: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
7612: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
7613: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7614: Add type param to sudo_secure_path() and add sudo_secure_file() and
7615: sudo_secure_dir() wrappers which get by #includedir in sudoers.
7616: [2ec2d3d8df04]
7617:
7618: 2012-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
7619:
7620: * doc/visudo.pod, plugins/sudoers/visudo.c:
7621: Check the owner and mode in -c (check) mode unless the -f option is
7622: specified. Previously, the owner and mode were checked on the main
7623: sudoers file when the -s (strict) option was given, but this was not
7624: documented.
7625: [b2d6ee1e547a]
7626:
7627: * config.h.in, configure, configure.in, src/ttyname.c:
7628: Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions
7629: of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
7630: [159f6a50456a]
7631:
7632: 2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
7633:
7634: * doc/CONTRIBUTORS:
7635: Add Eric Lakin for patch in bug #538
7636: [490c29c234c6]
7637:
7638: * src/exec_pty.c:
7639: Fix typo in safe_close() made while converting to debug framework
7640: that prevented it from actually closing anything.
7641: [a66422a62afd]
7642:
7643: * src/exec_pty.c:
7644: Add some more debugging.
7645: [b5667947dda9]
7646:
7647: * common/Makefile.in, compat/Makefile.in, doc/Makefile.in,
7648: include/Makefile.in:
7649: We need sysconfdir in compat/Makfile to get the proper sudo.conf
7650: path. Add standard prefix and foodir expansion in all Makefiles to
7651: avoid this problem in the future.
7652: [62b6ce4ecae9]
7653:
7654: 2012-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
7655:
7656: * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po:
7657: New Lithuanian sudoers translation from translationproject.org
7658: [10436b649035]
7659:
7660: * plugins/sudoers/po/ja.po:
7661: Update from translationproject.org
7662: [acb8db5f8ef1]
7663:
7664: 2012-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
7665:
7666: * plugins/sudoers/ldap.c:
7667: When adding gids to the LDAP filter, only add the primary gid once.
7668: This is consistent with the space computation/allocation. From Eric
7669: Lakin
7670: [35d9d99c92c6]
7671:
7672: * doc/TROUBLESHOOTING:
7673: Add entry for AIX enhanced RBAC config.
7674: [5e10b6f8def7]
7675:
7676: * mkpkg:
7677: Target Mac OS X 10.5 when building packages.
7678: [06fce9bbebee]
7679:
7680: 2012-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
7681:
7682: * MANIFEST, common/Makefile.in, common/secure_path.c,
7683: common/sudo_conf.c, include/secure_path.h,
7684: plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c:
7685: Relax the user/group/mode checks on sudoers files. As long as the
7686: file is owned by the right user, not world-writable and not writable
7687: by a group other than the one specified at configure time (gid 0 by
7688: default), the file is considered OK. Note that visudo will still set
7689: the mode to the value specified at configure time.
7690: [241174babfcc]
7691:
7692: 2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
7693:
7694: * plugins/sudoers/set_perms.c:
7695: Add AIX-specific version of permission setting code to make sure
7696: that the saved uid gets restored properly.
7697: [9a6f5d22c301]
7698:
7699: * config.h.in, configure, configure.in, src/exec_common.c:
7700: Check for LD_PRELOAD variants in configure instead of checkign cpp
7701: symbols. In disable_execute(), compute the length of the new envp
7702: and allocate it once instead of reallocating on demand. Also append
7703: old value of LD_PRELOAD (if any) to the new value.
7704: [680266346917]
7705:
7706: * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
7707: Fix the description of noexec.
7708: [6a6d142f3c80]
7709:
7710: * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
7711: The "op" parameter to set_default() must be int, not bool since it
7712: is set to '+' or '-' for list add and subtract.
7713: [8da5b137bea2]
7714:
7715: * sudo.pp:
7716: Make sure sudoers is writable before calling ed script.
7717: [95352ab6336b]
7718:
7719: 2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
7720:
7721: * doc/CONTRIBUTORS, doc/contributors.pod:
7722: Update contributors. Now includes translators and authors of compat
7723: code.
7724: [4fb5b616b50a]
7725:
7726: 2012-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
7727:
7728: * src/po/sudo.pot:
7729: regen
7730: [2c86e2c328fe]
7731:
7732: * pp, sudo.pp:
7733: Build flat packages, not package bundles, on Mac OS X.
7734: [57bda3cd5520]
7735:
7736: 2012-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
7737:
7738: * sudo.pp:
7739: Move macos section to be with the other OS-specific sections.
7740: [51423bb2973a]
7741:
7742: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
7743: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
7744: Sync with translationproject.org
7745: [8ce41cbb8da0]
7746:
7747: * configure, configure.in:
7748: Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
7749: [fa979aa6fe7d]
7750:
7751: * sudo.pp:
7752: Add Mac OS X support, printing the latest chunk of the NEWS file and
7753: the license text in the installer.
7754: [ffeab72387c0]
7755:
7756: * sudo.pp:
7757: Add explicit file modes that match those used by "make install"
7758: [7eb37242c920]
7759:
7760: * pp:
7761: Sync with upstream for Mac OS X fixes.
7762: [97cba179041e]
7763:
7764: * plugins/sudoers/Makefile.in, src/Makefile.in:
7765: Got back to using "install-sh -M" for files installed as non-
7766: readable by owner. This fixes "make install" as non-root for package
7767: building.
7768: [967804ee77d6]
7769:
7770: 2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
7771:
7772: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
7773: plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
7774: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
7775: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
7776: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
7777: Sync with translationproject.org
7778: [0e53db12039a]
7779:
7780: * Makefile.in, doc/Makefile.in, include/Makefile.in,
7781: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
7782: plugins/sudoers/Makefile.in, src/Makefile.in:
7783: Use -m not -M for install-sh for everything except setuid. Install
7784: locale .mo files mode 0444, not 0644. If timedir parent doesn't
7785: exist, use default dir mode, not 0700.
7786: [8b6f64c92090]
7787:
7788: 2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
7789:
7790: * pp:
7791: Re-sync with upstream; no longer need a local patch.
7792: [97a2c7be5e59]
7793:
7794: * mkpkg:
7795: Add support for building Mac OS X packages.
7796: [94d49ac223a4]
7797:
7798: * pp:
7799: Sync with upstream
7800: [1c97654fc841]
7801:
7802: * src/Makefile.in:
7803: No longer need to define _PATH_SUDO_CONF here.
7804: [2560905b7482]
7805:
7806: * src/exec_common.c:
7807: Fix noexec for Mac OS X.
7808: [b7a744bca2c0]
7809:
7810: 2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
7811:
7812: * common/Makefile.in:
7813: Move _PATH_SUDO_CONF override to common to match sudo_debug.c
7814: [f0788972a63a]
7815:
7816: * plugins/sudoers/set_perms.c:
7817: More complete fix for LDR_PRELOAD on AIX. The addition of
7818: set_perm(PERM_ROOT) before calling the nss open functions (needed to
7819: avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
7820: and then real uid to 0 for PERM_ROOT works around the issue.
7821: [5888eda051af]
7822:
7823: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
7824: regen
7825: [997fe403e219]
7826:
7827: * src/sudo.c:
7828: Set real uid to root before calling sudo_edit() or run_command() so
7829: that the monitor process is owned by root and not by the user.
7830: Otherwise, on AIX at least, the monitor process shows up in ps as
7831: belonging to the user (and can be killed by the user).
7832: [d4772d7d2fc5]
7833:
7834: * plugins/sudoers/set_perms.c:
7835: For PERM_ROOT when using setreuid(), only set the euid to 0 prior to
7836: the call to setuid(0) if the current euid is non-zero. This
7837: effectively restores the state of things prior to rev 7bfeb629fccb.
7838: Fixes a problem on AIX where LDR_PRELOAD was not being honored for
7839: the command being executed.
7840: [b9b40325b4dc]
7841:
7842: * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in,
7843: include/missing.h, src/sudo.c:
7844: Make a copy of the struct passwd in exec_setup() to make sure
7845: nothing in the policy init modifies it.
7846: [b721261c921f]
7847:
7848: 2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
7849:
7850: * doc/sudoers.pod:
7851: update copyright
7852: [f9d229d1f65e]
7853:
7854: * common/sudo_debug.c, include/sudo_debug.h:
7855: g/c now-unused debug subsystems
7856: [8f21726e698f]
7857:
7858: * doc/sudo.pod, doc/sudoers.pod:
7859: Enumerate the debug subsystems used by sudo and sudoers.
7860: [ac4f84293d14]
7861:
7862: 2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
7863:
7864: * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
7865: include/sudo_conf.h, src/sudo.c:
7866: Normally, sudo disables core dumps while it is running. This
7867: behavior can now be modified at run time with a line in sudo.conf
7868: like "Set disable_coredumps false"
7869: [ad14e0508b0d]
7870:
7871: * NEWS:
7872: Mention Spanish translation
7873: [600f3205bd6e]
7874:
7875: * common/sudo_debug.c:
7876: Make sure we don't try to fall back to using the conversation
7877: function for debugging in the main sudo process if we are unable to
7878: open the debug file.
7879: [ffa329aa908c]
7880:
7881: * MANIFEST, src/po/es.mo, src/po/es.po:
7882: Add sudo Spanish translation from translationproject.org
7883: [c1906654e740]
7884:
7885: 2012-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
7886:
7887: * plugins/sudoers/iolog.c:
7888: Better debug subsystem usage
7889: [1a31f115743c]
7890:
7891: * src/sudo.c:
7892: Remove duplicate function prototypes
7893: [ae04b00532eb]
7894:
7895: 2012-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
7896:
7897: * configure, configure.in:
7898: Error out if user specified --with-pam but we can't find the headers
7899: or library. Also throw an error if the headers are present but the
7900: library is not and vice versa.
7901: [d6bf3e3d0aae]
7902:
7903: 2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
7904:
7905: * plugins/sudoers/sudoers.c:
7906: Fix the sudoers permission check when the expected sudoers mode is
7907: owner-writable.
7908: [8b0b7e770a22]
7909:
7910: 2012-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
7911:
7912: * configure, configure.in:
7913: Verify that we can link executables built with -D_FORTIFY_SOURCE
7914: before using it.
7915: [7578215d1a95]
7916:
7917: * src/exec_common.c:
7918: Fix potential off-by-one when making a copy of the environment for
7919: LD_PRELOAD insertion. Fixes bug #534
7920: [cc699cd551b6]
7921:
7922: * configure, configure.in:
7923: Add rudimentary check for _FORTIFY_SOURCE support by checking for
7924: __sprintf_chk, one of the functions used by gcc to support it.
7925: [a992673d2ef8]
7926:
7927: * compat/stdbool.h, config.h.in, configure, configure.in:
7928: Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves.
7929: [8ba1370884b3]
7930:
7931: 2012-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
7932:
7933: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
7934: regen
7935: [1e0b38397705]
7936:
7937: 2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
7938:
7939: * src/exec.c, src/sudo.c:
7940: The change in 818e82ecbbfc that caused to exit when the monitor dies
7941: created a race condition between the monitor exiting and the status
7942: being read. All we really want to do is make sure that select()
7943: notifies us that there is a status change when the monitor dies
7944: unexpectedly so shutdown the socketpair connected to the monitor for
7945: writing when it dies. That way we can still read the status that is
7946: pending on the socket and select() on Linux will tell us that the fd
7947: is ready.
7948: [7fb5b30ea48d]
7949:
7950: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
7951: src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h,
7952: src/sudo_exec.h:
7953: Refactor disable_execute() and my_execve() into exec_common.c for
7954: use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of
7955: disabling exec in exec_setup(), disable it immediately before
7956: executing the command. Adapted from a diff by Arno Schuring.
7957: [ec4d8b53db6b]
7958:
7959: 2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
7960:
7961: * aclocal.m4, configure, configure.in:
7962: Add custom version of AC_CHECK_LIB that uses the extra libs in the
7963: cache value name. With this we no longer need to rely on a modified
7964: version of autoconf.
7965: [1c3b1d482d6c]
7966:
7967: 2012-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
7968:
7969: * configure, configure.in:
7970: Better handling of network functions that need -lsocket -lnsl
7971: [cc386342ec2b]
7972:
7973: * src/sudo.c:
7974: When setting up the execution environment, set groups before
7975: gid/egid like sudo 1.7 did.
7976: [928e1c5fa6c1]
7977:
7978: * configure, configure.in:
7979: Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
7980: [84b23cdf138f]
7981:
7982: * plugins/sudoers/sudoers.c:
7983: For "sudo -g" prepend the specified group ID to the beginning of the
7984: groups list. This matches BSD convention where the effective gid is
7985: the first entry in the group list. This is required on newer FreeBSD
7986: where the effective gid is not tracked separately and thus
7987: setgroups() changes the egid if this convention is not followed.
7988: Fixes bug #532
7989: [782d6909108b]
7990:
7991: 2012-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
7992:
7993: * configure, configure.in:
7994: Fix sh warning; use "test" instead of "["
7995: [c6ee3407f65e]
7996:
7997: * src/exec.c:
7998: When not logging I/O, use a signal handler that only forwards
7999: SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
8000: Fixes a race in the non-I/O logging path where the command may
8001: receive two keyboard-generated signals; one from the kernel and one
8002: from the sudo process.
8003: [9638684e786a]
8004:
8005: * src/exec.c:
8006: Back out change that put the command in its own pgrp when not
8007: logging I/O. It causes problems with pipelines.
8008: [4fc9c6e1e770]
8009:
8010: 2012-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
8011:
8012: * compat/Makefile.in, configure, configure.in:
8013: Only run compat regress tests on compat objects we actually build.
8014: Fixes "make check" in the compat dir for systems that don't
8015: implement character classes in fnmatch() or glob(). Bug #531
8016: [a7addc305e83]
8017:
8018: 2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
8019:
8020: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
8021: Update po files from translationproject.org
8022: [5ea066af1356]
8023:
8024: 2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
8025:
8026: * sudo.pp:
8027: Include parent directories in case they don't already exist. This
8028: fixes a directory permissions problem with the AIX package when the
8029: /usr/local directories don't already exist.
8030: [a14f783dc827]
8031:
8032: * pp:
8033: sync with git version
8034: [2f79d0543661]
8035:
8036: * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
8037: regen dependencies
8038: [24c92ca6c64d]
8039:
8040: * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c:
8041: Move tty name lookup code to its own file.
8042: [58faf072cbf4]
8043:
8044: 2012-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
8045:
8046: * NEWS:
8047: Update with latest sudo 1.8.4 changes.
8048: [a4ffe4f42528]
8049:
8050: * config.h.in, configure, configure.in:
8051: Remove obsolete template for HAVE_TIMESPEC
8052: [75709007c906]
8053:
8054: * src/sudo.c:
8055: Add a check for devname() returning a fully-qualified pathname. None
8056: of the devname() implementations do this today but you never know
8057: when this might change.
8058: [16813ace38f9]
8059:
8060: 2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
8061:
8062: * plugins/sudoers/visudo.c:
8063: For "visudo -c" also list include files that were checked when
8064: everything is OK.
8065: [ad6f85b35c9c]
8066:
8067: * src/sudo.c:
8068: The device name returned by devname() does not include the /dev/
8069: prefix so we need to add it ourselves.
8070: [b55285abb7ed]
8071:
8072: * src/sudo.c:
8073: Add debug warning if KERN_PROC sysctl fails or devname() can't
8074: resolve the tty device to a name.
8075: [b5a23916ba3a]
8076:
8077: * common/sudo_debug.c:
8078: The result of writev() is never checked so just cast to NULL.
8079: [4be4e9b58d5b]
8080:
8081: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
8082: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
8083: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
8084: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
8085: Update Esperanto, Finnish, Polish and Ukrainian translations from
8086: translationproject.org.
8087: [bb91bc6ad7e9]
8088:
8089: 2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
8090:
8091: * config.h.in, configure, configure.in, src/sudo.c:
8092: Add support for determining tty via sysctl on other BSD variants.
8093: [fd15f63f719a]
8094:
8095: * configure, configure.in:
8096: Only check for struct kinfo_proc.ki_tdev on systems that support
8097: sysctl.
8098: [109b3f07a39d]
8099:
8100: * src/sudo.c:
8101: For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on
8102: ttyname() of std{in,out,err}.
8103: [95969b70bd68]
8104:
8105: 2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
8106:
8107: * config.h.in, configure, configure.in, src/sudo.c:
8108: On newer FreeBSD we can get the parent's tty name via sysctl().
8109: [3207290501ee]
8110:
8111: * plugins/sudoers/testsudoers.c:
8112: Include locale.h
8113: [a602cd0b8c2d]
8114:
8115: * src/sudo.c:
8116: Silence a gcc warning.
8117: [8c6d0e3cd534]
8118:
8119: * plugins/sudoers/bsm_audit.c:
8120: Need to include gettext.h and sudo_debug.h; from John Hein
8121: [447912aa7300]
8122:
8123: * plugins/sudoers/iolog.c:
8124: Initialize the debug framework from the I/O plugin too.
8125: [ce1bf44d96d2]
8126:
8127: 2012-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
8128:
8129: * plugins/sudoers/testsudoers.c:
8130: Enable debugging via sudo.conf.
8131: [d85669c749d0]
8132:
8133: 2012-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
8134:
8135: * plugins/sudoers/visudo.c:
8136: Use SUDO_DEBUG_ALIAS for alias checking functions.
8137: [fb84af30dc76]
8138:
8139: * configure, configure.in:
8140: More complete test for getaddrinfo() that doesn't rely on the
8141: network libraries already being added to LIBS.
8142: [cbaf2369f4f0]
8143:
8144: 2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
8145:
8146: * common/aix.c:
8147: Add debug support.
8148: [def1bdf24485]
8149:
8150: * configure, configure.in:
8151: Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
8152: [a2ea1c2eac61]
8153:
8154: * compat/getaddrinfo.c:
8155: Include errno.h and missing.h
8156: [7d15e17cc2f2]
8157:
8158: * .hgignore:
8159: ignore doc/varsub
8160: [417f9fc3231b]
8161:
8162: * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in,
8163: plugins/sudoers/gram.y, plugins/sudoers/match.c,
8164: plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c,
8165: src/parse_args.c, src/sudo.c, src/sudo.h:
8166: Update copyright year.
8167: [5d0ffc7dd567]
8168:
8169: * NEWS:
8170: Update for sudo 1.8.4
8171: [841e3eff9844]
8172:
8173: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
8174: regen pot files
8175: [c509cb45b66a]
8176:
8177: * plugins/sudoers/sudoreplay.c:
8178: Enable debugging via sudo.conf.
8179: [5087aaee8484]
8180:
8181: * plugins/sudoers/visudo.c:
8182: Enable debugging via sudo.conf.
8183: [04b067c16ed3]
8184:
8185: * plugins/sudoers/visudo.c:
8186: Allow "visudo -c" to work when we only have read-only access to the
8187: sudoers include files.
8188: [d8c6713fe5c1]
8189:
8190: * doc/sudo.pod, doc/visudo.pod:
8191: Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add
8192: HISTORY section in sudo that points to HISTORY file.
8193: [d1f1bcb051c5]
8194:
8195: * doc/sudo.pod, doc/sudo_plugin.pod:
8196: Document Debug setting in sudo.conf and debug_flags in plugin.
8197: [acfc505aa4a9]
8198:
8199: 2012-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
8200:
8201: * plugins/sudoers/match.c:
8202: Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a
8203: bug where a pattern like "/usr/*" include /usr/bin/ in the results,
8204: which would be incorrectly be interpreted as if the sudoers file had
8205: specified a directory. From Vitezslav Cizek.
8206: [0cdb6252188c]
8207:
8208: * INSTALL, config.h.in, configure, configure.in,
8209: plugins/sudoers/auth/kerb5.c:
8210: Add --enable-kerb5-instance configure option to allow people using
8211: Kerberos V authentication to use a custom instance. Adapted from a
8212: diff by Michael E Burr.
8213: [e83af8bb7aa7]
8214:
8215: * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h:
8216: Remove -D debug_level option.
8217: [cbcd05094347]
8218:
8219: * doc/LICENSE:
8220: Update copyright year.
8221: [9f43dd7aa852]
8222:
8223: 2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
8224:
8225: * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
8226: plugins/sudoers/visudo.c:
8227: parse_error is now bool, not int
8228: [5ea7fb6fda38]
8229:
8230: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
8231: plugins/sudoers/parse.c:
8232: Print a more sensible error if yyparse() returns non-zero but
8233: yyerror() was not called.
8234: [d44ec88f1183]
8235:
8236: * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
8237: plugins/sudoers/gram.c:
8238: Replace y.tab.c with the correct filename in #line directives.
8239: [3c84fcb7e959]
8240:
8241: 2012-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
8242:
8243: * src/sudo.c:
8244: When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2}
8245: if the main process's fds 0-2 are not hooked up to a tty. Adapted
8246: from a diff by Zdenek Behan.
8247: [b9dfce12af85]
8248:
8249: * src/exec.c:
8250: When not logging I/O, put command in its own pgrp and make that the
8251: controlling pgrp if the command is in the foreground. Fixes a race
8252: in the non-I/O logging path where the command may receive two
8253: keyboard-generated signals; one from the kernel and one from the
8254: sudo process.
8255: [d0e263ce496c]
8256:
8257: 2011-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
8258:
8259: * src/sudo_edit.c:
8260: Quiet a bogus gcc warning.
8261: [2009669e0608]
8262:
8263: * src/parse_args.c, src/sudo.h:
8264: Fix warnings related to sudo.conf accessors.
8265: [08ddc29ba50b]
8266:
8267: * common/sudo_conf.c, include/sudo_conf.h:
8268: Separate sudo.conf parsing from plugin loading and move the parse
8269: functions into the common lib so that visudo, etc. can use them.
8270: [f1fc659a8079]
8271:
8272: * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c,
8273: src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h:
8274: Separate sudo.conf parsing from plugin loading and move the parse
8275: functions into the common lib so that visudo, etc. can use them.
8276: [e1f2cf6bd57a]
8277:
8278: * doc/sudoers.pod, plugins/sudoers/def_data.c,
8279: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
8280: plugins/sudoers/sudoers.c, src/sudo.c:
8281: Remove support for noexec_file in sudoers and the plugin API
8282: [3e2fd58879b5]
8283:
8284: * plugins/sudoers/sudoers.c:
8285: Don't dump interfaces if there are none.
8286: [9081bb4d3e9e]
8287:
8288: * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
8289: Add missing %s printf escape to the group_plugin, iolog_dir and
8290: iolog_file descriptions.
8291: [7db03f2b737e]
8292:
8293: 2011-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
8294:
8295: * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c:
8296: Fix typo in visiblepw description; from Joel Pickett
8297: [2fb4b26d5c2c]
8298:
8299: 2011-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
8300:
8301: * MANIFEST, configure, configure.in, mkdep.pl,
8302: plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
8303: plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
8304: plugins/sudoers/sudoers.h, src/sudo.c:
8305: When running a login shell with a login_class specified, use
8306: LOGIN_SETENV instead of rolling our own login.conf setenv support
8307: since FreeBSD's login.conf has more than just setenv capabilities.
8308: This requires us to swap the plugin-provided envp for the global
8309: environ before calling setusercontext() and then stash the resulting
8310: environ pointer back into the command details, which is kind of a
8311: hack.
8312: [ad4f1190143b]
8313:
8314: * plugins/sudoers/Makefile.in:
8315: If srcdir is "." just use the basename of the yacc/lex file when
8316: generating the C version. This matches the generated files currently
8317: in the repo.
8318: [0b11c3df87a8]
8319:
8320: * doc/Makefile.in, plugins/sudoers/Makefile.in:
8321: Clean up the DEVEL noise
8322: [9de2afe457fd]
8323:
8324: * src/exec.c:
8325: Handle different Unix domain socket (actually socketpair) semantics
8326: in BSD vs. Linux. In BSD if one end of the socketpair goes away
8327: select() returns the fd as readable and the read will fail with
8328: ECONNRESET. This doesn't appear to happen on Linux so if we notice
8329: that the monitor process has died when I/O logging is enabled,
8330: behave like the command has exited. This means we log the wait
8331: status of the monitor, not the command, but there is nothing else we
8332: can do at that point. This should only be an issue if SIGKILL is
8333: sent to the monitor process.
8334: [818e82ecbbfc]
8335:
8336: * src/exec_pty.c:
8337: Catch common signals in the monitor process so they get passed to
8338: the command. Fixes a problem when the entire login session is killed
8339: when ssh is disconnected or the terminal window is closed.
8340: Previously, the monitor would exit and plugin's close method would
8341: not be called.
8342: [0e4658263138]
8343:
8344: * INSTALL, configure, configure.in:
8345: Mention how to configure pam_hpsec on HP-UX to play nicely with
8346: sudo.
8347: [a7294cd8ce98]
8348:
8349: 2011-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
8350:
8351: * plugins/sudoers/ldap.c:
8352: Escape values in the search expression as per RFC 4515.
8353: [c2adbc5db92b]
8354:
8355: * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
8356: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
8357: src/Makefile.in:
8358: No need for install target to depend explicitly on install-dirs, the
8359: install-foo targets all depend on it.
8360: [62a36ed98279]
8361:
8362: 2011-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
8363:
8364: * .hgignore:
8365: ignore src/sesh
8366: [463d492f6782]
8367:
8368: * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl,
8369: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
8370: plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
8371: plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
8372: plugins/sudoers/sudoers.h, src/Makefile.in:
8373: Add support for setenv entries in login.conf. We can't use
8374: LOGIN_SETENV since the plugin sets up the envp the command is
8375: executed with. Also regen the Makefile.in files while here. Fixes
8376: bug #527
8377: [088d507926e2]
8378:
8379: 2011-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
8380:
8381: * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h,
8382: config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
8383: src/net_ifs.c:
8384: Add getaddrinfo() for those without it, written by Russ Allbery
8385: [4cf9ac831222]
8386:
8387: * doc/Makefile.in:
8388: Restore PACKAGE_TARNAME, it is used in docdir
8389: [9d65e893edb1]
8390:
8391: * MANIFEST, compat/stdbool.h:
8392: SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to
8393: the MANIFEST
8394: [e67700dc5621]
8395:
8396: * common/atobool.c, common/term.c, src/exec.c:
8397: Remove duplicate return statements.
8398: [48a20d5215fd]
8399:
8400: * plugins/sudoers/auth/bsdauth.c:
8401: Remove inaccurate comment
8402: [e7f0265cf657]
8403:
8404: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c:
8405: Fetch the login class for the user we authenticate specifically when
8406: using BSD authentication. That user may have a different login class
8407: than what we will use to run the command. When setting the login
8408: class for the command, use the target user's struct passwd, not the
8409: invoking user's. Fixes bug 526
8410: [21bf0af892f7]
8411:
8412: * compat/Makefile.in, configure, configure.in, doc/Makefile.in,
8413: plugins/sudoers/Makefile.in:
8414: Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1"
8415: [8ee6e0891f27]
8416:
8417: * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
8418: plugins/sudoers/regress/logging/check_wrap.c,
8419: plugins/sudoers/regress/parser/check_addr.c,
8420: plugins/sudoers/regress/parser/check_fill.c:
8421: Fix "make check" fallout from the sudo_conv changes in sudo_debug.
8422: [b0aaa63c9081]
8423:
8424: * common/fileops.c, common/sudo_debug.c, configure, configure.in,
8425: include/fileops.h, plugins/sample/Makefile.in,
8426: plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in,
8427: plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
8428: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
8429: plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
8430: plugins/sudoers/env.c, plugins/sudoers/find_path.c,
8431: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
8432: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
8433: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
8434: plugins/sudoers/ldap.c, plugins/sudoers/match.c,
8435: plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
8436: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
8437: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
8438: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
8439: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
8440: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
8441: plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c,
8442: src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h,
8443: src/sudo_plugin_int.h, src/utmp.c:
8444: Use stdbool.h instead of rolling our own TRUE/FALSE macros.
8445: [dcb0bbc42fc9]
8446:
8447: 2011-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
8448:
8449: * compat/stdbool.h, config.h.in, configure, configure.in:
8450: Add stdbool.h for systems without it.
8451: [18bd9dda1dcd]
8452:
8453: * aclocal.m4, config.h.in, configure, configure.in:
8454: No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
8455: includes have unistd.h in them. Add check for socklen_t for upcoming
8456: getaddrinfo compat.
8457: [d705465bef69]
8458:
8459: * common/fileops.c, compat/nanosleep.c, config.h.in, configure,
8460: configure.in, plugins/sudoers/interfaces.c,
8461: plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c,
8462: plugins/sudoers/sudoreplay.c, src/net_ifs.c:
8463: Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of
8464: HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
8465: [fa187c9bd2be]
8466:
8467: * src/sudo_noexec.c:
8468: No longer need to include time.h here as missing.h does not use
8469: time_t.
8470: [fa3a089bf5b1]
8471:
8472: 2011-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
8473:
8474: * plugins/sudoers/visudo.c:
8475: Fix mode on sudoers as needed when the -f option is not specified.
8476: [7a1c40b0dc03]
8477:
8478: * MANIFEST, src/po/sr.mo, src/po/sr.po:
8479: Add Serbian translation for sudo from translationproject.org
8480: [9a0c25e25cba]
8481:
8482: * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c,
8483: src/parse_args.c:
8484: No longer pass debug_file to plugin, plugins must now use
8485: CONV_DEBUG_MSG
8486: [810cda1abb0b]
8487:
8488: * mkpkg:
8489: Build PIE executables for newer Debian and Ubuntu
8490: [1c5f25f8904a]
8491:
8492: * common/sudo_debug.c:
8493: Include time.h for ctime() prototype.
8494: [10090cf3bca1]
8495:
8496: 2011-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
8497:
8498: * common/sudo_debug.c, include/sudo_debug.h, src/exec.c,
8499: src/exec_pty.c:
8500: Do not close error pipe or debug fd via closefrom() as we need them
8501: to report an exec error should one occur.
8502: [732f6587fafa]
8503:
8504: * doc/sudoers.ldap.pod:
8505: Document that a sudoUser may now be a group ID.
8506: [2fef46b9d3d3]
8507:
8508: * plugins/sudoers/ldap.c:
8509: Add support for permitting access by group ID in addition to group
8510: name.
8511: [b9450fdf1f69]
8512:
8513: * plugins/sudoers/ldap.c:
8514: Older Netscape LDAP SDKs don't prototype ldapssl_set_strength()
8515: [d62a1e7cff4f]
8516:
8517: * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE:
8518: Replace UCB fnmatch.c with a non-recursive version written by
8519: William A. Rowe Jr.
8520: [354d3384adb8]
8521:
8522: * plugins/sudoers/auth/pam.c:
8523: Fix typo, return_debug vs. debug_return
8524: [1b522efcbb0d]
8525:
8526: 2011-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
8527:
8528: * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
8529: Update Japanese sudoers translation from translationproject.org
8530: [ec0f2beaad36]
8531:
8532: * doc/sudoers.pod:
8533: Make the env_reset descriptions consistent.
8534: [41c056f02688]
8535:
8536: 2011-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
8537:
8538: * configure, configure.in:
8539: Do multiple expansion when expanding paths to the noexec file, sesh
8540: and the plugin directory. Adapted from a diff by Mike Frysinger
8541: [d7e16c876c66]
8542:
8543: * common/Makefile.in:
8544: regen
8545: [9d729e09c186]
8546:
8547: 2011-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
8548:
8549: * .hgignore:
8550: Add ignore file; from Mike Frysinger
8551: [1fa8d52425f8]
8552:
8553: * mkdep.pl:
8554: no longer save old Makefile.in to .old
8555: [378dd2395545]
8556:
8557: * plugins/sudoers/Makefile.in, src/Makefile.in:
8558: regen
8559: [769faf517720]
8560:
8561: * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4,
8562: m4/ltoptions.m4, m4/ltversion.m4:
8563: Update to libtool 2.4.2
8564: [9dac78d84b4f]
8565:
8566: 2011-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
8567:
8568: * plugins/sudoers/sudoers_version.h:
8569: Bump grammar version for #include and #includedir relative path
8570: support.
8571: [82a4f7cd8f71]
8572:
8573: 2011-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
8574:
8575: * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8576: Add support for relative paths in #include and #includedir
8577: [4d6e3bd0c24f]
8578:
8579: * plugins/sudoers/Makefile.in:
8580: Fix install-plugin when shared objects are unsupported or disabled.
8581: [cbdd770a7a1b]
8582:
8583: * plugins/sudoers/goodpath.c:
8584: Don't write to sbp if it is NULL
8585: [fc438f8e8570]
8586:
8587: 2011-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
8588:
8589: * Makefile.in:
8590: Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set,
8591: only install matching .mo files
8592: [c1dc30ab4ebc]
8593:
8594: 2011-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
8595:
8596: * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
8597: plugins/sudoers/sudoers.c, src/conversation.c:
8598: Fix non-dynamic (no dlopen) sudo build.
8599: [b0bd3fa925a3]
8600:
8601: * configure, configure.in:
8602: Don't error out if the user specified --disable-shared
8603: [cf035dd1e5cc]
8604:
8605: * common/sudo_debug.c, plugins/sudoers/sudoreplay.c,
8606: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
8607: src/conversation.c:
8608: Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to
8609: the debug file.
8610: [640c62f83251]
8611:
8612: * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
8613: plugins/sudoers/sudoers.h:
8614: Make sudo_goodpath() return value bolean
8615: [fea2d59a6e55]
8616:
8617: * INSTALL, MANIFEST, configure, configure.in, mkdep.pl,
8618: plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c:
8619: Remove obsolete securid auth method.
8620: [4e54f860214b]
8621:
8622: * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
8623: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
8624: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
8625: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
8626: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
8627: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
8628: plugins/sudoers/auth/sudo_auth.h:
8629: Prefix authentication functions with a "sudo_" prefix to avoid
8630: namespace problems.
8631: [581d74063ea1]
8632:
8633: * INSTALL, MANIFEST, config.h.in, configure, configure.in,
8634: doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in,
8635: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c,
8636: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c:
8637: Remove the old Kerberos IV support
8638: [2e4b4a44209d]
8639:
8640: 2011-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
8641:
8642: * plugins/sudoers/check.c:
8643: Don't print garbage at the end of the custom lecture.
8644: [44bb788fafaa]
8645:
8646: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8647: Add lexer tracing as debug@parser
8648: [d850f3f9d414]
8649:
8650: * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
8651: plugins/sudoers/defaults.h, plugins/sudoers/gram.c,
8652: plugins/sudoers/match.c, plugins/sudoers/parse.c,
8653: plugins/sudoers/regress/parser/check_fill.c,
8654: plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
8655: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
8656: plugins/sudoers/visudo.c:
8657: Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and
8658: <def_data.h> and not "def_data.h" when generating the parser in a
8659: build dir.
8660: [7da701def753]
8661:
8662: 2011-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
8663:
8664: * mkdep.pl, plugins/sudoers/Makefile.in:
8665: Better devdir support in mkdep.pl
8666: [7dcec57bd155]
8667:
8668: * plugins/sudoers/Makefile.in:
8669: Add devdir before srcdir in include path and fix up dependecies
8670: accordingly.
8671: [6e9958eca485]
8672:
8673: * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
8674: plugins/sudoers/defaults.h, plugins/sudoers/match.c,
8675: plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
8676: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
8677: plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
8678: #include "gram.h" not <gram.h> and "def_data.h" and not
8679: <def_data.h>.
8680: [003bdb078a15]
8681:
8682: * sudo.pp:
8683: Mark libexec files as optional. If we build without shared object
8684: support, libexec is not used.
8685: [4bffcf482219]
8686:
8687: * src/load_plugins.c:
8688: Change Debug sudo.conf setting to take a program name as the first
8689: argument. In the future, this will allow visudo and sudoreplay to
8690: use their own Debug entries.
8691: [cfb8f7e4867c]
8692:
8693: * src/sudo.c:
8694: fix sudo_debug_printf priority
8695: [dcb67e965609]
8696:
8697: * plugins/sudoers/sudoers.c:
8698: add missing debug_return_int
8699: [d88ec450c592]
8700:
8701: 2011-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
8702:
8703: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
8704: plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c:
8705: Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR
8706: [dcee8efc294f]
8707:
8708: * doc/UPGRADE:
8709: Add missing word in HOME security note.
8710: [fd844fdcc1ac]
8711:
8712: * plugins/sudoers/testsudoers.c:
8713: Prevent "testsudoers -d username" from trying to malloc(0).
8714: [839126e56e8c]
8715:
8716: 2011-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
8717:
8718: * plugins/sudoers/regress/sudoers/test10.in,
8719: plugins/sudoers/regress/sudoers/test10.out.ok,
8720: plugins/sudoers/regress/sudoers/test10.toke.ok,
8721: plugins/sudoers/regress/sudoers/test10.toke.out.ok,
8722: plugins/sudoers/regress/sudoers/test11.in,
8723: plugins/sudoers/regress/sudoers/test11.out.ok,
8724: plugins/sudoers/regress/sudoers/test11.toke.ok,
8725: plugins/sudoers/regress/sudoers/test11.toke.out.ok,
8726: plugins/sudoers/regress/sudoers/test12.in,
8727: plugins/sudoers/regress/sudoers/test12.out.ok,
8728: plugins/sudoers/regress/sudoers/test12.toke.ok,
8729: plugins/sudoers/regress/sudoers/test13.in,
8730: plugins/sudoers/regress/sudoers/test13.out.ok,
8731: plugins/sudoers/regress/sudoers/test13.toke.ok,
8732: plugins/sudoers/regress/sudoers/test9.in,
8733: plugins/sudoers/regress/sudoers/test9.out.ok,
8734: plugins/sudoers/regress/sudoers/test9.toke.ok,
8735: plugins/sudoers/regress/sudoers/test9.toke.out.ok:
8736: Tests for empty sudoers (should parse OK) and syntax errors within a
8737: line (should report correct line number) both with and without the
8738: trailing newline.
8739: [d57c879c4718]
8740:
8741: * plugins/sudoers/regress/sudoers/test4.out.ok,
8742: plugins/sudoers/regress/sudoers/test5.out.ok,
8743: plugins/sudoers/regress/sudoers/test7.out.ok,
8744: plugins/sudoers/regress/sudoers/test8.out.ok,
8745: plugins/sudoers/testsudoers.c:
8746: Print line number when there is a parser error.
8747: [5444ef6ac6dc]
8748:
8749: 2011-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
8750:
8751: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
8752: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
8753: Keep track of the last token returned. On error, if the last token
8754: was COMMENT, decrement sudolineno since the error most likely
8755: occurred on the preceding line. Previously we always uses
8756: sudolineno-1 which will give the wrong line number for errors within
8757: a line.
8758: [d661a03a64da]
8759:
8760: 2011-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
8761:
8762: * NEWS:
8763: update with sudo 1.8.3p1 info
8764: [0f79ff31f602]
8765:
8766: * plugins/sudoers/sudoers.c:
8767: Fix crash when "sudo -g group -i" is run. Fixes bug 521
8768: [a3087ae337c4]
8769:
8770: 2011-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
8771:
8772: * plugins/sudoers/visudo.c:
8773: Make alias_remove_recursive() return TRUE/FALSE as its callers
8774: expect and remove two unused arguments. Fixes bug 519.
8775: [2ee3b2882844]
8776:
8777: * plugins/sudoers/regress/visudo/test1.out.ok,
8778: plugins/sudoers/regress/visudo/test1.sh:
8779: Add regress test for bugzilla 519
8780: [48000ebedf97]
8781:
8782: * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
8783: plugins/sudoers/regress/logging/check_wrap.c,
8784: plugins/sudoers/regress/parser/check_addr.c,
8785: plugins/sudoers/regress/parser/check_fill.c:
8786: Disable warning/error wrapping in regress tests.
8787: [373c589ba561]
8788:
8789: 2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
8790:
8791: * Makefile.in:
8792: Do compile-po as part of sync-po so that the .mo files get rebuild
8793: automatically when we sync with translationproject.org
8794: [83f3cbfc2f33]
8795:
8796: * plugins/sudoers/Makefile.in:
8797: check_addr needs to link with the network libraries on Solaris
8798: [322bd70e316e]
8799:
8800: * plugins/sudoers/match.c:
8801: When matching a RunasAlias for a runas group, pass the alias in as
8802: the group_list, not the user_list. From Daniel Kopecek.
8803: [766545edf141]
8804:
8805: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
8806: We need to init the auth system regardless of whether we need a
8807: password since we will be closing the PAM session in the monitor
8808: process. Fixes a crash in the monitor on Solaris; bugzilla #518
8809: [e82809f86fb3]
8810:
8811: 2011-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
8812:
8813: * src/exec.c:
8814: Get rid of done: label. If the child exits we still need to close
8815: the pty, update utmp and restore the SELinux tty context.
8816: [cc127bf48405]
8817:
8818: 2011-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
8819:
8820: * common/Makefile.in, common/atobool.c, common/fileops.c,
8821: common/fmt_string.c, common/lbuf.c, common/list.c,
8822: common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in,
8823: plugins/sudoers/alias.c, plugins/sudoers/audit.c,
8824: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
8825: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
8826: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
8827: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
8828: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
8829: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
8830: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
8831: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
8832: plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
8833: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
8834: plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
8835: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
8836: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
8837: plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
8838: plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
8839: plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
8840: plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
8841: plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
8842: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
8843: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
8844: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
8845: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
8846: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
8847: src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c,
8848: src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
8849: src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
8850: src/tgetpass.c, src/ttysize.c, src/utmp.c:
8851: Add debug_decl/debug_return (almost) everywhere. Remove old
8852: sudo_debug() and convert users to sudo_debug_printf().
8853: [8f3bbf907b67]
8854:
8855: * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c,
8856: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
8857: plugins/sudoers/visudo.c, src/error.c:
8858: Wrap error/errorx and warning/warningx functions with debug
8859: statements. Disable wrapping for standalone sudoers programs as well
8860: as memory allocation functions (to avoid infinite recursion).
8861: [562ed7b5ae8d]
8862:
8863: * README, config.h.in, configure, configure.in:
8864: Add checks for __func__ and __FUNCTION__ and mention that we now
8865: require a cpp that supports variadic macros.
8866: [314cfe4c5d23]
8867:
8868: * MANIFEST, common/Makefile.in, common/sudo_debug.c,
8869: include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c,
8870: src/load_plugins.c, src/parse_args.c, src/sudo.c,
8871: src/sudo_plugin_int.h:
8872: New debug framework for sudo and plugins using /etc/sudo.conf that
8873: also supports function call tracing.
8874: [cded741e9f10]
8875:
8876: 2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
8877:
8878: * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
8879: Update Japanese sudoers translation from translationproject.org
8880: [c24725775e32]
8881:
8882: 2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
8883:
8884: * configure, configure.in:
8885: Override and ignore the --disable-static option. Sudo already runs
8886: libtool with -tag=disable-static where applicable and we need non-
8887: PIC objects to build the executables.
8888: [aff1227b853a]
8889:
8890: 2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
8891:
8892: * NEWS:
8893: Add sudoedit fix
8894: [74655c7ccad1]
8895:
8896: * plugins/sudoers/po/sudoers.pot:
8897: regen pot files
8898: [28d89a831ed3]
8899:
8900: * plugins/sudoers/env.c:
8901: Ignore set_logname (which is now the default) for sudoedit since we
8902: want the LOGNAME, USER and USERNAME environment variables to refer
8903: to the calling user since that is who the editor runs as. This
8904: allows the editor to find the user's startup files. Fixes bugzilla
8905: #515
8906: [6c5dddf5ff05]
8907:
8908: * plugins/sudoers/pwutil.c:
8909: Instead of trying to grow the buffer in make_grlist_item(), simply
8910: increase the total length, free the old buffer and allocate a new
8911: one. This is less error prone and saves us from having to adjust all
8912: the pointers in the buffer. This code path is only taken when there
8913: are groups longer than the length of the user field in struct utmp
8914: or utmpx, which should be quite rare.
8915: [5587dc8cffaf]
8916:
8917: * src/po/it.mo:
8918: Add Italian translation for sudo from translationproject.org
8919: [1b3dd886e7e3]
8920:
8921: * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
8922: src/po/ja.mo, src/po/ja.po:
8923: Japanese translation for sudo and sudoers from
8924: translationproject.org
8925: [c06dd866be6e]
8926:
8927: 2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
8928:
8929: * plugins/sudoers/Makefile.in:
8930: sudoreplay depends on timestr.lo too; from Mike Frysinger
8931: [b9e73214b2f1]
8932:
8933: 2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
8934:
8935: * plugins/sudoers/po/sudoers.pot:
8936: Regen sudoers pot file.
8937: [019588bafdb3]
8938:
8939: * NEWS:
8940: Update with latest sudo 1.8.3 news
8941: [6868042a88e9]
8942:
8943: * plugins/sudoers/sudoers.c:
8944: It appears that LDAP or NSS may modify the euid so we need to be
8945: root for the open(). We restore the old perms at the end of
8946: sudoers_policy_open().
8947: [2da67a5497ef]
8948:
8949: * plugins/sudoers/set_perms.c:
8950: Better warning message on setuid() failure for the setreuid()
8951: version of set_perms().
8952: [07abcfe7bd9a]
8953:
8954: 2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
8955:
8956: * plugins/sudoers/check.c:
8957: Delref auth_pw at the end of check_user() instead of getting a ref
8958: twice.
8959: [cb665f55e6a5]
8960:
8961: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c:
8962: Make sudo_auth_{init,cleanup} return TRUE on success and check for
8963: sudo_auth_init() return value in check_user().
8964: [92631c919356]
8965:
8966: * plugins/sudoers/auth/sudo_auth.c:
8967: Do not return without restoring permissions.
8968: [59ef40b6696a]
8969:
8970: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
8971: regen pot files
8972: [9f320a340b7c]
8973:
8974: * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
8975: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
8976: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
8977: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
8978: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
8979: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
8980: plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
8981: plugins/sudoers/sudoers.h:
8982: Modify the authentication API such that the init and cleanup
8983: functions are always called, regardless of whether or not we are
8984: going to verify a password. This is needed for proper PAM session
8985: support.
8986: [19a53f3fb596]
8987:
8988: * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
8989: Add missing dependency for getspwuid.lo and regen other depends.
8990: [f7f70eae819a]
8991:
8992: * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
8993: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c:
8994: Fix a PAM_USER mismatch in session open/close. We update PAM_USER to
8995: the target user immediately before setting resource limits, which is
8996: after the monitor process has forked (so it has the old value).
8997: Also, if the user did not authenticate, there is no pamh in the
8998: monitor so we need to init pam here too. This means we end up
8999: calling pam_start() twice, which should be fixed, but at least the
9000: session is always properly closed now.
9001: [fbc063a2a872]
9002:
9003: * src/utmp.c:
9004: Add check for old being NULL in utmp_setid(); from Steven McDonald
9005: [e87126442f2e]
9006:
9007: 2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
9008:
9009: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
9010: plugins/sudoers/sudoers.h:
9011: If the invoking user cannot be resolved by uid fake the struct
9012: passwd and store it in the cache so we can delref it on exit.
9013: [a27e2f8b9f5e]
9014:
9015: 2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
9016:
9017: * plugins/sudoers/sudoers.c:
9018: Don't error out if the group plugin cannot be loaded, just warn.
9019: [0fbfcd381e33]
9020:
9021: 2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
9022:
9023: * plugins/sudoers/sudoers.c:
9024: Quiet a false positive found by several static analysis tools. These
9025: tools don't know that log_error() does not return (it longjmps to
9026: error_jmp which returns to the sudo front-end).
9027: [33d0469df21b]
9028:
9029: 2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
9030:
9031: * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo,
9032: plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
9033: plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po:
9034: Add Italian translation for sudo from translationproject.org Regen
9035: .mo files
9036: [c3c888a82be6]
9037:
9038: 2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
9039:
9040: * doc/TROUBLESHOOTING:
9041: Update to current reality and add bit about ssh auth
9042: [184a1e7c2eeb]
9043:
9044: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
9045: Make "verbose" static; fixes a namespace clash with
9046: pam_ssh_agent_auth (and it doesn't need to be extern these days).
9047: [cc38d2eb2f4c]
9048:
9049: * config.h.in, configure, configure.in, src/get_pty.c:
9050: FreeBSD has libutil.h not util.h
9051: [dab4c94b6d4f]
9052:
9053: * configure, configure.in:
9054: Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
9055: [41c362f0a92a]
9056:
9057: 2011-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
9058:
9059: * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po,
9060: plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po,
9061: plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po:
9062: Update po files from translationproject.org
9063: [1e99e147c7fa]
9064:
9065: 2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
9066:
9067: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
9068: Add support for DEREF in ldap.conf.
9069: [3c1937a98547]
9070:
9071: * Makefile.in:
9072: install target should depend on ChangeLog too, not just install-doc
9073: [1a7c83941175]
9074:
9075: * doc/sudoers.pod:
9076: Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
9077: [0eca47d60a2c]
9078:
9079: * NEWS:
9080: Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes.
9081: [0501415cc5ff]
9082:
9083: * doc/UPGRADE:
9084: Document group lookup change and possible side effects.
9085: [585743e1ebf7]
9086:
9087: * configure, configure.in:
9088: Fix some square brackets in case statements that needed to be
9089: doubled up. While here, use $OSMAJOR when it makes sense.
9090: [8973343f4696]
9091:
9092: * plugins/sudoers/pwutil.c:
9093: Fix a crash in make_grlist_item() on 64-bit machines with strict
9094: alignment.
9095: [c89508c73c46]
9096:
9097: * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
9098: Remove list_options() function that is no longer used now that "sudo
9099: -L" is gone.
9100: [fcc6a776c135]
9101:
9102: * configure, configure.in:
9103: Error message if user tries --with-CC
9104: [ec5b478f813a]
9105:
9106: * configure, configure.in:
9107: Check for -libmldap too when looking for ldap libs, which is the
9108: Tivoli Directory Server client library.
9109: [bb3007a97206]
9110:
9111: 2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
9112:
9113: * plugins/sudoers/parse.c:
9114: Honor NOPASSWD tag for denied commands too.
9115: [8dd92656db92]
9116:
9117: 2011-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
9118:
9119: * INSTALL, configure, configure.in:
9120: Remove --with-CC option; it doesn't work correctly now that we use
9121: libtool. Users can get the same effect by setting the CC environment
9122: variable when running configure.
9123: [ec22bd1a55e0]
9124:
9125: 2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
9126:
9127: * config.h.in, configure, configure.in, plugins/sudoers/visudo.c,
9128: src/sudo_edit.c:
9129: Assume all modern systems support fstat(2).
9130: [6a5a8985f6a0]
9131:
9132: 2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
9133:
9134: * compat/regress/glob/globtest.c, config.h.in, configure,
9135: configure.in, include/missing.h, plugins/sudoers/sudoers.h,
9136: src/sudo.h, src/sudo_noexec.c:
9137: Add configure test for missing errno declaration and only declare it
9138: ourselves if it is missing.
9139: [456e76c809a2]
9140:
9141: * plugins/sudoers/alias.c:
9142: Include errno.h before sudo.h to avoid conflicting with the system
9143: definition of errno.
9144: [d0b97e392512]
9145:
9146: 2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
9147:
9148: * plugins/sudoers/regress/parser/check_addr.c:
9149: Only print individual check status when there is a failure.
9150: [2ac704c91441]
9151:
9152: * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
9153: plugins/sudoers/regress/logging/check_wrap.c,
9154: plugins/sudoers/regress/parser/check_addr.c:
9155: Add calls to setprogname() for test programs.
9156: [a8d9b420e826]
9157:
9158: * configure, configure.in:
9159: Add -Wall and -Werror after all tests so they don't cause failures.
9160: [2661188ff3fa]
9161:
9162: * plugins/sudoers/Makefile.in:
9163: Actually run check_addr in the check target
9164: [0b2778bc86bf]
9165:
9166: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
9167: plugins/sudoers/match_addr.c,
9168: plugins/sudoers/regress/parser/check_addr.c,
9169: plugins/sudoers/regress/parser/check_addr.in:
9170: Split out address matching into its own file and add regression
9171: tests for it.
9172: [12b9a2bf8dba]
9173:
9174: 2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
9175:
9176: * plugins/sudoers/match.c:
9177: When matching an address with a netmask in sudoers, AND the mask and
9178: addr before checking against the local addresses.
9179: [9747bb6d7b1c]
9180:
9181: 2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
9182:
9183: * plugins/sudoers/match.c:
9184: Fix netmask matching.
9185: [a3c8f8cc1464]
9186:
9187: * plugins/sudoers/visudo.c:
9188: Don't assume all editors support the +linenumber command line
9189: argument, use a whitelist of known good editors.
9190: [21d43a91fd10]
9191:
9192: 2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
9193:
9194: * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c,
9195: src/exec_pty.c, src/sudo.c:
9196: Silence compiler warnings on Solaris with gcc 3.4.3
9197: [da620bae6fdb]
9198:
9199: * mkpkg:
9200: Fix building on RHEL 3
9201: [f3227fb2a252]
9202:
9203: * INSTALL, configure, configure.in:
9204: Add --enable-werror configure option.
9205: [fec2cdb95543]
9206:
9207: * common/setgroups.c:
9208: setgroups() proto lives in grp.h on RHEL4, perhaps others.
9209: [de91c0de5a98]
9210:
9211: * configure, configure.in:
9212: Use PAM by default on AIX 6 and higher.
9213: [e16493208e5f]
9214:
9215: 2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
9216:
9217: * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
9218: src/po/eo.mo, src/po/eo.po:
9219: Add new Esperanto translation from translationproject.org
9220: [0d9a59e04c64]
9221:
9222: 2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
9223:
9224: * plugins/sudoers/iolog_path.c:
9225: Quiet an innocuous valgrind warning.
9226: [0582b6027161]
9227:
9228: 2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
9229:
9230: * plugins/sudoers/iolog_path.c,
9231: plugins/sudoers/regress/iolog_path/data:
9232: Fix expansion of strftime() escapes in log_dir and add a regress
9233: test that exhibited the problem.
9234: [a5c7c1c4c589]
9235:
9236: * plugins/sudoers/Makefile.in:
9237: Fix "make check" return value.
9238: [33b58e175230]
9239:
9240: 2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
9241:
9242: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
9243: Regen pot files
9244: [063841aac19b]
9245:
9246: * Makefile.in:
9247: Fix logic inversion in pot file up to date check.
9248: [f6a8ca8654df]
9249:
9250: 2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
9251:
9252: * configure, configure.in:
9253: Add caching for gettext() checks.
9254: [01b7200f6105]
9255:
9256: * configure, configure.in:
9257: Better handling of libintl header and library mismatch.
9258: [9a49b1d4db69]
9259:
9260: 2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
9261:
9262: * plugins/sudoers/sudoers.c:
9263: Also check sudoers gid if sudoers is group writable.
9264: [23ef96ca0d33]
9265:
9266: 2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
9267:
9268: * configure, configure.in:
9269: If dlopen is present but libtool doesn't find it, error out since it
9270: probably means that libtool doesn't support the system.
9271: [a9da0a5f7941]
9272:
9273: * mkpkg:
9274: configure args on the command line should override builtin defaults.
9275: Disable NLS for non-Linux/Solaris unless explicitly enabled.
9276: [b2fb05614504]
9277:
9278: * plugins/sudoers/auth/aix_auth.c:
9279: Fix loop that calls authenticate(). If there was an error message
9280: from authenticate(), display it.
9281: [063a0c4f0b9a]
9282:
9283: 2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
9284:
9285: * m4/libtool.m4, m4/ltversion.m4:
9286: Update to autoconf 2.68 and libtool 2.4
9287: [5a912a6eb67b]
9288:
9289: * config.guess, config.sub, configure, configure.in, ltmain.sh:
9290: Update to autoconf 2.68 and libtool 2.4
9291: [931ab56aecf6]
9292:
9293: * doc/sudoers.pod:
9294: Fix typo; OPT should be OTP
9295: [e97bd2e46544]
9296:
9297: * plugins/sudoers/Makefile.in:
9298: Rename libsudoers convenience library to libparsesudoers to avoid
9299: libtool confusion.
9300: [2a89a613f537]
9301:
9302: 2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
9303:
9304: * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
9305: Add Danish sudoers translation from translationproject.org
9306: [27b96e85eb13]
9307:
9308: * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
9309: Add dedicated callback function for runas_default sudoers setting
9310: that only sets runas_pw if no runas user or group was specified by
9311: the user.
9312: [b8382d8eea34]
9313:
9314: 2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
9315:
9316: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
9317: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
9318: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo,
9319: src/po/ru.po:
9320: Update Finish, Polish, Russian and Ukrainian translations from
9321: translationproject.org.
9322: [f9339aff664e]
9323:
9324: * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c,
9325: plugins/sudoers/testsudoers.c:
9326: Go back to using a callback for runas_default to keep runas_pw in
9327: sync. This is needed to make per-entry runas_default settings work
9328: with LDAP-based sudoers. Instead of declaring it a callback in
9329: def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
9330: bit naughty, but avoids requiring stub functions in visudo and the
9331: tests.
9332: [9aaefb908415]
9333:
9334: 2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
9335:
9336: * Makefile.in:
9337: Add check for out of date message catalogs when doing "make dist".
9338: [e45a29b612f4]
9339:
9340: 2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
9341:
9342: * configure:
9343: regen
9344: [d6f9ad26774a]
9345:
9346: * configure.in:
9347: Make sure compiler supports static-libgcc before using it.
9348: [b01bd9566e50]
9349:
9350: 2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
9351:
9352: * src/Makefile.in:
9353: Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
9354: [c99c7ab3edef]
9355:
9356: 2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
9357:
9358: * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
9359: plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo,
9360: plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po,
9361: src/po/zh_CN.mo:
9362: Add new Russian sudo translation from translationproject.org and
9363: rebuild the other translation files.
9364: [e20015459056]
9365:
9366: 2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
9367:
9368: * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po:
9369: Update Finish and Polish translations from translationproject.org
9370: [4e3dbba4a1de]
9371:
9372: * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:
9373: Go back to escaping the command args for "sudo -i" and "sudo -s"
9374: before calling the plugin. Otherwise, spaces in the command args are
9375: not treated properly. The sudoers plugin will unescape non- spaces
9376: to make matching easier.
9377: [dfa2c4636f33]
9378:
9379: 2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
9380:
9381: * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c,
9382: plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
9383: plugins/sudoers/set_perms.c, plugins/sudoers/toke.c,
9384: plugins/sudoers/toke.l:
9385: Fix some potential problems found by the clang static analyzer, none
9386: serious.
9387: [ff64aa74aae6]
9388:
9389: * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po,
9390: src/po/zh_CN.po:
9391: Updated Ukranian and Chinese (simplified) po files from
9392: translationproject.org
9393: [ec792becb48e]
9394:
9395: 2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
9396:
9397: * plugins/sudoers/po/pl.po:
9398: Updated Polish translation from translationproject.org
9399: [a3af53cb649c]
9400:
9401: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
9402: Rebuild pot files
9403: [c650524c0f0a]
9404:
9405: * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c:
9406: Don't try to audit failure if the runas user does not exist. We
9407: don't have the user's command at this point so there is nothing to
9408: audit. Add a NULL check in audit_success() and audit_failure() just
9409: to be on the safe side.
9410: [2a0007c2022f]
9411:
9412: * mkpkg:
9413: Add -g to CFLAG for PIE builds.
9414: [32a0a9693c9c]
9415:
9416: 2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
9417:
9418: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
9419: plugins/sudoers/sudoers.h, src/sudo.c:
9420: Remove fallback to per-group lookup when matching groups in sudoers.
9421: The sudo front-end will now use getgrouplist() to get the user's
9422: list of groups if getgroups() fails or returns zero groups so we
9423: always have a list of the user's groups. For systems with
9424: mbr_check_membership() which support more that NGROUPS_MAX groups
9425: (Mac OS X), skip the call to getgroups() and use getgrouplist() so
9426: we get all the groups.
9427: [51b3ed8c600b]
9428:
9429: 2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
9430:
9431: * common/setgroups.c:
9432: Fix setgroups() fallback code on EINVAL.
9433: [2b6faecd56a4]
9434:
9435: * plugins/sudoers/set_perms.c:
9436: Fix two PERM_INITIAL cases that were still using user_gids.
9437: [9680bab0acc6]
9438:
9439: * MANIFEST:
9440: Add Polish sudo message catalog
9441: [8bb40c3ba576]
9442:
9443: * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
9444: user_group is no longer used, remove it
9445: [9acede0fe6c5]
9446:
9447: 2011-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
9448:
9449: * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po:
9450: Add Polish translation from translationproject.org
9451: [afac5c638573]
9452:
9453: * MANIFEST, common/Makefile.in, common/setgroups.c,
9454: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c,
9455: src/sudo.h, src/sudo_edit.c:
9456: Add a wrapper for setgroups() that trims off extra groups and
9457: retries if setgroups() fails. Also add some missing addrefs for
9458: PERM_USER and PERM_FULL_USER.
9459: [224dfd8aae5c]
9460:
9461: * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in,
9462: configure, configure.in, include/missing.h, mkdep.pl,
9463: plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
9464: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
9465: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c:
9466: Instead of keeping separate groups and gids arrays, create struct
9467: group_info and use it to store both, along with a count for each.
9468: Cache group info on a per-user basis using getgrouplist() to get the
9469: groups. We no longer need special to special case the user or list
9470: user for user_in_group() and thus no longer need to reset the groups
9471: list when listing another user.
9472: [0ad849a8b2d5]
9473:
9474: * src/preload.c:
9475: Don't rely on NULL since we don't include a header for it.
9476: [b40937f1890c]
9477:
9478: 2011-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
9479:
9480: * doc/sudoers.pod:
9481: Fix typo
9482: [c1035360e169]
9483:
9484: 2011-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
9485:
9486: * plugins/sudoers/sudoers.c:
9487: Do not shadow global sudo_mode with a local variable in set_cmnd()
9488: [0c72969503ad]
9489:
9490: 2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
9491:
9492: * plugins/sudoers/sudoers.c:
9493: bash 2.x doesd not support the -l flag and exits with an error if it
9494: is specified so use --login instead. This causes an error with bash
9495: 1.x (which uses -login instead) but this version is hopefully less
9496: used than 2.x.
9497: [5c4c296e30e6]
9498:
9499: * src/po/pl.mo, src/po/pl.po:
9500: Add Polish translation from translationproject.org
9501: [48592dd6edcf]
9502:
9503: 2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
9504:
9505: * plugins/sudoers/set_perms.c:
9506: Make error strings translatable.
9507: [414c5c484768]
9508:
9509: * mkpkg:
9510: Only run configure with --with-pam-login for RHEL 5 and above.
9511: [6c16e4de4026]
9512:
9513: * sudo.pp:
9514: Fix typo in summary
9515: [9ac618c9a749]
9516:
9517: 2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
9518:
9519: * plugins/sudoers/logwrap.c:
9520: Add missing logwrap.c
9521: [c12a413ecc1d]
9522:
9523: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
9524: plugins/sudoers/logging.h,
9525: plugins/sudoers/regress/logging/check_wrap.c,
9526: plugins/sudoers/regress/logging/check_wrap.in,
9527: plugins/sudoers/regress/logging/check_wrap.out.ok:
9528: Split out log file word wrap code into its own file and add unit
9529: tests. Fixes an off-by one in the word wrap when the log line length
9530: matches loglinelen.
9531: [52ed277f6690]
9532:
9533: 2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
9534:
9535: * mkpkg:
9536: For SuSE, only use /usr/lib64 as libexec if generating 64-bit
9537: binaries.
9538: [645ab903cf77]
9539:
9540: * src/load_plugins.c, src/sudo.c:
9541: Fix build error when --without-noexec configure option is used.
9542: [b994f7b0d8b4]
9543:
9544: * configure, configure.in:
9545: Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX 5.3
9546: and above.
9547: [c2a6f9b472f3]
9548:
9549: 2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
9550:
9551: * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
9552: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
9553: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
9554: Resolve the list of gids passed in from the sudo frontend (the
9555: result of getgroups()) to names and store both the group names and
9556: ids in the sudo_user struct. When matching groups in the sudoers
9557: file, match based on the names in the groups list first and only do
9558: a gid-based match when we absolutely have to. By matching on the
9559: group name (as it is listed in sudoers) instead of id (which we
9560: would have to resolve) we save a lot of group lookups for sudoers
9561: files with a lot of groups in them.
9562: [8dc19353f148]
9563:
9564: 2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
9565:
9566: * plugins/sudoers/sudoers.c:
9567: Workaround for "sudo -i command" and newer versions of bash which
9568: don't go into login mode when -c is specified unless -l is too.
9569: [9393762b80f3]
9570:
9571: 2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
9572:
9573: * plugins/sudoers/logging.c:
9574: Rewrite logfile word wrapping code to be more straight-forward and
9575: actually wrap at the correct place.
9576: [f712a0c90f55]
9577:
9578: 2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
9579:
9580: * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c:
9581: Set use_pty=true in command details when use_pty is set in sudoers.
9582: From Ludwig Nussel
9583: [8d95a163dfc1]
9584:
9585: 2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
9586:
9587: * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
9588: src/po/zh_CN.mo, src/po/zh_CN.po:
9589: Sync Chinese (simplified) PO files from translationproject.org
9590: [acce8eb7be18]
9591:
9592: 2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
9593:
9594: * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
9595: plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo:
9596: Add Danish translation from translationproject.org and add missing
9597: Basque mo files.
9598: [0c22bb21b9c4]
9599:
9600: * Makefile.in, configure, configure.in:
9601: No longer need to specify LINGUAS in configure, "make install-nls"
9602: now just installs all the .mo files it finds.
9603: [fcd45cf04885]
9604:
9605: 2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
9606:
9607: * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod:
9608: Build CONTRIBUTORS from newly-added contributors.pod
9609: [8b192f2720f4]
9610:
9611: * doc/CONTRIBUTORS:
9612: Rework the wording in the leading paragraph
9613: [312044145cdd]
9614:
9615: 2011-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
9616:
9617: * MANIFEST, doc/CONTRIBUTORS:
9618: Add a CONTRIBUTORS file with the names of folks who have contributed
9619: code or patches to sudo since I started maintaining it (plus the
9620: original authors).
9621: [b8bdd8b59528]
9622:
9623: 2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
9624:
9625: * plugins/sudoers/env.c:
9626: Preserve SHELL variable for "sudo -s". Otherwise we can end up with
9627: a situation where the SHELL variable and the actual shell being run
9628: do not match.
9629: [b8b3974aee3e]
9630:
9631: 2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
9632:
9633: * configure, configure.in:
9634: Only enable Solaris project support when setproject() is present in
9635: libproject.
9636: [49ad7857ab89]
9637:
9638: * sudo.pp:
9639: Explicitly set mode and owner of /etc/sudoers instead of relying on
9640: "cp -p" to work in the postinstall script. On AIX 6.1 at least the
9641: postinstall script runs before the final file permissions are set.
9642: [e41ffc0212b2]
9643:
9644: 2011-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
9645:
9646: * doc/sudo.pod, doc/sudoers.pod:
9647: Refer the user to the "Command Environment" section in description
9648: of sudo's -i option.
9649: [263cc3be7eef]
9650:
9651: * doc/sudo.pod:
9652: Fix typo
9653: [35dfac450f4d]
9654:
9655: 2011-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
9656:
9657: * mkdep.pl:
9658: If there is no old dependency for an object file, use the MANIFEST
9659: to find its source.
9660: [d15e3b9899f9]
9661:
9662: * compat/Makefile.in:
9663: Remove dependency for getgrouplist.lo as we don't ship that source
9664: file.
9665: [312a6d5fe6b0]
9666:
9667: 2011-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
9668:
9669: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
9670: Do not declare yyparse() static as the actual function generated by
9671: yacc is extern.
9672: [9017b79dcf55]
9673:
9674: 2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
9675:
9676: * Makefile.in:
9677: Remove locale files in "make uninstall"
9678: [201ff261ecbe]
9679:
9680: * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
9681: plugins/sudoers/po/uk.po, src/po/eu.po:
9682: Add Basque translation and sync Finish and Ukranian translations.
9683: [66d2c78c8a13]
9684:
9685: * configure, configure.in:
9686: FreeBSD no longer needs the main sudo binary to link with -lpam now
9687: that plug-ins are loaded with RTLD_GLOBAL.
9688: [96c710df2457]
9689:
9690: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
9691: Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
9692: problems with pam modules not having access to symbols provided by
9693: libpam on some platforms. Affects FreeBSD and SLES 10 at least.
9694: [0d016983ec84]
9695:
9696: * Makefile.in:
9697: Move xgettext invocation out of update-po target into update-pot
9698: [19a73c6d017c]
9699:
9700: 2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
9701:
9702: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
9703: Regenerate .pot files for 1.8.2rc2
9704: [c3037f591dd8]
9705:
9706: * Makefile.in, common/Makefile.in, compat/Makefile.in,
9707: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
9708: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
9709: src/Makefile.in, zlib/Makefile.in:
9710: Move nls targets to the top level Makefile so the paths in the pot
9711: file are saner
9712: [65b9285cd8d9]
9713:
9714: * src/po/fi.mo:
9715: Add compiled version of sudo Finish translation
9716: [8f2405384ea3]
9717:
9718: * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo:
9719: Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
9720: files
9721: [a165e70fa9ec]
9722:
9723: * configure, configure.in, plugins/sudoers/po/fi.po:
9724: Add Finish translation from translationproject.org
9725: [4466f8a96ceb]
9726:
9727: 2011-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
9728:
9729: * doc/sudoers.pod:
9730: The group named by exempt_group should not have a % prefix.
9731: [df084d6b32c8]
9732:
9733: 2011-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
9734:
9735: * doc/sudoers.pod:
9736: Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
9737: [5113699a3f8b]
9738:
9739: 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
9740:
9741: * src/exec.c, src/exec_pty.c:
9742: Fix compressed io log corruption in background mode by using _exit()
9743: instead of exit() to avoid flushing buffers twice.
9744:
9745: Improved background mode support. When not allocating a pty, the
9746: command is run in its own process group. This prevents write access
9747: to the tty. When running in a pty, stdin is not hooked up and we
9748: never read from /dev/tty, which results in similar behavior.
9749: [87c15149894c]
9750:
9751: * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
9752: Clean up regress files Generate proper dependencies for regress objs
9753: in compat
9754: [88bfc728c1e7]
9755:
9756: * plugins/sudoers/Makefile.in:
9757: Add missing dependency for check_fill.o.
9758: [0bd6362e3e17]
9759:
9760: 2011-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
9761:
9762: * INSTALL, configure, configure.in:
9763: Add support for --enable-nls[=location]
9764: [b90db44a050f]
9765:
9766: 2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
9767:
9768: * plugins/sudoers/linux_audit.c:
9769: Include gettext.h
9770: [7f909a6e48cb]
9771:
9772: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
9773: Quiet gcc warnings.
9774: [b41a6cdca583]
9775:
9776: * configure, configure.in:
9777: Don't install .mo files if gettext was not found.
9778: [1397b34cc165]
9779:
9780: 2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
9781:
9782: * src/exec.c:
9783: Always allocate a pty when running a command in the background but
9784: call setsid() after forking to make sure we don't end up with a
9785: controlling tty.
9786: [b6454ba172e8]
9787:
9788: * plugins/sudoers/iolog.c:
9789: Add missing space between command name and the first command line
9790: argument.
9791: [fe217f0a36d4]
9792:
9793: * plugins/sudoers/sudoreplay.c:
9794: Quiet a compiler warning on some platforms.
9795: [de9f2849f236]
9796:
9797: * plugins/sudoers/po/README, src/po/README:
9798: README file that directs people to translationproject.org
9799: [30c0fc323281]
9800:
9801: * plugins/sudoers/po/uk.po, src/po/fi.po:
9802: Sync translations with TP
9803: [1d7d64559cba]
9804:
9805: * Makefile.in:
9806: Add 'sync-po' target to top-level Makefile to rsync the po files
9807: from translationproject.org.
9808: [20508211aaa3]
9809:
9810: * plugins/sudoers/Makefile.in:
9811: install nls files from install target
9812: [5fc07b6cab38]
9813:
9814: * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp:
9815: Include .mo files in sudo binary packags.
9816: [278d4821a916]
9817:
9818: * configure, configure.in, plugins/sudoers/po/zh_CN.mo,
9819: plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po:
9820: Add simplified chinese translation
9821: [2b33ffc755b9]
9822:
9823: 2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
9824:
9825: * configure, configure.in, plugins/sudoers/po/uk.mo,
9826: plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po:
9827: Add ukranian translation
9828: [2d8102688e93]
9829:
9830: * compat/Makefile.in:
9831: refer to siglist.c, not ./siglist.c since not all makes will treat
9832: foo and ./foo the same.
9833: [6639d293ffba]
9834:
9835: * plugins/sudoers/sudoers.c:
9836: Set def_preserve_groups before searching for the command when the -P
9837: flag is specified.
9838: [0edc7942f875]
9839:
9840: * Makefile.in, compat/Makefile.in, mkdep.pl,
9841: plugins/sudoers/Makefile.in:
9842: Add dependency for siglist.lo in compat. This is a generated file so
9843: "make depend" needs to depend on it.
9844: [28d0932f8b50]
9845:
9846: * compat/Makefile.in:
9847: More dependency fixes.
9848: [aad0d05cd020]
9849:
9850: * compat/Makefile.in:
9851: Fix a few dependencies.
9852: [eb21aa35a032]
9853:
9854: * plugins/sudoers/Makefile.in, src/Makefile.in:
9855: Place compiled mo files in the src dir, not the build dir. When
9856: installing compiled mo files, display a status message.
9857: [e15634c29cd3]
9858:
9859: 2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
9860:
9861: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
9862: Tivoli Directory Server requires that seconds be present in a
9863: timestamp, even though RFC 4517 states that they are optional.
9864: [55fe23dd4ef9]
9865:
9866: * plugins/sudoers/sudo_nss.h:
9867: Add missing bit of copyright
9868: [d2eba3c364ca]
9869:
9870: * doc/visudo.pod:
9871: Mention cycle detection warnings
9872: [a76bef15ab67]
9873:
9874: * plugins/sudoers/visudo.c:
9875: When checking aliases, also check the contents of the alias in case
9876: there are problems with an alias that is referenced inside another.
9877: Replace the self reference check with real alias cycle detection.
9878: [a66c904cf53b]
9879:
9880: * plugins/sudoers/alias.c:
9881: Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
9882: ENOENT in alias_find() and alias_remove() if the entry could not be
9883: found.
9884: [b4f0b89e433c]
9885:
9886: * plugins/sudoers/visudo.c:
9887: Increment alias_seqno before calls to alias_remove_recursive() to
9888: avoid false positives with the alias loop detection. Fixes spurious
9889: warnings about unused aliases when they are nested.
9890: [a344483b8193]
9891:
9892: * MANIFEST:
9893: add mkdep.pl
9894: [86b7ed33eab2]
9895:
9896: * plugins/sudoers/Makefile.in:
9897: Add dependency on convenience libs to binaries
9898: [cd3078b3c997]
9899:
9900: * Makefile.in:
9901: mkdep.pl only works when run from the src dir
9902: [f35a5e47c944]
9903:
9904: * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl,
9905: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
9906: plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
9907: Auto-generate Makefile dependencies with a perl script.
9908: [a3e4afcd7975]
9909:
9910: 2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
9911:
9912: * plugins/sudoers/match.c:
9913: If the user specifies a runas group via sudo's -g option that
9914: matches the runas user's group in the passwd database and that group
9915: is not denied in the Runas_Spec, allow it. Thus, if user root's gid
9916: in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
9917: no groups are present in the Runas_Spec.
9918: [e3f9732dc564]
9919:
9920: 2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
9921:
9922: * plugins/sudoers/Makefile.in, src/Makefile.in:
9923: Add dependencies on gettext.h
9924: [a3a9dc51f78b]
9925:
9926: * plugins/sudoers/Makefile.in, src/Makefile.in:
9927: Fix install-nls target with HP-UX sh when gettext is not present.
9928: [0c6b9655cd41]
9929:
9930: 2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
9931:
9932: * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot,
9933: src/Makefile.in, src/po/sudo.pot:
9934: regenerate .pot files for lbuf changes
9935: [918ded125a0b]
9936:
9937: * configure, configure.in:
9938: Add missing "checking" message for gettext when using the cache.
9939: [9c21187ad1d2]
9940:
9941: * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c,
9942: plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c,
9943: src/parse_args.c:
9944: Add primitive format string support to the lbuf code to make
9945: translations simpler.
9946: [ee71c7ef5299]
9947:
9948: * MANIFEST, plugins/sudoers/Makefile.in,
9949: plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot:
9950: Add message catalog template files for sudo and the sudoers module.
9951: [f3f8acb1f014]
9952:
9953: * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c,
9954: config.h.in, configure.in, doc/Makefile.in, include/gettext.h,
9955: plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
9956: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
9957: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
9958: src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h:
9959: Add gettext.h convenience header. This is similar to but distinct
9960: from the one included with the gettext package.
9961: [930a0591f73c]
9962:
9963: 2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
9964:
9965: * configure, configure.in:
9966: Add checks for nroff -c and -Tascii flags
9967: [19ca990b3149]
9968:
9969: * configure, configure.in:
9970: Add check for HP bundled C Compiler (which cannot create shared
9971: libs)
9972: [517716a7072d]
9973:
9974: * plugins/sudoers/sudoreplay.c:
9975: Fix C format warnings.
9976: [6514326013fa]
9977:
9978: * include/error.h:
9979: Add __printflike
9980: [e1749a30a406]
9981:
9982: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
9983: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c,
9984: plugins/sudoers/visudo.c, src/parse_args.c:
9985: Translate help / usage strings.
9986: [ee1cc9b1a8bd]
9987:
9988: * plugins/sudoers/Makefile.in, src/Makefile.in:
9989: Set --msgid-bugs-address to the bugzilla url
9990: [5a0aa250ca21]
9991:
9992: * Makefile.in, common/Makefile.in, compat/Makefile.in, configure,
9993: configure.in, doc/Makefile.in, include/Makefile.in,
9994: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
9995: plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
9996: Add scaffolding to update .po files and install .mo files.
9997: [f05f4eed1fe1]
9998:
9999: * doc/license.pod:
10000: update copyright year
10001: [fa0c62523875]
10002:
10003: * INSTALL, README:
10004: No need to include version number at the top of these files.
10005: [9f2981325351]
10006:
10007: 2011-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
10008:
10009: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c,
10010: plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
10011: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
10012: plugins/sudoers/visudo.c:
10013: Minor warning/error cleanup
10014: [9236dc85aeab]
10015:
10016: * config.h.in, configure.in:
10017: Emulate ngettext for the non-nls case
10018: [13571d63fa36]
10019:
10020: * plugins/sudoers/ldap.c:
10021: Do not mark untranslatable strings for translation
10022: [735f5d4413fe]
10023:
10024: * plugins/sudoers/check.c:
10025: Use ROOT_UID not 0.
10026: [09a268db8da4]
10027:
10028: * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
10029: plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c,
10030: src/load_plugins.c, src/sudo.c, src/sudo_edit.c:
10031: Minor warning/error message cleanup
10032: [3c7b1a7939b5]
10033:
10034: * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c,
10035: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
10036: plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
10037: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c,
10038: src/exec_pty.c, src/net_ifs.c, src/selinux.c:
10039: cannot -> "unable to" in warning/error messages
10040: [31c3897649e9]
10041:
10042: * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c,
10043: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
10044: plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c,
10045: src/sudo.c, src/utmp.c:
10046: can't -> "unable to" in warning/error messages
10047: [127b75f15291]
10048:
10049: * configure, configure.in:
10050: FreeBSD needs the main sudo executable to link with -lpam when
10051: loading dynaic pam modules for some reason.
10052: [944522cc9bef]
10053:
10054: 2011-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
10055:
10056: * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c:
10057: We don't want to translate debugging messages.
10058: [56a1a365815a]
10059:
10060: * configure, configure.in, plugins/sudoers/Makefile.in,
10061: plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
10062: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
10063: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
10064: src/Makefile.in, src/sesh.c, src/sudo.c:
10065: Add calls to bindtextdomain() and textdomain() Currently there are
10066: two domains, one for the sudo front-end and one for the sudoers
10067: plugin and its associated utilities.
10068: [0426138f789e]
10069:
10070: * configure, configure.in:
10071: Fix caching of libc gettext check.
10072: [942142d2c43a]
10073:
10074: * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c,
10075: plugins/sudoers/mkdefaults:
10076: Mark defaults descriptions for translation
10077: [5b27f018e6cf]
10078:
10079: * NEWS:
10080: Update for sudo 1.8.1p2
10081: [747c4dee2ca7]
10082:
10083: 2011-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
10084:
10085: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10086: Quiet compiler warning when SELinux is enabled.
10087: [1fbf77dda240]
10088:
10089: * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
10090: src/error.c, src/net_ifs.c, src/sesh.c:
10091: Add missing includes of libintl.h.
10092: [bc1d66316082]
10093:
10094: * plugins/sudoers/auth/pam.c:
10095: Fix gettext marker.
10096: [a5cf4ed66c66]
10097:
10098: * common/aix.c, common/alloc.c, compat/strsignal.c,
10099: plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h:
10100: Include libint.h where needed.
10101: [2b0e5a663c7b]
10102:
10103: * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c,
10104: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
10105: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c,
10106: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
10107: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
10108: plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
10109: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
10110: plugins/sudoers/find_path.c, plugins/sudoers/gram.c,
10111: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
10112: plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
10113: plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
10114: plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
10115: plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c,
10116: plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
10117: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
10118: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
10119: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
10120: plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
10121: Prepare sudoers module messages for translation.
10122: [7212ae1909c5]
10123:
10124: * plugins/sudoers/sudoers.c:
10125: Only check gid of sudoers file if it is group-readable.
10126: [50e3bc0cb242]
10127:
10128: * plugins/sudoers/auth/aix_auth.c:
10129: For AIX, keep calling authenticate() until reenter reaches 0.
10130: [e240815b74b1]
10131:
10132: 2011-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
10133:
10134: * configure, configure.in:
10135: Cache the status of the initial gettext() check.
10136: [32751ebe1704]
10137:
10138: * INSTALL, configure, configure.in:
10139: Add --disable-nls flag and improve checks for gettext.
10140: [c7e6b17052de]
10141:
10142: * configure, configure.in:
10143: When building with gcc on HP-UX, use -march=1.1 to produce portable
10144: binaries on a pa-risc2 host. Previously, the +Dportable option was
10145: used for the HP-UX C compiler but gcc always produced native
10146: binaries.
10147: [8f4c749324d7]
10148:
10149: 2011-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
10150:
10151: * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c,
10152: src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c,
10153: src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c,
10154: src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
10155: Prepare sudo front end messages for translation.
10156: [2fc2fabceccb]
10157:
10158: 2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
10159:
10160: * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c:
10161: Add initial scaffolding to support localization via gettext()
10162: [7d47b59fcf95]
10163:
10164: * compat/fnmatch.h, compat/glob.h:
10165: Don't let the fnmatch/glob macros expand the function prototype.
10166: [a9014aa0288e]
10167:
10168: 2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
10169:
10170: * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h:
10171: Resolve namespace collisions on HP-UX ia64 and possibly others by
10172: adding a rpl_ prefix to our fnmatch and glob replacements and
10173: #defining rpl_foo to foo in the header files.
10174: [caa9b690a15d]
10175:
10176: 2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
10177:
10178: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10179: Split ALL, ROLE and TYPE into their own actions. Since you can only
10180: have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
10181: the non-SELinux case. This is safe because the actions are in one
10182: big switch() statement.
10183: [7473fc2cfa2c]
10184:
10185: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10186: Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
10187: [9be3480c2865]
10188:
10189: 2011-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
10190:
10191: * doc/UPGRADE, doc/sudoers.pod:
10192: askpass moved from sudoers to sudo.conf in sudo 1.8.0
10193: [b2c2956cec4e]
10194:
10195: * doc/sudoers.pod:
10196: Remove obsolete warning about runas_default and ordering. Move
10197: syslog facility and priority lists into the section where the
10198: relevant options are described.
10199: [e57b8dc3f779]
10200:
10201: 2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
10202:
10203: * plugins/sudoers/auth/sia.c:
10204: Fix SIA support; we no longer have access to the real argc and argv
10205: so allocate space for a fake one and use the argv passed to the
10206: plugin with "sudo" for argv[0].
10207: [1c0552772ad2]
10208:
10209: 2011-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
10210:
10211: * src/net_ifs.c:
10212: Remove useless realloc when trying to get the buffer size right.
10213: [792225380a62]
10214:
10215: * plugins/sudoers/set_perms.c:
10216: Be explicit when setting euid to 0 before call to setreuid(0, 0)
10217: [7bfeb629fccb]
10218:
10219: 2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
10220:
10221: * configure, configure.in:
10222: Need to do checks for krb5_verify_user, krb5_init_secure_context and
10223: krb5_get_init_creds_opt_alloc regardless of whether or not
10224: krb5-config is present.
10225: [9d1b98ece1d3]
10226:
10227: 2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
10228:
10229: * plugins/sudoers/set_perms.c:
10230: Work around weird AIX saved uid semantics on setuid() and
10231: setreuid(). On AIX, setuid() will only set the saved uid if the euid
10232: is already 0.
10233: [069fc08150ca]
10234:
10235: 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
10236:
10237: * sudo.pp:
10238: update copyright year
10239: [1c42d579ba6e]
10240:
10241: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10242: Treat a missing includedir like an empty one and do not return an
10243: error.
10244: [92f71d8cbfd4]
10245:
10246: 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
10247:
10248: * pp:
10249: Fix ARCH setting in cross-compile Solaris packages.
10250: [b0de281cc889]
10251:
10252: * sudo.pp:
10253: Fix aix version setting.
10254: [98437dbfb085]
10255:
10256: * plugins/sudoers/ldap.c:
10257: Remove extraneous parens in LDAP filter when sudoers_search_filter
10258: is enabled that causes a search error. From Matthew Thomas.
10259: [1d75bf1fc8d9]
10260:
10261: 2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
10262:
10263: * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
10264: Correct sizeof() to fix test failure.
10265: [fd2f7c0c0572]
10266:
10267: * plugins/sudoers/Makefile.in:
10268: "install" target should depend on "install-dirs". Fixes "make -j"
10269: problem and closes bz #487. From Chris Coleman.
10270: [083902d38edb]
10271:
10272: 2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
10273:
10274: * config.h.in:
10275: Add HAVE_RFC1938_SKEYCHALLENGE
10276: [a94cb33758a8]
10277:
10278: 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
10279:
10280: * NEWS:
10281: Mention plugin loading and libgcc changes
10282: [e11b30b5026a]
10283:
10284: * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
10285: Load plugins after parsing arguments and potentially printing the
10286: version. That way, an error loading or initializing a plugin doesn't
10287: break "sudo -h" or "sudo -V".
10288: [1b76f2b096a2]
10289:
10290: * Makefile.in:
10291: When using a sub-shell to invoke the sub-make, exec make instead of
10292: running it inside the shell to avoid an extra process.
10293: [fd2c04a71fbf]
10294:
10295: * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c:
10296: Stop testing unspecified behavior in fnmatch Make glob test more
10297: portable
10298: [229803093725]
10299:
10300: * compat/Makefile.in:
10301: No need to add current dir to include path and having it breaks the
10302: test programs that expect to get the system glob.h and fnmatch.h
10303: [68085f624be4]
10304:
10305: * INSTALL, configure, configure.in:
10306: Fix and document --with-plugindir; partially from Diego Elio Petteno
10307: [07edc52ea89e]
10308:
10309: * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
10310: compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c,
10311: compat/regress/glob/globtest.in:
10312: Fix fnmatch and glob tests to not use hard-coded flag values in the
10313: input file. Link test programs with libreplace so we get our
10314: replacement verions as needed.
10315: [c2cca448f660]
10316:
10317: * Makefile.in:
10318: If make in a subdir fails, fail the target in the upper level
10319: Makefile too. Adapted from a patch from Diego Elio Petteno
10320: [76fc9a0d96fd]
10321:
10322: * configure, configure.in, plugins/sudoers/auth/rfc1938.c:
10323: Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
10324: has this. Adapted from a patch from Diego Elio Petteno
10325: [a97279a59b93]
10326:
10327: * plugins/sudoers/Makefile.in:
10328: Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
10329: directly.
10330: [47b884029b3b]
10331:
10332: * configure, configure.in:
10333: Fix warnings when -without-skey, --without-opie, --without-kerb4,
10334: --without-kerb5 or --without-SecurID were specified.
10335: [71ad150f4d24]
10336:
10337: * MANIFEST:
10338: Add plugins/sudoers/sudoers_version.h
10339: [7423966de440]
10340:
10341: * configure, configure.in, plugins/sample/Makefile.in,
10342: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
10343: Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
10344: now include LDFLAGS in the sudoers Makefile.in. Add missing settng
10345: of @LDFLAGS@ in plugin Makefile.in files.
10346: [b835826f889c]
10347:
10348: 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
10349:
10350: * NEWS:
10351: Mention %#gid support in User_List and Runas_List
10352: [5a983dff017a]
10353:
10354: * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h,
10355: plugins/sudoers/visudo.c:
10356: Keep track of sudoers grammar version and report it in the -V
10357: output.
10358: [52901a3c0296]
10359:
10360: * plugins/sudoers/sudo_nss.h:
10361: Add multiple inclusion guard
10362: [50853aed046e]
10363:
10364: * configure, configure.in, plugins/sample/Makefile.in,
10365: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
10366: The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
10367: LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
10368: set it to -Wc,-static-libgcc if not using GNU ld so we don't have a
10369: dependency on the shared libgcc in sudoers.so.
10370: [66ad8bc5e32d]
10371:
10372: * doc/sudoers.pod:
10373: Fix typo; from Petr Uzel
10374: [f9a7afd80892]
10375:
10376: 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
10377:
10378: * plugins/sudoers/testsudoers.c:
10379: In dump-only mode, use "root" as the default username instead of
10380: "nobody" as the latter may not be available on all systems.
10381: [0c48e6414337]
10382:
10383: 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
10384:
10385: * plugins/sudoers/testsudoers.c:
10386: Remove NewArgv/NewArgc, they are no longer needed.
10387: [16e18f734c7e]
10388:
10389: * plugins/sudoers/testsudoers.c:
10390: Fix setting of user_args
10391: [aa29e0d0a54a]
10392:
10393: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10394: Add '!' token to lex tracing
10395: [5227ad266235]
10396:
10397: * plugins/sudoers/regress/testsudoers/test1.sh:
10398: Use group bin in test, not wheel as most systems have the bin group
10399: but the same is no longer true of wheel.
10400: [718802b3b45e]
10401:
10402: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10403: Avoid using pre or post increment in a parameter to a ctype(3)
10404: function as it might be a macro that causes the increment to happen
10405: more than once.
10406: [78e281152c3a]
10407:
10408: 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
10409:
10410: * sudo.pp:
10411: Strip off the beta or release candidate version when building AIX
10412: packages.
10413: [28fe31668559]
10414:
10415: * configure, configure.in:
10416: We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
10417: structure checks for glibc which only has __e_termination visible
10418: when _GNU_SOURCE is *not* defined.
10419: [59ae1698911f]
10420:
10421: * common/aix.c:
10422: getuserattr(user, ...) will fall back to the "default" entry
10423: automatically, there's no need to check "default" manually.
10424: [3c7a47a61fdb]
10425:
10426: 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
10427:
10428: * doc/UPGRADE:
10429: Document parser changes.
10430: [ec415503308d]
10431:
10432: * Makefile.in, common/Makefile.in, compat/Makefile.in,
10433: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
10434: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
10435: src/Makefile.in, zlib/Makefile.in:
10436: If there is an existing sudoers file, only install if it passes a
10437: syntax check.
10438: [37427c73e8cb]
10439:
10440: * plugins/sudoers/regress/sudoers/test6.out.ok,
10441: plugins/sudoers/testsudoers.c:
10442: Add runasgroup support to testsudoers
10443: [047ea5571f33]
10444:
10445: * plugins/sudoers/Makefile.in:
10446: For "make check", keep going even if a test fails.
10447: [ce6a0a73c372]
10448:
10449: * plugins/sudoers/testsudoers.c:
10450: More useful exit codes:
10451: * 0 - parsed OK and command matched.
10452: * 1 - parse error
10453: * 2 - command not matched
10454: * 3 - command denied
10455: [1d2ce1361903]
10456:
10457: * doc/sudoers.pod:
10458: Document %#gid, and %:#nonunix_gid syntax.
10459: [492d4f9696c4]
10460:
10461: * plugins/sudoers/pwutil.c:
10462: Add support to user_in_group() for treating group names that begin
10463: with a '#' as gids.
10464: [20240c94a134]
10465:
10466: * config.h.in, configure, configure.in, src/utmp.c:
10467: Add explicit check for struct utmpx.ut_exit.e_termination and struct
10468: utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
10469: ut_exit if we detect one or the other.
10470: [b4e8cab777e6]
10471:
10472: 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
10473:
10474: * plugins/sudoers/toke.c:
10475: Add back missing #include of config.h
10476: [9ab3897a1b2e]
10477:
10478: * plugins/sudoers/iolog_path.c,
10479: plugins/sudoers/regress/iolog_path/data:
10480: Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
10481: strftime() does.
10482: [93395762cdcd]
10483:
10484: * aclocal.m4:
10485: Quote first argument to AC_DEFUN(); from Elan Ruusamae
10486: [97f53ad31d77]
10487:
10488: 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
10489:
10490: * MANIFEST:
10491: add new sudoers tests
10492: [476af91b3da3]
10493:
10494: * plugins/sudoers/regress/sudoers/test8.in,
10495: plugins/sudoers/regress/sudoers/test8.out.ok,
10496: plugins/sudoers/regress/sudoers/test8.toke.ok:
10497: Add test for a newline in the middle of a string when no line
10498: continuation character is used.
10499: [de2394bc86ab]
10500:
10501: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10502: Use bitwise AND instead of modulus to check for length being odd. A
10503: newline in the middle of a string is an error unless a line
10504: continuation character is used.
10505: [bdb1d762a1d5]
10506:
10507: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
10508: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10509: Move lexer globals initialization into init_lexer.
10510: [1ce62211aadb]
10511:
10512: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10513: Fix a potential crash when a non-regular file is present in an
10514: includedir. Fixes bz #452
10515: [1586760c3525]
10516:
10517: * pp:
10518: On some Linux systems, "uname -p" contains detailed processor info
10519: so check "uname -m" first and then "uname -p" if needed. Recognize
10520: PLD Linux.
10521: [b8535cb9012e]
10522:
10523: 2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
10524:
10525: * plugins/sudoers/redblack.c:
10526: Don't need all sudoers.h here.
10527: [8c0929f42dab]
10528:
10529: * src/sudo.c:
10530: Print sudo version early, in case policy plugin init fails.
10531: [47cddc4358bc]
10532:
10533: 2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
10534:
10535: * plugins/sudoers/regress/sudoers/test4.toke.ok:
10536: Update to match change in input.
10537: [4a3af8e68790]
10538:
10539: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10540: Make an empty group or netgroup a syntax error.
10541: [66f51ddc2ff6]
10542:
10543: * plugins/sudoers/regress/sudoers/test7.in,
10544: plugins/sudoers/regress/sudoers/test7.out.ok,
10545: plugins/sudoers/regress/sudoers/test7.toke.ok:
10546: An empty group or netgroup should be a syntax error.
10547: [bd5bf1e2edce]
10548:
10549: * plugins/sudoers/regress/sudoers/test6.in,
10550: plugins/sudoers/regress/sudoers/test6.out.ok,
10551: plugins/sudoers/regress/sudoers/test6.toke.ok:
10552: Check that uids work in per-user and per-runas Defaults Check that
10553: uids and gids work in a Command_Spec
10554: [c5e848e6082b]
10555:
10556: * plugins/sudoers/regress/sudoers/test5.in,
10557: plugins/sudoers/regress/sudoers/test5.out.ok,
10558: plugins/sudoers/regress/sudoers/test5.toke.ok:
10559: Test empty string in User_Alias and Command_Spec
10560: [3a084d777e03]
10561:
10562: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10563: Allow a group ID in the User_Spec.
10564: [bc2859eb71dc]
10565:
10566: 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
10567:
10568: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10569: Return an error for the empty string when a word is expected. Allow
10570: an ID for per-user or per-runas Defaults.
10571: [915c259b00ff]
10572:
10573: * plugins/sudoers/testsudoers.c:
10574: Fix printing "User_Alias FOO = ALL"
10575: [ba58c3d548b3]
10576:
10577: 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
10578:
10579: * src/parse_args.c:
10580: Better error message about invalid -C argument
10581: [c9a8d15bbf5d]
10582:
10583: * NEWS:
10584: fix typo
10585: [cdcfbafed013]
10586:
10587: * doc/sudoers.pod:
10588: Fix placement of equal size ('=') in user specification summary.
10589: [5ad7178b230d]
10590:
10591: 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
10592:
10593: * MANIFEST:
10594: update to match sudoers regress
10595: [e04db0648717]
10596:
10597: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10598: Restore ability to define TRACELEXER and have trace output go to
10599: stderr.
10600: [d9531e4d1b20]
10601:
10602: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10603: Restore old behavior of setting sawspace = TRUE for command line
10604: args when a line continuation character is hit to avoid causing
10605: problems for existing sudoers files.
10606: [fd930ad25550]
10607:
10608: * plugins/sudoers/regress/sudoers/test4.in,
10609: plugins/sudoers/regress/sudoers/test4.out.ok,
10610: plugins/sudoers/regress/sudoers/test4.toke.ok:
10611: Add test for line continuation and aliases
10612: [29ab538ca6bb]
10613:
10614: * plugins/sudoers/Makefile.in:
10615: Make test output line up nicely for parse vs. toke
10616: [257ef82c1434]
10617:
10618: * plugins/sudoers/Makefile.in,
10619: plugins/sudoers/regress/sudoers/test1.in,
10620: plugins/sudoers/regress/sudoers/test1.out.ok,
10621: plugins/sudoers/regress/sudoers/test1.toke.ok,
10622: plugins/sudoers/regress/sudoers/test2.in,
10623: plugins/sudoers/regress/sudoers/test2.out.ok,
10624: plugins/sudoers/regress/sudoers/test2.toke.ok,
10625: plugins/sudoers/regress/sudoers/test3.in,
10626: plugins/sudoers/regress/sudoers/test3.out.ok,
10627: plugins/sudoers/regress/sudoers/test3.toke.ok,
10628: plugins/sudoers/regress/testsudoers/test1.ok,
10629: plugins/sudoers/regress/testsudoers/test1.out.ok,
10630: plugins/sudoers/regress/testsudoers/test1.sh,
10631: plugins/sudoers/regress/testsudoers/test2.out,
10632: plugins/sudoers/regress/testsudoers/test2.sh,
10633: plugins/sudoers/regress/testsudoers/test3.ok,
10634: plugins/sudoers/regress/testsudoers/test3.sh,
10635: plugins/sudoers/regress/visudo/test1.ok,
10636: plugins/sudoers/regress/visudo/test1.sh:
10637: Move parser tests to sudoers directory and test the tokenizer output
10638: too.
10639: [44f529b3cdb6]
10640:
10641: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10642: If we match a rule anchored to the beginning of a line after parsing
10643: a line continuation character, return an ERROR token. It would be
10644: nicer to use REJECT instead but that substantially slows down the
10645: lexer.
10646: [355478293f8c]
10647:
10648: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
10649: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
10650: plugins/sudoers/toke.l:
10651: Move LEXTRACE macro to toke.h so we can use it in yyerror().
10652: [72ee7a06d3ca]
10653:
10654: 2011-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
10655:
10656: * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
10657: plugins/sudoers/toke.l:
10658: Make lex tracing settable at run-time in testsudoers via the -t
10659: flag. Trace output goes to stderr. Will be used by regress tests to
10660: check lexer.
10661: [93bd53c413c8]
10662:
10663: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10664: Allow whitespace after the modifier in a Defaults entry. E.g.
10665: "Defaults: username set_home"
10666: [9dfcf8dd8a3a]
10667:
10668: 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
10669:
10670: * mkpkg:
10671: Don't set CC when cross-compiling.
10672: [4b95b0c04e1c]
10673:
10674: * NEWS:
10675: Credit Matthew Thomas for the sudoers_search_filter changes.
10676: [a65998ab09f7]
10677:
10678: * MANIFEST:
10679: Add the .sym files to the MANIFEST
10680: [f599225cc861]
10681:
10682: * NEWS:
10683: Update for sudo 1.8.1 beta
10684: [71021e854c49]
10685:
10686: * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c:
10687: user_shell -> run_shell to avoid confusion with the user's SHELL
10688: variable.
10689: [dc0ac6dafc21]
10690:
10691: * src/exec_pty.c:
10692: Save the controlling tty process group before suspending in pty
10693: mode. Previously, we assumed that the child pgrp == child pid (which
10694: is usually, but not always, the case).
10695: [10b2883b7875]
10696:
10697: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
10698: Add support for sudoers_search_filter setting in ldap.conf. This can
10699: be used to restrict the set of records returned by the LDAP query.
10700: [b0f1b721d102]
10701:
10702: 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
10703:
10704: * configure, configure.in:
10705: Remove the hack to disable -g in CFLAGS unless --with-devel
10706: [89822cf84ef4]
10707:
10708: * doc/sudoers.pod:
10709: The '@' character does not normally need to be quoted.
10710: [7823f5ed829a]
10711:
10712: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10713: We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
10714: if that whitespace is followed by a comma, we want to treat it as
10715: part of a list and not transition.
10716: [1ca6943e1824]
10717:
10718: * plugins/sudoers/regress/testsudoers/test3.ok,
10719: plugins/sudoers/regress/testsudoers/test3.sh:
10720: Add check for whitespace when a User_List is used for a per-user
10721: Defaults entry.
10722: [91f75e6dd19a]
10723:
10724: * plugins/sudoers/regress/testsudoers/test2.out,
10725: plugins/sudoers/regress/testsudoers/test2.sh:
10726: Expand quoted name checks to cover recent fixes.
10727: [ce4f76bca146]
10728:
10729: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10730: Fix parsing of double-quoted names in Defaultd and Aliases which was
10731: broken in 601d97ea8792.
10732: [424b0d6c1dc4]
10733:
10734: * plugins/sudoers/Makefile.in:
10735: toke_util.c lives in $(srcdir) not $(devdir)
10736: [94866bebee83]
10737:
10738: 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
10739:
10740: * configure, configure.in:
10741: Change trunk version to 1.8.x to distinguish from real 1.8.0.
10742: [a9781e61d064]
10743:
10744: * NEWS, doc/UPGRADE:
10745: Document major changes in 1.8.1 and add upgrade notes.
10746: [f2cf51b0d9ce]
10747:
10748: * plugins/sudoers/match.c:
10749: Be careful not to deref user_stat if it is NULL. This cannot
10750: currently happen in sudo but might in other programs using the
10751: parser.
10752: [06a2334dd674]
10753:
10754: * mkpkg:
10755: configure will not add -O2 to CFLAGS if it is already defined to add
10756: -O2 to the CFLAGS we pass in when PIE is being used.
10757: [1ce6481ece59]
10758:
10759: * doc/sudoers.pod:
10760: Warn about the dangers of log_input and mention iolog_file and
10761: iolog_dir in the log_input and log_output descriptions.
10762: [ae854ffb0768]
10763:
10764: * pp:
10765: sync with git version
10766: [a993e39ce3cb]
10767:
10768: * doc/sudoers.pod:
10769: It seems that h comes after i
10770: [0f621109220d]
10771:
10772: * doc/sudoers.pod:
10773: Move log_input and log_output to their proper, sorted, location.
10774: Document set_utmp and utmp_runas.
10775: [273b234b9c34]
10776:
10777: * src/exec.c:
10778: Save the controlling tty process group before suspending so we can
10779: restore it when we resume. Fixes job control problems on Linux
10780: caused by the previous attemp to fix resuming a shell when I/O
10781: logging not enabled.
10782: [f03a660315ee]
10783:
10784: * common/lbuf.c:
10785: Fix printing of the remainder after a newline. Fixes "sudo -l"
10786: output corruption that could occur in some cases.
10787: [25d83fb501fc]
10788:
10789: 2011-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
10790:
10791: * config.h.in, configure, configure.in, src/exec_pty.c,
10792: src/sudo_exec.h, src/utmp.c:
10793: Add support for ut_exit
10794: [b574c13f1bba]
10795:
10796: * doc/sudo_plugin.pod, plugins/sudoers/def_data.c,
10797: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
10798: plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c,
10799: src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c:
10800: Add support for controlling whether utmp is updated and which user
10801: is listed in the entry.
10802: [44a81632133f]
10803:
10804: * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h,
10805: plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults,
10806: plugins/sudoers/parse.c:
10807: Fix typo; tupple vs. tuple
10808: [697744acb710]
10809:
10810: * src/utmp.c:
10811: For legacy utmp, strip the /dev/ prefix before trying to determine
10812: slot since the ttys file does not include the /dev/ prefix.
10813: [7ad5b81ff90c]
10814:
10815: * aclocal.m4, configure, configure.in, pathnames.h.in:
10816: Add check for _PATH_UTMP
10817: [21e638029bfd]
10818:
10819: 2011-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
10820:
10821: * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
10822: Adapt check_iolog_path to sessid changes
10823: [728b5fe2be6f]
10824:
10825: * config.h.in, configure, configure.in, src/Makefile.in,
10826: src/exec_pty.c, src/sudo_exec.h, src/utmp.c:
10827: Redo utmp handling. If no getutent()/getutxent() is available,
10828: assume a ttyslot-based utmp. If getttyent() is available, use that
10829: directly instead of ttyslot() so we don't have to do the stdin dup2
10830: dance.
10831: [18aa455cd140]
10832:
10833: 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
10834:
10835: * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h,
10836: src/utmp.c:
10837: Move utmp handling into utmp.c
10838: [f6eae6c8e012]
10839:
10840: * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
10841: common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c,
10842: compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c,
10843: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
10844: compat/utimes.c, doc/sudo.pod, doc/visudo.pod,
10845: include/sudo_plugin.h, plugins/sample/sample_plugin.c,
10846: plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
10847: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
10848: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
10849: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
10850: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
10851: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
10852: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
10853: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
10854: plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c,
10855: plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
10856: plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
10857: plugins/sudoers/logging.c, plugins/sudoers/parse.c,
10858: plugins/sudoers/parse.h, plugins/sudoers/redblack.c,
10859: plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c,
10860: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c,
10861: src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c,
10862: src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
10863: src/sudo_plugin_int.h, src/tgetpass.c:
10864: Update copyright years.
10865: [16aa39f9060a]
10866:
10867: * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c,
10868: plugins/sudoers/sudoers.h, src/parse_args.c:
10869: Add "user_shell" boolean as a way to indicate to the plugin that the
10870: -s flag was given.
10871: [fb1ef0897b32]
10872:
10873: * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
10874: plugins/sudoers/sudoers.h:
10875: Move sessid out of sudo_user.
10876: [ba298ddb57f4]
10877:
10878: * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
10879: plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
10880: plugins/sudoers/sudoers.h:
10881: Log the TSID even if it is not a simple session ID.
10882: [d7cc1b9c513c]
10883:
10884: * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod:
10885: Document noexec in sample.sudo.conf and add back noexec_file section
10886: in sudoers with a note that it is deprecated.
10887: [4a6e961e494d]
10888:
10889: * plugins/sudoers/set_perms.c:
10890: Fix running commands as non-root on systems where setreuid() changes
10891: the saved uid based on the effective uid we are changing to.
10892: [df0769b71b34]
10893:
10894: 2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
10895:
10896: * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c,
10897: src/sudo.h:
10898: Move noexec path into sudo.conf now that sudo itself handles noexec.
10899: Currently can be configured in sudoers too but is now undocumented
10900: and will be removed in a future release.
10901: [6fa8befdc110]
10902:
10903: * doc/sudo.pod, doc/sudoers.pod:
10904: Document "Path noexec ..." in sudo.conf. No longer document
10905: noexec_file in sudoers, it will be removed in a future release.
10906: [24eee3a0b3e5]
10907:
10908: * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
10909: plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
10910: Move noexec handling to sudo front-end where it is documented as
10911: being.
10912: [3ed4f10d7052]
10913:
10914: * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
10915: src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
10916: src/sudo_exec.h:
10917: Add support for disabling exec via solaris privileges. Includes
10918: preparation for moving noexec support out of sudoers and into front
10919: end as documented.
10920: [dec843ed553e]
10921:
10922: * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym,
10923: plugins/sample_group/Makefile.in,
10924: plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
10925: plugins/sudoers/sudoers.sym:
10926: Only export the symbols corresponding to the plugin structs.
10927: [8d8d03b0ca54]
10928:
10929: * configure, configure.in, plugins/sample/Makefile.in,
10930: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
10931: Install plugins manually instead of using libtool. This works around
10932: a problem on AIX where libtool will install a .a file containing the
10933: .so file instead of the .so file itself.
10934: [796971cfbddb]
10935:
10936: * Makefile.in:
10937: Move check into its own rule since some versions of make will run
10938: both targets as the default rule.
10939: [34d759979176]
10940:
10941: * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
10942: m4/ltversion.m4, m4/lt~obsolete.m4:
10943: Update to libtool 2.2.10
10944: [34c130de6af7]
10945:
10946: 2011-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
10947:
10948: * src/exec.c:
10949: In handle_signals(), restart the read() on EINTR to make sure we
10950: keep up with the signal pipe. Don't return -1 on EAGAIN, it just
10951: means we have emptied the pipe.
10952: [d5b9c8eb9000]
10953:
10954: * compat/mktemp.c:
10955: Reorder functions to quiet a compiler warning.
10956: [c9e9a23729f0]
10957:
10958: * mkpkg:
10959: Use the Sun Studio C compiler on Solaris if possible
10960: [11a86e27891e]
10961:
10962: 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
10963:
10964: * mkpkg:
10965: Fix default setting of osversion variable.
10966: [52e49ca1cedd]
10967:
10968: * doc/sudo_plugin.pod:
10969: Make two login_class entris consistent.
10970: [18ff1fa94a91]
10971:
10972: * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c,
10973: src/sudo_exec.h:
10974: Add support for adding a utmp entry when allocating a new pty.
10975: Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
10976: Currently only creates a new entry if the existing tty has a utmp
10977: entry.
10978: [32db72b81d80]
10979:
10980: * plugins/sudoers/boottime.c:
10981: Avoid pulling in headers we don't need on Linux For getutx?id(),
10982: call setutx?ent() first and always call endutx?ent().
10983: [5dad21e1ee1b]
10984:
10985: * configure, configure.in:
10986: Add some more libs to SUDOERS_LIBS instead of relying on them to be
10987: pulled in by SUDO_LIBS.
10988: [18a7c21c09a7]
10989:
10990: * plugins/sudoers/sudoers.c:
10991: Fix return value of "sudo -l command" when command is not allowed,
10992: broken in [c7097ea22111]. The default return value is now TRUE and a
10993: bad: label is used when permission is denied. Also fixed missing
10994: permissions restoration on certain errors. On error()/errorx(), the
10995: password and group files are now closed before returning.
10996: [4f2d0e869ae5]
10997:
10998: 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
10999:
11000: * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
11001: Fix passing of login class back to sudo front end.
11002: [6f70a784ce48]
11003:
11004: * mkpkg:
11005: Add --osversion flag to specify OS instead of running "pp
11006: --probeonly"
11007: [a8efdccb7bc1]
11008:
11009: * sudo.pp:
11010: Fix expr usage w/ GNU expr
11011: [48895599ee63]
11012:
11013: 2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
11014:
11015: * plugins/sudoers/sudoers.c:
11016: Fix exit value for validate and list mode.
11017: [c7097ea22111]
11018:
11019: * plugins/sudoers/sudoers.c:
11020: Fix non-interactive mode with sudoers plugin.
11021: [172f29597bd2]
11022:
11023: 2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
11024:
11025: * doc/sudoreplay.pod:
11026: sudoreplay can now find IDs other than %{seq} and display the
11027: session.
11028: [fc3dd3be67e9]
11029:
11030: 2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
11031:
11032: * plugins/sudoers/sudoreplay.c:
11033: Add support for replaying sessions when iolog_file is set to
11034: something other than %{seq}.
11035: [ca3131243874]
11036:
11037: * plugins/sudoers/visudo.c:
11038: If we are killed by a signal, display the name of the signal that
11039: got us.
11040: [994bb76a990e]
11041:
11042: * configure, configure.in:
11043: Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
11044: where they belong.
11045: [40f94b936fa4]
11046:
11047: * configure.in:
11048: Fix bug in skey/opie check that could cause a shell warning.
11049: [83c043072be5]
11050:
11051: * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
11052: No longer need sudo_getepw() stubs.
11053: [bbee15c36912]
11054:
11055: 2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
11056:
11057: * plugins/sudoers/sudo_nss.c:
11058: Fix exit value of "sudo -l command" in sudoers module.
11059: [a6541867521b]
11060:
11061: 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
11062:
11063: * compat/regress/glob/globtest.c:
11064: Use fgets() not fgetln() for portability.
11065: [df1bb67fb168]
11066:
11067: * sudo.pp:
11068: Don't use the beta or release candidate version as the rpm release.
11069: [d661ef78021a]
11070:
11071: 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
11072:
11073: * configure, configure.in:
11074: version 1.8.0
11075: [f6530d56f6ae] [SUDO_1_8_0]
11076:
11077: * NEWS:
11078: update sudo 1.8 section
11079: [f2ee2cf95d18]
11080:
11081: 2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
11082:
11083: * plugins/sudoers/regress/testsudoers/test2.sh:
11084: fix test description
11085: [cd5730fa9f09]
11086:
11087: * plugins/sudoers/regress/testsudoers/test2.out,
11088: plugins/sudoers/regress/testsudoers/test2.sh,
11089: plugins/sudoers/regress/visudo/test2.out,
11090: plugins/sudoers/regress/visudo/test2.sh:
11091: convert test2 to use testsudoers
11092: [b5ec3f0b69f1]
11093:
11094: * include/sudo_plugin.h, src/sudo_plugin_int.h:
11095: Move struct generic_plugin to sudo_plugin_int.h
11096: [6f7bc629329c]
11097:
11098: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
11099: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
11100: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
11101: plugins/sudoers/sudoers.h:
11102: Allow sudoers file name, mode, uid and gid to be specified in the
11103: settings list. The sudo front end does not currently set these but
11104: may in the future.
11105: [22f38a0fda2a]
11106:
11107: 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
11108:
11109: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
11110: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
11111: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
11112: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
11113: doc/visudo.man.in:
11114: 1.8.0rc1
11115: [5d4588b9c057]
11116:
11117: * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
11118: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
11119: src/parse_args.c, src/sudo.h:
11120: add help text to sudo, visudo and sudoreplay for the -h option
11121: [52e7378d8476]
11122:
11123: 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
11124:
11125: * compat/snprintf.c:
11126: avoid using "howmany" for a parameter name since it is a select-
11127: related macro
11128: [a14d565401a1]
11129:
11130: * doc/sudoers.pod:
11131: mention group_plugin when describing nonunix_group
11132: [e0d1d0034b17]
11133:
11134: * doc/sudo_plugin.pod:
11135: Add missing period at end of sentence
11136: [6744d7e9056d]
11137:
11138: * Makefile.in, doc/Makefile.in, include/Makefile.in,
11139: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
11140: plugins/sudoers/Makefile.in, src/Makefile.in:
11141: add localstatedir; closes bug 471
11142: [7aefcab85088]
11143:
11144: * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
11145: src/exec.c, src/exec_pty.c:
11146: The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
11147: Bug 470
11148: [927ed6740f32]
11149:
11150: * configure.in:
11151: add missing AH_TEMPLATE for ENV_RESET
11152: [16300010c986]
11153:
11154: * src/exec.c:
11155: SVR5 systems return non-zero for success on socketpair(), check for
11156: -1 instead. Closes Bug 469
11157: [4d276494bf8e]
11158:
11159: 2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
11160:
11161: * configure, configure.in:
11162: 1.8.0b5
11163: [d611cd5d73d3]
11164:
11165: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
11166: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
11167: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
11168: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
11169: regen
11170: [85e96eeaed82]
11171:
11172: * doc/sudo.pod:
11173: Document that a sudo.conf file with no Pligin lines uses the default
11174: sudoers plugins.
11175: [88bd52da977f]
11176:
11177: * src/load_plugins.c:
11178: If sudo.conf contains no Plugin lines, use the default sudoers
11179: policy and I/O plugins.
11180: [fd8f4cb811ab]
11181:
11182: 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
11183:
11184: * plugins/sudoers/sudo_nss.c:
11185: Avoid printing empty "Runas and Command-specific defaults for user"
11186: line.
11187: [2dd330fe4f8b]
11188:
11189: * common/lbuf.c:
11190: Truncate the buffer at buf.len before printing in the non-wordwrap
11191: case.
11192: [901e9833f80d]
11193:
11194: * common/lbuf.c:
11195: Remove extra newline when the tty width is very small or unavailable
11196: [245c05506c0e]
11197:
11198: 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
11199:
11200: * plugins/sudoers/alias.c:
11201: Remove unneeded variable.
11202: [2c086d30b796]
11203:
11204: 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
11205:
11206: * configure, configure.in:
11207: Prefer getutxid over getutid
11208: [3f3322e9c93e]
11209:
11210: * plugins/sudoers/boottime.c:
11211: Include utmp.h / utmpx.h before missing.h as apparently including it
11212: afterwards causes a compilation problem on GNU Hurd.
11213: [a528029ae962]
11214:
11215: 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
11216:
11217: * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
11218: #include "foo.h", not <foo.h> for local includes.
11219: [f65ec693998e]
11220:
11221: * src/parse_args.c:
11222: remove bogus XXX
11223: [9136c17d53ce]
11224:
11225: * compat/mksiglist.c:
11226: Fix typo
11227: [1a3bb7b455c9]
11228:
11229: * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
11230: plugins/sudoers/match.c:
11231: return foo not return(foo)
11232: [5c9e0647359a]
11233:
11234: 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
11235:
11236: * src/exec.c:
11237: Remove duplicate FD_SET of signal_pipe[0]
11238: [3096527d2215]
11239:
11240: 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
11241:
11242: * compat/mksiglist.c:
11243: Use "missing.h" not <missing.h> in generated code.
11244: [d8e09cffbe09]
11245:
11246: 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
11247:
11248: * aclocal.m4, configure:
11249: fix --with-iologdir=no
11250: [a89699cb5f5f]
11251:
11252: * aclocal.m4, configure:
11253: fix typo that broke --with-iologdir
11254: [91b54eb22403]
11255:
11256: 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
11257:
11258: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
11259: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
11260: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
11261: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
11262: doc/visudo.man.in:
11263: Bump version to 1.8.0b4
11264: [e2b7f2cdc02e]
11265:
11266: * NEWS:
11267: sync
11268: [decf5a0a8a33]
11269:
11270: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
11271: Attempt to clarify how users and groups interact in Runas_Specs
11272: [e6fb3a2dbd77]
11273:
11274: * plugins/sudoers/regress/visudo/test2.out,
11275: plugins/sudoers/regress/visudo/test2.sh:
11276: Add test for quoted group that contains escaped double quotes
11277: [44596c48c629]
11278:
11279: * src/exec.c, src/exec_pty.c:
11280: Pass SIGUSR1/SIGUSR2 through to the child.
11281: [c3108a827b01]
11282:
11283: * src/exec_pty.c, src/sudo_exec.h:
11284: Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
11285: SIGUSR2 to indicate whether the child should be continued in the
11286: foreground or background.
11287: [35ca47cc6785]
11288:
11289: * src/exec.c:
11290: Use pid_t not int and check the return value of kill()
11291: [36ae7d37d7f9]
11292:
11293: 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
11294:
11295: * src/exec_pty.c:
11296: Remove obsolete comment
11297: [baebef4919f6]
11298:
11299: * src/exec.c:
11300: In non-pty mode before continuing the child, make it the foreground
11301: pgrp if possible. Fixes resuming a shell.
11302: [fef5b1d02ddb]
11303:
11304: * src/exec_pty.c:
11305: If we get a signal other than SIGCHLD in the monitor, pass it
11306: directly to the child.
11307: [b3ecb28163a0]
11308:
11309: * src/exec.c, src/exec_pty.c, src/sudo.h:
11310: Save signal state before changing handlers and restore before we
11311: execute the command.
11312: [faf7475dc4bf]
11313:
11314: 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
11315:
11316: * plugins/sudoers/iolog.c:
11317: Use a char array to map a number to a base36 digit.
11318: [257576c51f8b]
11319:
11320: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
11321: Be clear about what versions of sudo support new LDAP attributes.
11322: Fix up some formatting of attribute names. Minor other tweaks.
11323: [39f65df71f65]
11324:
11325: 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
11326:
11327: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
11328: match quoted strings the same way whether in a Defaults line or as a
11329: user/group/netgroup name. Fixes escaped double quotes in quoted
11330: user/group/netgroup names.
11331: [601d97ea8792]
11332:
11333: * plugins/sudoers/Makefile.in:
11334: 'make check' depends on visudo and testsudoers
11335: [127c5a24df8f]
11336:
11337: * plugins/sudoers/sudoers2ldif:
11338: Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
11339: [9029163a58c3]
11340:
11341: 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
11342:
11343: * doc/UPGRADE:
11344: Mention LDAP attribute compatibility status.
11345: [2c3595aaec63]
11346:
11347: 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
11348:
11349: * README.LDAP:
11350: Mention phpQLAdmin
11351: [9304c9064fbe]
11352:
11353: * INSTALL, NEWS, config.h.in, configure, configure.in,
11354: doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
11355: Add --disable-env-reset configure option.
11356: [8a753aa13a46]
11357:
11358: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
11359: Document that sudoers_locale also affects logging and email.
11360: [998d6ac11277]
11361:
11362: * NEWS, config.h.in, configure, configure.in,
11363: plugins/sudoers/logging.c:
11364: Do logging and email sending in the locale specified by the
11365: "sudoers_locale" setting ("C" by default). Email send by sudo
11366: includes MIME headers when the sudoers locale is not "C".
11367: [cb7e55408400]
11368:
11369: 2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
11370:
11371: * plugins/sudoers/check.c:
11372: Fix indentation
11373: [65ae7e92b9e4]
11374:
11375: 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
11376:
11377: * NEWS, src/parse_args.c, src/sudo.c:
11378: Perform command escaping for "sudo -s" and "sudo -i" after
11379: validating sudoers so the sudoers entries don't need to have all the
11380: backslashes.
11381: [4e168c103f4b]
11382:
11383: 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
11384:
11385: * plugins/sudoers/logging.c:
11386: Prepend "list " to the command logged when "sudo -l command" is used
11387: to make it clear that the command was listed, not run.
11388: [f392a6056cd6]
11389:
11390: * plugins/sudoers/parse.c:
11391: cosmetic change
11392: [7c0951dbc2dd]
11393:
11394: * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
11395: common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
11396: compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
11397: compat/nanosleep.c, compat/regress/glob/globtest.c,
11398: compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
11399: compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
11400: plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
11401: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
11402: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
11403: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
11404: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
11405: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
11406: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
11407: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
11408: plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
11409: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
11410: plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
11411: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
11412: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
11413: plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
11414: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
11415: plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
11416: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
11417: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
11418: plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
11419: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
11420: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
11421: src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
11422: src/sudo_noexec.c, src/tgetpass.c:
11423: standardize on "return foo;" rather than "return(foo);" or "return
11424: (foo);"
11425: [32d76c5aaf8c]
11426:
11427: * plugins/sudoers/sudoers.c:
11428: Do not reject sudoers file just because it is root-writable.
11429: [0febc579185b]
11430:
11431: 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
11432:
11433: * NEWS:
11434: sync
11435: [1ab03f8278ff]
11436:
11437: * plugins/sudoers/sudo_nss.c:
11438: For "sudo -U user -l" if user is not authorized on the host, say so.
11439: [289afe6dd15c]
11440:
11441: * plugins/sudoers/ldap.c:
11442: In sudo_ldap_lookup(), always do the initial sudoers check as the
11443: invoking user. If we are listing another user's privs we will do a
11444: separate lookup using list_pw later.
11445: [e52bc15de76d]
11446:
11447: 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
11448:
11449: * MANIFEST:
11450: add parser fill tests
11451: [4f65140d3515]
11452:
11453: * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
11454: Don't test features not supported by the bundled glob()
11455: [8ec7ace11949]
11456:
11457: * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
11458: compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
11459: doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
11460: doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
11461: doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
11462: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
11463: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
11464: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
11465: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
11466: plugins/sudoers/ldap.c, plugins/sudoers/match.c,
11467: plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
11468: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
11469: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
11470: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
11471: plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
11472: Update copyright year to 2011
11473: [ac1b45cb1809]
11474:
11475: * plugins/sudoers/sudo_nss.c:
11476: When listing, use separate lbufs for the defaults and the privileges
11477: and only print something if the number of privileges is non-zero.
11478: Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
11479: [d0854d39f8ef]
11480:
11481: * plugins/sudoers/ldap.c:
11482: Stash pointer to user group vector in LDAP handle and only reuse the
11483: query if it has not changed. We always allocate a new buffer when we
11484: reset the group vector so a simple pointer check is sufficient.
11485: [88861d4eba69]
11486:
11487: * plugins/sudoers/sudo_nss.c:
11488: Check initgroups() return value.
11489: [3bdaf58408a7]
11490:
11491: * plugins/sudoers/Makefile.in,
11492: plugins/sudoers/regress/parser/check_fill.c:
11493: Add tests for the fill functions in toke_util.c
11494: [bca587ab4956]
11495:
11496: 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
11497:
11498: * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
11499: fix copyright year
11500: [e2038cdaf055]
11501:
11502: * NEWS:
11503: sync
11504: [56ca5d5eaebe]
11505:
11506: 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
11507:
11508: * common/term.c:
11509: Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
11510: [b91f266624ec]
11511:
11512: 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
11513:
11514: * mkpkg, sudo.pp:
11515: Add Requires line for audit-libs >= 1.4 for RHEL5+
11516: [6c02f976171b]
11517:
11518: * pp:
11519: sync with git version
11520: [d301c32d5865]
11521:
11522: 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
11523:
11524: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
11525: fix typo
11526: [39353f92976f]
11527:
11528: 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
11529:
11530: * NEWS:
11531: Update for sudo 1.7.4p5
11532: [b444da76901f]
11533:
11534: * doc/schema.OpenLDAP, doc/schema.iPlanet:
11535: Add sudoNotBefore and sudoNotAfter attributes as optional attributes
11536: to the sudoRole object class. From Andreas Mueller
11537: [dacfad7e7a95]
11538:
11539: 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
11540:
11541: * NEWS:
11542: Mention "sudo -g group" password check fix.
11543: [1eb8fb14e53b]
11544:
11545: * plugins/sudoers/sudoers.c:
11546: Fix "sudo -g" support in the sudoers module.
11547: [07d1b0ce530e]
11548:
11549: * plugins/sudoers/check.c:
11550: If the user is running sudo as himself but as a different group we
11551: need to prompt for a password.
11552: [caf1fcc9a117]
11553:
11554: 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
11555:
11556: * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
11557: doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
11558: plugins/sudoers/ldap.c:
11559: Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
11560: LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
11561: derived LDAP SDKs but we can pass the timeout parameter to
11562: ldap_search_ext_s() or ldap_search_st() when possible.
11563: [5537049991f7]
11564:
11565: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
11566: regen
11567: [5b361c3c4324]
11568:
11569: * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
11570: Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
11571: with OpenLDAP ldap.conf files.
11572: [e97843bd16fb]
11573:
11574: * plugins/sudoers/pwutil.c:
11575: If user has no supplementary groups, fall back on checking the group
11576: file expliticly.
11577: [5223ad4eb690]
11578:
11579: 2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
11580:
11581: * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
11582: constify
11583: [6e132a4cca61]
11584:
11585: * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
11586: plugins/sudoers/toke.l:
11587: Move fill macro to toke.h
11588: [623d430798cf]
11589:
11590: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
11591: plugins/sudoers/toke.h, plugins/sudoers/toke.l,
11592: plugins/sudoers/toke_util.c:
11593: Split tokenizer utility functions out into toke_util.c
11594: [89a97bd51618]
11595:
11596: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
11597: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
11598: ANSIfy
11599: [ca0eba1dfaa9]
11600:
11601: 2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
11602:
11603: * MANIFEST:
11604: sync
11605: [a43f94064bb3]
11606:
11607: * plugins/sudoers/Makefile.in:
11608: Add visudo tests to check target
11609: [8c82fb4ed40f]
11610:
11611: * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
11612: compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
11613: compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
11614: Add my regress tests for fnmatch() and glob() from OpenBSD.
11615: [6e8c1f211723]
11616:
11617: * plugins/sudoers/regress/testsudoers/test1.sh,
11618: plugins/sudoers/regress/visudo/test1.ok,
11619: plugins/sudoers/regress/visudo/test1.sh:
11620: Add regress test for command tags using visudo -c
11621: [18b0ef207c0f]
11622:
11623: * plugins/sudoers/Makefile.in,
11624: plugins/sudoers/regress/testsudoers/test1.ok,
11625: plugins/sudoers/regress/testsudoers/test1.sh:
11626: Add support for regress tests using testsudoers
11627: [1fa94bd2671b]
11628:
11629: * plugins/sudoers/testsudoers.c:
11630: Need to set user_name explicitly due to internal changes made when
11631: converting sudoers to a plugin.
11632: [1fa54e86a364]
11633:
11634: 2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
11635:
11636: * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
11637: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
11638: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
11639: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
11640: plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
11641: zlib/Makefile.in:
11642: Add regression tests for iolog_path()
11643: [afa4b416e559]
11644:
11645: * Makefile.in, common/Makefile.in, compat/Makefile.in,
11646: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
11647: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
11648: src/Makefile.in, zlib/Makefile.in:
11649: Add support for "make Makefile" to regenerate Makefile from
11650: Makefile.in
11651: [98bd2dda3294]
11652:
11653: * plugins/sudoers/iolog_path.c:
11654: Quiest a bogus compiler warning.
11655: [5ff932a7ad67]
11656:
11657: 2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
11658:
11659: * plugins/sudoers/iolog_path.c:
11660: Protect call to setlocale() with HAVE_SETLOCALE
11661: [2c29ee3ccc81]
11662:
11663: 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
11664:
11665: * MANIFEST:
11666: mkstemps.c was renamed mktemp.c
11667: [ae299c3b1827]
11668:
11669: * NEWS:
11670: Update from 1.7 branch
11671: [20817d79717b]
11672:
11673: * Makefile.in:
11674: Use "mv -f" when regenerating ChangeLog
11675: [c163635206c6]
11676:
11677: * plugins/sudoers/match.c:
11678: Fix NULL dereference with "sudo -g group" when the sudoers rule has
11679: no runas user or group listed. Fixes RedHat bug Bug 667103.
11680: [41a6a1243d9e]
11681:
11682: 2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
11683:
11684: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
11685: Correct the default sudo.conf example
11686: [4e791698cad1]
11687:
11688: 2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
11689:
11690: * plugins/sudoers/iolog_path.c:
11691: Reset slashp if we allocate a new buffer for strftime()
11692: [e491daa4203b]
11693:
11694: * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
11695: plugins/sudoers/sudoers.h:
11696: Add extra out parameter to expand_iolog_path() to allow the caller
11697: to split the path into dir and file components if needed.
11698: [88346bc5ae39]
11699:
11700: 2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
11701:
11702: * plugins/sudoers/iolog.c:
11703: mkdir_iopath() returns size_t now that it uses strlcpy() and not
11704: snprintf()
11705: [3c4c64d265eb]
11706:
11707: * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
11708: Trim leading slashes from iolog_file and trailing slashes from
11709: iolog_dir
11710: [a803b51f8948]
11711:
11712: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
11713: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
11714: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
11715: Pass a single I/O log file name in command_details instead of
11716: separate dir + file parameters.
11717: [d672a3e46e80]
11718:
11719: * plugins/sudoers/sudoreplay.c:
11720: change an error() to errorx()
11721: [8013dcfdd69d]
11722:
11723: * plugins/sudoers/iolog.c:
11724: Add missing cwd line to I/O log info file that got dropped when
11725: iolog_deserialize_info() was added
11726: [7cf84f208423]
11727:
11728: 2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
11729:
11730: * plugins/sudoers/iolog.c:
11731: Avoid relying on globals filled in by the sudoers policy module for
11732: the sudoers I/O log module. The I/O log open function now pulls the
11733: bits it needs out of user_info and command_info.
11734: [c02f6951b0cc]
11735:
11736: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
11737: plugins/sudoers/sudoers.h:
11738: If no iolog file is specified by the policy plugin, use io_nextid()
11739: to determine the next file in the sequence.
11740: [faa1130b1020]
11741:
11742: 2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
11743:
11744: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
11745: Document iolog_compress in command_info
11746: [58895c7d12f5]
11747:
11748: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
11749: Add support for the iolog_compress variable in command_info.
11750: [36f13a2fd1c1]
11751:
11752: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
11753: Add sigsetjmp() calls to all plugin entry points just to be safe.
11754: [3fa482355bc4]
11755:
11756: * src/sudo.c, src/sudo.h:
11757: Don't need iolog variables in struct command_details, they are for
11758: the I/O log plugins to handle.
11759: [5111579ffd9d]
11760:
11761: 2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
11762:
11763: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
11764: Document use of mkdtemp() for iolog path teplates
11765: [5db6101408a9]
11766:
11767: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
11768: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
11769: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
11770: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
11771: regen
11772: [1ee11fd6d4eb]
11773:
11774: * doc/sudo_plugin.pod, doc/sudoers.pod:
11775: Document iolog_file and supported escape sequences for sudoers.
11776: Clarify that iolog_file can contain directories.
11777: [da611dedcbdb]
11778:
11779: * compat/Makefile.in, configure, configure.in:
11780: Fix building of mkstemps/mkdtemp replacements.
11781: [793a5e303122]
11782:
11783: * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
11784: configure.in, include/missing.h:
11785: Provide mkdtemp() for systems without it.
11786: [b0527dfa965c]
11787:
11788: * plugins/sudoers/iolog_path.c:
11789: Fix typo
11790: [277f6c514cba]
11791:
11792: * plugins/sudoers/iolog.c:
11793: Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
11794: glibc mkdtemp() returns EINVAL.
11795: [2e7323b05579]
11796:
11797: * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
11798: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
11799: plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
11800: plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
11801: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
11802: Allow sudoers to specify the iolog file in addition to the iolog
11803: dir. Add escape sequence support to iolog file and dir: sequence
11804: number, user, group, runas_user, runas_group, hostname and command
11805: in addition to any escape sequence recognized by strftime(3).
11806: [75cd32ee0435]
11807:
11808: * plugins/sudoers/iolog.c:
11809: Add missing sigsetjmp() call in I/O plugin open function. Fixes a
11810: crash when the I/O plugin calls error(), errorx() or log_error().
11811: [1a6718bd817d]
11812:
11813: 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
11814:
11815: * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
11816: plugins/sudoers/sudoers.c:
11817: Give the policy module fine-grained control over what the I/O plugin
11818: logs.
11819: [d29784fd2a66]
11820:
11821: * common/term.c:
11822: Clear OPOST from c_oflag like we used to. Fixes screen-based editors
11823: such as vi.
11824: [506ad5ae9b4e]
11825:
11826: * doc/sudoers.pod:
11827: Clarify umask option description. From Reuben Thomas.
11828: [1294ac84222b]
11829:
11830: 2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
11831:
11832: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
11833: Pick last match in LDAP sudoers too
11834: [fbfd8e85703b]
11835:
11836: * doc/sudo_plugin.pod:
11837: Document iolog_file, iolog_dir and use_pty
11838: [26120a59c20e]
11839:
11840: * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
11841: plugins/sudoers/sudoers.c:
11842: Adapt plugins to version I/O logging ABI 1.1
11843: [880dd64bc1e8]
11844:
11845: * src/exec.c, src/sudo.h:
11846: Add use_pty command_info flag for policies to indicate that a pty
11847: should be allocated even if no I/O logging is performed.
11848: [e7b167f8a6e5]
11849:
11850: * src/sudo.c:
11851: Add remaining plugin convenience functions
11852: [ffeaf96da031]
11853:
11854: * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
11855: src/sudo_plugin_int.h:
11856: Change I/O log API to pass in command info to the I/O log open
11857: function. Add iolog_file and iolog_dir parameters to command info.
11858: This allows the policy plugin to specify the I/O log pathname. Add
11859: convenience functions for calling plugin functions that handle ABI
11860: backwards compatibility.
11861: [9b81dce76ce5]
11862:
11863: * compat/dlopen.c:
11864: Remove useless cast
11865: [7cecce969739]
11866:
11867: 2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
11868:
11869: * configure, configure.in:
11870: Bump version to 1.8.0b3
11871: [1dc9f040aae0]
11872:
11873: 2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
11874:
11875: * configure.in:
11876: Remove extraneous newline
11877: [71c94551eea5]
11878:
11879: 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
11880:
11881: * doc/sudoers.pod, plugins/sudoers/def_data.c,
11882: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
11883: plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
11884: Make I/O log dir configurable.
11885: [99b576667a38]
11886:
11887: * aclocal.m4, configure, configure.in, doc/sudoers.pod:
11888: Rename io_logdir to iolog_dir
11889: [0731662acc8d]
11890:
11891: 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
11892:
11893: * pp:
11894: Add missing '*' that prevented the generic ELF case from matching.
11895: [be77ca26bfb2]
11896:
11897: * pp:
11898: If file(1) can't identify the ELF binary type, try readelf(1).
11899: [38a18d32a9e3]
11900:
11901: 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
11902:
11903: * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
11904: plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
11905: plugins/sudoers/sudoers.c, src/sudo.c:
11906: Use %u to print uid/gid, not %lu and adjust casts to match.
11907: [03c43b8749cf]
11908:
11909: * doc/sudoers.ldap.pod:
11910: Clarify ordering of entries and attributes.
11911: [924e2a6bb603]
11912:
11913: * doc/sudoers.ldap.pod:
11914: Fix typo and editing goof.
11915: [79dc7ccd85a8]
11916:
11917: * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
11918: doc/sudoers.ldap.pod:
11919: Merge in ordered LDAP entry support from Andreas Mueller.
11920: [ea5885989bad]
11921:
11922: * plugins/sudoers/ldap.c:
11923: Make sure we don't dereference a NULL handle.
11924: [1a9f9ee15371]
11925:
11926: 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
11927:
11928: * pp:
11929: Add support for RHEL 6 file modes that include a trailing dot on
11930: files with an SELinux security context
11931: [dc09be959547]
11932:
11933: 2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
11934:
11935: * src/sudo.c:
11936: exec_setup() does not need to setuid(0), the Ubuntu issue was in the
11937: sudoers module.
11938: [d6dd99fc6062]
11939:
11940: * plugins/sudoers/sudoers.c:
11941: create_admin_success_flag() should use restore_perms() rather than
11942: set_perms() to restore the uid.
11943: [eba7a91c1f57]
11944:
11945: * src/sudo.c:
11946: In exec_setup() call setuid(0) to make certain the subsequent uid
11947: and gid changes will succeed. Fixes a problem on Ubuntu.
11948: [c5d32abf0645]
11949:
11950: * src/sudo_edit.c:
11951: Error out if we cannot change to root's uid so we catch the failure
11952: early.
11953: [7a2e7f8f2c80]
11954:
11955: 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
11956:
11957: * doc/sudoers.pod:
11958: fix typo; from Michael T Hunter
11959: [a574a9d0db5b]
11960:
11961: * plugins/sudoers/match.c:
11962: In sudoedit mode, assume command line arguments are paths and pass
11963: FNM_PATHNAME to fnmatch().
11964: [ce0abff8ce9f]
11965:
11966: 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
11967:
11968: * configure, configure.in:
11969: Add workaround for an error in sys/types.h on HP-UX 11.23 when large
11970: file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
11971: broken bits of the header file.
11972: [e337217f097a]
11973:
11974: * aclocal.m4:
11975: Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
11976: [fbbcee28961f]
11977:
11978: * sudo.pp:
11979: For Tru64, strip off beta version.
11980: [eeccd762df5e]
11981:
11982: * MANIFEST, plugins/sudoers/testsudoers.c,
11983: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
11984: Avoid conflicts with system definitions in grp.h and pwd.h
11985: [b219ffe1da09]
11986:
11987: * zlib/gzguts.h:
11988: Include stdio.h after zlib.h, not before. We need the large file
11989: defines to come first.
11990: [21d6df39790f]
11991:
11992: 2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
11993:
11994: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
11995: regen
11996: [3ff8750d0aac]
11997:
11998: * Makefile.in:
11999: Don't clean ChangeLog
12000: [ab0d30d289d4]
12001:
12002: * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
12003: Add prototype for cleanup()
12004: [75626fd3769a]
12005:
12006: 2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
12007:
12008: * plugins/sudoers/group_plugin.c:
12009: Avoid deferencing group_plugin if it is NULL in
12010: group_plugin_query(). This should not happen.
12011: [4f2933c8da7e]
12012:
12013: * plugins/sudoers/group_plugin.c:
12014: group plugin init function return TRUE when successful
12015: [198024477030]
12016:
12017: 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
12018:
12019: * plugins/sudoers/ldap.c:
12020: Enlarge the array of entry wrappers int blocks of 100 entries to
12021: save on allocation time. From Andreas Mueller
12022: [375c916bb03b]
12023:
12024: * plugins/sudoers/ldap.c:
12025: Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
12026: that was mistakenly dropped.
12027: [1555f5bc132d]
12028:
12029: 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
12030:
12031: * doc/TROUBLESHOOTING:
12032: Mention that sudo needs "ar" to build.
12033: [65582ace2d09]
12034:
12035: * configure, configure.in:
12036: Fail with a more useful error if "ar" is not found.
12037: [d1cb83719c17]
12038:
12039: 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
12040:
12041: * plugins/sudoers/ldap.c:
12042: Merge in ordered LDAP entry support from Andreas Mueller and add
12043: local changes from the 1.7 branch.
12044: [bca29e461618]
12045:
12046: 2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
12047:
12048: * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
12049: doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
12050: Add timed entry support from Andreas Mueller.
12051: [e18d1df46a8d]
12052:
12053: * plugins/sudoers/group_plugin.c:
12054: Don't try to unload if group_plugin is NULL. Don't call dlclose() if
12055: group_handle is NULL
12056: [de2273da37d5]
12057:
12058: * plugins/sudoers/sudoers.h:
12059: It is now plugin_cleanup(), not cleanup()
12060: [da62a4e1a78c]
12061:
12062: * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
12063: Call plugin_cleanup(), not cleanup()
12064: [e800ad8b33ad]
12065:
12066: 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
12067:
12068: * plugins/sudoers/ldap.c:
12069: Use efree() not free() and remove malloc.h include since we never
12070: directly call malloc() or free().
12071: [107fffd134bb]
12072:
12073: 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
12074:
12075: * sudo.pp:
12076: set PSTAMP for Solaris and move the backend-specific bits to their
12077: own %if [xxx] %endif blocks in %set.
12078: [a94ebe8920c1]
12079:
12080: * pp:
12081: sync with git repo
12082: [75ff509696b4]
12083:
12084: * configure, configure.in:
12085: Only substitute file zlib files when using the builtin zlib
12086: [6c8145b2deb4]
12087:
12088: * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
12089: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
12090: src/Makefile.in, zlib/Makefile.in:
12091: Give up on using VPATH to find sources as it is implemented
12092: inconsistenly in different versions of make.
12093: [60517c69aaee]
12094:
12095: * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
12096: plugins/sudoers/gram.c, plugins/sudoers/toke.c:
12097: Include config.h before any other includes to make sure we get the
12098: right value for _FILE_OFFSET_BITS.
12099: [8fb007ca832e]
12100:
12101: * MANIFEST:
12102: Add zlib
12103: [04a3e23dfaa9]
12104:
12105: * zlib/Makefile.in:
12106: Add missing targets
12107: [40e45a177168]
12108:
12109: * src/Makefile.in:
12110: g/c unused $(GENERATED)
12111: [c8758068c1bc]
12112:
12113: 2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
12114:
12115: * plugins/sudoers/group_plugin.c:
12116: Zero out group_plugin on unload just to be safe.
12117: [0b10f4d101ca]
12118:
12119: * plugins/sudoers/group_plugin.c:
12120: Unload group plugin if its init function fails.
12121: [6552cdac4b7c]
12122:
12123: * src/sudo.c:
12124: Only chdir to cwd if it is different from the current cwd or there
12125: is a new root (chroot).
12126: [b8203e875e84]
12127:
12128: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
12129: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
12130: doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
12131: Bump version to 1.8.0b2
12132: [6dadeb75a878]
12133:
12134: 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
12135:
12136: * INSTALL:
12137: Better --enable-zlib description
12138: [e0da54fa59a6]
12139:
12140: * mkpkg:
12141: Use system zlib on Linux Let configure decide on Solaris For all
12142: others, use builtin zlib
12143: [3d52eddb523c]
12144:
12145: * zlib/zconf.h.in:
12146: Add large file support.
12147: [bec01215270d]
12148:
12149: * config.h.in:
12150: Add large file support.
12151: [244e95b034ec]
12152:
12153: * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
12154: zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
12155: zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
12156: zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
12157: zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
12158: zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
12159: zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
12160: zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
12161: Add local copy of zlib for systems that lack it.
12162: [7542ca465c5a]
12163:
12164: 2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
12165:
12166: * src/exec.c:
12167: If perform_io() fails, kill the child before exiting so it doesn't
12168: complain about connection reset. We can get an I/O error if, for
12169: example, and we get EIO reading from stdin.
12170: [e59a05fa729f]
12171:
12172: 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
12173:
12174: * plugins/sudoers/sudoers.c, src/sudo.c:
12175: Fix complilation on systems with set_auth_parameters() Sprinkle
12176: volatile to quiet warnings from gcc 2.8.0
12177: [a34c2b924ba7]
12178:
12179: * compat/dlfcn.h, compat/dlopen.c:
12180: Avoid potential namespace issues with dlopen() emulation.
12181: [aedfababd6ca]
12182:
12183: * MANIFEST:
12184: sync
12185: [6afb97e6d308]
12186:
12187: * plugins/sudoers/interfaces.c:
12188: Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
12189: exist).
12190: [ddfca5af1a36]
12191:
12192: * Makefile.in:
12193: Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
12194: [e9d04bfa4505]
12195:
12196: * configure, configure.in:
12197: HP-UX 10.20 libc has an incompatible getline
12198: [2e7bc202e78d]
12199:
12200: * plugins/sudoers/visudo.c:
12201: Quiet an HP-UX compiler warning.
12202: [55b9d587ac8c]
12203:
12204: * configure, configure.in:
12205: Check for vi even with --with-editor specified; the sample plugin
12206: needs it.
12207: [94dfc3643f76]
12208:
12209: 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
12210:
12211: * compat/dlopen.c:
12212: Fix remaining syntax errors.
12213: [9d729b5b577e]
12214:
12215: * src/Makefile.in:
12216: sudo binary depends on the libtool-generated libs
12217: [9e6148406adb]
12218:
12219: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
12220: Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
12221: include the local or system dlfcn.h
12222: [68cfe4c1089b]
12223:
12224: * pp:
12225: Don't use run_as_superuser=false on HP-UX
12226: [532242370b09]
12227:
12228: * src/net_ifs.c:
12229: Use memset() instead of zero_bytes() since we don't include
12230: sudoers.h
12231: [a187c18c2472]
12232:
12233: * plugins/sudoers/interfaces.c:
12234: Fix pasto; AF_INET not AF_INET6
12235: [2d2e9d7dc6f9]
12236:
12237: * compat/dlopen.c:
12238: Actually call shl_load()
12239: [ed8153b8a3cd]
12240:
12241: * pp:
12242: Update from git repo. Debian: version numbers now compliant with
12243: policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
12244: 10.20
12245: [ecf2692bceeb]
12246:
12247: * configure, configure.in:
12248: Fix dlopen() detection for systems where dlopen() is in a separate
12249: library.
12250: [fa6b175582b6]
12251:
12252: * plugins/sudoers/auth/pam.c:
12253: If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
12254: useful message and return AUTH_FATAL so sudo does not keep trying to
12255: validate the user.
12256: [1be8857e5291]
12257:
12258: * src/preload.c:
12259: sudo_preload_table is an array
12260: [b7704e72a9da]
12261:
12262: * compat/dlopen.c:
12263: Quiet a compiler warning and fix sudo_preload_table external
12264: definition.
12265: [8234987664cc]
12266:
12267: * compat/dlfcn.h:
12268: Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
12269: [8bab6a4053cc]
12270:
12271: * plugins/sudoers/group_plugin.c:
12272: Make this compile correctly when no dlopen is available.
12273: [57643879bd2b]
12274:
12275: 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
12276:
12277: * plugins/sudoers/check.c:
12278: Having a timestamp file defined is no longer indicative of tty
12279: tickets being enabled. Check def_tty_tickets directly.
12280: [efcc11ad157f]
12281:
12282: * src/exec_pty.c, src/sudo.h, src/ttysize.c:
12283: Fix TCGETWINSZ compat.
12284: [da3a8b17cf7a]
12285:
12286: 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
12287:
12288: * src/exec_pty.c, src/ttysize.c:
12289: Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
12290: [926492dd10a6]
12291:
12292: 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
12293:
12294: * plugins/sudoers/sudoers.c, src/sudo.c:
12295: Move set_project() from sudoers module into sudo proper.
12296: [beabafac03b4]
12297:
12298: * configure, configure.in:
12299: Fix typo and regenerate
12300: [4a3caf4234f3]
12301:
12302: * plugins/sudoers/ldap.c:
12303: When iterating over returned LDAP entries, keep looking at remaining
12304: matches even if we have a positive match. This catches negative
12305: matches that may exist in other entries and more closely match the
12306: sudoers file behavior.
12307: [f47db6e609b0]
12308:
12309: * pp:
12310: Add support for multiple package instances on Solaris.
12311: [7f2a8b942545]
12312:
12313: * src/exec.c:
12314: Add missing signal_pipe[0] to fdsr for the non-pty case.
12315: [79d01e11b19c]
12316:
12317: * mkpkg:
12318: Add --with-project for Solaris
12319: [ffa4c2bb93f7]
12320:
12321: * README:
12322: Need ar and ranlib too
12323: [5c2f679172ef]
12324:
12325: 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
12326:
12327: * plugins/sudoers/env.c:
12328: Preserve ODMDIR environment variable by default on AIX.
12329: [bd47cb1e804f]
12330:
12331: 2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
12332:
12333: * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
12334: config.h.in, configure, configure.in, plugins/sample/Makefile.in,
12335: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
12336: plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
12337: plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
12338: src/preload.c:
12339: Add dlopen() emulation for systems without it. For HP-UX 10, emulate
12340: using shl_load(). For others, link sudoers plugin statically and use
12341: a lookup table to emulate dlsym().
12342: [e92edfb3c642]
12343:
12344: 2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
12345:
12346: * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
12347: compat/nanosleep.c, compat/utimes.c:
12348: When including compat headers, use the compat dir as part of the
12349: path so we are sure to get the correct header.
12350: [6c2a45da6af5]
12351:
12352: 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
12353:
12354: * plugins/sudoers/linux_audit.c:
12355: Ignore ECONNREFUSED from audit_log_user_command() which will occur
12356: if auditd is not running.
12357: [d314fe4c8d03]
12358:
12359: 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
12360:
12361: * pp:
12362: Sync with git version
12363: [1c0357744222]
12364:
12365: 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
12366:
12367: * common/fileops.c, plugins/sudoers/defaults.c:
12368: Cast isblank argument to unsigned char.
12369: [c822dbb3ca54]
12370:
12371: 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
12372:
12373: * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
12374: doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
12375: Implement --with-umask-override configure flag.
12376: [863e3047df22]
12377:
12378: * plugins/sudoers/env.c:
12379: Take MODE_LOGIN_SHELL into account when initially setting reset_home
12380: instead of special-casing it later.
12381: [5d6b16480fd6]
12382:
12383: * plugins/sudoers/sudoers.c:
12384: In login mode, make a copy of the runas user's pw_shell for
12385: NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
12386: freed before exec.
12387: [1d1ccb568dfa]
12388:
12389: * plugins/sudoers/env.c:
12390: Reset HOME for "sudo -i" even if HOME was listed in env_keep.
12391: [c1c1c65a2d63]
12392:
12393: * src/sudo.c:
12394: Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
12395: [7443454e5f88]
12396:
12397: * src/sudo.c:
12398: Reset signal mask at sudo startup time; we need to be able to rely
12399: on normal signal delivery to control the child process.
12400: [95800163ff94]
12401:
12402: 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
12403:
12404: * install-sh:
12405: Use sed instead of expr to split a flag from its argument. Fixes a
12406: problem with expr interpreting its arguments as a flag when they
12407: start with a dash.
12408: [736065e14301]
12409:
12410: * common/lbuf.c:
12411: Do not need sys/time.h after all
12412: [91f6f668ccda]
12413:
12414: * common/lbuf.c:
12415: Include sys/time.h for utimes() and struct timeval. No longer need
12416: ioctl.h or termios.h
12417: [2d75273d3213]
12418:
12419: * compat/snprintf.c:
12420: Quiet bogus compiler warnings.
12421: [fe252e1968f5]
12422:
12423: * include/missing.h:
12424: Declare innetgr() for HP-UX which is missing a declaration. Declare
12425: domainname() for HP-UX and Solaris which are missing a declaration.
12426: [b37c50751138]
12427:
12428: * plugins/sudoers/bsm_audit.c:
12429: Use __sun for consistency with the rest of the sources.
12430: [6b086b61ccb6]
12431:
12432: * plugins/sudoers/group_plugin.c:
12433: Quiet a bogus compiler warning.
12434: [ebc069842c4a]
12435:
12436: * plugins/sudoers/pwutil.c:
12437: Don't try to delref a NULL group.
12438: [f6ff0838be21]
12439:
12440: * common/alloc.c, common/lbuf.c:
12441: Include memory.h on systems that need it.
12442: [4e676da81c6f]
12443:
12444: 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
12445:
12446: * src/exec.c:
12447: Quiet gcc warnings on glibc systems that use warn_unused_result for
12448: write(2).
12449: [0532da0b7cf7]
12450:
12451: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
12452: sudo_plugin is in section 8; from Ted Percival
12453: [b4506a0de87e]
12454:
12455: * plugins/sudoers/Makefile.in:
12456: testsudoers depends on libsudoers.la, not sudoreplay
12457: [cdb1cc3bf06a]
12458:
12459: 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
12460:
12461: * src/exec.c:
12462: Read as many signals on the signal pipe as we can before returning.
12463: [b181671da047]
12464:
12465: * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
12466: Instead of using a array to store received signals, open a pipe and
12467: have the signal handler write the signal number to one end and
12468: select() on the other end. This makes it possible to handle signals
12469: similar to I/O without race conditions.
12470: [ee84d65c16b6]
12471:
12472: 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
12473:
12474: * doc/visudo.pod, plugins/sudoers/visudo.c:
12475: Make "visudo -c -f -" check the standard input.
12476: [195a3d2a9a26]
12477:
12478: * doc/sudoers.pod:
12479: set_home and always_set_home have an effect if HOME is present in
12480: the env_keep list.
12481: [159d0b9dc5c8]
12482:
12483: * plugins/sudoers/env.c:
12484: Make -H flag work when HOME is listed in env_keep. Also makes
12485: "set_home" and "always_set_home" override override HOME in env_keep.
12486: [a3e5b966193f]
12487:
12488: 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
12489:
12490: * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
12491: plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
12492: plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
12493: plugins/sudoers/visudo.c, src/net_ifs.c:
12494: Convert sudoers plugin to use interface list passed in settings.
12495: [87d9b5f4f586]
12496:
12497: * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
12498: src/parse_args.c, src/sudo.h:
12499: Query local network interfaces in the main sudo driver and pass to
12500: the plugin as "network_addrs" in the settings list.
12501: [7f35bcfe77a7]
12502:
12503: * plugins/sudoers/bsm_audit.c:
12504: Solaris BSM audit return EINVAL when auditing is not enabled,
12505: whereas OpenBSM returns ENOSYS.
12506: [411b980ec58b]
12507:
12508: 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
12509:
12510: * compat/fnmatch.c:
12511: missing.h should come before most local includes
12512: [53921a7b8b5b]
12513:
12514: * plugins/sudoers/sudoreplay.c:
12515: missing.h should come before most local includes
12516: [e9abb0db1aac]
12517:
12518: * plugins/sudoers/sudoers.h:
12519: Make local includes consistent; use double quotes for local includes
12520: except for generated ones where we use angle brackets.
12521: [09de4faa9547]
12522:
12523: * plugins/sudoers/sudoers.c:
12524: Always fill in NewArgv for audit code.
12525: [7c3aca60519f]
12526:
12527: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
12528: Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
12529: [007cf6560f92]
12530:
12531: * common/alloc.c, common/atobool.c, common/fileops.c,
12532: common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
12533: common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
12534: compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
12535: compat/getprogname.c, compat/glob.c, compat/isblank.c,
12536: compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
12537: compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
12538: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
12539: compat/unsetenv.c, compat/utimes.c, include/compat.h,
12540: plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
12541: plugins/sample_group/plugin_test.c,
12542: plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
12543: plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
12544: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
12545: plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
12546: plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
12547: plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
12548: src/sudo_noexec.c, src/ttysize.c:
12549: Make local includes consistent; use double quotes for local includes
12550: except for generated ones where we use angle brackets. Also g/c
12551: unused compat.h.
12552: [e57070dc8f04]
12553:
12554: 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
12555:
12556: * plugins/sudoers/match.c:
12557: When matching the runas user and runas group (-u and -g command line
12558: options), keep track of runas group and runas user matches
12559: separately. Only return a positive match if we have a match for both
12560: runas user and runas group (if specified).
12561: [815219e04cc8]
12562:
12563: 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
12564:
12565: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
12566: Add support for multiple URI lines by joining the contents and
12567: passing the result to ldap_initialize.
12568: [a47cae3b72e8]
12569:
12570: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
12571: Do not return -1 on error from the display functions; the caller
12572: expects a return value >= 0.
12573: [101456a7dd00]
12574:
12575: * plugins/sudoers/sudoers.c:
12576: Do not set both MODE_EDIT and MODE_RUN
12577: [8faa36694d54]
12578:
12579: 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
12580:
12581: * include/missing.h:
12582: Move includes to the top of the file.
12583: [a51436798e8c]
12584:
12585: 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
12586:
12587: * plugins/sudoers/Makefile.in:
12588: Add missing definition of timedir
12589: [458a749c2c5e]
12590:
12591: * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
12592: compat/mksiglist.c, compat/strsignal.c,
12593: plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
12594: Add #include of sys/types.h for .c files that include missing.h to
12595: be sure that size_t and ssize_t are defined.
12596: [08e3132dbf4f]
12597:
12598: * plugins/sudoers/Makefile.in:
12599: Install sudoers file from the build dir not hte src dir.
12600: [ca89e962dbf4]
12601:
12602: 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
12603:
12604: * plugins/sudoers/set_perms.c:
12605: If runas_pw changes, reset the stashed runas aux group vector.
12606: Otherwise, if runas_default is set in a per-command Defaults
12607: statement, the command runs with root's aux group vector (i.e. the
12608: one that was used when locating the command).
12609: [24f9107cedd2]
12610:
12611: * plugins/sudoers/Makefile.in:
12612: Add target to generate sudoers file Remove generated sudoers file as
12613: part of distclean
12614: [fb7422e90f03]
12615:
12616: 2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
12617:
12618: * src/exec.c:
12619: When not logging I/O install a handler for SIGCONT and deliver it to
12620: the command upon resume. Fixes bugzilla #431
12621: [495dce52a5aa]
12622:
12623: 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
12624:
12625: * plugins/sudoers/sudoers.h:
12626: g/c unused auth_pw extern definition
12627: [40eb7477ba17]
12628:
12629: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
12630: Move get_auth() into check.c where it is actually used.
12631: [e31db0ce3a61]
12632:
12633: 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
12634:
12635: * common/lbuf.c:
12636: Convert a remaining puts() and putchar() to use the output function.
12637: [d69e363a506b]
12638:
12639: * plugins/sudoers/plugin_error.c:
12640: Plug memory leak
12641: [68895469ea8d]
12642:
12643: 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
12644:
12645: * plugins/sudoers/env.c:
12646: Set dupcheck to TRUE when setting new HOME value if !env_reset but
12647: always_set_home is true. Prevents a duplicate HOME in the
12648: environment (old value plus the new one) introduced in f421f8827340.
12649: [9ca19183794f]
12650:
12651: * configure, configure.in, plugins/sudoers/sudoers,
12652: plugins/sudoers/sudoers.in:
12653: Substitute sysconfdir in the installed sudoers file to get the
12654: correct path for sudoers.d.
12655: [86072b6cd55d]
12656:
12657: 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
12658:
12659: * src/get_pty.c:
12660: Fix typo that prevented compilation on Irix; Friedrich Haubensak
12661: [b48be51b65fc]
12662:
12663: 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
12664:
12665: * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
12666: common/atobool.c, common/fileops.c, common/fmt_string.c,
12667: common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
12668: compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
12669: compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
12670: compat/getprogname.c, compat/glob.c, compat/isblank.c,
12671: compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
12672: compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
12673: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
12674: compat/unsetenv.c, compat/utimes.c, include/compat.h,
12675: include/missing.h, plugins/sample/sample_plugin.c,
12676: plugins/sample_group/getgrent.c,
12677: plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
12678: plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
12679: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
12680: plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
12681: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
12682: plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
12683: src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
12684: Merge compat.h and missing.h into missing.h
12685: [572909ae9716]
12686:
12687: 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
12688:
12689: * plugins/sudoers/auth/pam.c:
12690: If the user hits ^C while a password is being read, error out before
12691: reading any further passwords in the pam conversation function.
12692: Otherwise, if multiple PAM auth methods are required, the user will
12693: have to hit ^C for each one.
12694: [23782631748c]
12695:
12696: 2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
12697:
12698: * plugins/sudoers/check.c:
12699: Update comment
12700: [a5296cb3a20a]
12701:
12702: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
12703: Document sudo_conv_t function and sudo_printf_t return values.
12704: [745c0017814c]
12705:
12706: * src/conversation.c:
12707: Make _sudo_printf return the number of characters printed on success
12708: like printf(3).
12709: [8eeefe8d7e77]
12710:
12711: 2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
12712:
12713: * plugins/sudoers/sudoers.c:
12714: sudoers.h includes sudo_plugin.h for us
12715: [cabe68e07807]
12716:
12717: * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
12718: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
12719: src/sudo_edit.c:
12720: Use gettimeofday() directly instead of via the gettime() wrapper.
12721: [7490426c99ae]
12722:
12723: * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
12724: compat/strerror.c, config.h.in, configure, configure.in,
12725: include/compat.h, include/missing.h, plugins/sudoers/logging.c,
12726: plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
12727: Remove some obsolete configure tests, ancient Unix systems are no
12728: longer supported.
12729: [2be6218c3a36]
12730:
12731: 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
12732:
12733: * sudo.pp:
12734: Set pp_kit_version and strip off patch level
12735: [aacfda1b676d]
12736:
12737: * sudo.pp:
12738: Better handling of versions with a patchlevel. For rpm and deb, use
12739: the patchlevel+1 as the release. For AIX, use the patchlevel as the
12740: 4th version number. For the rest, just leave the patchlevel in the
12741: version string.
12742: [638bd35f2346]
12743:
12744: 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
12745:
12746: * plugins/sudoers/auth/sudo_auth.c:
12747: For non-standalone auth methods, stop reading the password if the
12748: user enters ^C at the prompt.
12749: [82c2911bb264]
12750:
12751: * configure, configure.in, plugins/sudoers/Makefile.in,
12752: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
12753: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
12754: plugins/sudoers/pwutil.c:
12755: No need to look up shadow password unless we are doing password-
12756: style authentication. This moves the shadow password lookup to the
12757: auth functions that need it.
12758: [ba9e3eba2b72]
12759:
12760: * plugins/sudoers/sudoers.c:
12761: Retain final passwd/group refs until the policy close() function.
12762: Note that this doesn't get called in all cases so putting this in a
12763: cleanup function is probably better.
12764: [bbe214cb4119]
12765:
12766: * plugins/sudoers/check.c:
12767: Fix mismerge
12768: [395115f89dd6]
12769:
12770: * plugins/sudoers/check.c:
12771: When removing/resetting the timestamp file ignore the tty ticket
12772: contents.
12773: [b709f5667a0b]
12774:
12775: * plugins/sudoers/sudoers.c:
12776: delref sudo_user.pw, runas_pw and runas_gr immediately before we
12777: return.
12778: [4d67d15dfd3b]
12779:
12780: 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
12781:
12782: * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
12783: plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
12784: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
12785: Reference count cached passwd and group structs. The cache holds one
12786: reference itself and another is added by sudo_getgr{gid,nam} and
12787: sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
12788: group structs are persistent for now.
12789: [e544685523c3]
12790:
12791: * doc/UPGRADE:
12792: fix typo
12793: [e32f2d35e6c9]
12794:
12795: 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
12796:
12797: * plugins/sudoers/check.c:
12798: Do not produce a warning for "sudo -k" if the ticket file does not
12799: exist.
12800: [1598f6061b75]
12801:
12802: * plugins/sudoers/pwutil.c:
12803: Instead of caching struct passwd and struct group in the red-black
12804: tree, store a struct cache_item which includes both the key and
12805: datum. This allows us to user the actual name that was looked up as
12806: the key instead of the contents of struct passwd or struct group.
12807: This matters because the name in the database may not match what we
12808: looked up, due either to case folding or truncation (historically at
12809: 8 characters). Also mark the disabled calls to sudo_freepwcache()
12810: and sudo_freegrcache() as broken since we use cached data for things
12811: like set_perms() and the logging functions. Fixing this would
12812: require making a copy of the structs for user and runas or adding a
12813: reference count (better).
12814: [225d4a22f60e]
12815:
12816: * plugins/sudoers/Makefile.in:
12817: Fix path to mkinstalldirs
12818: [b4968379b12d]
12819:
12820: * plugins/sudoers/check.c, plugins/sudoers/logging.c,
12821: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
12822: src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
12823: Quiet gcc warnings on glibc systems that use warn_unused_result for
12824: write(2) and others.
12825: [c99f138960e0]
12826:
12827: 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
12828:
12829: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
12830: Add %option noinput
12831: [72b9cd49b4f1]
12832:
12833: * aclocal.m4, configure, configure.in:
12834: Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
12835: back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
12836: cross-compiling.
12837: [e385c176d0ee]
12838:
12839: 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
12840:
12841: * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
12842: Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
12843: and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
12844: [cf3e60d9c440]
12845:
12846: 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
12847:
12848: * pp:
12849: Update to latest version
12850: [32f93be33961]
12851:
12852: 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
12853:
12854: * sudo.pp:
12855: Let pp determine pp_aix_version itself.
12856: [7cf0245d84ed]
12857:
12858: * INSTALL, config.h.in, configure, configure.in, mkpkg,
12859: plugins/sudoers/sudoers.c:
12860: Add support for Ubuntu admin flag file and enable it when building
12861: Ubuntu packages.
12862: [00e27cff2dfb]
12863:
12864: * plugins/sudoers/sudoers, sudo.pp:
12865: Add commented out SuSE-like targetpw settings
12866: [4605d47b7413]
12867:
12868: * configure, configure.in:
12869: Only try to use +DAportable for non-GCC on hppa
12870: [75d0f284ccf7]
12871:
12872: * configure, configure.in:
12873: Prevent configure from adding the -g flag unless in devel mode
12874: [b1fd3f8d45c0]
12875:
12876: 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
12877:
12878: * sudo.pp:
12879: Go back to sudo-flavor to match existing packages and only use an
12880: underscore for those that need it.
12881: [d737069d1e1c]
12882:
12883: * sudo.pp:
12884: Use sudo_$flavor instead of sudo-$flavor since that causes the least
12885: amount of trouble for the various package managers.
12886: [71f547af35fc]
12887:
12888: * mkpkg:
12889: Fix handling of the ldap flavor Remove destdir unless --debug was
12890: specified Make distclean before running configure if there is a
12891: Makefile present
12892: [6316f08de7d3]
12893:
12894: * sudo.pp:
12895: Add back include file.
12896: [195627bf68b8]
12897:
12898: * mkpkg:
12899: Pass extra args on to configure on HP-UX, if we don't have the HP C
12900: compiler, disable zlib to prevent gcc from finding it in
12901: /usr/local/lib.
12902: [473efa0e2bac]
12903:
12904: * mkpkg:
12905: Use the HP ANSI C compiler on HP-UX if possible
12906: [fb249b6b175d]
12907:
12908: * plugins/sudoers/sudoreplay.c:
12909: Some getline() implementations (FreeBSD 8.0) do not ignore the
12910: length pointer when the line pointer is NULL as they should.
12911: [2410a1a3543c]
12912:
12913: * plugins/sudoers/sudoreplay.c:
12914: Don't need to check for *cp being non-zero, isdigit() will do that.
12915: [7df11ea8a487]
12916:
12917: * plugins/sudoers/sudoreplay.c:
12918: Add setlocale() so the command line arguments that use floating
12919: point work in different locales. Since sudo now logs the timing data
12920: in the C locale we must Parse the seconds in the timing file
12921: manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
12922: the number of seconds with the user's locale so if the decimal point
12923: is not '.' try using the locale-specific version.
12924: [4d385765f23b]
12925:
12926: * src/exec.c:
12927: Do I/O logging in the C locale so the floating point numbers in the
12928: timing file are not locale-dependent.
12929: [5961cec044ec]
12930:
12931: * plugins/sudoers/sudoreplay.c:
12932: Use errorx() not error() for thingsthat don't set errno.
12933: [0fe5e692af84]
12934:
12935: 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
12936:
12937: * pp:
12938: Better support for 1.2.3 style versions in Tru64 kits
12939: [997c549bb777]
12940:
12941: * sudo.pp:
12942: Add Tru64 kit support
12943: [e273a954f981]
12944:
12945: * pp:
12946: Remove apparently unnecessary use of sudo
12947: [be8840d85125]
12948:
12949: * Makefile.in, plugins/sudoers/Makefile.in:
12950: Create timedir as part of install-dirs target.
12951: [c736bc2fb14f]
12952:
12953: * src/exec_pty.c:
12954: Handle ENXIO from read/write which can occur when reading/writing a
12955: pty that has gone away.
12956: [fa2e8059879f]
12957:
12958: * plugins/sudoers/pwutil.c:
12959: sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
12960: [3a045475d5ee]
12961:
12962: * mkpkg:
12963: platform is a pp flag not a variable
12964: [12eba39a47c1]
12965:
12966: * Makefile.in, mkpkg, sudo.pp:
12967: Add simple arg parsing for mkpkg so we can set debug, flavor or
12968: platform.
12969: [ada839fe252d]
12970:
12971: * pp:
12972: Make rpm backend work on AIX 5.x
12973: [549a76d11393]
12974:
12975: 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
12976:
12977: * plugins/sudoers/sudoers:
12978: Add commented out Defaults entry for log_output
12979: [7e67d7588900]
12980:
12981: 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
12982:
12983: * doc/Makefile.in:
12984: Remove sudo docdir completely
12985: [dce8e82878ef]
12986:
12987: * doc/sample.sudo.conf:
12988: Add sample sudo.conf
12989: [aafdba3fc411]
12990:
12991: 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
12992:
12993: * plugins/sudoers/Makefile.in:
12994: Add PACKAGE_TARNAME for docdir
12995: [930c92b8f8f0]
12996:
12997: 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
12998:
12999: * src/Makefile.in:
13000: Pass install-sh -b~ here too.
13001: [c3f5eb446c38]
13002:
13003: * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
13004: plugins/sudoers/Makefile.in, src/Makefile.in:
13005: Install binary files with -b~ to make a backup. Fixes "text file
13006: busy" error on HP-UX during install.
13007: [81f306f54f8c]
13008:
13009: * install-sh:
13010: "mv -f" on HP-UX doesn't unlink the destination first so add an
13011: explicit rm before moving the temporary into place.
13012: [fb719a79582d]
13013:
13014: * configure, configure.in:
13015: Some more ${foo} -> $(foo) conversion for consistent Makefiles.
13016: [0aa098770074]
13017:
13018: * doc/Makefile.in, plugins/sudoers/Makefile.in:
13019: Install sudoers2ldif in the doc dir
13020: [33ac3b53d7f5]
13021:
13022: 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
13023:
13024: * pathnames.h.in:
13025: Add missing include of maillock.h for Solaris
13026: [5a58883be23a]
13027:
13028: * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
13029: doc/sample.syslog.conf, doc/sudoers.cat:
13030: Change the default syslog facility from local2 to authpriv (or auth
13031: if the operating system doesn't support authpriv).
13032: [3b70ba514f49]
13033:
13034: * Makefile.in, sudo.pp:
13035: Install sudoers as /etc/sudoers on RPM and debian systems where the
13036: package manager will not replace a user-modified configuration file.
13037: This fixes upgrades from the vendor sudo packages.
13038: [d886b6d60b5b]
13039:
13040: * pp:
13041: RPM: use %config(noreplace) instead of %config for volatile This
13042: results in the new file being installed with a .rpmnew suffix
13043: instead of the file being replaced and the old one renamed with a
13044: .rpmsave suffix.
13045: [58be2119f8e8]
13046:
13047: 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
13048:
13049: * compat/mkstemps.c, plugins/sudoers/boottime.c:
13050: Include time.h for struct timeval
13051: [ddf8b04f0276]
13052:
13053: * src/exec_pty.c:
13054: The return value of strsignal() may be const and should be treated
13055: as const regardless.
13056: [620074ae1e77]
13057:
13058: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
13059: Mention that 127.0.0.1 will not match, nor will localhost unless
13060: that is the actual host name.
13061: [8b574122eb8f]
13062:
13063: * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
13064: Rename WHATSNEW -> NEWS
13065: [d1a2c8c47d89]
13066:
13067: * pp:
13068: Updated pp with latest patches
13069: [98e16b9b8f62]
13070:
13071: * WHATSNEW:
13072: Sync with 1.7.4
13073: [65ac4dafeef7]
13074:
13075: * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
13076: plugins/sudoers/sudoers:
13077: Add commented out line to add HOME to env_keep and add a warning to
13078: the note about the HOME change in UPGRADE.
13079: [0d6a775bb6c8]
13080:
13081: 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
13082:
13083: * plugins/sudoers/sudoreplay.c:
13084: Add LINE_MAX define for those without it.
13085: [446d9dbe7859]
13086:
13087: * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
13088: doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
13089: plugins/sudoers/defaults.c:
13090: The tty_tickets option is now on by default.
13091: [a01c48206d80]
13092:
13093: * WHATSNEW:
13094: Mention that AIX authdb support has been fixed.
13095: [87bd7f4eba6a]
13096:
13097: * common/aix.c:
13098: setauthdb() only sets the "old" registry if it was set by a previous
13099: call to setauthdb(). To restore the original value, passing NULL (or
13100: an empty string) to setauthdb() is sufficient.
13101: [470da190a254]
13102:
13103: 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
13104:
13105: * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
13106: doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
13107: plugins/sudoers/env.c:
13108: Reset HOME when env_reset is enabled unless it is in env_keep
13109: [f421f8827340]
13110:
13111: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
13112: The default for set_logname has been "true" for some time now.
13113: [f489da5674c3]
13114:
13115: * plugins/sudoers/boottime.c:
13116: Add missing include of time.h
13117: [624d7014932f]
13118:
13119: * plugins/sudoers/logging.c:
13120: Fix check for dup2() return value.
13121: [140ea2d50d20]
13122:
13123: * plugins/sudoers/env.c:
13124: Add PYTHONUSERBASE to initial_badenv_table
13125: [3149aae5b12c]
13126:
13127: * plugins/sudoers/visudo.c:
13128: Treat an unknown defaults entry as a parse error.
13129: [b3ebad73efb2]
13130:
13131: * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
13132: Check return value of setdefs() but don't stop setting defaults if
13133: we hit an unknown one.
13134: [945e752239ab]
13135:
13136: * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
13137: doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
13138: doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
13139: plugins/sudoers/env.c:
13140: If env_reset is enabled, set the MAIL environment variable based on
13141: the target user unless MAIL is explicitly preserved in sudoers.
13142: [a1b03e2e0e96]
13143:
13144: 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
13145:
13146: * pp:
13147: decode debian code names
13148: [8741280d9960]
13149:
13150: * WHATSNEW:
13151: fix typo
13152: [a8a19451110b]
13153:
13154: 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
13155:
13156: * WHATSNEW:
13157: Merge with 1.7.4
13158: [9348fa7e15b8]
13159:
13160: * src/sudo.c:
13161: Restore RLIMIT_NPROC after the uid switch if it appears that
13162: runas_setup() did not do it for us. Fixes a bash script problem on
13163: SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
13164: [786fb272e5fd]
13165:
13166: 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
13167:
13168: * mkpkg, pp, sudo.pp:
13169: Restore the dot removal in the os version reported by polypkg. Adapt
13170: mkpkg and sudo.pp to the change.
13171: [dcafdd53b88f]
13172:
13173: 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
13174:
13175: * INSTALL:
13176: document --with-pam-login
13177: [ea93e4c6873c]
13178:
13179: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
13180: The tag is NOSETENV, not UNSETENV. From Petr Uzel.
13181: [2ac90d8de36e]
13182:
13183: 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
13184:
13185: * sudo.pp:
13186: Include flavor in solaris package name
13187: [e605f6364c9f]
13188:
13189: * mkpkg:
13190: Older shells don't support IFS= so set explictly to space, tab,
13191: newline.
13192: [7773960bc8a0]
13193:
13194: * mkpkg:
13195: Use '=' not '==' in test
13196: [c99d42bc48e6]
13197:
13198: * mkpkg:
13199: Fix typo that prevented debian from matching
13200: [84421078fcb7]
13201:
13202: * mkpkg:
13203: Add missing prefix setting for debian
13204: [6466f23de4aa]
13205:
13206: * sudo.pp:
13207: Use tab indents to reduce the chance of problem with <<- Fix the
13208: debian %set section, pp does not set pp_deb_distro Uncomment %sudo
13209: line in sudoers for debian Uncomment some env_keep lines for RHEL,
13210: SLES and debian to more closely match the vendor sudoers files. Add
13211: /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
13212: debian for ldap flavor
13213: [c5b49feb1a0c]
13214:
13215: * plugins/sudoers/sudoers:
13216: Add commented out env_keep entries, sample Aliases and a %sudo line
13217: for debian.
13218: [387719e52d0f]
13219:
13220: * configure, configure.in:
13221: Move zlib check later on in the script to avoid a strange shell
13222: problem on SLES11.
13223: [1a3153bb1291]
13224:
13225: * configure.in:
13226: Remove check for egrep; configure has its own
13227: [a3b9d98cb5d2]
13228:
13229: 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
13230:
13231: * mkpkg:
13232: Enable zlib for linux distros
13233: [8fa51a1405a4]
13234:
13235: * mkpkg:
13236: Add ldap flavor to default build
13237: [97644f5a555f]
13238:
13239: * mkpkg, sudo.pp:
13240: Simplify rpm linux distro settings
13241: [b9dcf10cdf20]
13242:
13243: * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
13244: Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
13245: [2c549c1acde9]
13246:
13247: * Makefile.in:
13248: Fix ChangeLog creation from build dir
13249: [3d0c7904f173]
13250:
13251: * plugins/sudoers/sudoers.c:
13252: Handle getcwd() failure.
13253: [aef7bef87394]
13254:
13255: * doc/Makefile.in, mkpkg, sudo.pp:
13256: Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
13257: environment variable.
13258: [be6ed611b7a8]
13259:
13260: * sudo.pp:
13261: Create sudo group on debian
13262: [6ed6c032042e]
13263:
13264: * mkpkg, sudo.pp:
13265: Add debian 4/5/6 and use the dot when doing version matches
13266: [6bcb664d1f4f]
13267:
13268: * aclocal.m4, configure:
13269: Use a loop when searching for mv, sendmail and sh
13270: [d5e9369f8d13]
13271:
13272: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
13273: Remove spurious "and"; from debian
13274: [a21e6f7c5b99]
13275:
13276: * aclocal.m4, configure, configure.in, doc/sudoers.cat,
13277: doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
13278: doc/visudo.man.in, doc/visudo.pod:
13279: Substitute the value of EDITOR into the sudoers and visudo manuals.
13280: [cd79e587dd7f]
13281:
13282: 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
13283:
13284: * mkpkg, pp, sudo.pp:
13285: Initial support for debian 4.0
13286: [ac6707915fa8]
13287:
13288: * mkpkg:
13289: Some platforms need -fPIE instead of -fpie
13290: [fd6be19e5bc2]
13291:
13292: * plugins/sudoers/auth/pam.c:
13293: Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
13294: On Linux it causes a DNS lookup via libaudit.
13295: [1e10105ade5b]
13296:
13297: * MANIFEST:
13298: Update MANIFEST to match packaging changes
13299: [ef86ee557b5b]
13300:
13301: * sudo.psf:
13302: We now use pp to generate HP-UX packages
13303: [f7aa8da7844e]
13304:
13305: * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
13306: Remove vestiges of old binary package bits.
13307: [afffd005452f]
13308:
13309: * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
13310: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
13311: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
13312: src/Makefile.in:
13313: install-man -> install-doc
13314: [99b5fa05567c]
13315:
13316: * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
13317: plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
13318: Use http://rc.quest.com/topics/polypkg/ for packaging
13319: [5ca8eb75b223]
13320:
13321: * install-sh:
13322: Just ignore the -c option, it is the default Add support for -d
13323: option
13324: [a8b6b0a131e8]
13325:
13326: 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
13327:
13328: * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
13329: Use _PATH_STDPATH instead of _PATH_DEFPATH
13330: [137fa911908e]
13331:
13332: * plugins/sudoers/Makefile.in, src/Makefile.in:
13333: Do not strip binaries.
13334: [20166e287176]
13335:
13336: * INSTALL, configure, configure.in:
13337: Add --insults=disabled configure option to allow people to build in
13338: insult support but have the insults disabled unless explicitly
13339: enabled in sudoers.
13340: [523b8c552e90]
13341:
13342: * compat/mkstemps.c:
13343: Add prototype for gettime()
13344: [275eee40473b]
13345:
13346: * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
13347: plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
13348: plugins/sudoers/sudoers.h:
13349: Add support for a sudo-i pam.d file to be used for "sudo -i".
13350: Adapted from a RedHat patch.
13351: [06d34f16520b]
13352:
13353: 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
13354:
13355: * include/missing.h:
13356: Fix mkstemps() prototype
13357: [2421841e815b]
13358:
13359: * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
13360: config.h.in, configure, configure.in, include/missing.h,
13361: src/sudo_edit.c:
13362: Use mkstemps() instead of mkstemp() in sudoedit. This allows
13363: sudoedit to preserve the file extension (if any) which may be used
13364: by the editor (like emacs) to choose the editing mode.
13365: [d33172d2c086]
13366:
13367: 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
13368:
13369: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
13370: plugins/sudoers/ldap.c:
13371: TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
13372: TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
13373: code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
13374: should avoid disabling TLS_CHECKPEER is possible.
13375: [196622436212]
13376:
13377: 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
13378:
13379: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13380: Make sudo_plugin format a bit more like a man page
13381: [048d596e32da]
13382:
13383: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
13384: Add suport for negated user/host/command lists in a Defaults entry.
13385: E.g. Defaults:!baduser noexec
13386: [d41112cf0342]
13387:
13388: * Makefile.in, common/Makefile.in, compat/Makefile.in,
13389: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
13390: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
13391: src/Makefile.in:
13392: Add uninstall target
13393: [fea66ebf136a]
13394:
13395: * common/Makefile.in, compat/Makefile.in:
13396: Remove unused AR, SED and RANLIB variables
13397: [2ff9928bfdb3]
13398:
13399: * Makefile.in:
13400: Do not install sample plugins
13401: [5443b87bd1c3]
13402:
13403: 2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
13404:
13405: * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
13406: configure.in, plugins/sudoers/env.c:
13407: Now that sudoers is a dynamically loaded module we cannot override
13408: the libc environment functions because the symbols may already have
13409: been resolved via libc. Remove getenv/putenv/setenv/unsetenv
13410: replacements from sudoers and add replacements for setenv/unsetenv
13411: for systems that lack them.
13412: [3f2b43cb8851]
13413:
13414: * configure, configure.in, plugins/sudoers/Makefile.in:
13415: Link testsudoers with -ldl when needed
13416: [f79606f9fcd7]
13417:
13418: * plugins/sample_group/plugin_test.c:
13419: Remove unused time.h and add limits.h for PATH_MAX
13420: [3f5d0074d621]
13421:
13422: * doc/sudoers.ldap.pod:
13423: Fix typo.
13424: [bc855fd57397]
13425:
13426: 2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
13427:
13428: * plugins/sample_group/plugin_test.c:
13429: Do not depend on strlcpy/strlcat
13430: [6e7e2b5af051]
13431:
13432: * plugins/sample_group/plugin_test.c:
13433: Standalone test driver for sudoers group plugin.
13434: [eb1235fc3b8e]
13435:
13436: 2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
13437:
13438: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
13439: Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
13440: aid.
13441: [2a34e616229b]
13442:
13443: * plugins/sample_group/sample_group.c:
13444: Fix style nit in function declarations
13445: [ab87c7c76bf9]
13446:
13447: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
13448: Document group_plugin syntax.
13449: [ed1faf72ddcb]
13450:
13451: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13452: Document the sudoers group plugin.
13453: [f19a62dc8cfc]
13454:
13455: * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
13456: configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
13457: plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
13458: plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
13459: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
13460: plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
13461: plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
13462: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
13463: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
13464: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
13465: Replace built-in non-unix group support with a sudoers group plugin.
13466: Include a sample plugin that can read Unix-format group files.
13467: [8fc58ce0b1a8]
13468:
13469: * configure, configure.in, src/load_plugins.c:
13470: Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
13471: [5c491dddb8ef]
13472:
13473: 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
13474:
13475: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
13476: doc/sudoers.man.in, doc/sudoers.pod:
13477: Move sudoers-specific bits out of sudo(8) and into sudoers(5)
13478: [e8a5a5830cfe]
13479:
13480: * aclocal.m4, configure, configure.in:
13481: Substitute @io_logdir@ for the sudoers I/O log directory.
13482: [21a75ca7b0ab]
13483:
13484: 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
13485:
13486: * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
13487: common/atobool.c, common/fileops.c, common/fmt_string.c,
13488: common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
13489: compat/getgrouplist.c, compat/getline.c, compat/glob.c,
13490: compat/snprintf.c, config.h.in, configure, configure.in,
13491: include/fileops.h, plugins/sample/sample_plugin.c,
13492: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
13493: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
13494: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
13495: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
13496: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
13497: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
13498: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
13499: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
13500: plugins/sudoers/boottime.c, plugins/sudoers/check.c,
13501: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
13502: plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
13503: plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
13504: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
13505: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
13506: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
13507: plugins/sudoers/logging.c, plugins/sudoers/match.c,
13508: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
13509: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
13510: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
13511: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
13512: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
13513: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
13514: src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
13515: src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
13516: src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
13517: Set usrinfo for AIX Set adminstrative domain for the process when
13518: looking up user's password or group info and when preparing for
13519: execve(). Include strings.h even if string.h exists since they may
13520: define different things. Fixes warnings on AIX and others.
13521: [cf8b93e872c9]
13522:
13523: * Makefile.in:
13524: Add a separate all target for AIX make which was using the entire
13525: LHS (not just the first entry) of the first target as the implicit
13526: target.
13527: [a45b980a01ef]
13528:
13529: * plugins/sudoers/env.c:
13530: Do not rely on env.env_len when unsetting a variable, just use the
13531: NULL terminator.
13532: [ca6eb239c829]
13533:
13534: * plugins/sudoers/env.c:
13535: In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
13536: [7046ba7caa4e]
13537:
13538: 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
13539:
13540: * plugins/sudoers/vasgroups.c:
13541: Use warningx() instead of log_error() since the latter is not
13542: available to visudo or testsudoers. This does mean that they don't
13543: end up in syslog.
13544: [152b7c50f426]
13545:
13546: * plugins/sudoers/sudoers.c:
13547: Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
13548: closed the sudoers sources. From Quest sudo.
13549: [c1cd573bab94]
13550:
13551: * plugins/sudoers/pwutil.c:
13552: Ignore case when matching user/group names in the cache. From Quest
13553: sudo.
13554: [2aa4ecc7d7f5]
13555:
13556: 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
13557:
13558: * config.h.in, configure, configure.in, src/selinux.c:
13559: Add check for setkeycreatecon() when --with-selinux is specified.
13560: [affae247b4e0]
13561:
13562: * configure, configure.in:
13563: Error out if libaudit.h is missing or ununable when --with-linux-
13564: audit was specified
13565: [d82e743fac04]
13566:
13567: * doc/HISTORY, doc/history.pod:
13568: Add =head3 entries, mostly for the html version
13569: [ee93112d0308]
13570:
13571: 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
13572:
13573: * doc/HISTORY, doc/history.pod:
13574: Mention when LDAP was incorporate.
13575: [2923dc17f79c]
13576:
13577: 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
13578:
13579: * configure, configure.in:
13580: Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
13581: not covered by _ALL_SOURCE.
13582: [c92fd69809d0]
13583:
13584: 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
13585:
13586: * plugins/sudoers/iolog.c:
13587: Add a cast to quiet a compiler warning.
13588: [a200e07ee1bc]
13589:
13590: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
13591: Quiet a compiler warning.
13592: [c9acfc927cea]
13593:
13594: * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
13595: Call set_fqdn() after sudoers has parsed instead of inline as a
13596: callback.
13597: [5f4e5d075f2d]
13598:
13599: * WHATSNEW, plugins/sudoers/sudoers.c:
13600: Do not call set_fqdn() until sudoers parses (where is gets run as a
13601: callback).
13602: [09040fca6d40]
13603:
13604: * WHATSNEW:
13605: mention the change in tty ticket behavior when there is no tty
13606: [575a1fd98f05]
13607:
13608: * plugins/sudoers/check.c:
13609: Do not update tty ticket if there is no tty.
13610: [63f9c33ce6a7]
13611:
13612: * doc/LICENSE, doc/license.pod:
13613: Update copyright year
13614: [0722ab5d404b]
13615:
13616: * doc/Makefile.in:
13617: Do not rely on BSD make's $>
13618: [936a86398bd9]
13619:
13620: * configure, configure.in:
13621: Set timedir to /var/db/sudo for darwin to match Apple sudo's
13622: location
13623: [d5b9b03096f1]
13624:
13625: 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
13626:
13627: * plugins/sudoers/sudoers.h:
13628: Add stub declarations for struct stat and struct timeval
13629: [f6d90551a4fd]
13630:
13631: * MANIFEST:
13632: Remove compat/sigaction.c
13633: [d0ed6d9a770e]
13634:
13635: * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
13636: plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
13637: Check for zlib.h in addition to libz.
13638: [6e191b4a6065]
13639:
13640: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
13641: src/sudo_exec.h:
13642: Move functions and symbols shared between exec.c and exec_pty.c into
13643: sudo_exec.h.
13644: [14ae63403544]
13645:
13646: * doc/Makefile.in:
13647: Comment out rules to build .man.in and .cat files unless --with-
13648: devel
13649: [3cf7e5606a85]
13650:
13651: * doc/Makefile.in:
13652: Comment out rules to build .man.in and .cat files unless --with-
13653: devel
13654: [d30495b0e29e]
13655:
13656: * src/parse_args.c:
13657: Quote any non-alphanumeric characters other than '_' or '-' when
13658: passing a command to be run via the shell for the -s and -i options.
13659: [d633f74fe2d9]
13660:
13661: * doc/Makefile.in:
13662: Add back .man suffix
13663: [6e63b60a2739]
13664:
13665: * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
13666: plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
13667: plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
13668: plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
13669: src/selinux.c:
13670: Add Linux audit support.
13671: [5a2f445e0bd4]
13672:
13673: 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
13674:
13675: * plugins/sudoers/iolog.c:
13676: Remove an XXX
13677: [a170cbe651d1]
13678:
13679: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
13680: plugins/sudoers/sudoreplay.c:
13681: Add -f (filter) option to sudoreplay to allow certain streams to be
13682: replayed and others ignored.
13683: [62e51b432ea1]
13684:
13685: * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
13686: src/tgetpass.c:
13687: Fix -A flag when askpass is specified in sudo.conf or if sudo
13688: doesn't need to read a password.
13689: [2e401e4a00e3]
13690:
13691: * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
13692: src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
13693: Clean up some XXXs
13694: [689f0b002d3d]
13695:
13696: * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
13697: doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
13698: Add support for multiple sudoers_base entries in ldap.conf. From
13699: Joachim Henke
13700: [e3e4a3c2bd5b]
13701:
13702: * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
13703: src/exec_pty.c:
13704: remove setsid check, we require a POSIX system
13705: [cc73cb9e22c0]
13706:
13707: * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
13708: src/sudo.c, src/tgetpass.c:
13709: Check for dup2() failure.
13710: [5d46d66794f5]
13711:
13712: * config.h.in, configure, configure.in:
13713: Remove dup2() check, it is not optional.
13714: [5f1d56de4384]
13715:
13716: 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
13717:
13718: * WHATSNEW:
13719: sync with sudo 1.7.3
13720: [88e5c0bd6d59]
13721:
13722: * INSTALL:
13723: SunOS does not ship with an ANSI compiler
13724: [f13c85c67069]
13725:
13726: * INSTALL:
13727: Update OS specific notes. Delete some really ancient ones and move
13728: older ones to the end of the list.
13729: [59ce592c4c52]
13730:
13731: * README:
13732: Sudo can be downloaded from the web site too Mention "OS dependent
13733: notes" section in INSTALL
13734: [191871538984]
13735:
13736: * src/exec_pty.c, src/selinux.c:
13737: Call selinux_restore_tty() as part of cleanup() so it gets called
13738: from error()/errorx()
13739: [bb017da6b6da]
13740:
13741: * MANIFEST, doc/PORTING:
13742: Remove obsolete porting guide
13743: [321e35591344]
13744:
13745: * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
13746: Move union sudo_in_addr_un into interfaces.h
13747: [b2c8b19ee094]
13748:
13749: * doc/Makefile.in:
13750: Remove useless circular dependencies
13751: [5682181b59cf]
13752:
13753: * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
13754: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
13755: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
13756: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
13757: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
13758: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
13759: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
13760: Convert to ANSI C function declarations
13761: [a4f76927d034]
13762:
13763: * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
13764: common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
13765: compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
13766: compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
13767: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
13768: compat/strlcpy.c, compat/timespec.h, compat/utime.h,
13769: compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
13770: include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
13771: include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
13772: plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
13773: plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
13774: plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
13775: plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
13776: plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
13777: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
13778: plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
13779: plugins/sudoers/logging.h, plugins/sudoers/match.c,
13780: plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
13781: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
13782: plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
13783: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
13784: plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
13785: plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
13786: src/conversation.c, src/error.c, src/load_plugins.c,
13787: src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
13788: src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
13789: Update copyright year
13790: [26ac7991f7d8]
13791:
13792: * doc/Makefile.in:
13793: Fix commented DEVDOCS when not in devel mode.
13794: [e0a97eaf3793]
13795:
13796: * plugins/sudoers/match.c:
13797: Quiet a compiler warning.
13798: [b2a17ebd5d38]
13799:
13800: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
13801: Quiet a compiler warning.
13802: [687843bc593d]
13803:
13804: * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
13805: Make all functions in ldap.c static
13806: [b2111e89eeba]
13807:
13808: * doc/schema.ActiveDirectory:
13809: Updates from Alain Roy to provide better examples for importing the
13810: schema and to fix problems caused by Windows validating attributes
13811: which have not yet been added before committing the changes.
13812: [69f4c5ccaf89]
13813:
13814: 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
13815:
13816: * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
13817: doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
13818: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
13819: doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
13820: doc/visudo.cat, doc/visudo.man.in:
13821: Leave rules to build .man.in and .cat files uncommented but only
13822: make them part of the "all" rule in devel mode. Generate .cat files
13823: directly from .man.in instead of .man using default values in
13824: configure.in
13825: [c3054a44f6a5]
13826:
13827: * configure, configure.in:
13828: Bump sudo version to 1.8.0b1
13829: [8f79c85135e1]
13830:
13831: * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
13832: Print configure args with verbose version information.
13833: [1ce690660ed2]
13834:
13835: * TODO, plugins/sudoers/visudo.c:
13836: Remove tfd from struct sudoersfile; it is not used. Add prev pointer
13837: to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
13838: Use tq_append to append sudoers entries to the tail queue.
13839: [1743f9a286e4]
13840:
13841: 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
13842:
13843: * WHATSNEW:
13844: Describe tty timestamp improvements
13845: [e214e863a313]
13846:
13847: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
13848: A comment character may not be part of a command line argument
13849: unless it is quoted with a backslash. Fixes parsing of: testuser
13850: ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
13851: [ea2e990f85ed]
13852:
13853: * doc/sudoers.pod:
13854: Make this read a little bit better when passwd_timeout is 0.
13855: [39d362757f31]
13856:
13857: * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
13858: Attempt to handle a default password prompt timeout of zero more
13859: gracefully.
13860: [ea47d43acf5b]
13861:
13862: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
13863: Do not override value of keepopen global, instead restore it to the
13864: value we pushed onto the stack when popping.
13865: [fe282e5a3402]
13866:
13867: * plugins/sudoers/Makefile.in:
13868: Add dependency for utility programs on libreplace and libcommon
13869: [2339aba64928]
13870:
13871: * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
13872: plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
13873: src/exec.c, src/exec_pty.c, src/tgetpass.c:
13874: Remove sigaction emulation Use SA_INTERRUPT in sa_flags
13875: [7dd61f1bd8d2]
13876:
13877: * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
13878: We don't use getgrouplist() at the moment so there's no need to
13879: provide a compat version.
13880: [1597536fbada]
13881:
13882: * TODO:
13883: sync with reality
13884: [9e1a874e7885]
13885:
13886: * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
13887: src/conversation.c, src/sudo.h, src/tgetpass.c:
13888: Fix visiblepw sudoers option; the plugin API portion still needs
13889: documenting
13890: [60b6933ef5e0]
13891:
13892: * src/sudo.c:
13893: Print sudo version as well.
13894: [987ed459b459]
13895:
13896: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
13897: Use sudo_printf for I/O log version Clarify policy plugin version
13898: string
13899: [5a58b7e8c80b]
13900:
13901: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
13902: plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
13903: Silence some compiler warnings
13904: [afb1eba90915]
13905:
13906: * src/load_plugins.c, src/tgetpass.c:
13907: Store askpass path in a global instead of uses setenv() which many
13908: systems lack.
13909: [b440bcc0e660]
13910:
13911: 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
13912:
13913: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
13914: doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
13915: plugins/sudoers/check.c, plugins/sudoers/def_data.c,
13916: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
13917: plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
13918: plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
13919: src/tgetpass.c:
13920: Move askpass path specification from sudoers to sudo.conf.
13921: [5507ab867c26]
13922:
13923: * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
13924: Use a flag bit in struct command_details for selinux instead of a
13925: separate field.
13926: [c59ca4acded9]
13927:
13928: * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
13929: Implement background mode. If I/O logging we use pipes instead of a
13930: pty.
13931: [c07a4b356cbd]
13932:
13933: * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
13934: src/exec.c, src/exec_pty.c, src/tgetpass.c:
13935: Move compat definition of NSIG to compat.h
13936: [ab0385467f25]
13937:
13938: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
13939: doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13940: Mention plugins in the sudo manual and add some missing path
13941: substitution in the sudo_plugin manual.
13942: [570f831f47a3]
13943:
13944: * src/Makefile.in:
13945: Set _PATH_SUDO_CONF based on $(sysconfdir)
13946: [fde51869cf07]
13947:
13948: * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
13949: src/exec.c, src/exec_pty.c, src/ttysize.c:
13950: Require POSIX termios to build sudo
13951: [9ec6b41f3f95]
13952:
13953: * src/tgetpass.c:
13954: Ignore SIGPIPE for "sudo -S"
13955: [7ad27fde0c06]
13956:
13957: * src/tgetpass.c:
13958: Fix uninitialized variable in TGP_ECHO case and print a newline if
13959: the user interrupted password input.
13960: [ce19204d8dd4]
13961:
13962: * src/tgetpass.c:
13963: Make TGP_ECHO override TGP_MASK and don't try to restore the
13964: terminal if we didn't modify it.
13965: [a7e11abfe7e4]
13966:
13967: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
13968: include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
13969: src/conversation.c, src/sudo.h, src/tgetpass.c:
13970: Add SUDO_CONV_PROMPT_MASK define which corresponds to the
13971: "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is set.
13972: [e0550590cabe]
13973:
13974: * src/exec_pty.c:
13975: Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
13976: [762448182fe3]
13977:
13978: 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
13979:
13980: * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
13981: Add selinux_enabled flag into struct command_details and set it in
13982: command_info_to_details(). Return an error from selinux_setup()
13983: instead of exiting. Call selinux_setup() from exec_setup().
13984: [011bea23a5a0]
13985:
13986: 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
13987:
13988: * src/exec_pty.c:
13989: Remove commented out copy of old sudo_execve() function.
13990: [9c5e21380472]
13991:
13992: 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
13993:
13994: * plugins/sudoers/sudoers.c:
13995: Fix setting selinux type on command line.
13996: [814b20a0b3be]
13997:
13998: * plugins/sudoers/iolog.c:
13999: In sudoers_io_close(), skip NULL io_fds[] elements.
14000: [4011ff7d4daf]
14001:
14002: * include/compat.h:
14003: No longer need NGROUPS_MAX define
14004: [cae4c49d7077]
14005:
14006: * compat/nanosleep.c, config.h.in, configure, configure.in,
14007: include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
14008: plugins/sudoers/visudo.c, src/sudo_edit.c:
14009: Replace timerfoo macros with timevalfoo since the timer macros are
14010: known to be busted on some systems.
14011: [4f97d79f2d41]
14012:
14013: * src/exec_pty.c:
14014: Remove duplicate call to selinux_setup().
14015: [82bd52764e21]
14016:
14017: * plugins/sudoers/auth/pam.c:
14018: If pam_open_session() fails, pass its status to pam_end.
14019: [1d8de4cf8ff3]
14020:
14021: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
14022: If a file in a #includedir has improper permissions or owner just
14023: skip it. This prevents packages that incorrectly install a file into
14024: /etc/sudoers.d from breaking sudo so easily. Syntax errors in
14025: #includedir files still result in a parse error (for now).
14026: [ade99a4549a4]
14027:
14028: * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
14029: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
14030: plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
14031: Add use_pty sudoers option to force use of a pty even when not
14032: logging I/O.
14033: [b280a8972a79]
14034:
14035: * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
14036: Make env_init() void as it never fails.
14037: [d3890e55daa7]
14038:
14039: * plugins/sudoers/env.c:
14040: No longer use _NSGetEnviron so don't need crt_externs.h
14041: [9b4e0e139881]
14042:
14043: * plugins/sudoers/env.c:
14044: Remove unused VNULL define
14045: [a42cacb263e3]
14046:
14047: 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
14048:
14049: * plugins/sudoers/iolog.c:
14050: Add #define for maximum session id
14051: [9e18c17a28c2]
14052:
14053: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
14054: Split exec.c into exec.c and exec_pty.c
14055: [d52376327332]
14056:
14057: * MANIFEST:
14058: Sync with source file moves.
14059: [4a62c6c9e846]
14060:
14061: * src/Makefile.in, src/get_pty.c, src/pty.c:
14062: Rename pty.c -> get_pty.c
14063: [5696a12bd29b]
14064:
14065: 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
14066:
14067: * plugins/sudoers/iolog.c:
14068: Only use I/O input log file if def_log_input is set and output file
14069: if def_log_output is set.
14070: [d866992f1681]
14071:
14072: 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
14073:
14074: * compat/strsignal.c:
14075: Update copyright year
14076: [a96f2593fd4e]
14077:
14078: * src/pty.c:
14079: uid -> ttyuid
14080: [c3454d74ebcb]
14081:
14082: * plugins/sudoers/sudoers.c:
14083: For sudoedit, make a local copy of editor string si become part of
14084: argv. If no editor environment variable, split def_editor on ':'
14085: since it may be a colon-delimited path.
14086: [2ee298506a6e]
14087:
14088: * src/sudo_edit.c:
14089: Remove unneeded endpwent()/endgrent()
14090: [623f6743d101]
14091:
14092: * doc/Makefile.in:
14093: Use value of nroff from configure
14094: [b2ce649125ab]
14095:
14096: * src/exec.c:
14097: Add missing const to I/O log action function
14098: [d764a3955e04]
14099:
14100: * plugins/sudoers/check.c:
14101: Update copyright year and fix whitespace
14102: [e648c35b16be]
14103:
14104: * configure, configure.in:
14105: Fix typo
14106: [8e0bdfc47da4]
14107:
14108: * plugins/sudoers/iolog.c:
14109: Remove redundant tty signal blocking in log function.
14110: [f17f575dabd4]
14111:
14112: 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
14113:
14114: * plugins/sudoers/iolog.c:
14115: Place static keyword where it belongs
14116: [b01aec7c86b4]
14117:
14118: * plugins/sudoers/logging.c:
14119: Always use a printf format string for send_mail()
14120: [13b1ada644c9]
14121:
14122: * common/atobool.c, plugins/sudoers/ldap.c:
14123: Extend atobool() so we can use it in the LDAP code.
14124: [73f8e6807044]
14125:
14126: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
14127: Sudo now stashes tty ctime for tty_tickets on Solaris too.
14128: [e82df13ad3fd]
14129:
14130: * plugins/sudoers/boottime.c:
14131: Fix dummy version of get_boottime()
14132: [01d69c06013b]
14133:
14134: 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
14135:
14136: * plugins/sudoers/check.c:
14137: Enable tty_is_devpts() support for Solaris with the "devices"
14138: filesystem.
14139: [237c6b25fa84]
14140:
14141: * src/exec.c:
14142: Unbreak the non-io logging case.
14143: [4822b9f709fb]
14144:
14145: * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
14146: Fix symbol name conflict with sudo_printf.
14147: [0d44eab0a8f6]
14148:
14149: * plugins/sudoers/auth/pam.c:
14150: Fix OpenPAM detection for newer versions.
14151: [1b2abed232d8]
14152:
14153: * plugins/sudoers/vasgroups.c:
14154: Sync with Quest sudo git repo
14155: [f1d98b3cba02]
14156:
14157: * aclocal.m4, configure, configure.in:
14158: HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
14159: Add missing template for ENV_DEBUG Adapted from Quest sudo
14160: [695dbd7b28f4]
14161:
14162: * README.LDAP:
14163: Fix typos; from Quest Sudo
14164: [4eba9da33b8e]
14165:
14166: 2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
14167:
14168: * plugins/sudoers/Makefile.in:
14169: Add back -I$(top_srcdir); we need it for including compat/foo.h
14170: since we cannot rely on "foo.h" being found relative to the source
14171: file when the cwd is different.
14172: [bbf24695f325]
14173:
14174: * src/exec.c:
14175: Fix a bug where we could treat EAGAIN as a permanent error. Also set
14176: cstat if perform_io() returns an error.
14177: [200475c4326f]
14178:
14179: * common/alloc.c, plugins/sudoers/boottime.c,
14180: plugins/sudoers/sudoers.c:
14181: Add casts to quiet compiler warnings.
14182: [85eb1c336697]
14183:
14184: * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
14185: plugins/sudoers/visudo.c:
14186: Fix typo in ternary operator usage.
14187: [6492ac1450e2]
14188:
14189: 2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
14190:
14191: * INSTALL, configure, configure.in:
14192: Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
14193: [92121d693b30]
14194:
14195: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
14196: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
14197: Update docs to match sudoers I/O logging changes
14198: [18d651989e49]
14199:
14200: * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
14201: pathnames.h.in, plugins/sudoers/def_data.c,
14202: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
14203: plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
14204: plugins/sudoers/gram.h, plugins/sudoers/gram.y,
14205: plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
14206: plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
14207: plugins/sudoers/sudoreplay.c:
14208: Break sudoers transcript feature up into log_input and log_output.
14209: [db3c1248d2ad]
14210:
14211: * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
14212: plugins/sudoers/visudo.c:
14213: Use setprogname() as needed.
14214: [6beee63a4553]
14215:
14216: * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
14217: Adapt sudoreplay to iolog changes.
14218: [581f52c05f0f]
14219:
14220: 2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
14221:
14222: * plugins/sudoers/iolog.c:
14223: Log all input and output into separate files and store a number on
14224: each timing file line to indicate which file the data is in.
14225: [fb460c5273dd]
14226:
14227: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
14228: plugins/sudoers/sudoers.h:
14229: Make sudoers_io functions static to iolog.c
14230: [b2df3cc3eecb]
14231:
14232: 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
14233:
14234: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
14235: src/sudo_usage.h.in:
14236: Completely remove the -L flag from the sudo front end.
14237: [3d220030b720]
14238:
14239: * plugins/sudoers/sudoreplay.c:
14240: Fix EAGAIN handling when writing to stdout.
14241: [4766d77cea49]
14242:
14243: * plugins/sudoers/sudoers.c:
14244: Eliminate unused variables
14245: [83bd711e79c4]
14246:
14247: * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
14248: Re-enable cleanup functions in sudoers plugin and sudo driver for
14249: error()/errorx().
14250: [43093f937dd8]
14251:
14252: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
14253: plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
14254: plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
14255: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
14256: Use sudo_printf to display verbose version information.
14257: [435cc9f8d4a2]
14258:
14259: * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
14260: plugins/sudoers/Makefile.in, src/Makefile.in:
14261: Minor Makefile cleanup: fix a typo, change the removal order in the
14262: clean targets, and remove a superfluous include path for the sudoers
14263: plugin.
14264: [6e3b2d6b4437]
14265:
14266: * plugins/sudoers/env.c:
14267: Handle duplicate variables in the environment. For unsetenv(), keep
14268: looking even after remove the first instance. For sudo_putenv(),
14269: check for and remove dupes after we replace an existing value.
14270: [c1bbb88d0435]
14271:
14272: 2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
14273:
14274: * plugins/sudoers/Makefile.in:
14275: Use explicit path to source file instead of $< for files that live
14276: in devdir and top_srcdir.
14277: [358ab7f6cc64]
14278:
14279: * plugins/sudoers/Makefile.in:
14280: Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
14281: ending LIBSUDOERS_OBJS with a backslash
14282: [481a5c96d47e]
14283:
14284: * plugins/sudoers/Makefile.in, src/Makefile.in:
14285: Link libcommon before libreplace since libcommon may use functions
14286: only present in libreplace.
14287: [1847c496ff5b]
14288:
14289: * common/Makefile.in:
14290: Move code common to sudo and the sudoers plugin to a convenience
14291: library, libcommon. Removes the need to make links in the sudoers
14292: plugin dir and reduces re-compilation of duplicate object files.
14293: [4c8986352937]
14294:
14295: * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
14296: common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
14297: common/term.c, common/zero_bytes.c, configure, configure.in,
14298: plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
14299: src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
14300: src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
14301: src/zero_bytes.c:
14302: Move code common to sudo and the sudoers plugin to a convenience
14303: library, libcommon. Removes the need to make links in the sudoers
14304: plugin dir and reduces re-compilation of duplicate object files.
14305: [1d1d98bd55b9]
14306:
14307: * src/exec.c, src/sudo.c, src/sudo.h:
14308: Rename script_execve to sudo_execve and rename script_foo in exec.c
14309: [a35ec80de96a]
14310:
14311: * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
14312: rename script.c exec.c and fix up the MANIFEST file
14313: [36bc3bff9578]
14314:
14315: * src/script.c, src/sudo.c, src/sudo.h:
14316: Rename script_setup() to pty_setup() and call from script_execve()
14317: directly.
14318: [899b0fb2a14d]
14319:
14320: * configure, configure.in:
14321: bump version to 1.8.0a2
14322: [0b1c1ca9d4e5]
14323:
14324: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
14325: Document init_session
14326: [b5324785a406]
14327:
14328: * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
14329: plugins/sudoers/auth/sudo_auth.h:
14330: Clean up the sudoers auth API a bit and update the docs.
14331: [c40fd4cb6e68]
14332:
14333: * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
14334: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
14335: plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
14336: Add init_session function to struct policy_plugin that gets called
14337: before the uid/gid/etc changes. A struct passwd pointer is passed
14338: in,which may be NULL if the user does not exist in the passwd
14339: database.The sudoers module uses init_session to open the pam
14340: session as needed.
14341: [d71723320ee8]
14342:
14343: 2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
14344:
14345: * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
14346: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
14347: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
14348: Add open/close session to sudo auth, only used by PAM. This allows
14349: us to open (and close) the PAM session from sudoers.
14350: [2665e2920d0d]
14351:
14352: * plugins/sudoers/Makefile.in:
14353: Add explicit rule to build getdate.o for HP-UX make.
14354: [7f049e989956]
14355:
14356: * plugins/sudoers/Makefile.in:
14357: Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
14358: rules as an alternate way to prevent HP-UX make (and others) from
14359: trying to rebuild the parser in non-dev mode.
14360: [f84badad98c5]
14361:
14362: * plugins/sudoers/sudoers.c:
14363: Re-enable PATH_MAX check for command
14364: [40d8a50da136]
14365:
14366: * Makefile.in:
14367: For distclean, clean the main directory last since the subdirs need
14368: to be able to run libtool to clean things.
14369: [8949a9861634]
14370:
14371: * compat/Makefile.in:
14372: Fix generation of mksiglist.h
14373: [b7cdc9b36650]
14374:
14375: * src/script.c:
14376: Now that we defer sending cstat until the end of script_child() we
14377: cannot reuse cstat when reading command status from parent.
14378: [25c882643466]
14379:
14380: 2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
14381:
14382: * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
14383: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
14384: doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
14385: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
14386: Use numeric registers to handle conditionals instead of trying to do
14387: it all with text processing.
14388: [478079c3fd4b]
14389:
14390: * doc/sudoers.pod:
14391: Document per-command SELinux settings
14392: [13840d566805]
14393:
14394: * plugins/sudoers/sudoers.c:
14395: Repair "sudo -l -U username"
14396: [10a0dcdf2ddf]
14397:
14398: * plugins/sudoers/sudoers.c:
14399: Set selinux role and type in command details.
14400: [8ae6d35a126d]
14401:
14402: * src/script.c, src/selinux.c, src/sudo.h:
14403: Rework SELinux support.
14404: [83279cc94bf2]
14405:
14406: 2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
14407:
14408: * src/script.c, src/selinux.c, src/sudo.h:
14409: Make SELinux support compile again. Needs more work to be complete.
14410: [3d3addebcf82]
14411:
14412: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
14413: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
14414: src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
14415: src/sudo.h:
14416: Bring back closefrom settings.
14417: [b1c6257d4bbb]
14418:
14419: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
14420: plugins/sudoers/sudoers.h:
14421: If running a command or sudoedit in transcript mode, call
14422: io_nextid() before log_allowed() so the session id is logged.
14423: [c42f3ae40150]
14424:
14425: * configure, configure.in:
14426: Use mandoc(1) if nroff(1) is not present.
14427: [daad4bbd04af]
14428:
14429: * doc/Makefile.in:
14430: Use the --file argument to config.status instead of setting
14431: CONFIG_FILES in the environment.
14432: [c89411a8bf70]
14433:
14434: * plugins/sudoers/Makefile.in:
14435: We cannot conditionally update gram.h or the dependency ordering
14436: gets messed up in devel mode.
14437: [c938953231d9]
14438:
14439: 2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
14440:
14441: * Makefile.in, compat/Makefile.in, configure, configure.in,
14442: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
14443: plugins/sudoers/Makefile.in, src/Makefile.in:
14444: Substitute @SHELL@ into Makefiles
14445: [36aa6a095335]
14446:
14447: * config.sub:
14448: Fix typo
14449: [16d294d26b58]
14450:
14451: * config.guess, config.sub, configure, configure.in:
14452: Update to autoconf 2.65
14453: [4fa6ea8caea3]
14454:
14455: * Makefile.in:
14456: Fix libtool target (space vs. tabs)
14457: [755cf3892618]
14458:
14459: * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
14460: Remove use of RETSIGTYPE; all modern systems have signal handlers
14461: that return void.
14462: [42b4e3aee668]
14463:
14464: * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
14465: ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
14466: m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
14467: plugins/sudoers/Makefile.in, src/Makefile.in:
14468: Update to libtool-2.2.6b. I haven't made any local modifications
14469: this time, which should be OK since we install sudo_noexec.so by
14470: hand now.
14471: [6f79ced593bb]
14472:
14473: * compat/Makefile.in, plugins/sample/Makefile.in,
14474: plugins/sudoers/Makefile.in, src/Makefile.in:
14475: Use libtool to clean objects
14476: [1581057d6472]
14477:
14478: * include/Makefile.in:
14479: Install sudo_plugin.h as part of "make install" and make other
14480: install targets callable from the top-level Makefile
14481: [aaaeb027d774]
14482:
14483: * configure, configure.in:
14484: regen with autoupdate to eliminate AC_TRY_LINK
14485: [5d5541c230f5]
14486:
14487: * Makefile.in, compat/Makefile.in, configure, configure.in,
14488: doc/Makefile.in, plugins/sample/Makefile.in,
14489: plugins/sudoers/Makefile.in, src/Makefile.in:
14490: Install sudo_plugin.h as part of "make install" and make other
14491: install targets callable from the top-level Makefile
14492: [b258b8401b1c]
14493:
14494: * plugins/sample/sample_plugin.c:
14495: The sample plugin doesn't support being run with no args so return a
14496: usage error in this case.
14497: [473b3cf965be]
14498:
14499: * plugins/sudoers/iolog.c:
14500: Set close on exec flag for descriptors used for I/O logging so they
14501: are not present in the command being run.
14502: [2c7e8708df76]
14503:
14504: * plugins/sudoers/tsgetgrpw.c:
14505: Set close on exec flag in private versions of setpwent() and
14506: setgrent().
14507: [64fef78cb833]
14508:
14509: * src/script.c:
14510: Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
14511: Fixes extra fds being present in the command when it is part of a
14512: pipeline.
14513: [060451617713]
14514:
14515: * plugins/sudoers/sudoers.c:
14516: Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
14517: is used when logging). Note that user_ttypath will still be NULL if
14518: there is no tty.
14519: [31b69a6ecda7]
14520:
14521: * src/script.c, src/sudo.h:
14522: Cosmetic changes: add comments, remove orphaned prototype and make a
14523: global static.
14524: [f7851af0143e]
14525:
14526: 2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
14527:
14528: * src/script.c:
14529: Move check for maxfd == -1 to flush_output where it belongs.
14530: [b826a95b4491]
14531:
14532: * src/script.c:
14533: Break out of select loop if all the fds we want to select on are -1.
14534: [f5b387024238]
14535:
14536: * src/sudo.c:
14537: Avoid possible malloc(0) if plugin returns an empty groups list.
14538: [9765a8fe5ce7]
14539:
14540: * src/sudo.c:
14541: Add debugging info when calling plugin close function
14542: [95a273c7ff66]
14543:
14544: * src/script.c:
14545: Avoid closing stdin/stdout/stderr when we are piping output.
14546: [330e76423caf]
14547:
14548: * src/script.c:
14549: When execve() of the command fails, it is possible to receive
14550: SIGCHLD before we've read the error status from the pipe. Re-order
14551: things such that we send the final status at the very end and prefer
14552: error status over wait status.
14553: [b0dcf825244f]
14554:
14555: 2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
14556:
14557: * plugins/sudoers/auth/sudo_auth.c:
14558: Fix compilation for non PAM/BSD auth/AIX auth
14559: [e382b39d2e4f]
14560:
14561: 2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
14562:
14563: * src/script.c:
14564: Additional checks to make sure we don't close /dev/tty by mistake.
14565: When flushing, sleep in select as long as we have buffers that need
14566: to be written out.
14567: [8139cbd3dd54]
14568:
14569: * src/script.c:
14570: Now that we can use pipes for stdin/stdout/stderr there is no longer
14571: a need to error out when there is no tty. We just need to make sure
14572: we don't try to use the tty fd if it is -1.
14573: [666621635d26]
14574:
14575: 2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
14576:
14577: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
14578: include/sudo_plugin.h, plugins/sample/sample_plugin.c,
14579: plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
14580: Add argc and argv to I/O logger open function.
14581: [0d7faa007d27]
14582:
14583: * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
14584: plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
14585: src/parse_args.c, src/sudo.c, src/sudo_edit.c:
14586: Remove check_sudoedit function pointer in struct sudo_policy.
14587: Instead, sudo will set sudoedit=true in the settings array. The
14588: plugin should check for this and modify argv_out as appropriate in
14589: check_policy.
14590: [c0328e3276b8]
14591:
14592: 2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
14593:
14594: * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
14595: src/sudo_edit.c:
14596: If plugin sets "sudoedit=true" in the command info, enable sudoedit
14597: mode even if not invoked as sudoedit. This allows a plugin to enable
14598: sudoedit when the user runs an editor.
14599: [96d67b99e42e]
14600:
14601: 2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
14602:
14603: * plugins/sudoers/Makefile.in:
14604: gram.h must not depend on gram.y if we want to avoid unnecessary
14605: rebuilding of targets dependent on gram.h when gram.y changes.
14606: [9db4b767fdca]
14607:
14608: * plugins/sample/sample_plugin.c:
14609: Refactor common bits of check_policy and check_edit
14610: [ac4d366a04cf]
14611:
14612: * plugins/sample/sample_plugin.c:
14613: Add sudoedit support
14614: [a1a6cc4c0cef]
14615:
14616: 2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
14617:
14618: * plugins/sudoers/Makefile.in:
14619: Rely more on VPATH; fixes a dependency issue with the parser.
14620: [45e406ebdea2]
14621:
14622: * include/compat.h:
14623: Fix typo introduced in last commit
14624: [3ccb0f853d11]
14625:
14626: * include/compat.h:
14627: Emulate seteuid using setreuid() or setresuid() as needed. There are
14628: still a few places that call seteuid() directly.
14629: [36e8efa3a99d]
14630:
14631: * src/parse_args.c, src/sudo_edit.c:
14632: Attempt to fix building on systems that only have setuid.
14633: [8e9ba4083318]
14634:
14635: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
14636: Clarify sudoedit a tad.
14637: [d39dfaa14ade]
14638:
14639: 2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
14640:
14641: * src/sudo_edit.c:
14642: Fix compilation on HP-UX
14643: [f6e47843d139]
14644:
14645: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
14646: Document sudoedit
14647: [4cbf5196d993]
14648:
14649: * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
14650: Change how we handle the sudoedit argv. We now require that there be
14651: a "--" in argv to separate the editor and any command line arguments
14652: from the files to be edited.
14653: [20623d549a3c]
14654:
14655: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
14656: plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
14657: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
14658: src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
14659: src/sudo.h, src/sudo_edit.c:
14660: Work in progress support for sudoedit. The actual interface used by
14661: the plugin for sudoedit is likely to change.
14662: [c31262a31997]
14663:
14664: * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
14665: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
14666: Make find_path() a little more generic by not checking def_foo
14667: variables inside it. Instead, pass in ignore_dot as a function
14668: argument.
14669: [9c23101a094d]
14670:
14671: * plugins/sudoers/env.c:
14672: Add version of getenv(3) that uses our own environ pointer.
14673: [0e3783e63534]
14674:
14675: 2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
14676:
14677: * src/script.c:
14678: Avoid a potential race condition if SIGCHLD is received immediately
14679: before we call select().
14680: [99adc5ea7f0a]
14681:
14682: * plugins/sudoers/sudoers.c:
14683: Call env_init() before we open the sudoers sources as those may call
14684: our setenv() replacement.
14685: [5f82601f5ab0]
14686:
14687: * plugins/sudoers/env.c:
14688: Initialize env_len in env_init()
14689: [7ae02b3029b5]
14690:
14691: 2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
14692:
14693: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
14694: Document time stamp shortcomings under SECURITY NOTES Use "time
14695: stamp" instead of timestamp.
14696: [2b86120815b2]
14697:
14698: * doc/Makefile.in:
14699: Make sed substitution of mansectsu and mansectform global.
14700: [94588632dba0]
14701:
14702: * plugins/sudoers/check.c:
14703: If the tty lives on a devpts filesystem, stash the ctime in the tty
14704: ticket file, as it is not updated when the tty is written to. This
14705: helps us determine when a tty has been reused without the user
14706: authenticating again with sudo.
14707: [0e62a31bceb0]
14708:
14709: * src/tgetpass.c:
14710: Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
14711: is what our compat checks set.
14712: [df50f0a040c9]
14713:
14714: * configure, configure.in:
14715: Add check for whether sudo need to link with -ldl to get dlopen().
14716: This is a bit of a hack that will get reworked when libtool is
14717: updated.
14718: [63bdcf579533]
14719:
14720: * plugins/sudoers/check.c:
14721: Fix timestamp removal with -k/-K
14722: [6b4639fef973]
14723:
14724: * plugins/sudoers/Makefile.in:
14725: audit.c is now private to the sudoers plugin
14726: [1974f342ae0b]
14727:
14728: * configure, configure.in:
14729: Link with -lpthread on HP-UX since a plugin may be linked with
14730: -lpthread and dlopen() will fail if the shared object has a
14731: dependency on -lpthread but the main program is not linked with it.
14732: [d42139391263]
14733:
14734: * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
14735: Add separate test for getresuid() since HP-UX has setresuid() but no
14736: getresuid().
14737: [910fe727a374]
14738:
14739: * doc/Makefile.in:
14740: Remove errant backslash
14741: [dd5464257c69]
14742:
14743: * src/script.c:
14744: Fix SIGPIPE handling. Now that we use may use pipes for stdin/stdout
14745: we need to pass any SIGPIPE we receive to the running command.
14746: [3f6b1991f4fd]
14747:
14748: * src/script.c:
14749: Also start the command in the background if stdin is not a tty.
14750: [d93bc33a3740]
14751:
14752: 2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
14753:
14754: * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
14755: No need to use pseudo-cbreak mode now that we use pipes when stdout
14756: is not a tty. Instead, check whether stdin is a tty and if not,
14757: delay setting the tty to raw mode until the command tries to access
14758: it itself (and receives SIGTTIN or SIGTTOU).
14759: [e68315cf8c6b]
14760:
14761: * src/tgetpass.c:
14762: Use an array for signals received instead of a single variable so we
14763: don't lose any when there are multiple different signals.
14764: [2ac726dac864]
14765:
14766: * src/tgetpass.c:
14767: Do signal setup after turning off echo, not before. If we are using
14768: a tty but are not the foreground pgrp this will generate SIGTTOU so
14769: we want the default action to be taken (suspend process).
14770: [bebb6209c795]
14771:
14772: 2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
14773:
14774: * src/script.c:
14775: Flush the iobufs on suspend or child exit using the same logic as
14776: the main event loop.
14777: [c627feee1035]
14778:
14779: * src/script.c:
14780: Free memory after we are done with it.
14781: [8db9b611b45a]
14782:
14783: 2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
14784:
14785: * doc/HISTORY:
14786: Quest now sponsors Sudo development
14787: [6cc490083bc7]
14788:
14789: 2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
14790:
14791: * doc/Makefile.in:
14792: Install sudo_plugin man page.
14793: [c253729790b2]
14794:
14795: * src/script.c:
14796: Go back to reseting io_buffer offset and length (and now also the
14797: EOF handling) in the loop we do the FD_SET, not after we drain the
14798: buffer after write() since we don't know what order reads and writes
14799: will occur in.
14800: [5f38bfa8497f]
14801:
14802: * MANIFEST:
14803: audit files moved to sudoers plugin directory
14804: [b1ead182428e]
14805:
14806: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
14807: Document plugin_printf and new logging functions.
14808: [fe9430b60ab5]
14809:
14810: * src/script.c:
14811: Add support for logging stdin when it is not a tty. There is still a
14812: bug where "cat | sudo cat" has problems because both cat and sudo
14813: are trying to read from the tty.
14814: [04c9c59fcfba]
14815:
14816: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
14817: plugins/sudoers/sudoers.c, src/script.c:
14818: Add separate I/O logging functions for tty in/out and
14819: stdin/stdout/stderr. NOTE: stdin logging does not currently work and
14820: is disabled for now.
14821: [a36dfd4ca935]
14822:
14823: 2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
14824:
14825: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
14826: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
14827: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
14828: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
14829: src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
14830: Add pointer to a printf like function to plugin open functon. This
14831: can be used instead of the conversation function to display info and
14832: error messages.
14833: [98734eea8ef1]
14834:
14835: * Makefile.in:
14836: Stop if make in a subdir fails
14837: [228bb3ad2dbc]
14838:
14839: * src/script.c:
14840: Only set user's tty to blocking mode when doing the final flush.
14841: Flush pipes as well as pty master when the process is done.
14842: [20ff67218666]
14843:
14844: 2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
14845:
14846: * plugins/sudoers/ldap.c:
14847: Use print_error() when displaying ldap config info in debugging
14848: mode.
14849: [d142e0cacb22]
14850:
14851: * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
14852: No longer need strdup() or strndup() replacements.
14853: [df53697174ec]
14854:
14855: * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
14856: plugins/sudoers/sudoers.h:
14857: Add print_error() function that uses the conversation function to
14858: print a variable number of error strings and use it in log_error().
14859: [b1fa2861b575]
14860:
14861: * src/script.c, src/sudo.h, src/term.c:
14862: Do not need the opost flag to term_copy() now that we use pipes for
14863: stdout/stderr when they are not a tty.
14864: [f42811f70a19]
14865:
14866: * src/script.c:
14867: Use pipes to the sudo process if stdout or stderr is not a tty.
14868: Still needs some polishing and a decision as to whether it is
14869: desirable to add additonal entry points for logging
14870: stdout/stderr/stdin when they are not ttys. That would allow a
14871: replay program to keep things separate and to know whether the
14872: terminal needs to be in raw mode at replay time.
14873: [1a945e0ab2da]
14874:
14875: 2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
14876:
14877: * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
14878: plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
14879: src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
14880: Move audit sources into the sudoers plugin dir; the driver does not
14881: use them.
14882: [50ec36422cd0]
14883:
14884: * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
14885: compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
14886: plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
14887: plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
14888: plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
14889: src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
14890: src/term.c, src/ttysize.c:
14891: Use angle brackets when including headers that can only be found
14892: when an -I flag is specified. The files in the compat dir could get
14893: away with double quotes here but I've converted all the source files
14894: to use angle brackets for consistency.
14895: [9e30a8fc6d4b]
14896:
14897: * plugins/sudoers/Makefile.in:
14898: Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
14899: dir can be found when building outside the source tree.
14900: [1150934b79dd]
14901:
14902: * plugins/sudoers/Makefile.in:
14903: Clean up links in distclean
14904: [78595028be8b]
14905:
14906: * plugins/sudoers/Makefile.in:
14907: Hack around VPATH semantic differences by symlinking files we need
14908: from ../../src into the current directory and build those. A better
14909: fix would be to either make a .a or .la file with those files in it
14910: or simply use a single, flat, Makefile instead of per-subdirs
14911: Makefiles.
14912: [892c332d3f05]
14913:
14914: * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
14915: fmt_string is used by the sudoers plugin too so do not include
14916: sudo.h (which is not really needed here anyway)
14917: [231c35e3941f]
14918:
14919: * compat/Makefile.in, plugins/sample/Makefile.in,
14920: plugins/sudoers/Makefile.in, src/Makefile.in:
14921: Fix building with non-BSD versions of make such as GNU make.
14922: Requires VPATH support, which should be in any non-neolithic make.
14923: [dc174f135919]
14924:
14925: * configure, configure.in, plugins/sudoers/Makefile.in,
14926: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
14927: src/Makefile.in:
14928: Re-enable bsm audit. Currently auditing is done within the sudoers
14929: plugin itself. If possible, this should really be done in the main
14930: driver but we don't presently have the needed data to do that. This
14931: will be re-evaluated when Linux audit support is added.
14932: [1d05a3236bfe]
14933:
14934: * compat/Makefile.in, plugins/sample/Makefile.in,
14935: plugins/sudoers/Makefile.in, src/Makefile.in:
14936: Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
14937: of explicit rules in the dependency.
14938: [88f80efd25f0]
14939:
14940: * plugins/sudoers/visudo.c:
14941: Fix mismerge; alias_remove_recursive() now returns int
14942: [6257a4849641]
14943:
14944: 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
14945:
14946: * plugins/sudoers/visudo.c:
14947: Fix a crash when checking a sudoers file that has aliases that
14948: reference themselves. Based on a diff from David Wood.
14949: [545d194484a7]
14950:
14951: * src/script.c:
14952: Print signal info after restoring the tty mode, not before.
14953: [a68618e67435]
14954:
14955: * src/script.c:
14956: Defer call to alarm() until after we fork the child. Pass correct
14957: pid to terminate_child() If the command exits due to signal, set
14958: alive to false like we do when it exits normally. Add missing check
14959: for errpipe[0] != -1 before using it in FD_ISSET
14960: [22f0a1549391]
14961:
14962: 2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
14963:
14964: * plugins/sudoers/boottime.c:
14965: Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
14966: [0e627170c6e8]
14967:
14968: 2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
14969:
14970: * src/Makefile.in:
14971: Simplify dependencies by using .c.o and .c.lo rules.
14972: [6abcaef5d1ac]
14973:
14974: * configure, configure.in, plugins/sudoers/Makefile.in,
14975: src/Makefile.in:
14976: Substitute in @PROGS@ into src/Makefile to add sesh
14977: [cc46d3b6208f]
14978:
14979: 2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
14980:
14981: * plugins/sudoers/sudoers.c:
14982: Add back calls to log_denial() if sudoers does not allow the
14983: command.
14984: [9783316207f0]
14985:
14986: * plugins/sudoers/sudoers.c:
14987: Pass in correct pwflag for list and validate.
14988: [973dd56d4b81]
14989:
14990: * plugins/sudoers/env.c:
14991: Add missing check for NULL in validate_env_vars
14992: [1d6eb6957824]
14993:
14994: * src/Makefile.in:
14995: Add sudo_noexec.la to "all" target, otherwise it only gets built at
14996: install time.
14997: [644a9694d2ef]
14998:
14999: * plugins/sudoers/sudoers.c:
15000: Only set sudo_user.env_vars if the env_add list is empty.
15001: [fccdf6f0e0e2]
15002:
15003: * plugins/sudoers/sudoers.c:
15004: Set sudo_user.env_vars so that environment variables specified on
15005: the command line get logged correctly.
15006: [9b51012c491e]
15007:
15008: * plugins/sudoers/env.c, plugins/sudoers/logging.c,
15009: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
15010: Re-enable environment files and setting environment variables on the
15011: command line.
15012: [5662d5645dbd]
15013:
15014: 2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
15015:
15016: * plugins/sudoers/check.c:
15017: Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
15018: a pointer to time_t as tv_sec in struct timeval may be long.
15019: [4de0c46e788e]
15020:
15021: * plugins/sudoers/check.c:
15022: Don't stash ctime in on-disk tty ticket info for now; on many
15023: (most?) systems the ctime is updated when the tty is written to.
15024: Once I have a better idea of what systems do not update ctime on
15025: ttys (and have a way to test for this) the ctime stash will be
15026: conditionally re-enabled.
15027: [a90eeec0f648]
15028:
15029: 2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
15030:
15031: * MANIFEST, Makefile.in:
15032: Add back "dist" target, this time using a MANIFEST file
15033: [29277c05499f]
15034:
15035: * Makefile.in:
15036: Remove Makefile in distclean target
15037: [83d695f4f450]
15038:
15039: * Makefile.in, src/Makefile.in:
15040: Update clean and cleandir targets
15041: [ad7b2afeb9c1]
15042:
15043: * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
15044: src/sudo.h:
15045: Move fileops.c defines and prototypes to filesops.h
15046: [4545e9b6892d]
15047:
15048: * plugins/sudoers/check.c:
15049: Lock the tty timestamp when writing. We shouldn't have to lock when
15050: reading since the file is updated via a single write system call.
15051: [0c7276f02696]
15052:
15053: 2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
15054:
15055: * plugins/sudoers/alias.c, plugins/sudoers/check.c,
15056: plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
15057: plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
15058: plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
15059: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
15060: plugins/sudoers/logging.c, plugins/sudoers/match.c,
15061: plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
15062: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
15063: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
15064: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
15065: plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
15066: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
15067: Convert to ANSI C function declarations
15068: [9c45def57cf7]
15069:
15070: * plugins/sudoers/sudoers.h:
15071: Remove extraneous bits and classify by source file.
15072: [e8ea9f109ebb]
15073:
15074: * include/compat.h:
15075: Add timercmp macro for systems without it
15076: [d3bf87b1d08e]
15077:
15078: * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
15079: plugins/sudoers/sudoers.h:
15080: get_boottime() now fills in a timeval struct
15081: [3573c3f44e11]
15082:
15083: * plugins/sudoers/check.c:
15084: Store info from stat(2)ing the tty in the tty ticket when tty
15085: tickets are in use. On most systems, this closes the loophole
15086: whereby a user can log out of a tty, log back in and still have the
15087: timestamp be valid.
15088: [53380f9f5242]
15089:
15090: * config.h.in, configure.in:
15091: Add timespec2timeval and use it when getting ctime/mtime
15092: [4cb7f7caec2c]
15093:
15094: 2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
15095:
15096: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
15097: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
15098: plugins/sudoers/testsudoers.c:
15099: Convert perm setting to push/pop model; still needs some work Use
15100: the stashed runas groups instead of using getgrouplist() Reset perms
15101: to the initial value on error
15102: [09c072ebde8b]
15103:
15104: * config.h.in, configure.in:
15105: fix ctim_get and mtim_get macros
15106: [58773dc1e360]
15107:
15108: * config.h.in, configure, configure.in, include/compat.h,
15109: plugins/sudoers/check.c, plugins/sudoers/gettime.c,
15110: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
15111: Use timeval directly instead of converting to timespec when dealing
15112: with file times and time of day.
15113: [a0ce1ae00a67]
15114:
15115: * plugins/sudoers/Makefile.in:
15116: Don't like sudoreplay with libsudoers.la due to a yacc symbol
15117: conflict.
15118: [f1a59cc63a15]
15119:
15120: 2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
15121:
15122: * configure, configure.in:
15123: Darwin >= 9.x has real setreuid(2)
15124: [7ec942a64275]
15125:
15126: 2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
15127:
15128: * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
15129: Ansify env.c
15130: [f58551bad10a]
15131:
15132: * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
15133: plugins/sudoers/sudoers.h:
15134: Remove remaining references to the environ pointer.
15135: [96faa530816a]
15136:
15137: 2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
15138:
15139: * config.h.in, configure, configure.in, plugins/sudoers/env.c:
15140: Don't change the environ directly in the sudoers plugin
15141: [6db48ed3f7e0]
15142:
15143: 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
15144:
15145: * plugins/sudoers/sudoers.c:
15146: Fix typo
15147: [4aa452b07f8f]
15148:
15149: * plugins/sudoers/alias.c:
15150: Fix use after free in error message when a duplicate alias exists.
15151: [ce1d2812ee34]
15152:
15153: 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
15154:
15155: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
15156: src/parse_args.c:
15157: Add a "noninteractive" boolean to the settings passed in to the
15158: plugin's open function that is set when the user specifies the -n
15159: flag.
15160: [68f8d9d6d4d0]
15161:
15162: * config.h.in, configure, configure.in, plugins/sudoers/env.c:
15163: Add workaround for the lack of the environ pointer on Mac OS X in
15164: dlopen()ed modules. Use of environ in the sudoers plugin should
15165: ultimately be removed but this will do for the moment.
15166: [80c61647434f]
15167:
15168: * plugins/sudoers/visudo.c:
15169: Set errorfile to the sudoers path if we set parse_error manually.
15170: This prevents a NULL dereference in printf() when checking a sudoers
15171: file in strict mode when alias errors are present.
15172: [45e249ca99f7]
15173:
15174: * plugins/sudoers/sudoers.c:
15175: Main sudo no longer print "unable to execute" on exec failure so do
15176: it here.
15177: [50aaf62b43b5]
15178:
15179: 2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
15180:
15181: * src/script.c:
15182: Use a pipe to pass back errno to the parent if execve() fails. If we
15183: get an error in script_child(), kill the command and exit.
15184: [dc3bf870f91b]
15185:
15186: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
15187: src/parse_args.c, src/sudo.c:
15188: Handle plugin's open function returning -2 (usage error).
15189: [aadf900c1de8]
15190:
15191: * src/script.c:
15192: If execve() fails, leave it to the plugin to print an error string.
15193: [e25748f2d5b9]
15194:
15195: * src/script.c:
15196: If execve fails in logging mode, pass the errno directly to the
15197: grandparent on the backchannel and exit. The immediate parent will
15198: get SIGCHLD and try to report that status but its parent will no
15199: longer be listening. It would probably be cleaner to pass this over
15200: a pipe in script_child().
15201: [cb122acc81a8]
15202:
15203: * plugins/sudoers/sudoers.c:
15204: Don't override rval with results of check_user() unless it failed.
15205: [46fb7e87ac7d]
15206:
15207: 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
15208:
15209: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
15210: Fix typo
15211: [ccd0b693f3da]
15212:
15213: * src/parse_args.c:
15214: NULL-terminate env_add
15215: [2c534368a0c3]
15216:
15217: 2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
15218:
15219: * src/sudo.c:
15220: Call the I/O log open function before the I/O version function.
15221: [e88bf898990b]
15222:
15223: * plugins/sudoers/iolog.c:
15224: Remove io_conv and just use sudo_conv
15225: [a280052468eb]
15226:
15227: * plugins/sudoers/set_perms.c:
15228: Fix set/restore perms for systems w/o setresuid
15229: [4160517f6666]
15230:
15231: 2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
15232:
15233: * plugins/sudoers/check.c, plugins/sudoers/logging.c,
15234: plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
15235: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
15236: Primitive set/restore permissions. Will be replaced by a push/pop
15237: model.
15238: [aae102290866]
15239:
15240: * src/script.c:
15241: Only need to take action on SIGCHLD in parent if no I/O logger. If
15242: there is an I/O logger we will receive ECONNRESET or EPIPE when we
15243: try to read from the socketpair.
15244: [e1e4560401f6]
15245:
15246: 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
15247:
15248: * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
15249: doc/sudoers.pod, plugins/sudoers/find_path.c:
15250: Merge fb4d571495fa from the 1.7 branch to trunk.
15251: [c8fb424ad4d2]
15252:
15253: 2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
15254:
15255: * src/script.c:
15256: Don't set SA_RESTART when registering SIGALRM handler. Do set
15257: SA_RESTART when registering SIGWINCH handler.
15258: [173472b76525]
15259:
15260: * doc/Makefile.in:
15261: Add dev targets for *.man.in and *.cat that don't specfify the
15262: $(srcdir) prefix.
15263: [b62f425da2e4]
15264:
15265: * src/script.c:
15266: If log_input or log_output returns false, terminate the command.
15267: [074f4c0c34a0]
15268:
15269: * src/script.c:
15270: Better signal handling. Instead of using a single variable to store
15271: the received signal, use an array so we can't lose a signal when
15272: multiple are sent. Fix process termination by SIGALRM in non-I/O
15273: logger mode. Fix relaying terminal signals to the child in non-I/O
15274: logger mode.
15275: [7a4723aca99d]
15276:
15277: * src/script.c:
15278: Fix a race between when we get the child pid in the parent and when
15279: the child process exits. The problem exhibited as a hang after a
15280: short-lived process, e.g. "sudo id" when no IO logger was enabled.
15281: [80bcc0aca70b]
15282:
15283: 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
15284:
15285: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
15286: Add a note about the security implications of the fast_glob option.
15287: [c37a92ab7c93]
15288:
15289: 2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
15290:
15291: * config.h.in, configure, configure.in:
15292: Fix up some AC_DEFINE descriptions and regen config.h.in
15293: [f4655adc0db3]
15294:
15295: 2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
15296:
15297: * include/missing.h:
15298: No longer check for strdup or strndup for LIBOBJ replacement.
15299: [fdc764ee8109]
15300:
15301: * src/script.c:
15302: Avoid installing signal handlers that are io-logger specific. Fixes
15303: job control when no io logger is enabled.
15304: [0853dd0906d4]
15305:
15306: * doc/Makefile.in:
15307: Only regen man pages from pod when configured with --with-devel
15308: [ab1995f8103d]
15309:
15310: 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
15311:
15312: * Makefile, Makefile.in, configure, configure.in:
15313: Top-level Makefile.in. Nothing is currently substituted but this is
15314: needed for separate build dirs.
15315: [e80873cbd201]
15316:
15317: * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
15318: plugins/sudoers/Makefile.in, src/Makefile.in:
15319: Fix out-of-tree builds
15320: [59a35bef07b8]
15321:
15322: * Merge
15323: [386b848047e9]
15324:
15325: * doc/Makefile.in:
15326: We always install sudoreplay in 1.8
15327: [ce52ba6617c9]
15328:
15329: 2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
15330:
15331: * compat/siglist.in:
15332: SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
15333: [6d69e1b05faf]
15334:
15335: 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
15336:
15337: * configure, configure.in:
15338: No need to provide strdup() or strndup(), sudo uses estrdup() and
15339: estrndup()
15340: [57ec23b72958]
15341:
15342: 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
15343:
15344: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
15345: Free str after using it in the version method. Use sudo_conv, not
15346: io_conv since we don't have the IO conversation function pointer in
15347: the I/O version method anymore now that io_open is delayed.
15348: [f2ed132adeb0]
15349:
15350: 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
15351:
15352: * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
15353: compat/siglist.in:
15354: Add license to mksiglist.c and note that the bits from pdksh are
15355: public domain
15356: [d8121a2467e8]
15357:
15358: * compat/Makefile.in:
15359: Fix LIBOBJDIR vs. srcdir wrt the siglist bits
15360: [164160148421]
15361:
15362: * plugins/sudoers/Makefile.in:
15363: Add sudoreplay testsudoers and visudo to clean target
15364: [138a17e51c0c]
15365:
15366: * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
15367: compat/siglist.in, compat/strsignal.c, configure, configure.in,
15368: include/missing.h, src/script.c:
15369: Create our own sys_siglist for systems without it for use by
15370: strsignal()
15371: [2e5da011ebc3]
15372:
15373: * compat/Makefile.in:
15374: Remove duplicate $(LIBOBJDIR)
15375: [adf9abc9432f]
15376:
15377: 2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
15378:
15379: * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
15380: Main sudo should not block signals; the plugin should do this in
15381: check_policy.
15382: [3f3736a7c5ed]
15383:
15384: 2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
15385:
15386: * src/script.c:
15387: Fix a sizeof(ptr) vs. sizeof(*ptr)
15388: [aa1bcf5afcce]
15389:
15390: * src/script.c:
15391: Unlike most operating systems, HP-UX select() is not interrupted by
15392: SIGCHLD when the signal is registered with SA_RESTART. If we clear
15393: SA_RESTART when calling sigaction() for SIGCHLD we get the expected
15394: behavior and the code in the select() loops already handles EINTR
15395: correctly.
15396: [9eba0115e35a]
15397:
15398: * compat/getprogname.c:
15399: progname should be const
15400: [130228f062b7]
15401:
15402: * plugins/sudoers/Makefile.in:
15403: Move --tag=disable-static to when we link sudoers.la, not when we
15404: install.
15405: [ceb5e6c3b78b]
15406:
15407: * src/load_plugins.c:
15408: Load the sudoers I/O plugin by default too now that it is hooked up.
15409: [ea38befd0742]
15410:
15411: 2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
15412:
15413: * src/pty.c:
15414: It looks like AIX doesn't need to push STREAMS modules for ptys.
15415: [22da618ba0a1]
15416:
15417: 2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
15418:
15419: * src/parse_args.c, src/sudo.c:
15420: Delay calling the I/O plugin open function until the policy plugin
15421: returns success.
15422: [f3297c325b48]
15423:
15424: 2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
15425:
15426: * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
15427: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
15428: plugins/sudoers/sudoers.h:
15429: Add back io logging (transcript) support. Currently, the open
15430: function runs too early and it is not possible to use the io module
15431: independently of the policy module.
15432: [9bd932f66226]
15433:
15434: * plugins/sudoers/set_perms.c:
15435: Comment out dead code; will be removed when set_perms is rewritten.
15436: [af7a995284f8]
15437:
15438: 2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
15439:
15440: * plugins/sudoers/sudoers.c:
15441: Fix off by one error when allocating user_groups.
15442: [6281fcf9c3bb]
15443:
15444: 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
15445:
15446: * configure, configure.in, plugins/sudoers/Makefile.in:
15447: Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
15448: [fbce3e9eda3a]
15449:
15450: * plugins/sudoers/sudoers.c:
15451: Fix typo in preserve groups case
15452: [1fd72024fb5a]
15453:
15454: * plugins/sudoers/sudoers.c:
15455: In command_info it is "runas_groups" not "groups".
15456: [5c64dce4f285]
15457:
15458: * src/sudo.c:
15459: Fix iteration over runas_groups list.
15460: [b3c45a0cd643]
15461:
15462: * configure, configure.in, plugins/sudoers/env.c,
15463: plugins/sudoers/match.c, src/script.c:
15464: Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
15465: [a8108a0776c2]
15466:
15467: * compat/getgrouplist.c:
15468: getgrouplist(3) for those without it
15469: [4ab4d21e3b16]
15470:
15471: * plugins/sudoers/sudoers.c:
15472: Set preserve_groups or groups list in command_info
15473: [1266119ad654]
15474:
15475: * src/sudo.c:
15476: Fix setting of groups list
15477: [e75315e40bd4]
15478:
15479: * config.h.in, configure, configure.in, include/compat.h,
15480: include/missing.h:
15481: Add checks for getgrset and getgrouplist and use replacement
15482: getgrouplist if the system doesn't support it.
15483: [a62b8ba50863]
15484:
15485: * src/parse_args.c:
15486: Pass in preserve_groups when the -P flag is specified as per the
15487: design
15488: [7420c5d15474]
15489:
15490: * plugins/sudoers/sudoers.c:
15491: Check preserve_groups and ignore_ticket args with atobool instead of
15492: assuming they are true if present.
15493: [71c905702697]
15494:
15495: 2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
15496:
15497: * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
15498: plugins/sudoers/plugin_error.c:
15499: Rename plugin-specific error.c to plugin_error.c Wire up visudo,
15500: sudoreplay and testsudoers in the build
15501: [9d581d5fa4d4]
15502:
15503: * src/Makefile.in, src/term.c:
15504: term.c does not needto include sudo.h
15505: [f6683cdcd2dd]
15506:
15507: * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
15508: doc/sudo_plugin.pod:
15509: Document the -2 return in the check_policy section too
15510: [e9cb4c34bbcf]
15511:
15512: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
15513: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
15514: src/parse_args.c, src/sudo.c, src/sudo.h:
15515: Fix the -s and -i flags and add support for the "implied_shell"
15516: option. If the user does not specify a command, sudo will now pass
15517: in the path to the user's shell and set impied_shell=true. The
15518: plugin can them either check the command normally or return -2 to
15519: cause sudo to print a usage message and exit.
15520: [bf889c38f229]
15521:
15522: 2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
15523:
15524: * config.h.in, configure, configure.in, src/load_plugins.c:
15525: Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
15526: Darwin where libraries end in .dylib but modules end in .so
15527: [2c56aaa38e21]
15528:
15529: * plugins/sudoers/parse.c:
15530: Better prefix determination now that we can't rely on len==0 to tell
15531: the beginning on an entry.
15532: [622bf18179e9]
15533:
15534: * plugins/sudoers/ldap.c:
15535: display_bound_defaults() stub should return 0, not 1 since it is a
15536: count, not a boolean.
15537: [0327a6c3d55d]
15538:
15539: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
15540: Document progname in settings
15541: [42031d56a2e3]
15542:
15543: * compat/getprogname.c, include/compat.h,
15544: plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
15545: src/parse_args.c, src/sudo.c:
15546: Rewrite compat/getprogname.c and add setprogname(). The progname is
15547: now passed to the plugin via the settings array.
15548: [25d8663e6006]
15549:
15550: * configure, configure.in, plugins/sudoers/Makefile.in:
15551: Fix --with-ldap
15552: [b64b633f426d]
15553:
15554: * plugins/sudoers/sudo_nss.c:
15555: Add missing whitespace for Runas and Command-specific defaults
15556: [65f4ddf5545e]
15557:
15558: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
15559: plugins/sudoers/sudo_nss.c:
15560: Use embedded newlines in lbuf instead of multiple calls to
15561: lbuf_print.
15562: [eed3af9cc3e1]
15563:
15564: * src/lbuf.c:
15565: Add support for embedded newlines.
15566: [e11f79b18deb]
15567:
15568: 2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
15569:
15570: * compat/getprogname.c:
15571: If system doesn't support getprogname or __programe and we are
15572: building a shared object don't bother with Argc/Argv, just return
15573: "sudo"
15574: [aebde9062be7]
15575:
15576: * config.h.in, configure, configure.in, src/load_plugins.c:
15577: Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
15578: appears to always install a shared object with the .so suffix.
15579: [f9bbd0c0e9d3]
15580:
15581: * compat/Makefile.in, configure, configure.in,
15582: plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
15583: src/Makefile.in:
15584: Play more nicely with libtool and let it build libreplace (was
15585: libmissing) for us.
15586: [a4c6ebb2495c]
15587:
15588: * include/missing.h:
15589: Include stdarg.h for va_list rather than requiring all consumers of
15590: missing.h to include stdarg.h themselves.
15591: [37382df948de]
15592:
15593: * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
15594: plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
15595: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
15596: src/parse_args.c:
15597: Pass in output function to lbuf_init() instead of writing to stdout.
15598: A side effect is that the usage info can now go to stderr as it
15599: should.
15600: [6d261261a072]
15601:
15602: 2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
15603:
15604: * include/lbuf.h, plugins/sudoers/sudo_nss.c,
15605: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
15606: src/parse_args.c, src/sudo.c:
15607: Use number of tty columns that is passed in user_info instead of
15608: getting it directly in the lbuf code.
15609: [8a16635c2638]
15610:
15611: * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
15612: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
15613: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
15614: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
15615: plugins/sudoers/defaults.h, plugins/sudoers/env.c,
15616: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
15617: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
15618: plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
15619: plugins/sudoers/logging.h, plugins/sudoers/match.c,
15620: plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
15621: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
15622: plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
15623: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
15624: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
15625: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
15626: plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
15627: plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
15628: plugins/sudoers/visudo.c:
15629: Kill __P in sudoers
15630: [63601e6cb171]
15631:
15632: * config.h.in, configure, configure.in, src/load_plugins.c:
15633: Set the sudoers plugin name in configure so we get the extension
15634: right.
15635: [edad89924cd1]
15636:
15637: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
15638: Document lines/cols in user_info
15639: [a808872394f3]
15640:
15641: * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
15642: Add tty size to user info
15643: [23f3d27e77a7]
15644:
15645: * src/script.c:
15646: Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
15647: [a2208dd09051]
15648:
15649: 2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
15650:
15651: * plugins/sudoers/sudoers.c:
15652: Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
15653: out if we fail to lookup the user's name that is passed in
15654: [e4e3728ed482]
15655:
15656: * plugins/sudoers/error.c:
15657: Pass the error value back via siglongjmp.
15658: [667b8ad575ce]
15659:
15660: * plugins/sudoers/check.c:
15661: Use conversation function for lecture.
15662: [1ab4719f509b]
15663:
15664: * plugins/sudoers/check.c:
15665: Don't update ticket file if verify_user returns FALSE.
15666: [2bbc46a39a2b]
15667:
15668: 2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
15669:
15670: * plugins/sudoers/sudoers.c, src/sudo.c:
15671: Wire up invalidate and validate methods for sudoers
15672: [c0630c7bca47]
15673:
15674: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
15675: plugins/sudoers/sudoers.h:
15676: Add support for -k flag with a command.
15677: [edad239b098b]
15678:
15679: * src/parse_args.c:
15680: Allow -k to be specified with a command.
15681: [43a45add9974]
15682:
15683: * plugins/sudoers/sudoers.c:
15684: Wire up policy_list
15685: [27cc35699eca]
15686:
15687: * plugins/sudoers/error.c:
15688: Add newline at the end of message and space after the colon in
15689: warning message
15690: [5a591aa8e744]
15691:
15692: * plugins/sudoers/auth/sudo_auth.c:
15693: Add missing newline after pass password warning
15694: [337dba3870a7]
15695:
15696: * plugins/sudoers/sudoers.c:
15697: Set user_groups and user_ngroups based on user_info
15698: [61bee85128c8]
15699:
15700: * plugins/sudoers/error.c:
15701: Make this compile
15702: [7041c441e1c8]
15703:
15704: * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
15705: Make _warning in error.c use the conversation function and remove
15706: commented out warning/warningx in sudoers.c.
15707: [7c9b09024b63]
15708:
15709: * plugins/sudoers/logging.c:
15710: Use siglongjmp() in log_error for fatal errors
15711: [b50e26f1c73f]
15712:
15713: * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
15714: Quiet a libtool warning
15715: [b2331fb006bc]
15716:
15717: * Makefile:
15718: Build sudoers plugin
15719: [5cdf06e66978]
15720:
15721: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
15722: Use warningx in yyerror() so the conversation function gets used
15723: when built as part of sudoers.
15724: [85f964215eef]
15725:
15726: 2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
15727:
15728: * plugins/sudoers/auth/pam.c:
15729: Rename sudo_conv to conversation to avoid a namespace conflict.
15730: [1ad359d36be9]
15731:
15732: * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
15733: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
15734: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
15735: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
15736: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
15737: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
15738: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
15739: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
15740: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
15741: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
15742: plugins/sudoers/env.c, plugins/sudoers/error.c,
15743: plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
15744: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
15745: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
15746: plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
15747: plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
15748: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
15749: plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
15750: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
15751: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
15752: plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
15753: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
15754: Initial bits of sudoers plugin; still needs work.
15755: [af2a2c59a952]
15756:
15757: * config.h.in:
15758: Add HAVE_STRDUP and HAVE_STRNDUP
15759: [50a3c0dd510f]
15760:
15761: * compat/Makefile.in, configure, configure.in:
15762: Build libmissing in two flavors (one PIC one non-PIC) and link with
15763: the appropriate one.
15764: [b62f411a4c18]
15765:
15766: * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
15767: compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
15768: Build libmissing in two flavors (one PIC one non-PIC) and link with
15769: the appropriate one.
15770: [e1e04972b5fe]
15771:
15772: 2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
15773:
15774: * include/missing.h:
15775: Add strdup and strndup and fix strsignal
15776: [c159babe2896]
15777:
15778: 2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
15779:
15780: * compat/strdup.c, compat/strndup.c, configure, configure.in,
15781: plugins/sample/Makefile.in, src/Makefile.in:
15782: Add strdup and strndup to compat
15783: [25c9fd399a4d]
15784:
15785: * plugins/sample/sample_plugin.c:
15786: Need to include compat.h before missing.h
15787: [c94f7aad380f]
15788:
15789: * compat/strsignal.c:
15790: Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
15791: it doesn't exist configure will set it to 0.
15792: [384580566389]
15793:
15794: * compat/glob.c:
15795: Fix botched ANSI C coversion of globexp2()
15796: [4a344b8cbe49]
15797:
15798: * configure, configure.in:
15799: Remove redundant getgroups check
15800: [0b16ec210c81]
15801:
15802: * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
15803: Require either termios or termio, no more sgtty.
15804: [9b2fa2f17a1c]
15805:
15806: * compat/strsignal.c, config.h.in, configure, configure.in:
15807: Change the sys_siglist check to use AC_CHECK_DECLS and also check
15808: for _sys_siglist and__sys_siglist
15809: [2e078fed2408]
15810:
15811: 2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
15812:
15813: * configure, configure.in, src/Makefile.in:
15814: Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
15815: use SUDO_OBJS for the main driver as part of OBJS.
15816: [9ae4a80a5ade]
15817:
15818: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
15819: Mention in the conversation function section that a newline is not
15820: implicit.
15821: [04a233b6c491]
15822:
15823: * include/compat.h:
15824: Add definition of WCOREDUMP for systems without it. This is known to
15825: work on AIX and SunOS 4, but may be incorrect on other systems that
15826: lack WCOREDUMP.
15827: [c85b3ce6b77d]
15828:
15829: 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
15830:
15831: * plugins/sample/sample_plugin.c, src/conversation.c:
15832: conversation function no longer puts a newline at the end of info or
15833: error messages.
15834: [c534cae1ac4a]
15835:
15836: 2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
15837:
15838: * src/script.c:
15839: Use parent process group id instead of parent process id when
15840: checking foreground status and suspending parent. Fixes an issue
15841: when running commands under /usr/bin/time and others.
15842: [564f528c3bb7]
15843:
15844: 2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
15845:
15846: * aclocal.m4:
15847: transcript option is now --with not --enable
15848: [0646fac4cf93]
15849:
15850: * plugins/sample/sample_plugin.c:
15851: Add support to -u and -g flags Check fmt_string retval Add timeout
15852: for debugging purposes
15853: [cfefa4fa60b5]
15854:
15855: * src/script.c, src/sudo.c:
15856: Wire up SIGALRM handler Set close on exec flag for child side of the
15857: socketpair Fix signal handling when not doing I/O logging
15858: [379581ec7272]
15859:
15860: * src/sudo.c:
15861: g/c unused SIGCHLD handler
15862: [0afa03912dce]
15863:
15864: * src/fmt_string.c, src/parse_args.c, src/sudo.c:
15865: Don't use emalloc() in fmt_string(); we want to be able to use it
15866: from a plugin.
15867: [ade64d368147]
15868:
15869: * include/list.h:
15870: tq_remove not list_remove
15871: [0e0e1fd5c31c]
15872:
15873: * configure, configure.in:
15874: AUTH_OBJS should contain .lo files not .o files.
15875: [c64c82c9d5a2]
15876:
15877: 2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
15878:
15879: * src/parse_args.c:
15880: Simplify conversion of command line args to name=value pairs.
15881: [75ab127c6a94]
15882:
15883: * plugins/sample/sample_plugin.c:
15884: Handle NULL reply from conversation function
15885: [6ce09b6cb204]
15886:
15887: * compat/getline.c:
15888: Don't depend on emalloc/erealloc
15889: [73df09e2109f]
15890:
15891: * plugins/sample/Makefile.in:
15892: Use $(OBJS) instead of sample_plugin.lo
15893: [2d995db9aa99]
15894:
15895: * plugins/sample/sample_plugin.c:
15896: runas_user is in settings not user_info
15897: [7ee12068bc57]
15898:
15899: * src/parse_args.c:
15900: Fix a mismatch between sudo_settings and settings_pairs that causes
15901: some settings to get the wrong values.
15902: [b1bc6d81a65f]
15903:
15904: 2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
15905:
15906: * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
15907: src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
15908: src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
15909: Convert to ANSI C
15910: [d03b6e4a3b75]
15911:
15912: * src/load_plugins.c:
15913: Fix strlcpy() return value check.
15914: [7cd66999a374]
15915:
15916: * INSTALL, configure, configure.in:
15917: No longer need to substitute in script.o and pty.o; I/O logging
15918: support is always built.
15919: [45250024c5dc]
15920:
15921: 2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
15922:
15923: * src/script.c:
15924: Add fallback to /bin/sh when execve() fails with ENOEXEC.
15925: [7684a15a1352]
15926:
15927: * include/alloc.h, src/alloc.c:
15928: Add estrndup()
15929: [47621c83bed9]
15930:
15931: 2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
15932:
15933: * src/script.c, src/sudo.c:
15934: Refactor script_execve() a bit so that it can be used in non-script
15935: mode. Needs more cleanup.
15936: [f09e022d547c]
15937:
15938: * src/sudo.c:
15939: Ignore empty entries in command_info list
15940: [1eea9a8de21c]
15941:
15942: * include/list.h, src/list.c:
15943: Add tq_remove
15944: [40908a617cb2]
15945:
15946: * src/conversation.c:
15947: Pass timeout to tgetpass()
15948: [9e66c918b771]
15949:
15950: * Makefile:
15951: Add ChangeLog target
15952: [da4a39150838]
15953:
15954: * README, WHATSNEW:
15955: Bump version and update things slightly for sudo 1.8.0
15956: [4b73cc45e2d4]
15957:
15958: * configure, configure.in:
15959: Sudo now requires an ANSI/ISO C compiler
15960: [1e51f72e6964]
15961:
15962: * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
15963: src/sudo_noexec.c:
15964: Convert to ANSI C
15965: [5cbd315dbde8]
15966:
15967: * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
15968: include/list.h, include/missing.h:
15969: Convert to ANSI C
15970: [3f5016ff64f4]
15971:
15972: * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
15973: compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
15974: compat/getprogname.c, compat/glob.c, compat/glob.h,
15975: compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
15976: compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
15977: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
15978: compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
15979: compat/utimes.c:
15980: Convert to ANSI C
15981: [0d635c85461c]
15982:
15983: 2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
15984:
15985: * src/sudo.c, src/tgetpass.c:
15986: Make user_details extern so tgetpass can get at the uid and gid. Set
15987: uid/gid to user before executing askpass program. Check environment
15988: for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
15989: set the askpass program itself
15990: [d33606396176]
15991:
15992: * src/sudo.c:
15993: No longer need sudo_usage.h in sudo.c
15994: [063e2946c382]
15995:
15996: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
15997: doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
15998: src/sudo_usage.h.in:
15999: Document -D level command line flag which maps to the debug_level
16000: setting.
16001: [61f1e2ab3ac1]
16002:
16003: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
16004: Document debug_level in plugin doc. Still need to document the -D
16005: flag in sudo itself.
16006: [8c62daea3e9b]
16007:
16008: 2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
16009:
16010: * plugins/sample/sample_plugin.c:
16011: include missing,h for vasprintf
16012: [92503de49b39]
16013:
16014: * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
16015: doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
16016: Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
16017: [14cfb4775238]
16018:
16019: * plugins/sample/sample_plugin.c:
16020: Need to include limits.h
16021: [bda7f74343d2]
16022:
16023: * compat/glob.c:
16024: No more sudo_getpw*
16025: [232e52907634]
16026:
16027: * plugins/sample/Makefile.in, src/Makefile.in:
16028: Add missing compat bits
16029: [4843dd000e08]
16030:
16031: * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
16032: compat files should not include sudo.h wire up compat in sample
16033: plugin
16034: [a175b8185e0f]
16035:
16036: * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
16037: Fix up compat dependencies. Fix distclean target in doc/Makefile.in
16038: [57e49bc20857]
16039:
16040: * configure, configure.in:
16041: Fix typo
16042: [333655e3d5fe]
16043:
16044: * plugins/sample/sample_plugin.c:
16045: Log input and output to temp files for proof of concept.
16046: [ae1dfc34f7d6]
16047:
16048: * Makefile, configure, configure.in, doc/Makefile.in:
16049: Add doc Makefile.in and wire it up
16050: [6a310443c87d]
16051:
16052: * src/script.c:
16053: Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
16054: suspending a shell with the "suspend" builtint.
16055: [3d65f182819a]
16056:
16057: * src/script.c:
16058: In child, handle parent side of the pipe going away.
16059: [a29c14d78cd9]
16060:
16061: * src/script.c:
16062: No longer need to check for explicit death of the child (process #2)
16063: since if it dies we will get EPIPE from the socketpair. Fix a
16064: sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
16065: sudo_debug.
16066: [24c55dd4ff60]
16067:
16068: * src/sudo.c:
16069: Make sudo_debug do a single vfprintf() which will result in a single
16070: write call on most systems. Avoids problems with interleaved debug
16071: printf from different processes. Also remove an extraneous error
16072: case since recv() can't return a short read and add some more XXX.
16073: [b37a8533ef1e]
16074:
16075: 2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
16076:
16077: * src/script.c:
16078: Fix uninitialized variable.
16079: [e012a0a30890]
16080:
16081: * src/Makefile.in:
16082: Fix sudo install target
16083: [1417fa4b4ab9]
16084:
16085: * src/parse_args.c, src/sudo.c, src/sudo.h:
16086: Wire up debug_level
16087: [144fab289c73]
16088:
16089: * src/Makefile.in:
16090: Fix dependencies
16091: [5170940af2ce]
16092:
16093: * configure, configure.in:
16094: Fix setting of plugin dir
16095: [144eda170a72]
16096:
16097: * Makefile:
16098: add clean targets
16099: [d53f6f6f5c3a]
16100:
16101: * src/atobool.c:
16102: Add missing source for sudo front end
16103: [42487de9c489]
16104:
16105: * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
16106: Sample plugin demonstrating the sudo plugin API
16107: [f1fd62d7644f]
16108:
16109: * Makefile, configure, configure.in, install-sh, pathnames.h.in,
16110: plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
16111: src/fileops.c, src/fmt_string.c, src/load_plugins.c,
16112: src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
16113: src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
16114: sudo_usage.h.in:
16115: Modular sudo front-end which loads policy and I/O plugins that do
16116: most the actual work. Currently relies on dynamic loading using
16117: dlopen(). See doc/plugin.pod for the plugin API.
16118: [924f6eb2fbba]
16119:
16120: * doc/plugin.pod, include/sudo_plugin.h:
16121: Sudo plugin API
16122: [374ccbbd24ae]
16123:
16124: * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
16125: compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
16126: plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
16127: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
16128: src/fileops.c, src/sudo_edit.c:
16129: Replace emul/include.h with compat/include.h to match new source
16130: tree layout.
16131: [7eccd10449a1]
16132:
16133: * src/lbuf.c:
16134: Include missing.h for memrchr() proto
16135: [03abd63a8a33]
16136:
16137: * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
16138: TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
16139: alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
16140: auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
16141: auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
16142: auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
16143: auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
16144: closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
16145: compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
16146: compat/getline.c, compat/getprogname.c, compat/glob.c,
16147: compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
16148: compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
16149: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
16150: compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
16151: compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
16152: def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
16153: doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
16154: doc/license.pod, doc/sample.pam, doc/sample.sudoers,
16155: doc/sample.syslog.conf, doc/schema.ActiveDirectory,
16156: doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
16157: doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
16158: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
16159: doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
16160: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
16161: doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
16162: emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
16163: error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
16164: getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
16165: gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
16166: include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
16167: include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
16168: ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
16169: interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
16170: list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
16171: mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
16172: nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
16173: plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
16174: plugins/sudoers/alias.c, plugins/sudoers/auth/API,
16175: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
16176: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
16177: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
16178: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
16179: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
16180: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
16181: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
16182: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
16183: plugins/sudoers/boottime.c, plugins/sudoers/check.c,
16184: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
16185: plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
16186: plugins/sudoers/defaults.h, plugins/sudoers/env.c,
16187: plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
16188: plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
16189: plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
16190: plugins/sudoers/gram.c, plugins/sudoers/gram.h,
16191: plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
16192: plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
16193: plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
16194: plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
16195: plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
16196: plugins/sudoers/logging.c, plugins/sudoers/logging.h,
16197: plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
16198: plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
16199: plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
16200: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
16201: plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
16202: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
16203: plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
16204: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
16205: plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
16206: plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
16207: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
16208: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
16209: plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
16210: sample.pam, sample.sudoers, sample.syslog.conf,
16211: schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
16212: selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
16213: src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
16214: src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
16215: src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
16216: src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
16217: strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
16218: sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
16219: sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
16220: sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
16221: sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
16222: sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
16223: term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
16224: tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
16225: visudo.man.in, visudo.pod, zero_bytes.c:
16226: Rework source layout in preparation for modular sudo.
16227: [7fc1978c6ad5]
16228:
16229: 2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
16230:
16231: * Avoid a duplicate fclose() of the sudoers file.
16232: [5dba851088c1]
16233:
16234: * Fix size arg when realloc()ing include stack. From Daniel Kopecek
16235: [0a2935061e33]
16236:
16237: * Use setrlimit64(), if available, instead of setrlimit() when setting
16238: AIX resource limits since rlim_t is 32bits.
16239: [353db89bac61]
16240:
16241: * Fix use after free when sending error messages. From Timo Juhani
16242: Lindfors
16243: [e50dbd902382]
16244:
16245: * ChangeLog, Makefile.in:
16246: Generate the ChangeLog as part of "make dist" instead of having it
16247: in the repo.
16248: [251b70964673]
16249:
16250: 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
16251:
16252: * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
16253: auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
16254: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
16255: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
16256: auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
16257: closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
16258: emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
16259: fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
16260: gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
16261: ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
16262: isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
16263: logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
16264: mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
16265: pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
16266: sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
16267: sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
16268: strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
16269: sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
16270: sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
16271: sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
16272: term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
16273: utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
16274: Remove CVS $Sudo$ tags.
16275: [de683a8b31f5]
16276:
16277: 2010-01-18 convert-repo <convert-repo>
16278:
16279: * .hgtags:
16280: update tags
16281: [9b7aa44ae436]
16282:
16283: 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
16284:
16285: * sudo_usage.h.in:
16286: make this match sudoers SYNOPSIS
16287: [c74ba66944c2]
16288:
16289: * lbuf.c, parse.c:
16290: Print a newline between Runas and Command-specific defaults in sudo
16291: -l.
16292: [b5bdfcc9ce4b]
16293:
16294: * term.c:
16295: Use SET and CLR macros in term_raw
16296: [50ca42609d6c]
16297:
16298: * sudoreplay.c:
16299: Set stdin to non-blocking mode early instead of in check_input. Use
16300: term_raw instead of term_cbreak since the data we get has already
16301: been expanded via OPOST.
16302: [51c47e803d62]
16303:
16304: 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
16305:
16306: * script.c, term.c:
16307: Enable/disable all postprocessing instead of just nl->crnl
16308: processing since things like tab expansion matter too. However, if
16309: stdout is a tty leave postprocessing on in the pty since we run into
16310: problems doing it only on the real stdout with .e.g nvi.
16311: [62666e309673]
16312:
16313: 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
16314:
16315: * check.c:
16316: If tty_tickets is enabled and there is no tty, prompt for a
16317: password. Do not lecture user for "sudo -k command" if user has a
16318: timestamp.
16319: [5880200c5f6b]
16320:
16321: * INSTALL:
16322: Document missing options: --with-efence and --with-bsm-audit
16323: [d83afcdf9ff3]
16324:
16325: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
16326: sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
16327: sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
16328: visudo.man.in, visudo.pod:
16329: username -> user name groupname -> group name hostname -> host name
16330: [10c85646f45d]
16331:
16332: * INSTALL, README.LDAP, sudoers.pod:
16333: filename -> file name like the rest of the docs
16334: [1ef8ab5a9018]
16335:
16336: 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
16337:
16338: * parse.c:
16339: Fix printing of entries with multiple host entries on a single line.
16340: [226ceaf91d8d]
16341:
16342: 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
16343:
16344: * sudoers.pod:
16345: Mention that targetpw affects the timestamp file name.
16346: [a26e22e4f72e]
16347:
16348: * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
16349: sudoers.pod:
16350: Add compress_transcript option.
16351: [6e94f8cb9dfb]
16352:
16353: 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
16354:
16355: * configure, configure.in:
16356: bump to 1.7.3b2
16357: [906d7e347d15]
16358:
16359: * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
16360: Better split of membership vs. traditional group check in
16361: user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
16362: [6ebc55d4716b]
16363:
16364: 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
16365:
16366: * pwutil.c:
16367: Fix pasto and add default return value.
16368: [7973b5e4599c]
16369:
16370: * check.c, match.c, pwutil.c, sudo.h:
16371: refactor group member checking into user_in_group()
16372: [48ca8c2eddf8]
16373:
16374: * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
16375: sudo.h:
16376: Add support for mbr_check_membership() as present in darwin.
16377: [5501aed02b9f]
16378:
16379: 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
16380:
16381: * match.c:
16382: Rename label to be accurate
16383: [3af17dd960f7]
16384:
16385: * Makefile.in, boottime.c, check.c, config.h.in, configure,
16386: configure.in, sudo.h:
16387: Treat timestamp files from before we booted as old. Idea from and
16388: Apple patch.
16389: [5c96e484c05a]
16390:
16391: 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
16392:
16393: * sudo.c, sudo.pod, sudo_usage.h.in:
16394: Allow the -u flag to be used in conjunction with the -v flag as per
16395: older versions of sudo.
16396: [591e9fc13c1a]
16397:
16398: * logging.c:
16399: fix typo in last commit
16400: [4fd0c692dcf0]
16401:
16402: 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
16403:
16404: * logging.c:
16405: Convert fmt_first and fmt_confd into macros.
16406: [32e870158b29]
16407:
16408: * sudoers.pod:
16409: timeouts can be floats now
16410: [89de639a9679]
16411:
16412: * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
16413: defaults.h, mkdefaults:
16414: Add support for floating point timeout values (e.g. 2.5 minutes).
16415: [210ffa291733]
16416:
16417: 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
16418:
16419: * sudo.pod:
16420: The -L flag will be removed in sudo 1.7.4
16421: [ffd026084333]
16422:
16423: 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
16424:
16425: * sudoreplay.c:
16426: Fix a bug due to order of operators.
16427: [938d34464283]
16428:
16429: 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
16430:
16431: * match.c:
16432: cmnd_matches() already deals with negation so _cmndlist_matches()
16433: does not need to do so itself. Fixes a bug with negated entries in a
16434: Cmnd_List.
16435: [71c845f6ce73]
16436:
16437: 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
16438:
16439: * sudo.c:
16440: Don't exit() from open_sudoers, just return NULL for all errors.
16441: [8cfa832f972a]
16442:
16443: * script.c:
16444: Can't rely on the shell sending us SIGCONT when transitioning from
16445: backgroup to foreground process.
16446: [3c6c5b6cb4b3]
16447:
16448: * toke.c, toke.l:
16449: Add missing extern def for parse_error
16450: [45b7b59d03b7]
16451:
16452: 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
16453:
16454: * toke.c, toke.l:
16455: Avoid a parse error when #includedir doesn't find any files. Closes
16456: bug #375
16457: [1ce1b850e9e6]
16458:
16459: * Makefile.in:
16460: Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
16461: [6a22e32da108]
16462:
16463: 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
16464:
16465: * script.c:
16466: Start command out in foreground mode if stdout is a tty. Works
16467: around issues with some curses-based programs that don't handle
16468: tcsetattr getting interrupted by a signal. Still allows us to avoid
16469: hogging the tty if the command is part of a pipeline.
16470: [1c32f2b94769]
16471:
16472: * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
16473: Use a socketpair to pass signals from parent to child. Child will
16474: now pass command status change info back via the socketpair. This
16475: allows the parent to distinguish between signals it has been sent
16476: directly and signals the command has received. It also means the
16477: parent can once again print the signal notifications to the tty so
16478: all writes to the pty master occur in the parent. The command is now
16479: always started in background mode with tty signals handled by the
16480: parent.
16481: [c6790b82986d]
16482:
16483: 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
16484:
16485: * configure, configure.in:
16486: Fix a few typos in the descriptions; from Jeff Makey Only do the
16487: check for krb5_get_init_creds_opt_free() taking two arguments if we
16488: find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
16489: positive when using our own krb5_get_init_creds_opt_free which takes
16490: only a single argument.
16491: [845a9ff6f93d]
16492:
16493: 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
16494:
16495: * configure, configure.in:
16496: Remove a spurious comma in the kerb5 bits.
16497: [3433eab083db]
16498:
16499: * auth/kerb5.c:
16500: Call krb5_get_init_creds_opt_init() in our emulated
16501: krb5_get_init_creds_opt_alloc() for MIT kerberos.
16502: [7ffb40bf43e9]
16503:
16504: 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
16505:
16506: * config.h.in:
16507: Add HAVE_ZLIB
16508: [9297bde61ecc]
16509:
16510: * script.c:
16511: Need to ignore SIGTT{IN,OU} in child when running the command in the
16512: background. Also some minor cleanup.
16513: [dc208d982319]
16514:
16515: 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
16516:
16517: * script.c:
16518: Instead of calling sigsuspend when waiting for SIGUSR[12] from
16519: parent, install the signal handlers w/o SA_RESTART and let them
16520: interrupt waitpid().
16521: [759c7d18203b]
16522:
16523: * script.c:
16524: Pass along SIGHUP and SIGTERM from parent to child.
16525: [035b0e254568]
16526:
16527: * script.c:
16528: Close unused bits of script_fds in processes that don't need them.
16529: Restore default SIGCONT handler in child.
16530: [e037378ab0c1]
16531:
16532: * script.c:
16533: Update foreground/background status in SIGCONT handler in parent
16534: process.
16535: [3f7f91333264]
16536:
16537: 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
16538:
16539: * script.c:
16540: Defer setting terminal into raw mode until just before we fork() and
16541: only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
16542: and sudo is already in the foreground be sure to set raw mode before
16543: continuing the child.
16544: [1102ef40832c]
16545:
16546: 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
16547:
16548: * script.c:
16549: Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
16550: give the command the controlling tty if the main sudo process is the
16551: foreground process.
16552: [cf3a91cb5682]
16553:
16554: * script.c:
16555: Don't bother with sudo_waitpid() here for now.
16556: [9086de480c2d]
16557:
16558: * script.c:
16559: fix non-zlib case
16560: [a258bff0f9a6]
16561:
16562: 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
16563:
16564: * script.c:
16565: Remove non-wroking code that crept into rev 1.55
16566: [2802dd55cff5]
16567:
16568: 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
16569:
16570: * INSTALL, configure, configure.in, script.c, sudoreplay.c:
16571: First pass at zlib support for transcript data files
16572: [5d10260807da]
16573:
16574: * Makefile.in:
16575: remove vestiges of ZLDFLAGS
16576: [1fa0caf1c0fb]
16577:
16578: * script.c:
16579: Add missing variable declaration for when TIOCSCTTY is not defined.
16580: Need to include sys/termio.h for TIOCSCTTY on some systems.
16581: [ee7f41ac2709]
16582:
16583: * script.c:
16584: when resuming command, send SIGCONT to its pgrp not just pid
16585: [5cd63c1d565b]
16586:
16587: * selinux.c:
16588: remove unused variable
16589: [df67df4be228]
16590:
16591: * script.c:
16592: include selinux.h for is_selinux_enabled() proto
16593: [85ebaa880cc1]
16594:
16595: * script.c:
16596: Don't use log_error() in the child process.
16597: [def65fe2a433]
16598:
16599: * script.c:
16600: Do I/O in parent instead of child since the parent can have both
16601: /dev/tty as well as the pty fds open. The child just sets things up
16602: and waits for its grandchild and writes the signal description to
16603: the pty master if the command was killed by a signal.
16604: [95e473208982]
16605:
16606: 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
16607:
16608: * missing.h, sudo.h:
16609: Move two struct forward declarations from sudo.h to missing.h
16610: [90ad28294a8c]
16611:
16612: * script.c:
16613: Make comment at the top of script_exec() match reality.
16614: [c5042d27dbe0]
16615:
16616: * sudo.c:
16617: if neither stdin nor stdout is a tty, check stderr
16618: [c532ff20c8d8]
16619:
16620: * Makefile.in:
16621: Add back dependecy of gram.h on gram.y
16622: [c58382b7fcca]
16623:
16624: * script.c:
16625: Make transcript mode work as long as we can figure out our tty, even
16626: if it is not stdin. We'd like to use /dev/tty but that won't be
16627: valid after the setsid().
16628: [7b8bba8d99e7]
16629:
16630: 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
16631:
16632: * config.h.in, configure, configure.in, pty.c:
16633: Add support for IRIX-style dynamic ptys
16634: [bedc9bac44c1]
16635:
16636: * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
16637: Move alloc.c protos into alloc.h
16638: [b6a90649617d]
16639:
16640: * missing.h:
16641: Move prototypes for missing libc functions to missing.h
16642: [dda9ae1ccaf8]
16643:
16644: * Makefile.in, sudo.h, sudoreplay.c:
16645: Move prototypes for missing libc functions to missing.h
16646: [7483166b577b]
16647:
16648: 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
16649:
16650: * config.h.in, configure, configure.in:
16651: Disable transcript support if no tcsetpgrp until we support older
16652: BSD-style job control.
16653: [27ac1d8163df]
16654:
16655: * configure, configure.in, pty.c, script.c:
16656: Break out pty code into pty.c
16657: [e85509b25d41]
16658:
16659: * compat.h, config.h.in, configure, configure.in:
16660: add killpg macro if no killpg function
16661: [3a125f4a51f0]
16662:
16663: * config.h.in, configure, configure.in, script.c:
16664: Push ptem and ldterm for STERAMS-based systems when allocating a
16665: pty.
16666: [36bb39b30ff2]
16667:
16668: 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
16669:
16670: * script.c:
16671: Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
16672: [d94bd5c9bf4e]
16673:
16674: * script.c:
16675: Call tcgetpgrp() in the parent, not the child and have the child
16676: spin until it is granted. Fixes a race on darwin.
16677: [6e8d435339ce]
16678:
16679: * script.c:
16680: Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
16681: reopen slave.
16682: [0bdc63c019ca]
16683:
16684: 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
16685:
16686: * script.c:
16687: In script mode, if the command is killed by a signal, print the
16688: signal description as well as a core dump notification like the
16689: shell does.
16690: [9df61738df07]
16691:
16692: * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
16693: sudo.h:
16694: Add check for strsignal() and a simple implementation if it is not
16695: there but sys_siglist is
16696: [61421a188ef4]
16697:
16698: * script.c:
16699: Add missing WUNTRACED and store the signal that stopped the
16700: grandchild in suspended, not signo.
16701: [df65042b200e]
16702:
16703: * script.c:
16704: g/c unused code
16705: [40d8cb5c9203]
16706:
16707: * script.c:
16708: Associate the grandchild's pgrp with the tty instead of the child's
16709: and just get suspend notifications via SIGCHLD instead of directly.
16710: This fixes a hang with programs that try to set terminal attributes
16711: and is more consistent with how the shell handles things.
16712: [6865abff7e94]
16713:
16714: 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
16715:
16716: * script.c:
16717: Move setpgid() of child into the parent side of the fork() where it
16718: belongs.
16719: [3defa782777c]
16720:
16721: 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
16722:
16723: * script.c:
16724: fix typo
16725: [b6a612b3622c]
16726:
16727: * script.c:
16728: Run command in its own pgrp (like the shell does) for easier
16729: signalling. No need to relay SIGINT or SIGQUIT to parent, just send
16730: to grandchild. Don't want grandchild stopped events in the child
16731: (only termination). Flush output after suspending grandchild before
16732: signalling parent.
16733: [db556bf2176f]
16734:
16735: * script.c:
16736: Back out revision 1.34; the problem lies elsewhere.
16737: [85f590a03275]
16738:
16739: * script.c:
16740: Don't set stdout to blocking mode when flushing remaining output. It
16741: can cause us to hang when trying to exit. Need to investigate why.
16742: [6f803a3e33ca]
16743:
16744: * script.c:
16745: Handle SIGTTOU and remove some debugging.
16746: [52d17279053e]
16747:
16748: * term.c:
16749: Back out revision 1.10 as the signal that interrupts us may be
16750: SIGTTOU or SIGTTIN which the caller must handle.
16751: [7e2fa9107975]
16752:
16753: * script.c:
16754: Apparently we need to send SIGSTOP to the command as well as ourself
16755: when we get SIGTSTP, the kernel doesn't automatically stop the
16756: process for us.
16757: [1a936e9309c4]
16758:
16759: * script.c:
16760: Use an extra process to act as the glue bewteen the sessions
16761: associated with the user's controlling tty (what the shell uses) and
16762: the tty that sudo is using to do its logging. Basically, this means
16763: that if we get, e.g. SIGTSTP from the process sudo is running, we
16764: relay the signal to the parent so it's shell can do the job control.
16765: [6dd296988060]
16766:
16767: * term.c:
16768: Handle getting/setting terminal attributes when the fd is in non-
16769: blocking mode.
16770: [ae5ae535ea7b]
16771:
16772: 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
16773:
16774: * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
16775: Add support for pausing and changing the speed in interactive mode.
16776: [72a2063780a7]
16777:
16778: * script.c:
16779: Already define O_NOCTTY in compat.h, don't need it here
16780: [b5d80ed3e5ce]
16781:
16782: 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
16783:
16784: * sudoreplay.c:
16785: Add missing protos
16786: [c4cb4e7f4d8a]
16787:
16788: 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
16789:
16790: * sudo_edit.c:
16791: Always update the stashed mtime of the temp file instead of using
16792: what we have for the original because the time resolution of the
16793: filesystem the temporary is on may not match that of the filesystem
16794: that holds the original. Should fix bz #371 found by Philippe Levan.
16795: [c86ca4bec60c]
16796:
16797: * sudoreplay.c:
16798: Use cbreak mode instead of raw mode and add signal handlers to
16799: restore the tty on interrupt.
16800: [84dd283da41c]
16801:
16802: * script.c, sudo.h, term.c:
16803: Retain NL to NLCR conversion on the real tty and skip it on the pty
16804: we allocate. That way, if stdout is not a pty there are no extra
16805: carriage returns.
16806: [32e4f570414e]
16807:
16808: * script.c:
16809: Fix log_output(); just pass in a string and a length.
16810: [ca980cc0a3fb]
16811:
16812: 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
16813:
16814: * script.c:
16815: do not use errno when complaining out lack of a tty
16816: [8f9b8c55ab8e]
16817:
16818: 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
16819:
16820: * Makefile.in, sudoreplay.c, term.c:
16821: Instead of messing with line endings, just set terminal to raw mode
16822: in sudoreplay.
16823: [90943fa87acb]
16824:
16825: * term.c:
16826: When copying the terminal attributes to the pty, be sure not to set
16827: ONLCR. This prevents extra carriage returns from ending up in the
16828: script output file.
16829: [e6b5475ac2aa]
16830:
16831: * script.c:
16832: Convert a do {} while into a while
16833: [e461310d2c77]
16834:
16835: * Makefile.in:
16836: Use if then instead of test && when installing binaries that may not
16837: exist.
16838: [ad4f9490d971]
16839:
16840: * script.c:
16841: Add O_NOCTTY when opening a tty device. Explicitly disconnect from
16842: old tty before associatng with new one.
16843: [0e0ca634b80c]
16844:
16845: * script.c, selinux.c, sudo.c, sudo.h:
16846: First cut at refactoring some of the selinux code so it can be used
16847: in conjunction with sudo's transcript support.
16848: [779b0d8f9d29]
16849:
16850: 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
16851:
16852: * aclocal.m4, configure, configure.in:
16853: Fix default case of transcript_enabled being unset.
16854: [f8aa96186e6b]
16855:
16856: * script.c, sudoreplay.c:
16857: Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
16858: [2844a7a851fa]
16859:
16860: * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
16861: Hook up --disable-transcript and --enable-transcript=DIR
16862: [b3fa7e6b2480]
16863:
16864: 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
16865:
16866: * aclocal.m4, configure, configure.in, pathnames.h.in:
16867: _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
16868: transcript=DIR option to specify the directory
16869: [b0bb76d43cda]
16870:
16871: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
16872: regen
16873: [c7a8a0a9027c]
16874:
16875: * configure, configure.in, sudoers.man.pl, sudoers.pod:
16876: Substitute in default value for secure_path
16877: [c8f9ac6dbf93]
16878:
16879: * sudo.pod:
16880: Mention that the password must be followed by a newline with the -S
16881: option.
16882: [2fc589a3ee7e]
16883:
16884: 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
16885:
16886: * script.c:
16887: Go back to dropping out of the select() loop when the process dies;
16888: Linux ptys apparently don't behave the same as BSD in regards to
16889: select(). No need to flush remaining output to the transcript, only
16890: to stdout. Add back code to check the master pty for additional data
16891: when we exit the main select loop.
16892: [abed9a9cbc6b]
16893:
16894: 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
16895:
16896: * Makefile.in:
16897: Add getline.o to COMMON_OBJS
16898: [04ef7643cbc2]
16899:
16900: * Makefile.in:
16901: sudoreplay depends on libsudo.a
16902: [142bd0472631]
16903:
16904: * Makefile.in:
16905: More pwutil.o into COMMON_OBJS
16906: [4a016b933629]
16907:
16908: * pwutil.c, testsudoers.c, tsgetgrpw.c:
16909: Remove my_* redirection in pwutil.c for testsudoers and just use the
16910: normal libc get{pw,gr}* names.
16911: [9b76d637d86b]
16912:
16913: * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
16914: More time and date examples
16915: [c6ee0175ec56]
16916:
16917: * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
16918: Move nanosleep() emulation into its own file Check librt.a for
16919: nanosleep if we don't find it in libc
16920: [4da0cc26aad7]
16921:
16922: * Makefile.in, configure, configure.in:
16923: Build libsudo with the common bits and link things against that.
16924: [2b53bc0b081a]
16925:
16926: * script.c:
16927: Fix final flush.
16928: [6da287d833da]
16929:
16930: * script.c:
16931: Keep reading from the pty master -> log file until read returns <=
16932: 0. Do our best to write everything to stdout when flushing any
16933: remaining bits.
16934: [2a45d4ae280c]
16935:
16936: * sudoreplay.c:
16937: Use unbuffered I/O when writing to stdout and make sure we write the
16938: entire buffer.
16939: [f39ef9844a47]
16940:
16941: 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
16942:
16943: * sudoreplay.c:
16944: Only use max_wait if it is non-zero
16945: [f6c10604d2e8]
16946:
16947: * getdate.c, getdate.y, getline.c:
16948: Need compat.h here
16949: [5d6722e225a0]
16950:
16951: * sudoreplay.c:
16952: Fix nanosleep emulation
16953: [34e5e5d72a76]
16954:
16955: * script.c:
16956: Fix comment after #endif
16957: [bd1347718b25]
16958:
16959: * sudoreplay.c:
16960: Add protos for missing libc bits
16961: [644f496427a2]
16962:
16963: * configure, configure.in:
16964: add missing line continuation char
16965: [db13c0d402cd]
16966:
16967: * config.h.in, configure, configure.in, getline.c:
16968: Implement getline() in terms of fgetln() if we have it.
16969: [3ab786eaadc5]
16970:
16971: * sudoreplay.c:
16972: Print year when formatting log line
16973: [90be669e3443]
16974:
16975: * sudoreplay.pod:
16976: Document cwd, attempt to document time/date formats.
16977: [6290fb9b65c6]
16978:
16979: * sudoreplay.c:
16980: Fix getline return value check.
16981: [d696d6657261]
16982:
16983: * Makefile.in, config.h.in, configure, configure.in, getline.c,
16984: sudoreplay.c:
16985: Use getline() if the system has it, else use provide our own for
16986: sudoreplay.
16987: [afca1d6fbe5e]
16988:
16989: * script.c:
16990: Refactor code to update output and timing files.
16991: [361491332b1a]
16992:
16993: 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
16994:
16995: * sudoreplay.c:
16996: Make sudo_getln() behave more like glibc getline.
16997: [40c9f2ea29e6]
16998:
16999: * script.c:
17000: When flushing remaining output, also update timing file.
17001: [5a9a5a627549]
17002:
17003: * sudoreplay.c:
17004: Use get_timestr() and make the -l output look like the regular sudo
17005: log.
17006: [452ba9d436c9]
17007:
17008: * logging.c, sudo.h, timestr.c:
17009: Make get_timestr() take a time_t so we can use it properly in
17010: sudoreplay.
17011: [82e67cc53c9c]
17012:
17013: * script.c:
17014: Create session dir earlier now that we update the seq number early.
17015: [797fe8d6dc61]
17016:
17017: 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
17018:
17019: * sudoreplay.c:
17020: Use fromdate and todate as the keywords instead of from and to; the
17021: short forms will still be accepted.
17022: [d14d9b116df4]
17023:
17024: * sudoreplay.c:
17025: Fix reading long liensin sudo_getln()
17026: [58dadd74118c]
17027:
17028: * script.c, sudoreplay.c:
17029: Log the cwd in the script log file. Add sudo_getln() to read
17030: arbitrarily long lines.
17031: [faceb802ab8f]
17032:
17033: * Makefile.in, logging.c, sudo.h, timestr.c:
17034: Move get_timestr() into its own source file so sudoreplay can use
17035: it.
17036: [99b054bfa20a]
17037:
17038: 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
17039:
17040: * sudoreplay.c:
17041: Add to and from perdicates (date ranges); needs documentation
17042: [1d629174dcf4]
17043:
17044: 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
17045:
17046: * Makefile.in, getdate.c, getdate.y:
17047: Fix warning and add generated getdate.c
17048: [b877a86b5a03]
17049:
17050: * Makefile.in, getdate.y:
17051: Add getdate.y to be used for sudoreplay date parsing.
17052: [b8e26fbb7a40]
17053:
17054: 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
17055:
17056: * sudoreplay.c:
17057: Check more than just the first character of a predicate
17058: [4fe53728adb1]
17059:
17060: * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
17061: Add examples, sort predicates
17062: [70f8075cbccc]
17063:
17064: * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
17065: sudoreplay.pod:
17066: Implement search expressions in sudoreplay similar in concept to
17067: what find or tcpdump uses. TODO: date ranges
17068: [f7ce4fb4cf3a]
17069:
17070: 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
17071:
17072: * script.c:
17073: Remove vhangup as it was hanging up the wrong tty. Should really
17074: vhangup in the child after it as set its tty.
17075: [2eed9df73010]
17076:
17077: * sudoers.pod:
17078: Fix cut at documenting transcript support.
17079: [e6c533a5568a]
17080:
17081: * logging.c:
17082: ID= -> TSID= for transcript ID
17083: [1bf755a35333]
17084:
17085: 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
17086:
17087: * sudoers.pod:
17088: Move fast_glob description to where it belongs in sorted order
17089: [5901cfb0d25f]
17090:
17091: * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
17092: parse.c, parse.h, sudo.c:
17093: Rename script -> transcript
17094: [e06cf823122c]
17095:
17096: 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
17097:
17098: * compat.h:
17099: Add timeradd and timersub for those without them
17100: [929f8aa06c2b]
17101:
17102: * script.c:
17103: Sanity check sessid before using it.
17104: [aa8ca5211d43]
17105:
17106: * sudo.c:
17107: Only set the session id if we are running a command or editing a
17108: file.
17109: [7205d717c098]
17110:
17111: * script.c:
17112: Actually. qsort is fine since most versions fal back to a cheaper
17113: sort when the number of elements to sort is small (like in our
17114: case).
17115: [d11c7cd352fe]
17116:
17117: * config.h.in, configure, configure.in, script.c:
17118: Check for dup2 and use dup instead if we don't have it.
17119: [98bd89830f8a]
17120:
17121: * script.c, sudo.c, sudo.h:
17122: Move the code to dup2 the script fds to low numbered descriptors
17123: into script_duplow() and fix the fd sorting.
17124: [9453fdc5fba6]
17125:
17126: * script.c, sudo.c, sudo.h:
17127: Move script_setup() back to immediately before we drop privs and
17128: call the new script_nextid() in its place, which will set
17129: sudo_user.sessid for the logging functions.
17130: [8434d0c8ff08]
17131:
17132: 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
17133:
17134: * Makefile.in:
17135: Install sudoreplay
17136: [6acf2cdb4d3f]
17137:
17138: * sudoreplay.c:
17139: remove unused variable
17140: [2316360bb992]
17141:
17142: 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
17143:
17144: * logging.c, script.c, sudo.c, sudo.h:
17145: Log the session ID, if there is one. Currently logs ID=XXXXXX,
17146: perhaps should be SESSIONID or SESSID.
17147: [53976905b0a6]
17148:
17149: * Makefile.in, configure, configure.in, sudoreplay.cat,
17150: sudoreplay.man.in, sudoreplay.pod:
17151: Add sudoreplay docs
17152: [da4f14f0e64c]
17153:
17154: * sudoreplay.c:
17155: add -V (version) flag
17156: [b5e743639ee3]
17157:
17158: * sudoreplay.c:
17159: Hook up max_wait.
17160: [2ec5697a92ba]
17161:
17162: * script.c, sudoreplay.c:
17163: Use base36 number for the ID and store script files with paths like
17164: /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
17165: (2,176,782,336) unique IDs.
17166: [6aab019d07aa]
17167:
17168: 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
17169:
17170: * config.h.in, configure.in:
17171: Add check for regcomp
17172: [44c3ebd7ff34]
17173:
17174: * sudoreplay.c:
17175: Add support for selecting by pattern and tty when listing.
17176: [66189f840c52]
17177:
17178: 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
17179:
17180: * sudoreplay.c:
17181: The beginnings of a list mode.
17182: [8d0150b4a52c]
17183:
17184: 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
17185:
17186: * Makefile.in:
17187: fix pasto
17188: [616b4640b8a8]
17189:
17190: * Makefile.in, config.h.in, configure.in:
17191: Add scaffolding for building sudoreplay
17192: [a32958505dbe]
17193:
17194: * sudoreplay.c:
17195: include error.h first arg to nanotime is const
17196: [fe5a7bb31bc5]
17197:
17198: * sudoreplay.c:
17199: Initial cut at sudoreplay; replay a sudo session.
17200: [f149fba372bd]
17201:
17202: 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
17203:
17204: * script.c:
17205: Fix wait() usage and use correct wait status.
17206: [f4745ed7ad05]
17207:
17208: * sudo.c, sudo.h, tgetpass.c:
17209: Add protos for term_* to sudo.h
17210: [14fe1abd7e7b]
17211:
17212: * script.c:
17213: Fix detection of the child process exiting. Since the child is in
17214: its own session we should only ever get SIGCHLD for that process but
17215: better safe than sorry.
17216: [7edfdadd8505]
17217:
17218: * config.h.in:
17219: Add UNIX98 pty support.
17220: [82f4b53a0e8f]
17221:
17222: * configure, configure.in, script.c:
17223: Add UNIX98 pty support.
17224: [795b8bb0a3a1]
17225:
17226: 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
17227:
17228: * term.c:
17229: For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
17230: if it is defined.
17231: [40f8b83baf69]
17232:
17233: * auth/pam.c:
17234: Set PAM_RUSER and PAM_RHOST early so they can be used during
17235: authentication. Based on a patch from Jamie Beverly.
17236: [3d567b453a6a]
17237:
17238: * match.c:
17239: Close dir before returning if strlcpy() reports overflow. From
17240: Martynas Venckus.
17241: [6a82f96473e5]
17242:
17243: * config.h.in, configure, configure.in, script.c:
17244: On Linux, the openpty proto libes in pty.h
17245: [98643a018d1c]
17246:
17247: * script.c:
17248: Call vhangup on exit if the system has it Use setpgrp() if no
17249: setsid()
17250: [3a9e13149829]
17251:
17252: 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
17253:
17254: * config.h.in, configure, configure.in:
17255: Add checks for revoke and vhangup if we don't have openpty
17256: [fcb04572e994]
17257:
17258: * script.c:
17259: Session logging guts that got forgotten in the previous commit.
17260: [c2af08a63ea9]
17261:
17262: * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
17263: configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
17264: gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
17265: tgetpass.c:
17266: First cut at session logging for sudo. Still need to write get_pty()
17267: for Unix 98 and old-style BSD ptys. Also needs documentation and
17268: general cleanup.
17269: [77e3f5e25738]
17270:
17271: 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
17272:
17273: * sudo.c, sudo_edit.c:
17274: Fix a bug introduced with def_closefrom. The value of def_closefrom
17275: already includes the +1.
17276: [7291c136300d]
17277:
17278: 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
17279:
17280: * Makefile.in:
17281: Generate sudo distributions with pax in ustar mode. No longer need
17282: to use a temp file or have the source dir name match the version.
17283: [9778177a8272]
17284:
17285: 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
17286:
17287: * toke.c, toke.l:
17288: Fix expansion of %h in #include names. Fixes bugzilla 363
17289: [6e346879ba24]
17290:
17291: 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
17292:
17293: * mkdefaults:
17294: If no arg assume def_data.in
17295: [c1dd28c0e675]
17296:
17297: * README, WHATSNEW:
17298: Update for 1.7.2
17299: [f5ad45f69f05] [SUDO_1_7_2]
17300:
17301: * ChangeLog:
17302: sync
17303: [6283549396ff]
17304:
17305: 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
17306:
17307: * sudoers.cat, sudoers.man.in, sudoers.pod:
17308: Add missing single quotes around a colon in Runas_Spec definition.
17309: From Elias Benali.
17310: [ccc6ee4fca83]
17311:
17312: 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
17313:
17314: * sudo.man.in, sudoers.man.in:
17315: regen
17316: [546e75304ebf]
17317:
17318: * redblack.c:
17319: In rbrepair, re-color the root or the first non-block node we find
17320: to be black. Re-coloring the root is probably not needed but won't
17321: hurt.
17322: [34d01ebe241b]
17323:
17324: * sudo.cat, sudoers.cat:
17325: regen
17326: [bebf5a39f54f]
17327:
17328: 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
17329:
17330: * redblack.c:
17331: When repairing the tree, don't touch the root node.
17332: [9841f0d5d789]
17333:
17334: 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
17335:
17336: * set_perms.c:
17337: Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
17338: Reported by Josef Schmid.
17339: [ed044b1eb879]
17340:
17341: 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
17342:
17343: * sudoers.pod:
17344: Document that we accept env_pam-style environment files
17345: [e3b545456352]
17346:
17347: * env.c:
17348: Adapt to accept pam_env-style /etc/environment which allows shell-
17349: style lines such as: export EDITOR="/usr/bin/vi"
17350: [752eb75bf007]
17351:
17352: * sudoers.pod:
17353: Make it clear that env_delete only works when !env_reset. From Lo??c
17354: Minier
17355: [3bd3f8e351ba]
17356:
17357: 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
17358:
17359: * sudo.pod, sudoers.pod:
17360: Add non-unix group bits, adapted from Quest
17361: [8ce427de8dea]
17362:
17363: * Makefile.in:
17364: build the .cat page in the current working dir, not the src dir
17365: [00e87a307674]
17366:
17367: * env.c:
17368: Return EINVAL in setenv() if var is NULL or the empty string to
17369: match glibc behavior.
17370: [23fd7c247142]
17371:
17372: 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
17373:
17374: * configure, configure.in:
17375: Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
17376: [fedd4a3e2a85]
17377:
17378: 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
17379:
17380: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
17381: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
17382: regen
17383: [7b9f461a40b3]
17384:
17385: 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
17386:
17387: * INSTALL:
17388: Document --with-libvas and --with-libvas-rpath
17389: [a071e6d96c89]
17390:
17391: 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
17392:
17393: * ldap.c, sudoers.ldap.pod:
17394: For netscape-derived LDAP SDKs the cert and key paths may be a
17395: directory or a file. However, version 5.0 of the SDK only seems to
17396: support using a directory. If ldapssl_clientauth_init fails and the
17397: cert or key paths look like they could be files, strip off the last
17398: path element and try again.
17399: [ac4e49d83043]
17400:
17401: * Makefile.in:
17402: Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
17403: [4547cc1a335f]
17404:
17405: 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
17406:
17407: * configure, configure.in, match.c, sudo.c, vasgroups.c:
17408: Update non-Unix group support from Quest, as reworked by me.
17409: [1abafce29dc6]
17410:
17411: * toke.c:
17412: regen
17413: [01bfca9148b7]
17414:
17415: * toke.l:
17416: Add support for escaped hex chars in names, e.g. \x20 for space.
17417: [3c7be8e58a39]
17418:
17419: 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
17420:
17421: * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
17422: auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
17423: fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
17424: logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
17425: set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
17426: sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
17427: tgetpass.c, toke.l, visudo.c:
17428: Update copyright years.
17429: [e615f676c764]
17430:
17431: 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
17432:
17433: * interfaces.c, lbuf.c:
17434: Minor fixes for Minix-3
17435: [898c510d23f9]
17436:
17437: 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
17438:
17439: * set_perms.c:
17440: Handle getgroups() returning 0. Also add missing check for
17441: HAVE_GETGROUPS.
17442: [d73b958f9ffd]
17443:
17444: 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
17445:
17446: * Makefile.in, config.h.in, configure, configure.in, sudo.c,
17447: version.h, visudo.c:
17448: Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
17449: [5050579a264d]
17450:
17451: 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
17452:
17453: * set_perms.c:
17454: Remove group setting code in setusercontext case, we will do it
17455: ourselves later on in runas_setup. Set the gid after
17456: initgroups/setgroups is called, since on Mac OS X it seems to change
17457: the egid.
17458: [09dc21d8b42d]
17459:
17460: 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
17461:
17462: * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
17463: vasgroups.c:
17464: Initial bits of non-unix group support using Quest Authentication
17465: Services
17466: [1eecab0ff27e]
17467:
17468: * toke.c, toke.l:
17469: Accept %:foo as a non-Unix group
17470: [4c4b5dd899a6]
17471:
17472: * toke.c, toke.l:
17473: Allow user/group to be double quoted in the case of non-Unix groups
17474: which contain spaces.
17475: [47a3d568b7e8]
17476:
17477: 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
17478:
17479: * match.c:
17480: Don't allow the user to specify the default runas user if their
17481: sudoers entry only allows them to run as a group.
17482: [4d726177227c]
17483:
17484: 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
17485:
17486: * sudo.c:
17487: Must call audit_success before we change uids.
17488: [04a9e6ce6e55]
17489:
17490: * logging.c, set_perms.c, sudo.h, testsudoers.c:
17491: Add option for set_perm to not exit on failure and use this in the
17492: logging routines.
17493: [833dce7b7f42]
17494:
17495: * parse.c:
17496: In -l mode, if the user is only allowed to run as a group, display
17497: the user's name, not root's before the allowed group.
17498: [ef92ff99d265]
17499:
17500: * sudo.c:
17501: Fix -g mode, broken by rev 1.503 which had the side effect of
17502: setting the runas user to root unilaterally.
17503: [50a2f7df4385]
17504:
17505: 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
17506:
17507: * fileops.c:
17508: When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
17509: [30fbe832dcf3]
17510:
17511: * pwutil.c:
17512: Only cache by the method we fetched for pwd and grp lookups.
17513: Previously we cached both by namd and id but this can cause problems
17514: for entries that share the same id. Also add more info in the error
17515: message in case the insert fails (which should now be impossible).
17516: [ef95a4f0bab5]
17517:
17518: 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
17519:
17520: * sudoers.pod:
17521: Add a clarification from Nick Sieger
17522: [1eadad329561]
17523:
17524: 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
17525:
17526: * env.c:
17527: Inline the setting of the environment string.
17528: [9515d11c6295]
17529:
17530: 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
17531:
17532: * env.c:
17533: setenv(3) in Linux treats a NUL value as the empty string setenv(3)
17534: in BSD doesn't return an error if the name has '=' in it, it just
17535: treats the '=' as end of string.
17536: [941260bf94d2]
17537:
17538: 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
17539:
17540: * toke.c, toke.l:
17541: Not all systems have d_namlen
17542: [e377b18d8e2d]
17543:
17544: 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
17545:
17546: * sudoers.pod:
17547: Fix up some pod2html issues.
17548: [823a1f10ab60]
17549:
17550: 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
17551:
17552: * interfaces.c:
17553: Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
17554: Quest Software.
17555: [73de36653131]
17556:
17557: * sudoers.pod:
17558: Ignore files ending in '~' in sudo.d (emacs backup files)
17559: [7871fad702db]
17560:
17561: * toke.c, toke.l:
17562: Ignore files ending in '~' in sudo.d (emacs backup files)
17563: [53fded2a469f]
17564:
17565: 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
17566:
17567: * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
17568: For #includedir, ignore any file containing a dot
17569: [a7daa1bce6c2]
17570:
17571: * Makefile.in, version.h:
17572: Bump version
17573: [ef60f14ffc44]
17574:
17575: * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
17576: sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
17577: visudo.c:
17578: Implement #includedir directive. Files in an includedir are not
17579: edited by visudo unless they contain a syntax error.
17580: [3923d85a6c79]
17581:
17582: * ChangeLog:
17583: sync
17584: [8741ed61a78b] [SUDO_1_7_1]
17585:
17586: * WHATSNEW:
17587: Forgot umask_override
17588: [7c86a21a5504]
17589:
17590: * ChangeLog, TODO:
17591: sync
17592: [57339ca6bccf]
17593:
17594: 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
17595:
17596: * visudo.c:
17597: Rewind stream if we fdopen sudoers since it may not be at the
17598: beginning. Set the keepopen flag on already-open files too so the
17599: lexer doesn't close them out from under us.
17600: [61292d819aff]
17601:
17602: * visudo.c:
17603: Print the proper file name when there is a parse error in an include
17604: file.
17605: [b0e85d4aedde]
17606:
17607: 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
17608:
17609: * WHATSNEW:
17610: Sync
17611: [997e5d485ea3]
17612:
17613: 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
17614:
17615: * configure, configure.in:
17616: Fix a warning when --without-ldap is specified.
17617: [d91fd9481b30]
17618:
17619: 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
17620:
17621: * alias.c, parse.h, visudo.c:
17622: Store aliases that we remove during check_aliases in a freelist and
17623: free them at the end so we don't leak memory.
17624: [805e2272f6a3]
17625:
17626: 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
17627:
17628: * visudo.c:
17629: Check aliases in -c mode too.
17630: [9199e188d9f2]
17631:
17632: * alias.c, parse.h, visudo.c:
17633: Make alias_remove return the alias struct instead of freeing it
17634: directly. Fixes a use after free in alias_remove_recursive, the only
17635: consumer.
17636: [a04b61804800]
17637:
17638: * alias.c, match.c, parse.c, parse.h, visudo.c:
17639: Rename find_alias -> alias_find for consistency.
17640: [48b0a82924f3]
17641:
17642: 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
17643:
17644: * visudo.c:
17645: When checking for unused aliases, recurse if the alias points to
17646: another alias.
17647: [2d4d1a7f3a41]
17648:
17649: 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
17650:
17651: * ldap.c:
17652: Back out rev 1.105 for now. Real ldapux_client.conf support will be
17653: done later after some refactoring.
17654: [8ad72e69b277]
17655:
17656: 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
17657:
17658: * ldap.c:
17659: Treat ldap_hostport the same as "host" for ldapux.
17660: [3281dcc66da8]
17661:
17662: * configure, configure.in:
17663: Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
17664: Fixes compilation with ldapux.
17665: [ca1ed585ef0e]
17666:
17667: 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
17668:
17669: * fileops.c:
17670: fix char subscript
17671: [41e51f080d00]
17672:
17673: 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
17674:
17675: * Makefile.in:
17676: remove errant carriage returns
17677: [e9e258a31c7b]
17678:
17679: * audit.c, env.c:
17680: fix K&R compilation
17681: [d182e8920f13]
17682:
17683: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
17684: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
17685: regen
17686: [791a5cbf04e5]
17687:
17688: 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
17689:
17690: * config.h.in:
17691: Add missing HAVE_BSM_AUDIT
17692: [49ad1bb96f04]
17693:
17694: * WHATSNEW:
17695: Add 1.7.1 features
17696: [f107f1604c61]
17697:
17698: * INSTALL:
17699: Mention --with-netsvc
17700: [d1e90d147795]
17701:
17702: * sudoers.ldap.pod:
17703: Document netsvc.conf support
17704: [e78f8abce6af]
17705:
17706: * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
17707: sudo_nss.h:
17708: Add support for AIX netsvc.conf (like nsswitch.conf).
17709: [1df56a84dee5]
17710:
17711: 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
17712:
17713: * config.h.in, configure, configure.in, env.c:
17714: Add --enable-env-debug flag to enable environment sanity checks.
17715: [128cdd8832e7]
17716:
17717: * sudoers.ldap.pod, sudoers.pod:
17718: Work around some pod2html issue.
17719: [e733b9609bd2]
17720:
17721: 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
17722:
17723: * env.c:
17724: Only sync environ for putenv, setenv, and unsetenv. We need to make
17725: sure that sudo_putenv and sudo_setenv only modify env.envp, not
17726: environ.
17727: [be3ac732243c]
17728:
17729: 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
17730:
17731: * env.c:
17732: Really fix UNSETENV_VOID
17733: [08ab7e882507]
17734:
17735: * env.c:
17736: Fix unsetenv when UNSETENV_VOID
17737: [d3038b3f2f15]
17738:
17739: * aclocal.m4, configure:
17740: Fix SUDO_FUNC_PUTENV_CONST
17741: [de35569c572b]
17742:
17743: * ldap.c:
17744: tivoli-based ldap does not have ldapssl_err2string
17745: [c63fd90d5e99]
17746:
17747: * configure:
17748: regen
17749: [f38f1ee828ad]
17750:
17751: 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
17752:
17753: * config.h.in, configure, configure.in, ldap.c:
17754: Add support for Tivoli-based LDAP start TLS as seen in AIX.
17755: Untested.
17756: [8f8771829f85]
17757:
17758: * env.c:
17759: Add sanity checks for setenv/unsetenv
17760: [adbd1d95856b]
17761:
17762: * Makefile.in:
17763: Include bsm_audit.h in the tarball
17764: [4a4aa02b2c32]
17765:
17766: * Makefile.in, version.h:
17767: bump version for sudo 1.7.1
17768: [362c71d21595]
17769:
17770: * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
17771: env.c, ldap.c, sudo.h:
17772: Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
17773: provide our own setenv/unsetenv/putenv that operates on own env
17774: pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
17775: [276edcd23032]
17776:
17777: 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
17778:
17779: * sudo.c:
17780: Make "sudoedit -h" work as expected
17781: [2bcbbb45d389]
17782:
17783: * auth/pam.c:
17784: Make sure def_prompt is always defined. This is a workaround for pam
17785: configs that prompt for a password in the session but don't have an
17786: auth line. A better fix is to expand the sudo prompt earlier and set
17787: def_prompt to that when initializing.
17788: [ee073c04aec3]
17789:
17790: * sudo.pod:
17791: Mention that the helper for -A may be graphical.
17792: [b64a940c4082]
17793:
17794: * TROUBLESHOOTING:
17795: Document what happens if there is no tty.
17796: [313d58a856a5]
17797:
17798: * sudo.c:
17799: cosmetic changes
17800: [894f5e3b0c3e]
17801:
17802: * term.c:
17803: Fix term_restore
17804: [6c6315ff14bc]
17805:
17806: * sudo.c:
17807: Fix "sudo -k" with no other args
17808: [59e94dc419c6]
17809:
17810: 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
17811:
17812: * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
17813: Allow the -k flag to be specified in conjunction with a command or
17814: another option that may require authentication.
17815: [5960ff20355d]
17816:
17817: 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
17818:
17819: * configure, configure.in:
17820: Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
17821: [e86ab69c4a57]
17822:
17823: * Makefile.in:
17824: Parallel make fix. From Diego E. 'Flameeyes'
17825: [1289d7ee27db]
17826:
17827: 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
17828:
17829: * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
17830: Implement umask_override
17831: [8b87a3f7c5aa]
17832:
17833: * toke.c:
17834: regen
17835: [79d7ca9ac873]
17836:
17837: * sudoers.pod, toke.l, visudo.c:
17838: Implement %h escape in sudoers include filenames.
17839: [a7f288dd64f0]
17840:
17841: * audit.c:
17842: Need to include compat.h
17843: [c0dc07ce2f70]
17844:
17845: * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
17846: Make audit_success and audit_failure generic functions in
17847: preparation for integrating linux audit support.
17848: [7df020a8fd6f]
17849:
17850: * term.c:
17851: remove duplicate include
17852: [1dfcd01a7e46]
17853:
17854: 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
17855:
17856: * bsm_audit.c:
17857: Add missing include
17858: [fb56e08c37ee]
17859:
17860: * sudo.c:
17861: May need to update the runas user after parsing command-based
17862: defaults.
17863: [246f130d7802]
17864:
17865: 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
17866:
17867: * glob.c:
17868: Add missing pair of braces introduced with character class support.
17869: [0e2afa2e03e9]
17870:
17871: 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
17872:
17873: * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
17874: Rename pwstars to pwfeedback
17875: [a9f85a57ebac]
17876:
17877: 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
17878:
17879: * bsm_audit.c, bsm_audit.h:
17880: Add const to make MacOS happy.
17881: [4274432d6627]
17882:
17883: * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
17884: configure.in, sudo.c:
17885: Add bsm audit support from Christian S.J. Peron
17886: [bef61cd8693d]
17887:
17888: * term.c:
17889: This is new code, no DARPA notice.
17890: [ec6ad09b9c23]
17891:
17892: 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
17893:
17894: * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
17895: Rename simple_glob -> fast_glob
17896: [68d9ed803cc1]
17897:
17898: * match.c:
17899: g/c unused var
17900: [693fa0464eb6]
17901:
17902: * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
17903: Add simple_glob option to use fnmatch() instead of glob(). This is
17904: useful when you need to specify patterns that reference network file
17905: systems.
17906: [77ba634f6949]
17907:
17908: * tgetpass.c:
17909: add term_* proto
17910: [520f5149d073]
17911:
17912: * sudoers.pod:
17913: mention glob()
17914: [ddaab8e03c52]
17915:
17916: 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
17917:
17918: * tgetpass.c:
17919: Delete any pwstars we wrote after the user hits return. That way
17920: there is no record on screen as to the user's password length.
17921: [fae25cda762b]
17922:
17923: 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
17924:
17925: * term.c:
17926: Move terminal setting bits from tgetpass.c to term.c
17927: [03d43325ee99]
17928:
17929: * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
17930: tgetpass.c:
17931: Add pwstars sudoers option that causes sudo to print a star every
17932: time the user presses a key.
17933: [7aab417e184d]
17934:
17935: 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
17936:
17937: * Makefile.in:
17938: Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
17939: [64f70e879816]
17940:
17941: 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
17942:
17943: * ldap.c:
17944: For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
17945: indicate no limit. From Mark Janssen.
17946: [e2c5732d54f5]
17947:
17948: 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
17949:
17950: * toke.c, toke.l:
17951: Comments that begin with #- should not be parsed as uids.
17952: [a72a50f12f41]
17953:
17954: 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
17955:
17956: * sudo.c:
17957: Do not try to set the close on exec flag if we didn't actually open
17958: sudoers.
17959: [ece3ca256904]
17960:
17961: 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
17962:
17963: * ChangeLog:
17964: regen
17965: [e11f0e4c1bdd] [SUDO_1_7_0]
17966:
17967: 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
17968:
17969: * TODO:
17970: sync
17971: [5b8954462bb3]
17972:
17973: 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
17974:
17975: * auth/pam.c:
17976: Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
17977: password prompt.
17978: [8563601cb3de]
17979:
17980: * configure, configure.in:
17981: Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
17982: as it cannot generate shared objects.
17983: [6d4262ef9669]
17984:
17985: * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
17986: K&R compilation fixes
17987: [77921678d17c]
17988:
17989: * parse.c:
17990: Use tq_foreach_fwd when checking pseudo-commands to make it clear
17991: that we are not short-circuiting on last match. When pwcheck is
17992: 'all', initialize nopass to TRUE and override it with the first non-
17993: TRUE entry.
17994: [96b209f4778f]
17995:
17996: 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
17997:
17998: * parse.c:
17999: Do not short circuit pseudo commands when we get a match since,
18000: depending on the settings, we may need to examine all commands for
18001: tags.
18002: [fdbaf89d6f35]
18003:
18004: 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
18005:
18006: * sudoers.cat, sudoers.man.in:
18007: regen
18008: [1ecce7c1b841]
18009:
18010: * sudoers.pod:
18011: hostnames may also contain wildcards
18012: [82b76695601c]
18013:
18014: * Makefile.in:
18015: remove stamp-* files and linux core files in clean target
18016: [22003f091467]
18017:
18018: 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
18019:
18020: * auth/sudo_auth.h, config.h.in, configure, configure.in:
18021: Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
18022: [6905bede8410]
18023:
18024: 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
18025:
18026: * configure, configure.in:
18027: correctly enable SIA on Digital UNIX
18028: [a51881d13995]
18029:
18030: * TODO:
18031: checkpoint
18032: [af0fe8d94d42]
18033:
18034: * ChangeLog:
18035: sync
18036: [831f623cf99c]
18037:
18038: 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
18039:
18040: * check.c, sudo.h, tgetpass.c:
18041: Even if neither stdin nor stdout are ttys we may still have /dev/tty
18042: available to us.
18043: [20f306ba883b]
18044:
18045: 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
18046:
18047: * sudoers.cat, sudoers.man.in:
18048: regen
18049: [76d97c4c318f]
18050:
18051: * sudoers.pod:
18052: fix typos; Markus Lude
18053: [bff8bc1e2066]
18054:
18055: * ChangeLog:
18056: sync
18057: [f108552531cd]
18058:
18059: * toke.c:
18060: regen
18061: [de828413c67e]
18062:
18063: * toke.l:
18064: Fix matching of a line that only consists of a comment char
18065: [09c953d8d5ca]
18066:
18067: 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
18068:
18069: * auth/pam.c:
18070: MacOS pam will retry conversation function if it fails so just treat
18071: ^C as an empty password.
18072: [d056058930bc]
18073:
18074: * visudo.c:
18075: When checking for alias use, also check defaults bindings.
18076: [2647f82c7dbd]
18077:
18078: * redblack.c:
18079: unused var
18080: [b7ff71c17c18]
18081:
18082: * redblack.c:
18083: Replace my rbdelete with Emin's version (which actually works ;-)
18084: [21b133dd0c72]
18085:
18086: 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
18087:
18088: * testsudoers.c:
18089: malloc debugging
18090: [0fb446fa3279]
18091:
18092: * visudo.c:
18093: malloc options in devel mode for visudo too
18094: [98d06c6afeef]
18095:
18096: 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
18097:
18098: * sudo.c:
18099: fix compilation on non-C99; from Theo
18100: [7c304e16c536]
18101:
18102: * visudo.c:
18103: fix check_aliases
18104: [83f30a3b1765]
18105:
18106: * alias.c:
18107: when destroying an alias, free the correct data pointer
18108: [6e1a8bd86c01]
18109:
18110: * auth/sudo_auth.h:
18111: add proto for aixauth_cleanup; from Dale King
18112: [eba94ffc8f63]
18113:
18114: 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
18115:
18116: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
18117: visudo.man.in:
18118: regen
18119: [409fa57fff83]
18120:
18121: * sudo.pod, sudoers.pod, visudo.pod:
18122: standardize on the term 'option' for command line options (not flag)
18123: [228caefc2e36]
18124:
18125: 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
18126:
18127: * INSTALL:
18128: Add note on configuring HP-UX pam
18129: [f7674a581baf]
18130:
18131: 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
18132:
18133: * check.c, sudo.c:
18134: Move tty checks into check_user() so we only do them if we actually
18135: need a password.
18136: [7d997d7106d6]
18137:
18138: * sudo.c:
18139: Don't error out if no tty or askpass unless we actually need to
18140: authenticate.
18141: [9f23b83ed66c]
18142:
18143: 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
18144:
18145: * ChangeLog:
18146: regen
18147: [23f9aef32da6]
18148:
18149: * pathnames.h.in, sudo.c:
18150: s/overriden/overridden/; from Tobias Stoeckmann
18151: [9f7459a8fac5]
18152:
18153: 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
18154:
18155: * WHATSNEW, visudo.c:
18156: check sudoers owner and mode in strict mode
18157: [a3468c5ac1c4]
18158:
18159: * gram.c, toke.c:
18160: regen
18161: [7d6b515a5443]
18162:
18163: * sudo.man.in, sudoers.man.in, visudo.man.in:
18164: Update copyright years.
18165: [52d340cb8cba]
18166:
18167: * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
18168: auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
18169: auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
18170: closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
18171: gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
18172: interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
18173: parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
18174: sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
18175: testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
18176: visudo.pod, zero_bytes.c:
18177: Update copyright years.
18178: [b4e6bf2beafa]
18179:
18180: * emul/charclass.h, fnmatch.c, glob.c:
18181: add my copyright
18182: [28681385014a]
18183:
18184: 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
18185:
18186: * toke.c, toke.l:
18187: The loop in fill_cmnd() was going one byte too far past the end,
18188: resulting in a NUL being written immediately after the buffer end.
18189: [a5a49d603cd7]
18190:
18191: * UPGRADE, WHATSNEW:
18192: add sections on tgetpass changes
18193: [2e6929b6a102]
18194:
18195: * tgetpass.c:
18196: Treat EOF w/o newline as an error.
18197: [aa02b1db9240]
18198:
18199: 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
18200:
18201: * parse.c:
18202: Fix "sudo -v" when NOPASSWD is set.
18203: [f4914711ea80]
18204:
18205: * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
18206: auth/sudo_auth.h:
18207: No longer treat an empty password at the prompt as special. To quit
18208: out of sudo you now need to hit ^C at the password prompt.
18209: [980f760ad419]
18210:
18211: * sudoers.cat, sudoers.man.in:
18212: regen
18213: [6ca21a2cd869]
18214:
18215: * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
18216: Sudo will now refuse to run if no tty is present unless the new
18217: visiblepw sudoers flag is set.
18218: [0cc56943252e]
18219:
18220: 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
18221:
18222: * aix.c:
18223: just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
18224: defined
18225: [24fc6f712d5c]
18226:
18227: * aix.c:
18228: fix fallback value for RLIM_SAVED_MAX
18229: [e09e04e1af89]
18230:
18231: * auth/aix_auth.c, auth/sudo_auth.h:
18232: Move clearing of AUTHSTATE into aixauth_cleanup.
18233: [e14ae7bd259c]
18234:
18235: * auth/aix_auth.c, env.c:
18236: Unset AUTHSTATE after calling authenticate() as it may not be
18237: correct for the user we are running the command as.
18238: [d14f68f1b0ab]
18239:
18240: * isblank.c:
18241: Add isblank() function for systems without it. Needed for POSIX
18242: character class matching in fnmatch.c and glob.c.
18243: [16cba30b283f]
18244:
18245: 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
18246:
18247: * TROUBLESHOOTING:
18248: expound on sudo and cd
18249: [8e0fa9033637]
18250:
18251: 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
18252:
18253: * ChangeLog:
18254: regen
18255: [40cf320a10fc]
18256:
18257: * sudoers.cat, sudoers.man.in:
18258: regen
18259: [7cac761ae2c6]
18260:
18261: * sudoers.pod:
18262: mention defauts parse order
18263: [4e2ce86d1394]
18264:
18265: 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
18266:
18267: * Makefile.in, aclocal.m4, compat.h, configure:
18268: Add isblank() function for systems without it. Needed for POSIX
18269: character class matching in fnmatch.c and glob.c.
18270: [a1ab55da8424]
18271:
18272: * Makefile.in:
18273: add emul/charclass.h to HDRS
18274: [7e8a019dcaa4]
18275:
18276: 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
18277:
18278: * TODO:
18279: checkpoint
18280: [afeb9bc1baed]
18281:
18282: * defaults.c, parse.c, testsudoers.c, visudo.c:
18283: Move update_defaults into defaults.c and call it properly from
18284: visudo and testsudoers.
18285: [f4dbb369461f]
18286:
18287: * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
18288: tsgetgrpw.c:
18289: use zero_bytes() instead of memset() for consistency
18290: [4cee0465f4a8]
18291:
18292: * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
18293: visudo.c:
18294: Zero out sigaction_t before use in case it has non-standard entries.
18295: [120092225459]
18296:
18297: * match.c:
18298: quiet gcc
18299: [098a1df49b23]
18300:
18301: * match.c:
18302: Short circuit glob() checks if basename(pattern) !=
18303: basename(command). Refactor code that checks for a command in a
18304: directory and use it in the glob case if the resolved pattern ends
18305: in a '/'.
18306: [3c46fd317acb]
18307:
18308: 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
18309:
18310: * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
18311: Defer setting runas defaults until after runaspw/gr is setup.
18312: [12e75ee49c0c]
18313:
18314: 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
18315:
18316: * match.c, sudo.c, testsudoers.c:
18317: Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
18318: systems do not include space for the NUL in the size. Also manually
18319: NUL-terminate buffer from gethostname() since POSIX is wishy-washy
18320: on this.
18321: [7266ab3296a3]
18322:
18323: 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
18324:
18325: * sudo.c, sudoers.pod:
18326: When setting the umask, use the union of the user's umask and the
18327: default value set in sudoers so that we never lower the user's umask
18328: when running a command.
18329: [4e804b004e38]
18330:
18331: * sudo.c:
18332: Don't try to read from a zero-length sudoers file. Remove the bogus
18333: Solaris work-around for EAGAIN. Since we now use fgetc() it should
18334: not be a problem.
18335: [bb8e5f68d944]
18336:
18337: 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
18338:
18339: * parse.c:
18340: In update_defaults() check the return value of user*_matches against
18341: ALLOW so we don't inadvertantly match on UNSPEC.
18342: [4e422fa1527e]
18343:
18344: 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
18345:
18346: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
18347: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
18348: regen man pages; no more hyphenation
18349: [15de4fe2fe01]
18350:
18351: * sudo.c:
18352: Don't error out on a zero-length sudoers file. With the advent of
18353: #include the user could create a situation where sudo is unusable.
18354: [6eb461319fa5]
18355:
18356: 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
18357:
18358: * auth/kerb5.c, config.h.in, configure, configure.in:
18359: Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
18360: krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
18361: all. Add configure tests to handle all the cases.
18362: [4b554a98470d]
18363:
18364: 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
18365:
18366: * sudo.pod:
18367: resort ENVIRONMENT
18368: [f4f20f40653e]
18369:
18370: * sudoers.pod:
18371: document sudoers_locale
18372: [0bffd2dbe806]
18373:
18374: * sudo.pod, sudo_edit.c:
18375: add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
18376: or EDITOR
18377: [0ef8cb248cee]
18378:
18379: * toke.c, toke.l:
18380: In fill_cmnd(), collapse any escaped sudo-specific characters.
18381: Allows character classes to be used in pathnames.
18382: [5685244c8e44]
18383:
18384: 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
18385:
18386: * lbuf.c:
18387: fix typo in non-C89 function declaration
18388: [99a7113b3a05]
18389:
18390: * sudoers.pod:
18391: Mention POSIX characters classes now that out fnmatch() and glob()
18392: support them.
18393: [9c916f1230c3]
18394:
18395: * sample.sudoers, sudoers.pod:
18396: Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
18397: locale agnostic.
18398: [a60a62bec244]
18399:
18400: * parse.h:
18401: use __signed char if we are going to assign a negative value since
18402: on Power, char is unsigned by default
18403: [2877b319df17]
18404:
18405: * config.h.in, configure, configure.in:
18406: Add tests for __signed char and signed char.
18407: [5eb874fdf1d4]
18408:
18409: * aix.c:
18410: Fix AIX limit setting. getuserattr() returns values in disk blocks
18411: rather than bytes. The default hard stack size in newer AIX is
18412: RLIM_SAVED_MAX. From Dale King.
18413: [3db67415ecc3]
18414:
18415: 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
18416:
18417: * emul/charclass.h, fnmatch.c, glob.c:
18418: Add character class support to included glob(3) and fnmatch(3).
18419: [6b5b4ad77899]
18420:
18421: 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
18422:
18423: * emul/fnmatch.h:
18424: Remove UCB advertising clause and some compatibility defines.
18425: [2ade7bee74e1]
18426:
18427: 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
18428:
18429: * sudo_edit.c:
18430: Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
18431: or sudo. This allows one to set EDITOR to sudoedit without getting
18432: into an infinite loop of sudoedit running itself until the path gets
18433: too big.
18434: [aa49ab68f82d]
18435:
18436: * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
18437: Add sudoers_locale Defaults option to override the default sudoers
18438: locale of "C".
18439: [0639886a35bf]
18440:
18441: 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
18442:
18443: * sudo.c:
18444: Set locale to system default except for during sudoers parse.
18445: [016dd2736728]
18446:
18447: 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
18448:
18449: * match.c:
18450: Redo change in 1.34 to use pointer arithmetic.
18451: [f9e7b63bb450]
18452:
18453: 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
18454:
18455: * match.c:
18456: Fix a dereference (read) of a freed pointer. Reported by Patrick
18457: Williams.
18458: [69877b633753]
18459:
18460: 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
18461:
18462: * sudo.c:
18463: Set locale to "C" to avoid interpretation issues with character
18464: ranges in sudoers. May want to make the locale a sudoers option in
18465: the future.
18466: [098a95de1746]
18467:
18468: 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
18469:
18470: * config.h.in:
18471: we no longer use setproctitle
18472: [c7f20fb747ea]
18473:
18474: * sudo.h:
18475: remove #if 1
18476: [a368ee6816c6]
18477:
18478: * LICENSE, mkstemp.c:
18479: Use my replacement mkstemp() from the mktemp package.
18480: [d07c2beb0f9e]
18481:
18482: 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
18483:
18484: * gram.c:
18485: regen with yacc skeleton bug fixed
18486: [24784571cbb8]
18487:
18488: * sudoers.pod:
18489: Remove duplicate "as root". From Martin Toft.
18490: [97241acfee5e]
18491:
18492: 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
18493:
18494: * pwutil.c, sudo.c, sudo.h, testsudoers.c:
18495: Flesh out the fake passwd entry used for running commands as a uid
18496: not listed in the passwd database. Fixes an issue with some PAM
18497: modules.
18498: [a6648227f3f2]
18499:
18500: 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
18501:
18502: * sudo.c:
18503: Error out in -i mode if the user has no shell. This can happen when
18504: running commands as a uid with no password entry.
18505: [0c174bef36ff]
18506:
18507: 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
18508:
18509: * toke.c, toke.l:
18510: Better fix for line continuation inside double quotes. Now accepts
18511: whitespace between the backslash and the newline like the main
18512: lexer.
18513: [64efcdf86d31]
18514:
18515: 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
18516:
18517: * toke.c, toke.l:
18518: Fix line continuation in strings. It was only being honored if
18519: preceded by whitespace.
18520: [96c21271a3e4]
18521:
18522: 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
18523:
18524: * config.h.in, configure, configure.in, logging.c:
18525: Replace the double fork with a fork + daemonize.
18526: [328505441e67]
18527:
18528: 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
18529:
18530: * env.c, sudo.c:
18531: The -i flag should imply env_reset. This got broken in sudo 1.6.9.
18532: [3caedfeaec87]
18533:
18534: * logging.c, sudo.c, sudo_edit.c, visudo.c:
18535: Change how the mailer is waited for. Instead of having a SIGCHLD
18536: handler, use the double fork trick to orphan the child that opens
18537: the pipe to sendmail. Fixes a problem running su on some Linux
18538: distros.
18539: [b59ce60a393d]
18540:
18541: 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
18542:
18543: * configure, configure.in:
18544: Fix configure test for dirfd() on Linux where DIR is opaque.
18545: [b8f729cdfecc]
18546:
18547: 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
18548:
18549: * tgetpass.c:
18550: Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
18551: this problem we'll need to revisit this again.
18552: [c17fee8ad530]
18553:
18554: 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
18555:
18556: * logging.c:
18557: Ignore SIGPIPE instead of blocking it when piping to the mailer. If
18558: we only block the signal it may be delivered later when we unblock.
18559: Also, there is no need to block SIGCHLD since we no longer do the
18560: double fork. The normal SIGCHLD handler is sufficient.
18561: [e94a49e992e5]
18562:
18563: 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
18564:
18565: * configure, configure.in:
18566: Add description for NO_PAM_SESSION, from a redhat patch.
18567: [b9e4c939ec09]
18568:
18569: 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
18570:
18571: * sudo.cat, sudo.man.in, sudo.pod:
18572: Fix typos in -i usage
18573: [2d7ce5de0235]
18574:
18575: 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
18576:
18577: * configure, configure.in:
18578: Redo the test for dgettext() in a way that hopefully will work
18579: around the libintl_dgettext() undefined problem.
18580: [d27beb0cf85e]
18581:
18582: 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
18583:
18584: * schema.ActiveDirectory:
18585: change filename in comment
18586: [733da4ee9ac5]
18587:
18588: 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
18589:
18590: * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
18591: sudoers.ldap.pod:
18592: Reference schema.ActiveDirectory
18593: [d6aec537800e]
18594:
18595: 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
18596:
18597: * schema.OpenLDAP, schema.iPlanet:
18598: Mark sudoRunAs as deprecated.
18599: [00c50df807af]
18600:
18601: * schema.ActiveDirectory:
18602: add sudoRunAsUser and sudoRunAsGroup
18603: [19bcce6f72fb]
18604:
18605: * schema.ActiveDirectory:
18606: Active Directory schema by Chantal Paradis and Eric Paquet
18607: [06a09c92c6a5]
18608:
18609: 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
18610:
18611: * parse.c:
18612: remove an XXX that was fixed
18613: [b88038062fa2]
18614:
18615: * ChangeLog:
18616: sync
18617: [8fc27c17270e]
18618:
18619: * parse.c:
18620: Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
18621: fixes a problem where the tag value printed was influenced by
18622: defaults set in the first pass through the parser.
18623: [588ccd630367]
18624:
18625: 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
18626:
18627: * Makefile.in, sudo.psf:
18628: No point in packaging the TODO file
18629: [9590248fffe1]
18630:
18631: * ChangeLog:
18632: sync
18633: [152acf4c6813]
18634:
18635: 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
18636:
18637: * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
18638: sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
18639: Add env_file Defaults option that is similar to /etc/environment on
18640: some systems.
18641: [1daf53d51e18]
18642:
18643: 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
18644:
18645: * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
18646: sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
18647: version.h, visudo.cat, visudo.man.in:
18648: change version to 1.7.0
18649: [d41d126b9bd8]
18650:
18651: * UPGRADE:
18652: initial valgrind pass done
18653: [c59c3876d8ca]
18654:
18655: 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
18656:
18657: * ldap.c:
18658: Fix typo/think in sudo_ldap_read_secret() when storing the secret.
18659: [830d246c09b0]
18660:
18661: 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
18662:
18663: * ldap.c:
18664: define LDAPS_PORT if the system headers do not
18665: [247b12325701]
18666:
18667: 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
18668:
18669: * gram.c, gram.y:
18670: Fix another memory leak in init_parser().
18671: [7bba47deba11]
18672:
18673: * configure, configure.in:
18674: There was a missing space before the ldap libs in SUDO_LIBS for some
18675: configurations.
18676: [7524cfc93759]
18677:
18678: * alias.c, gram.c, gram.y, toke.c, toke.l:
18679: Clean up some memory leaks pointed out by valgrind.
18680: [a965866ece1a]
18681:
18682: 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
18683:
18684: * sudo.c:
18685: fix "sudo -s" broken by mode/flags breakout
18686: [acffe984d408]
18687:
18688: * configure, configure.in:
18689: remove duplicate check for dgettext
18690: [58145529133c]
18691:
18692: 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
18693:
18694: * aix.c:
18695: Fall back to default stanza if no user-specific limit is found.
18696: [7b8cb29123ee]
18697:
18698: 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
18699:
18700: * snprintf.c:
18701: include stdint.h if present
18702: [f0ec38529306]
18703:
18704: * snprintf.c:
18705: Use LLONG_MAX, not the old QUAD_MAX
18706: [01041ce508fb]
18707:
18708: 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
18709:
18710: * sudoers.ldap.pod:
18711: fix cut and pasto
18712: [34240fdef5ab]
18713:
18714: 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
18715:
18716: * pwutil.c:
18717: Add #ifdef PURITY
18718: [ce1b571ad526]
18719:
18720: 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
18721:
18722: * auth/bsdauth.c:
18723: remove useless cast
18724: [494f8a862e1d]
18725:
18726: 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
18727:
18728: * ChangeLog:
18729: sync
18730: [f5c97ffaabcc]
18731:
18732: * TODO:
18733: sync
18734: [96ff1c44c182]
18735:
18736: * sudo.h:
18737: Split MODE_* defines into primary and flags.
18738: [c02ee3027cb9]
18739:
18740: 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
18741:
18742: * aix.c:
18743: It turns out the logic for getting AIX limits is more convoluted
18744: than I realized and differs depending on whether the soft and/or
18745: hard limits are defined.
18746: [cf8d3f85d395]
18747:
18748: 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
18749:
18750: * Makefile.in, configure, configure.in:
18751: Back out AIX-specific change to set the sudo_noexec path to the .a
18752: file, we do really want to use the .so file. Since libtool doesn't
18753: do that correctly, just install the .so file ourselves in the
18754: Makefile.
18755: [05c6f33177d9]
18756:
18757: * install-sh:
18758: If the file given to install is a path, only use the basename of the
18759: file when building the destination path.
18760: [695ba4e429ce]
18761:
18762: 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
18763:
18764: * sudo.c:
18765: parse_args() cleanup: Sort command line options in the getopt()
18766: switch The -U option requires a parameter Normalize a few ISSET
18767: calls Split mode into mode and flags and retire the now-obsolete
18768: excl variable
18769: [0d156835f861]
18770:
18771: * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
18772: sudo_usage.h.in:
18773: Add -n (non-interactive) flag.
18774: [e3e50400d32d]
18775:
18776: * sudo.c:
18777: Move version printing, etc. into a separate function.
18778: [18c91b476e2c]
18779:
18780: * sudo.c:
18781: Don't try to cleanup nsswitch if it has not been initialized.
18782: [aeb1ca1b399d]
18783:
18784: 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
18785:
18786: * logging.c:
18787: Block SIGPIPE in send_mail() so sudo is not killed by a problem
18788: executing the mailer.
18789: [f130e7924cca]
18790:
18791: 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
18792:
18793: * configure, configure.in:
18794: AIX shared libs end in .a, not .so.
18795: [a5deb07020d8]
18796:
18797: 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
18798:
18799: * env.c:
18800: Preserve HOME by default too. Matches documentation and previous
18801: behavior.
18802: [c16f17f1047c]
18803:
18804: 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
18805:
18806: * sudo.c:
18807: Use getopt() to parse the command line. We need to be able to
18808: intersperse env variables and options yet still honor "--"" which
18809: complicates things slightly.
18810: [60f271ce5c16]
18811:
18812: 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
18813:
18814: * ChangeLog:
18815: sync
18816: [685e67964eda]
18817:
18818: * acsite.m4, configure, ltmain.sh:
18819: update to libtool-1.5.26
18820: [4c9a8c3d3b40]
18821:
18822: * config.guess, config.sub:
18823: update from libtool-1.5.26 distribution
18824: [c6641aef2527]
18825:
18826: * aix.c, sudo.h:
18827: attempt to fix compilation errors on AIX
18828: [edb13e5b2184]
18829:
18830: * Makefile.in:
18831: fix typo in last commit
18832: [25ba7f7ceae4]
18833:
18834: * Makefile.in:
18835: Add WHATSNEW file to the distribution
18836: [213f4115de8f]
18837:
18838: * visudo.c:
18839: use warningx instead of fprintf(stderr, ...)
18840: [a3494b8ccb19]
18841:
18842: * list.c:
18843: add DEBUG to list2tq
18844: [115d24a3000c]
18845:
18846: * ChangeLog, TODO:
18847: sync
18848: [60e6f4d1fac0]
18849:
18850: * WHATSNEW:
18851: mention mailfrom
18852: [e2498f9e18d6]
18853:
18854: * Makefile.in, aix.c, config.h.in, configure, configure.in,
18855: set_perms.c, sudo.h:
18856: Add aix_setlimits() to set resource limits on AIX using a
18857: combination of getuserattr() and setrlimit(). Currently untested.
18858: [9b1441fd89ca]
18859:
18860: 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
18861:
18862: * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
18863: sudoers.man.in, sudoers.pod:
18864: Add mailfrom Defaults option that sets the value of the From: field
18865: in the warning/error mail. If unset the login name of the invoking
18866: user is used.
18867: [029b9f05d3d9]
18868:
18869: * defaults.c:
18870: store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
18871: [a90e407d5e00]
18872:
18873: * gram.c, gram.y:
18874: When adding a default, only call list2tq() once to do the list to tq
18875: conversion. It is not legal to call list2tq multiple times on the
18876: same list since list2tq consumes and modifies the list argument.
18877: [fbc25d245c4a]
18878:
18879: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
18880: comment out XXXs for now
18881: [595a1d43309d]
18882:
18883: * WHATSNEW:
18884: mention askpass
18885: [b993e0837c22]
18886:
18887: 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
18888:
18889: * sudo.c:
18890: Error out if both -A and -S are specified Error out if -A is
18891: specified but no askpass is configured
18892: [24f1df2638f6]
18893:
18894: * configure, configure.in:
18895: we are not going to ship a sudo-specific askpass
18896: [61949e7a3943]
18897:
18898: 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
18899:
18900: * sudo.h:
18901: fix definition of TGP_ASKPASS
18902: [0447c57ba4c3]
18903:
18904: * def_data.c, def_data.in:
18905: make askpass boolean-capable
18906: [e0885893a325]
18907:
18908: * INSTALL:
18909: document --with-askpass
18910: [c76e15ba97cf]
18911:
18912: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
18913: sudoers.man.in, visudo.cat:
18914: regen
18915: [8d16242980b7]
18916:
18917: 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
18918:
18919: * sudo.pod, sudo_usage.h.in, sudoers.pod:
18920: document -A and askpass
18921: [02c07505a78c]
18922:
18923: * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
18924: def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
18925: sudo_usage.h.in, tgetpass.c:
18926: Add support for running a helper program to read the password when
18927: no tty is present (or when specified with the -A flag). TODO: docs.
18928: [05780f5f71fd]
18929:
18930: * def_data.c, def_data.in:
18931: add missing printf format to SELinux role and type strings
18932: [2b32774715e7]
18933:
18934: 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
18935:
18936: * INSTALL, configure, configure.in:
18937: Disable use of gss_krb5_ccache_name() by default and add
18938: --enable-gss-krb5-ccache-name configure option to enable it. It seems
18939: that gss_krb5_ccache_name() doesn't work properly with some
18940: combinations of Heimdal and OpenLDAP.
18941: [f61ebd3b19bd]
18942:
18943: 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
18944:
18945: * selinux.c:
18946: Ignore setexeccon() failing in permissive mode. Also add a call to
18947: setkeycreatecon() (though this is probably insufficient). From Dan
18948: Walsh.
18949: [52564fc1c069]
18950:
18951: * auth/pam.c:
18952: Only set std_prompt for the PAM_PROMPT_* cases. The conversation
18953: function may be called for non-password reading purposes so we must
18954: be careful not to use def_prompt in cases where it may not be set.
18955: [29d88ca575ba]
18956:
18957: 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
18958:
18959: * selinux.c:
18960: Don't free the new tty context, we need to keep it around when we
18961: restore the tty context after the command completes
18962: [5b4bd39b6ea8]
18963:
18964: 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
18965:
18966: * selinux.c:
18967: s/newrole/sudo/
18968: [21b8a96ff8df]
18969:
18970: * sudo.man.pl, sudo.pod:
18971: Only put login_cap(3) in SEE ALSO section if we have login.conf
18972: support
18973: [05250ddff2c0]
18974:
18975: 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
18976:
18977: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
18978: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
18979: regen
18980: [301e5c5ccdbe]
18981:
18982: * sudoers.pod:
18983: Substitute in comment characters for lines partaining to login.conf,
18984: BSD auth and SELinux and only enable them if pertinent.
18985: [c1c98fa163ce]
18986:
18987: * sudoers.man.pl:
18988: Substitute in comment characters for lines partaining to login.conf,
18989: BSD auth and SELinux and only enable them if pertinent.
18990: [6c88f30b878a]
18991:
18992: * sudo.pod:
18993: Substitute in comment characters for lines partaining to login.conf,
18994: BSD auth and SELinux and only enable them if pertinent.
18995: [acdbdfd24e1d]
18996:
18997: * sudo.man.pl:
18998: Substitute in comment characters for lines partaining to login.conf,
18999: BSD auth and SELinux and only enable them if pertinent.
19000: [0c56d4750ac3]
19001:
19002: * Makefile.in, configure, configure.in:
19003: Substitute in comment characters for lines partaining to login.conf,
19004: BSD auth and SELinux and only enable them if pertinent.
19005: [9a02bd6a6658]
19006:
19007: * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
19008: Remove the =cut on the first line (above the copyright notice) to
19009: quiet pod2man. Also remove the hackery in the FILES section and just
19010: deal with the fact that there will a newline between each pathname.
19011: [2ac1ab191835]
19012:
19013: 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
19014:
19015: * Makefile.in:
19016: run sudo.man.pl when generating sudo.man.in
19017: [859727369168]
19018:
19019: * configure, configure.in, sudo.man.pl:
19020: comment out SELinux manual bits unless --with-selinux was specified
19021: [97ff4212b649]
19022:
19023: * sudoers.pod:
19024: document role and type defaults for SELinux
19025: [870f303366b3]
19026:
19027: * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
19028: Document "sudo -ll" and make "sudo -l -l" be equivalent.
19029: [3ce6dc429ea3]
19030:
19031: 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
19032:
19033: * configure, configure.in:
19034: Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
19035: Debian GNU/kFreeBSD.
19036: [c4efa567a328]
19037:
19038: 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
19039:
19040: * auth/kerb5.c:
19041: Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
19042: verify_krb_v5_tgt()
19043: [f80538e5a6fa]
19044:
19045: * logging.c, logging.h, sudo.c:
19046: Remove dependence on VALIDATE_NOT_OK in logging functions. Split
19047: log_auth() into log_allowed() and log_denial() Replace mail_auth()
19048: with should_mail() and a call to send_mail()
19049: [58aac9997557]
19050:
19051: 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
19052:
19053: * ldap.c:
19054: Add debugging so we can tell if the krb5 ccache is accessible
19055: [c679322527bb]
19056:
19057: * INSTALL:
19058: mention --with-selinux
19059: [9efbe0b52194]
19060:
19061: 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
19062:
19063: * configure:
19064: regen
19065: [467a834f867c]
19066:
19067: * selinux.c:
19068: add Sudo tag
19069: [d004ee669bed]
19070:
19071: * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
19072: sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
19073: testsudoers.c, toke.c, toke.l:
19074: Add support for SELinux RBAC. Sudoers entries may specify a role and
19075: type. There are also role and type defaults that may be used. To
19076: make sure a transition occurs, when using RBAC commands are executed
19077: via the new sesh binary. Based on initial changes from Dan Walsh.
19078: [1d4abfe2c004]
19079:
19080: * sesh.c:
19081: Add support for SELinux RBAC. Sudoers entries may specify a role and
19082: type. There are also role and type defaults that may be used. To
19083: make sure a transition occurs, when using RBAC commands are executed
19084: via the new sesh binary. Based on initial changes from Dan Walsh.
19085: [1e3b395ce049]
19086:
19087: * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
19088: def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
19089: pathnames.h.in, selinux.c:
19090: Add support for SELinux RBAC. Sudoers entries may specify a role and
19091: type. There are also role and type defaults that may be used. To
19092: make sure a transition occurs, when using RBAC commands are executed
19093: via the new sesh binary. Based on initial changes from Dan Walsh.
19094: [6b421948286e]
19095:
19096: 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
19097:
19098: * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
19099: Add long list (sudo -ll) support for printing verbose LDAP and
19100: sudoers file entries. Still need to update manual.
19101: [2875be37935c]
19102:
19103: 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
19104:
19105: * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
19106: Unify the -l output for file and ldap based sudoers and use lbufs
19107: for both. The ldap output does not currently include options that
19108: cannot be represented as tags. This will be remedied in a long list
19109: output mode to come.
19110: [b2e429456596]
19111:
19112: 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
19113:
19114: * set_perms.c:
19115: Use a specific error message for errno == EAGAIN when setuid() et al
19116: fails. On Linux systems setuid() will fail with errno set to EAGAIN
19117: if changing to the new uid would result in a resource limit
19118: violation.
19119: [08d0aecd9f03]
19120:
19121: * sudo.c:
19122: Unlimit nproc on Linux systems where calling the setuid() family of
19123: syscalls causes the nroc resource limit to be checked. The limits
19124: will be reset by pam_limits.so when PAM is used. In the non-PAM case
19125: the nproc limit will remain unlimited but there doesn't seem to be a
19126: way around that other than having sudo parse
19127: /etc/security/limits.conf directly.
19128: [df024b415a8d]
19129:
19130: * env.c, sudo.c, sudo.pod:
19131: Only read /etc/environment on Linux and AIX
19132: [90669e2aefdb]
19133:
19134: 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
19135:
19136: * configure, configure.in:
19137: Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
19138: ldap.conf and ldap.secret paths from going into config.h. Avoid
19139: single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
19140: since in some versions of bash they will end up literally in the
19141: resulting define.
19142: [25390f3ef10a]
19143:
19144: 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
19145:
19146: * README.LDAP:
19147: mention --with-nsswitch=no
19148: [c509df927263]
19149:
19150: * configure, configure.in:
19151: ldap_ssl.h depends on ldap.h being included first
19152: [d96d90e9b21f]
19153:
19154: * config.h.in, configure, configure.in, ldap.c:
19155: Include ldap_ssl.h if we can find it. Needed for the
19156: ldapssl_set_strength defines on HP-UX at least.
19157: [9e530470948a]
19158:
19159: * sudoers.ldap.pod:
19160: sync
19161: [b9d101f4673a]
19162:
19163: * TODO:
19164: sync
19165: [2ce951b2ecd0]
19166:
19167: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
19168: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
19169: regen
19170: [b61d793987e0]
19171:
19172: * Makefile.in:
19173: Use 78n line length when formatting cat pages.
19174: [761bee9d5759]
19175:
19176: * README.LDAP:
19177: Remove redundant info that is now in sudoers.ldap.pod
19178: [01828dcce59e]
19179:
19180: 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
19181:
19182: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
19183: Reorganize the first section a bit. Substitute the proper path for
19184: /etc/sudoers.
19185: [11ae165e065d]
19186:
19187: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
19188: Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
19189: schema into EXAMPLES
19190: [ab6509d1dde7]
19191:
19192: * configure, configure.in:
19193: Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
19194: sudoers.ldap.man.
19195: [6e689972f465]
19196:
19197: * configure, configure.in:
19198: substitute for sudoers.ldap.man
19199: [5a4a25766dee]
19200:
19201: * Makefile.in:
19202: Fix cut & pasto introduced when adding sudoers.ldap man page.
19203: [a7b069af8894]
19204:
19205: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
19206: Fill in some of the missing pieces. Still needs some reorganization
19207: and editing.
19208: [5e7331722166]
19209:
19210: 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
19211:
19212: * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
19213: sudoers.ldap.pod:
19214: Beginnings of a sudoers.ldap man page. Currently, much of the
19215: information is adapted from README.LDAP.
19216: [aad28c8a922d]
19217:
19218: 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
19219:
19220: * pwutil.c:
19221: When copying gr_mem we must guarantee that the storage space for
19222: gr_mem is properly aligned. The simplest way to do this is to simply
19223: store gr_mem directly after struct group. This is not a problem for
19224: gr_passwd or gr_name as they are simple strings.
19225: [af58fc76f1ed]
19226:
19227: * ldap.c:
19228: Fix a typo/thinko in one of the calls to
19229: sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
19230: [70b2eb8097f5]
19231:
19232: 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
19233:
19234: * config.h.in, configure, configure.in, ldap.c:
19235: include <mps/ldap_ssl.h> in ldap.c if available
19236: [34346206ef16]
19237:
19238: 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
19239:
19240: * gram.c, gram.y:
19241: Make sure we define SIZE_MAX for yacc's skeleton.c
19242: [d8a45c7a3c42]
19243:
19244: * tgetpass.c:
19245: Use TCSAFLUSH when restoring terminal settings (and echo) to
19246: guarantee that any pending output is discarded
19247: [549a184479e5]
19248:
19249: 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
19250:
19251: * sudoers:
19252: no longer need to specify SETENV when user has sudo ALL
19253: [3051b41f8032]
19254:
19255: * testsudoers.c:
19256: sync user_args size calculation with sudo.c Add -g group option,
19257: renaming old -g to -G Add set_runasgr() and set_runaspw() and use
19258: them
19259: [0850325180f0]
19260:
19261: * sudo.c, sudo.h:
19262: Make set_runaspw static void
19263: [5d44d7a340ce]
19264:
19265: * testsudoers.c, visudo.c:
19266: g/c set_runaspw stub
19267: [79ebb5e2cc38]
19268:
19269: * configure, configure.in:
19270: Don't add -llber twice.
19271: [4356d302eef4]
19272:
19273: 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
19274:
19275: * ldap.c:
19276: fix typo
19277: [249cecc557e9]
19278:
19279: 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
19280:
19281: * gram.c:
19282: regen
19283: [2f94ea375b67]
19284:
19285: * configure, configure.in:
19286: Fix check that determines whether -llber is required.
19287: [6afa99523379]
19288:
19289: * README.LDAP, config.h.in, configure, configure.in, ldap.c:
19290: For netscape-based LDAP, use ldapssl_set_strength() to implement the
19291: checkpeer ldap.conf option.
19292: [16ae24d73795]
19293:
19294: * auth/kerb5.c:
19295: Delay krb5_cc_initialize() until we actually need to use the cred
19296: cache, which is what krb5_verify_user() does. Better cleanup on
19297: failure.
19298: [d12e5f1695b8]
19299:
19300: 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
19301:
19302: * auth/kerb5.c:
19303: Rewrite verify_krb_v5_tgt() based on what heimdal's
19304: krb5_verify_user() does.
19305: [05b5815f86c9]
19306:
19307: 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
19308:
19309: * gram.c:
19310: The U suffix on constants is an ANSI feature
19311: [c6dfce3167f1]
19312:
19313: * configure, configure.in:
19314: Add check for ber_set_option() in -llber
19315: [43d0c0566074]
19316:
19317: 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
19318:
19319: * README.LDAP:
19320: default if no nsswitch.conf is files only
19321: [c13001d9c998]
19322:
19323: 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
19324:
19325: * README.LDAP:
19326: don't tell people to mail aaron about LDAP stuff
19327: [8165ec1ef0c6]
19328:
19329: * README.LDAP:
19330: timelimit and bind_timelimit
19331: [44f74cbed167]
19332:
19333: * ChangeLog:
19334: sync
19335: [aba1a0ab02bd]
19336:
19337: * ldap.c:
19338: Move ldap.secret reading into a separate function.
19339: [1948acc9f7a4]
19340:
19341: * check.c:
19342: user_runas -> runas_pw
19343: [334490fc2bae]
19344:
19345: 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
19346:
19347: * TODO:
19348: sync
19349: [c7b165cc47c6]
19350:
19351: * check.c, sudo.pod, sudoers.pod:
19352: Add and document the %p escape in the password prompt. Based on a
19353: patch from Patrick Schoenfeld.
19354: [3972d4f31ffa]
19355:
19356: * ldap.c:
19357: Check strlcpy() return values.
19358: [9b42f3ae8ff1]
19359:
19360: * ldap.c:
19361: refactor ldap binding code into sudo_ldap_bind_s()
19362: [cb0c66a4d955]
19363:
19364: * README.LDAP:
19365: Make it clear that host and uri can take multiple parameters. URI is
19366: now supported for more than just openldap nsswitch.conf does't
19367: accept "compat"
19368: [f610dea656d6]
19369:
19370: * sudo.c:
19371: comment cleanup and update (c) year
19372: [6cd69c810ca5]
19373:
19374: * parse.c, sudo_nss.c:
19375: Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
19376: This should make it possible to build an LDAP-only sudo binary.
19377: [61c3f27066a0]
19378:
19379: * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
19380: Improve chaining of multiple sudoers sources by passing in the
19381: previous return value to the next in the chain
19382: [2c0b722b1b2d]
19383:
19384: * gram.y:
19385: Free up parser data structures in sudo_file_close().
19386: [2251531d4519]
19387:
19388: * gram.c, parse.c:
19389: Free up parser data structures in sudo_file_close().
19390: [8371f130f401]
19391:
19392: * ldap.c:
19393: Parse uri ourself if no ldap_initialize() is present Use
19394: ldap_create() instead of deprecated ldap_init() Use
19395: ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
19396: [85d3825b1953]
19397:
19398: * config.h.in, configure, configure.in:
19399: Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
19400: CFLAGS
19401: [240524512bc5]
19402:
19403: 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
19404:
19405: * config.h.in, configure, configure.in:
19406: add check for ldap_create
19407: [3089badd73b8]
19408:
19409: 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
19410:
19411: * config.h.in, configure, configure.in, ldap.c:
19412: Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
19413: dn using the mechanism appropriate for the LDAP SDK in use. Use
19414: ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
19415: ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
19416: [6deeca3d00cc]
19417:
19418: * lbuf.c:
19419: include unistd.h
19420: [8419ed0bae7f]
19421:
19422: * config.h.in, configure.in:
19423: fix typo in mtim_getnsec
19424: [2d5f21230a60]
19425:
19426: 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
19427:
19428: * config.h.in, configure, configure.in:
19429: add check for st__tim in struct stat as used by SCO
19430: [587060ea2a89]
19431:
19432: * ldap.c:
19433: use ldap_search_ext_s instead of deprecated ldap_search_s
19434: [5fc44fe3b44c]
19435:
19436: * Makefile.in, TODO, sudo.cat, sudo.man.in:
19437: add sudo_nss.h to HDRS
19438: [86f01a70ff29]
19439:
19440: * ldap.c:
19441: Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
19442: ldap_rdn2str().
19443: [aa217002cfae]
19444:
19445: 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
19446:
19447: * ldap.c:
19448: Use ldap_get_values_len()/ldap_value_free_len() instead of the
19449: deprecated ldap_get_values()/ldap_value_free().
19450: [e22dceb85e57]
19451:
19452: * ChangeLog:
19453: sync
19454: [adad27b36107]
19455:
19456: * TODO:
19457: sync
19458: [c449eb47e0ef]
19459:
19460: * gettime.c, sudo.c:
19461: Remove some already fixed XXXs
19462: [532788d0e6da]
19463:
19464: * ldap.c:
19465: Same return value as non-existent sudoers if LDAP was unable to
19466: connect.
19467: [5819810e8e4e]
19468:
19469: * sudo.pod:
19470: mention /etc/environment
19471: [ea8e6102f853]
19472:
19473: * README.LDAP, UPGRADE, WHATSNEW:
19474: Update to reflect recent developments.
19475: [ed1fb026fe77]
19476:
19477: * sudo.c:
19478: Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
19479: [55b68a58260d]
19480:
19481: * ldap.c:
19482: When building up a query don't list groups in the aux group vector
19483: that are the same as the passwd file group. On most systems the
19484: first gid in the group vector is the same as the passwd entry gid.
19485: [4bb51e297e0d]
19486:
19487: * env.c, ldap.c:
19488: Define LDAPNOINIT before calling ldap_init(), etc. to disable user
19489: ldaprc and system defaults that could affect how LDAP works.
19490: [ce5036440db2]
19491:
19492: * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
19493: sudo_nss.c, sudo_nss.h:
19494: Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
19495: to specify nsswitch.conf path or disable it. If --with-nsswitch=no
19496: but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
19497: file and --with-ldap-secret-file
19498: [ea5d7704381f]
19499:
19500: * parse.c:
19501: Honor def_ignore_local_sudoers
19502: [f38e1121fae1]
19503:
19504: 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
19505:
19506: * ldap.c:
19507: no longer need to check def_ignore_local_sudoers here
19508: [fce2a72f96fb]
19509:
19510: * parse.c:
19511: Refactor group vector resetting into a function and also call it
19512: from display_cmnd. Stop after the first sucessful match in
19513: display_cmnd. Print a newline between each display_privs method.
19514: [981b37b5adff]
19515:
19516: * parse.c:
19517: fix double free introduced in rev 1.218
19518: [c574b02d8747]
19519:
19520: * ldap.c:
19521: belt and suspenders; zero out result after freeing it
19522: [7732988d4620]
19523:
19524: * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
19525: Refactor line reading into a separate function, sudo_parseln(),
19526: which removes comments, leading/trailing whitespace and newlines.
19527: May want to rethink the use of sudo_parseln() for /etc/ldap.secret
19528: [61d9068f0645]
19529:
19530: * parse.c, sudo.c:
19531: Make the inability to read the sudoers file a non-fatal error if
19532: there are other sudoers sources available. sudoers_file_lookup now
19533: returns "not OK" if sudoers was not present
19534: [643babf597a8]
19535:
19536: * ldap.c:
19537: make it clear that the global options are from LDAP
19538: [9ff950349463]
19539:
19540: * logging.c:
19541: allocate proper amount of space for error string
19542: [8bebb7d46d19]
19543:
19544: * sudo_nss.c, sudo_nss.h:
19545: actual sudo nss code
19546: [5bd7d52d7738]
19547:
19548: * ldap.c, parse.c, sudo.c, sudo.h:
19549: nss-ify display_privs and display_cmnd.
19550: [cccfdd3253f2]
19551:
19552: * defaults.c, parse.c, testsudoers.c, visudo.c:
19553: move update_defaults() to parse.c
19554: [ace144b958a9]
19555:
19556: * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
19557: Use nsswitch to hide some sudoers vs. ldap implementation details
19558: and reduce the number of #ifdef LDAP TODO: fix display routines and
19559: error handling
19560: [6225edde89a6]
19561:
19562: 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
19563:
19564: * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
19565: First cut at nsswitch.conf support. Further reorganizaton and
19566: related changes are forthcoming.
19567: [717f59d0790b]
19568:
19569: 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
19570:
19571: * env.c, pathnames.h.in, sudo.c, sudo.h:
19572: Add support for reading and /etc/environment file. Still needs to be
19573: documented and should probably only applies to OSes that have it
19574: (AIX and Linux, maybe others).
19575: [15d3edae27e4]
19576:
19577: * ldap.c:
19578: include limits.h
19579: [e19875ef0f82]
19580:
19581: 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
19582:
19583: * WHATSNEW:
19584: reword LDAP SASL
19585: [7ec3c4ec31b5]
19586:
19587: 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
19588:
19589: * TODO:
19590: sync
19591: [87c5a7aea7bf]
19592:
19593: * README.LDAP:
19594: Add an example sudoRole, clarify netscape vs. openldap a bit more
19595: [6f96c0ca8107]
19596:
19597: * README.LDAP:
19598: Be clear on what is OpenLDAP vs. Netscape-derived
19599: [a33c8314dec5]
19600:
19601: * config.h.in, configure, configure.in, ldap.c:
19602: Use ldapssl_init() for ldaps support instead of trying to do it
19603: manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
19604: and tls_key for cert7.db and key3.db respectively. Don't print
19605: debugging info for options that are not set. Add warning if
19606: start_tls specified when not supported.
19607: [abb62dc7e4a3]
19608:
19609: * ldap.c:
19610: fix compilation on solaris
19611: [03d449684e80]
19612:
19613: * Makefile.in:
19614: add missing .h and .c files for missing lib objs
19615: [8b37825bdfc7]
19616:
19617: 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
19618:
19619: * ldap.c:
19620: fix LDAP_OPT_NETWORK_TIMEOUT setting
19621: [226eba89c0ad]
19622:
19623: * ldap.c:
19624: fix compilation on Solaris
19625: [917d47639eb6]
19626:
19627: 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
19628:
19629: * configure, configure.in:
19630: fix typo
19631: [009d5c81b225]
19632:
19633: * README.LDAP:
19634: try to clear up which variables are for OpenLDAP and which are for
19635: netscape-derived SDKs
19636: [f8d9823ee73c]
19637:
19638: * config.h.in, configure, configure.in, ldap.c:
19639: Add support for "ssl on" in both netscape and openldap flavors. Only
19640: the OpenLDAP flavor has been tested.
19641: [952745829ec5]
19642:
19643: * logging.c, sudo.c, sudo.h:
19644: Call cleanup() before exit in log_error() instead of calling
19645: sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
19646: [da02d1b67a2c]
19647:
19648: * sudo.c:
19649: ld -> ldap_conn
19650: [01afa6d927cc]
19651:
19652: 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
19653:
19654: * logging.c, sudo.c, sudo.h:
19655: Better ldap cleanup.
19656: [25b9abe2d617]
19657:
19658: * ldap.c:
19659: Distinguish between LDAP conf settings that are connection-specific
19660: (which take an ld pointer) and those that are default settings
19661: (which do not).
19662: [d48dc6c9c3b4]
19663:
19664: 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
19665:
19666: * ldap.c:
19667: Improved warnings on error.
19668: [c8dce7b4feb4]
19669:
19670: * ldap.c:
19671: Make ldap config table driven and set the config *after* we open the
19672: connection.
19673: [d9698b5a2681]
19674:
19675: 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
19676:
19677: * ldap.c:
19678: fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
19679: [598c6df06660]
19680:
19681: * configure, configure.in:
19682: some operating systems need to link with -lkrb5support when using
19683: krb5
19684: [8896365dde9e]
19685:
19686: 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
19687:
19688: * WHATSNEW:
19689: minor update
19690: [acfeeb7f4886]
19691:
19692: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
19693: regen
19694: [a3c6699674f9]
19695:
19696: 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
19697:
19698: * ChangeLog, TODO:
19699: sync
19700: [138e99b925ee]
19701:
19702: * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
19703: add -g support for LDAP
19704: [8fc27dbe9287]
19705:
19706: 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
19707:
19708: * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
19709: The -i and -s flags can now take an optional command.
19710: [6afec104ee77]
19711:
19712: 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
19713:
19714: * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
19715: sudoers.pod:
19716: Add passprompt_override flag to sudoers that will cause the prompt
19717: to be overridden in all cases. This flag is also set when the user
19718: specifies the -p flag.
19719: [e4c5402131a6]
19720:
19721: * sudo.c:
19722: Move setting of login class until after sudoers has been parsed. Set
19723: NewArgv[0] for -i after runas_pw has been set.
19724: [62a48c8c56fa]
19725:
19726: * configure, configure.in:
19727: Move the dgettext check.
19728: [5fd8a4712d1c]
19729:
19730: 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
19731:
19732: * auth/pam.c, config.h.in, configure, configure.in:
19733: Add basic support for looking up the string "Password: " in the PAM
19734: localized text db. This allows us to determine whether the PAM
19735: prompt is the default "Password: " one even if it has been
19736: localized.
19737:
19738: TODO: concatenate non-std PAM prompts and user-specified sudo
19739: prompts.
19740: [81c25a415d41]
19741:
19742: 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
19743:
19744: * Makefile.in, config.h.in, configure, configure.in, parse.c,
19745: set_perms.c, sudo.c, sudo.h:
19746: Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
19747: insufficient.
19748: [1cce6ec1a91e]
19749:
19750: * acsite.m4, configure, interfaces.c, memrchr.c:
19751: Fix typos; Martynas Venckus
19752: [be1233cca11a]
19753:
19754: 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
19755:
19756: * set_perms.c:
19757: Don't assume runas_pw is set; it may not be in the -g case.
19758: [aa11bd2193ac]
19759:
19760: 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
19761:
19762: * logging.c, set_perms.c:
19763: Set aux group vector for PERM_RUNAS and restore group vector for
19764: PERM_ROOT if we previously changed it. Stash the runas group vector
19765: so we don't have to call initgroups more than once. Also add no-op
19766: check to check_perms.
19767: [53837fc755f7]
19768:
19769: 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
19770:
19771: * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
19772: ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
19773: pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
19774: sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
19775: testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
19776: Add support for runas groups. This allows the user to run a command
19777: with a different effective group. If the -g option is specified
19778: without -u the command will be run as the current user (only the
19779: group will change). the -g and -u options may be used together.
19780: TODO: implement runas group for ldap improve runas group
19781: documentation add testsudoers support
19782: [9019309df6d0]
19783:
19784: * configure, configure.in:
19785: fix setting of mandir
19786: [2c60f269399f]
19787:
19788: * sudo.pod, sudoers.pod:
19789: document that ALL implies SETENV
19790: [bcc8e5b703b9]
19791:
19792: * ldap.c:
19793: s/setenv_ok/setenv_implied/g
19794: [f005df2c2eea]
19795:
19796: * ldap.c:
19797: hostname_matches() returns TRUE on match in sudo 1.7.
19798: [c3d4377b6e8b]
19799:
19800: * ldap.c:
19801: use strcmp, not strcasecmp when comparing ALL
19802: [e486024574a1]
19803:
19804: * ldap.c:
19805: Make sudo ALL imply setenv. Note that unlike with file-based sudoers
19806: this does affect all the commands in the sudoRole.
19807: [bc12f54321d1]
19808:
19809: * gram.c, gram.y, parse.c, parse.h:
19810: sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
19811: it is not passed on to other commands in the list.
19812: [026e2cb40680]
19813:
19814: * visudo.c:
19815: Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
19816: sudo_getpwuid() instead of getpwuid().
19817: [86f30a8fbd49]
19818:
19819: 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
19820:
19821: * sudoers:
19822: Expand on the dangers of not using visudo to edit sudoers.
19823: [e434e8057d02]
19824:
19825: 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
19826:
19827: * parse.c:
19828: Don't quote *?[]! on output since the lexer does not strip off the
19829: backslash when reading those in.
19830: [561da4a13afa]
19831:
19832: 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
19833:
19834: * glob.c:
19835: expand "u_foo" types to "unsigned foo" to avoid compatibility
19836: issues.
19837: [b0d7c64d78c3]
19838:
19839: 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
19840:
19841: * logging.c:
19842: Refactor log line generation in to new_logline().
19843: [6a9b9730615d]
19844:
19845: 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
19846:
19847: * TROUBLESHOOTING:
19848: fix typo
19849: [9e19d4f86e47]
19850:
19851: 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
19852:
19853: * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
19854: match.c:
19855: Add configure check for struct in6_addr instead of relying on
19856: AF_INET6 since some systems define AF_INET6 but do not include IPv6
19857: support.
19858: [e24082c416bd]
19859:
19860: 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
19861:
19862: * configure, configure.in:
19863: Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
19864: use.
19865: [76a9df4a63be]
19866:
19867: 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
19868:
19869: * configure, configure.in:
19870: POSIX states that struct timespec be declared in time.h so check
19871: there regardless of the value of TIME_WITH_SYS_TIME.
19872: [e42c55ec9daf]
19873:
19874: 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
19875:
19876: * tgetpass.c:
19877: Instead of defining a macro to call the appropriate method for
19878: turning on/off echo, just define tc[gs]etattr() and the related
19879: defines that use the correct terminal ioctls if needed. Also go back
19880: to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
19881: [5dfb2379d995]
19882:
19883: 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
19884:
19885: * Makefile.in:
19886: g/c @ALLOCA@
19887: [e6946c2e3820]
19888:
19889: * configure:
19890: regen
19891: [9bac7159a138]
19892:
19893: * INSTALL, auth/pam.c, config.h.in, configure.in:
19894: Add --disable-pam-session configure option to disable calling
19895: pam_{open,close}_session. May work around bugs in some PAM
19896: implementations.
19897: [273d0fdb4a9d]
19898:
19899: 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
19900:
19901: * tgetpass.c:
19902: quiet gcc warnings
19903: [325565c5a579]
19904:
19905: * tgetpass.c:
19906: Avoid printing the prompt if we are already backgrounded. E.g. if
19907: the user runs "sudo foo &" from the shell. In this case, the call to
19908: tcsetattr() will cause SIGTTOU to be delivered.
19909: [db2139a8d8b8]
19910:
19911: 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
19912:
19913: * def_data.c, def_data.h, def_data.in:
19914: Reorder things such that the definition of env_reset come right
19915: before the env variable lists.
19916: [e0d8e22a581a]
19917:
19918: * parse.h:
19919: Shrink type and seqno in struct alias from int to u_short
19920: [9425263dd565]
19921:
19922: * alias.c, match.c, parse.c, parse.h:
19923: Add a sequence number in the aliases for loop detection. If we find
19924: an alias with the seqno already set to the current (global) value we
19925: know we've visited it before so ignore it.
19926: [301a0548ffff]
19927:
19928: 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
19929:
19930: * TODO, auth/pam.c, sudo.c, sudo.h:
19931: PAM wants the full tty path so add user_ttypath which holds the full
19932: path to the tty or is NULL if no tty was present.
19933: [c7c1dd4b36c8]
19934:
19935: * auth/pam.c:
19936: Set PAM_RHOST to work around a bug in Solaris 7 and lower that
19937: results in a segv.
19938: [3a8865b3a357]
19939:
19940: 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
19941:
19942: * gram.c:
19943: regen
19944: [5647be127950]
19945:
19946: * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
19947: parse.h, testsudoers.c, visudo.c:
19948: rename lh_ -> tq_
19949: [8f500c542c4a]
19950:
19951: 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
19952:
19953: * alloc.c:
19954: remove some useless casts
19955: [409a448b23f5]
19956:
19957: * alloc.c:
19958: pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
19959: predates the final C99 spec and the standard specifies that it shall
19960: include stdint.h anyway
19961: [ae478fdef61a]
19962:
19963: 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
19964:
19965: * Makefile.in, alloca.c, configure.in:
19966: Since we ship with a pre-generated parser there is no need to ship a
19967: bogus alloca implementation.
19968: [3f611a7cc0e5]
19969:
19970: * configure:
19971: regen
19972: [771eccf5269c]
19973:
19974: * configure.in:
19975: remove initial setting of CHECKSIA, we require that it be unset if
19976: not used
19977: [a2e91adc5aa2]
19978:
19979: * Makefile.in:
19980: add list.c to SRCS
19981: [7db0e56cf5b9]
19982:
19983: * configure:
19984: regen
19985: [3716ec30172e]
19986:
19987: * configure.in:
19988: only do SIA checks on Digital Unix
19989: [6a96e1af2597]
19990:
19991: 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
19992:
19993: * sudoers.cat, sudoers.man.in:
19994: regen
19995: [ac1dc29de72b]
19996:
19997: * ChangeLog, TODO:
19998: sync
19999: [781effce0a2d]
20000:
20001: * auth/kerb5.c:
20002: Remove call to krb5_cc_register() as it is not needed for modern
20003: kerb5.
20004: [351b8b764f16]
20005:
20006: * configure:
20007: regen
20008: [ac21dbcc9c2c]
20009:
20010: * aclocal.m4, configure.in:
20011: New method for setting the default authentication type and avoiding
20012: conflicts in auth types.
20013: [5fb15be11f78]
20014:
20015: * match.c, parse.c, testsudoers.c:
20016: Each entry in a cmndlist now has an associated runaslist so no need
20017: to keep track of the most recent non-NULL one.
20018: [582e015786b0]
20019:
20020: 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
20021:
20022: * ldap.c:
20023: back out partial ldaps support mistakenly committed
20024: [357703e94b2d]
20025:
20026: * ldap.c:
20027: Add support for unix groups and netgroups in sudoRunas
20028: [2f04eb91c6d0]
20029:
20030: 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
20031:
20032: * sudo_edit.c:
20033: Fix sudoedit of a non-existent file. From Tilo Stritzky.
20034: [a5488a03bddd]
20035:
20036: 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
20037:
20038: * configure:
20039: regen
20040: [541177376ee1]
20041:
20042: * INSTALL:
20043: update --passprompt escape info
20044: [6d57db4cd538]
20045:
20046: * configure.in:
20047: remove now-bogus comment and update copyright date
20048: [6a4af45fa331]
20049:
20050: * configure.in:
20051: Fix up use of with_passwd
20052: [7c79d8640f77]
20053:
20054: * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
20055: Update to autoconf-2.61 andf libtool-1.5.24
20056: [045259b0b439]
20057:
20058: * Makefile.in:
20059: "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
20060: [f5b6a7afb817]
20061:
20062: 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
20063:
20064: * gram.c:
20065: regen
20066: [b5b78e71d2cb]
20067:
20068: * gram.y:
20069: move tags and runaslist propagation to be earlier
20070: [94f7805f4489]
20071:
20072: * visudo.c:
20073: If -f flag given use the permissions of the original file as a
20074: template
20075: [9303d22bddb0]
20076:
20077: * gram.y:
20078: prevent a double free() when re-initing the parser
20079: [5b3907c4de5a]
20080:
20081: 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
20082:
20083: * configure:
20084: regen
20085: [49a90b19a17d]
20086:
20087: * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
20088: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
20089: auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
20090: configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
20091: parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
20092: sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
20093: Remove support for compilers that don't support void *
20094: [35e1d01ae197]
20095:
20096: * gram.c:
20097: regen
20098: [70ce412a458a]
20099:
20100: * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
20101: parse.c, parse.h, testsudoers.c, visudo.c:
20102: Move list manipulation macros to list.h and create C versions of the
20103: more complex ones in list.c. The names have been down-cased so they
20104: appear more like normal functions.
20105: [9cea0e281148]
20106:
20107: * Makefile.in:
20108: Fix cmp command when regenerating parser. Make gram.o the first
20109: dependency for all programs so gram.h will be generated before
20110: anything that needs it.
20111: [429ea065abf1]
20112:
20113: * gram.y, parse.h:
20114: Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
20115: [2f3433833589]
20116:
20117: * match.c, parse.c, testsudoers.c:
20118: Use LH_FOREACH_REV when checking permission and short-circuit on the
20119: first non-UNSPEC hit we get for the command. This means that instead
20120: of cycling through the all the parsed sudoers entries we start at
20121: the end and work backwards and quit after the first positive or
20122: negative match.
20123: [881474532f3e]
20124:
20125: * gram.c:
20126: regen
20127: [9152a19d4188]
20128:
20129: * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
20130: Change list head macros to take a pointer, not a struct.
20131: [054f1dcce4cc]
20132:
20133: * gram.c:
20134: regen
20135: [be154aae6235]
20136:
20137: * gram.y:
20138: Propagate the runasspec from one command to the next in a cmndspec.
20139: [4957b1cb03a3]
20140:
20141: 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
20142:
20143: * match.c:
20144: Replace has_meta() with a macro that calls strpbrk().
20145: [a2e58846a542]
20146:
20147: * regen
20148: [5a932a5c9451]
20149:
20150: * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
20151: testsudoers.c, visudo.c:
20152: Use a list head struct when storing the semi-circular lists and
20153: convert to tail queues in the process. This will allow us to reverse
20154: foreach loops more easily and it makes it clearer which functions
20155: expect a list as opposed to a single member.
20156:
20157: Add macros for manipulating lists. Some of these should become
20158: functions.
20159:
20160: When freeing up a list, just pop off the last item in the queue
20161: instead of going from head to tail. This is simpler since we don't
20162: have to stash a pointer to the next member, we always just use the
20163: last one in the queue until the queue is empty.
20164:
20165: Rename match functions that take a list to have list in the name.
20166: Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
20167: [7c37b271607a]
20168:
20169: * parse.c:
20170: Fix pasto, append "!" not negated (which is an int) for sudo -l
20171: output.
20172: [93a444c3997f]
20173:
20174: * Makefile.in:
20175: Remove the dependency of gram .h on gram.y, the .c dependency is
20176: enough. Only move y.tab.h to gram.h if it is different; avoids
20177: needless rebuilding.
20178: [67bf4ea2a2e5]
20179:
20180: 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
20181:
20182: * sudoers.pod:
20183: Defaults lines may be associated with lists of users, hosts,
20184: commands and runas users, not just single entries.
20185: [795effacb6be]
20186:
20187: 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
20188:
20189: * Makefile.in:
20190: Revert the "cmp" portion of the last diff, it doesn't make sense.
20191: [26f34bf4e2e3]
20192:
20193: * Makefile.in:
20194: Remove *.lo for clean: When generating the parser, only move the
20195: generated files into place if they differ from the existing ones.
20196: [84673fea371b]
20197:
20198: 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
20199:
20200: * toke.c, toke.l:
20201: Replace IPV6 regexp with a much simpler (readable) one and add an
20202: extra check when it matches to make sure we have a valid address.
20203: [592e9f690556]
20204:
20205: * match.c:
20206: Fix thinko introduced when merging IPV6 support.
20207: [da38cd5eb8c7]
20208:
20209: 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
20210:
20211: * HISTORY, LICENSE:
20212: regen
20213: [0d7b27b90634]
20214:
20215: * license.pod:
20216: add 2007
20217: [510e5048ae1a]
20218:
20219: * UPGRADE:
20220: mention #uid vs. comment pitfall
20221: [4d2861898bcc]
20222:
20223: * acsite.m4:
20224: Merge in a patch from the libtool cvs that fixes a problem with the
20225: latest autoconf. From Stepan Kasal.
20226: [0c279ae7df3e]
20227:
20228: * parse.h:
20229: Back out he XOR swap trick, it is slower than a temp variable on
20230: modern CPUs.
20231: [91c4b024e317]
20232:
20233: * gram.c:
20234: regen
20235: [cb6d4106fb74]
20236:
20237: * gram.y, parse.h:
20238: Convert the tail queue to a semi-circle queue and use the XOR swap
20239: trick to swap the prev pointers during append.
20240: [8bf4d9fbee58]
20241:
20242: 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
20243:
20244: * parse.h:
20245: remove useless statement
20246: [421ec1dd73e6]
20247:
20248: * toke.c, toke.l:
20249: Refactor #include parsing into a separate function and return
20250: unparsed chars (such as newline or comment) back to the lexer.
20251: [64166917aa3d]
20252:
20253: 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
20254:
20255: * WHATSNEW:
20256: mention better uid support
20257: [56f510e7f2ec]
20258:
20259: * sudoers.pod:
20260: Users may now consist of a uid.
20261: [5fd31b2c55ed]
20262:
20263: * gram.c, gram.h, toke.c:
20264: regen
20265: [599e58af6dc1]
20266:
20267: * parse.c:
20268: Use lbuf_append_quoted() for sudo -l output to quote characters that
20269: would require quoting in sudoers.
20270: [3132d05c990a]
20271:
20272: * lbuf.c, lbuf.h:
20273: Add lbuf_append_quoted() which takes a set of characters which
20274: should be quoted with a backslash when displayed.
20275: [ab09bebb1d65]
20276:
20277: * toke.l:
20278: Require that the first character after a comment not be a digit or a
20279: dash. This allows us to remove the GOTRUNAS state and treat uid/gids
20280: similar to other words. It also means that we can now specify uids
20281: in User_Lists and a User_Spec may now contain a uid.
20282: [461fe01f8392]
20283:
20284: * gram.y, toke.l:
20285: Replace RUNAS token with '(' and ')' tokens to make the runas
20286: portion of the grammar more natural.
20287: [e0c383b4684d]
20288:
20289: * BUGS:
20290: The BUGS file is history
20291: [4d9a809585c7]
20292:
20293: * Makefile.in, README:
20294: The BUGS file is history
20295: [d9500e261172]
20296:
20297: 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
20298:
20299: * toke.c, toke.l:
20300: Allow comments after a RunasAlias as long as the character after the
20301: pound sign isn't a digit or a dash.
20302: [d7f3bd94eeda]
20303:
20304: * WHATSNEW:
20305: Glob support was back-ported to 1.6.9
20306: [d1d5cfd46228]
20307:
20308: 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
20309:
20310: * Makefile.in:
20311: remove sudo_usage.h in distclean
20312: [df05ce9c4127]
20313:
20314: * parse.c:
20315: If a Defaults value contains a blank, double-quote the string.
20316: [9057a910daad]
20317:
20318: * toke.c, toke.l:
20319: Properly deal with Defaults double-quoted strings that span multiple
20320: lines using the line continuation char. Previously, the entire
20321: thing, including the continuation char, newline, and spaces was
20322: stored as-is.
20323: [4a4e8eacefe6]
20324:
20325: * sudo.c:
20326: Be consistent when using single quotes and backticks.
20327: [d010b83a0fa1]
20328:
20329: 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
20330:
20331: * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
20332: sudo.c, sudo_usage.h.in:
20333: Add new linebuf code to do appends of dynamically allocated strings
20334: and word-wrapped output. Currently used for sudo's usage() and sudo
20335: -l output. Sudo usage strings are now in sudo_usage.h which is
20336: generated at configure time.
20337: [4dfd0ee8d961]
20338:
20339: 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
20340:
20341: * parse.c, sudo.c, sudo.h:
20342: Fix line wrapping in usage() and use the actual tty width instead of
20343: assuming 80.
20344: [700eab37c5a6]
20345:
20346: 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
20347:
20348: * history.pod:
20349: some more info
20350: [8140112a8ae1]
20351:
20352: * history.pod:
20353: Mentioned Chris Jepeway's parser and also the new one that is in
20354: sudo 1.7.
20355: [2132d00f0597]
20356:
20357: 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
20358:
20359: * sudo.pod, visudo.pod:
20360: For the options list, add flag args where appropriate and increase
20361: the indent level so there is room for them.
20362: [2b60fb572e12]
20363:
20364: 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
20365:
20366: * parse.c:
20367: Fix some spacing in "sudo -l" and add a comment about some bogosity
20368: in the line wrapping.
20369: [b59b056f5ee2]
20370:
20371: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
20372: visudo.man.in:
20373: regen
20374: [5fb719f18ebc]
20375:
20376: * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
20377: def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
20378: parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
20379: testsudoers.c, toke.c, toke.l:
20380: Remove monitor support until there is a versino of systrace that
20381: uses a lookaside buffer (or we have a better mechanism to use).
20382: [61ff76878e4a]
20383:
20384: * config.h.in, configure, configure.in, sudo.c:
20385: use getaddrinfo() instead of gethostbyname() if it is available
20386: [cc33c136aa6a]
20387:
20388: 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
20389:
20390: * parse.c, sudo.c:
20391: Deal with OSes where sizeof(gid_t) < sizeof(int).
20392: [130a89cbdfba]
20393:
20394: * interfaces.c:
20395: repair non-getifaddrs() code after ipv6 integration
20396: [7ae7a89e2236]
20397:
20398: * sudo.c:
20399: If we can open sudoers but fail to read the first byte, close the
20400: file stream before trying again.
20401: [6f31272fae7b]
20402:
20403: 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
20404:
20405: * toke.c:
20406: regen
20407: [4d7afe0aa6fa]
20408:
20409: * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
20410: Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
20411: [4e6ff2965a42]
20412:
20413: * sudo.pod, sudoers.pod, visudo.pod:
20414: Add some missing markup Update copyright
20415: [7e6d3c686b5e]
20416:
20417: 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
20418:
20419: * configure, configure.in:
20420: fix sudo_noexec extension which got broken in the libtool update
20421: [3a5b447df861]
20422:
20423: 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
20424:
20425: * Makefile.in:
20426: explicitly specify -Tascii to nroff
20427: [45c8da4cbefe]
20428:
20429: 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
20430:
20431: * logging.c:
20432: remove an ANSI-ism that crept in
20433: [29086f87b2ca]
20434:
20435: 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
20436:
20437: * sudo.pod:
20438: Adjust list indents Prevent -- from being turned into an em dash Use
20439: a list for the environment instead of a literal paragraph
20440: [c3abcd8f76f4]
20441:
20442: * visudo.pod:
20443: Use a list for the environment instead of an indented literal
20444: paragraph.
20445: [0ffcfcb7349f]
20446:
20447: * sudoers.pod:
20448: Adjust list indentation
20449: [615c89e3123a]
20450:
20451: * license.pod:
20452: add =head3
20453: [8b2e0d38c0bd]
20454:
20455: 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
20456:
20457: * sudo.pod:
20458: mention that when specifying a uid for the -u option the shell may
20459: require that the # be escaped
20460: [3e3a17bff150]
20461:
20462: 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
20463:
20464: * match.c:
20465: Fix off by one in group matching.
20466: [b529602b7fba]
20467:
20468: 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
20469:
20470: * env.c:
20471: Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
20472: [ffbf8907c6e7]
20473:
20474: 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
20475:
20476: * configure, configure.in:
20477: Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
20478: -lgssapi_krb5 case.
20479: [2b85a89c2252]
20480:
20481: * aclocal.m4, configure, configure.in:
20482: Fix link tests such that new gcc doesn't optimize away the test.
20483: [83484ec95cba]
20484:
20485: 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
20486:
20487: * sudo.pod, sudoers.pod, visudo.pod:
20488: add missing over/back
20489: [251a12c89b91]
20490:
20491: * sudo.pod, sudoers.pod, visudo.pod:
20492: Change FILES section to use =item
20493: [60b9efc3a0b2]
20494:
20495: * env.c:
20496: Add back allocation of the env struct in rebuild_env but save a copy
20497: of the old pointer and free it before returning.
20498: [1100cd4fa997]
20499:
20500: * env.c:
20501: Don't init the private environment in rebuild_env() since it may
20502: have already been done implicitly sudo_setenv/sudo_unsetenv.
20503:
20504: Multiply length by sizeof(char *) in memcpy/memmove when copying the
20505: environment so we copy the full thing.
20506:
20507: Add missing set of parens so we deref the right pointer in
20508: sudo_unsetenv when searching for a matching variable.
20509: [9086a8f756b1]
20510:
20511: 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
20512:
20513: * sudo.pod, sudoers.pod, visudo.pod:
20514: Use file markup for paths in the FILES section
20515: [940d99f731f2]
20516:
20517: * sudo.pod, sudoers.pod, visudo.pod:
20518: Don't capitalize sudo/visudo
20519: [f067a455d44b]
20520:
20521: * sudoers.pod:
20522: Sort sudoers options; based on a diff from Igor Sobrado.
20523: [a9b9befe85ac]
20524:
20525: 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
20526:
20527: * sudo.pod, sudoers.pod, visudo.pod:
20528: Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
20529: latter confuses pod2man. The Makefile rules for the .man.in file
20530: will add @mansectsu@ and @mansectform@ back in after pod2man is done
20531: anyway.
20532: [b50ea0db727c]
20533:
20534: 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
20535:
20536: * LICENSE, Makefile.in, license.pod:
20537: Move license info to pod format
20538: [25bdd82e592b]
20539:
20540: * configure, configure.in, sudoers.pod:
20541: Substitute value of path_info into sudoers man page.
20542: [9ba661a82798]
20543:
20544: * WHATSNEW:
20545: remove features that were back-ported to 1.6.9
20546: [e76d756cbe65]
20547:
20548: * sudo.c, sudo.pod, visudo.c, visudo.pod:
20549: Sort SYNOPSIS and sync usage. From Igor Sobrado.
20550: [4970386c9e54]
20551:
20552: * env.c:
20553: Only need sudo_setenv/sudo_unsetenv if we are going to use
20554: ldap_sasl_interactive_bind_s() but don't have
20555: gss_krb5_ccache_name().
20556: [f1a73d8b35c5]
20557:
20558: * ChangeLog:
20559: rebuild without branch info
20560: [5d5a33494677]
20561:
20562: * Makefile.in:
20563: Add ChangeLog target
20564: [a702034fdd89]
20565:
20566: * auth/pam.c:
20567: Run cleanup code if the user hits ^C at the password prompt.
20568: [9cf87768e921]
20569:
20570: * auth/pam.c:
20571: Some versions of pam_lastlog have a bug that will cause a crash if
20572: PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
20573: string.
20574: [5b63f6c88866]
20575:
20576: 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
20577:
20578: * Makefile.in:
20579: ChageLog not Changelog
20580: [1243d8473ceb]
20581:
20582: * ChangeLog:
20583: sync
20584: [d887df98c6b0]
20585:
20586: * Makefile.in:
20587: CHANGE -> Changelog
20588: [917738df30dd]
20589:
20590: * TODO:
20591: sync
20592: [cd382f7d1948]
20593:
20594: 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
20595:
20596: * config.h.in, configure, configure.in, ldap.c:
20597: Add configure hooks for gss_krb5_ccache_name() and the gssapi
20598: headers.
20599: [139606209991]
20600:
20601: 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
20602:
20603: * env.c, sudo.c:
20604: rebuild_env() and insert_env_vars() no longer return environment
20605: pointer, they set environ directly.
20606:
20607: No longer need to pass around an envp pointer since we just operate
20608: on environ now.
20609:
20610: Add dosync argument to insert_env() that indicates whether it should
20611: reset environ when realloc()ing env.envp.
20612:
20613: Use an initial size of 128 for the environment.
20614: [4735fd5fddb8]
20615:
20616: * env.c:
20617: Split sudo_setenv() into an external version and a version only for
20618: use by rebuild_env().
20619: [fda7d655adb1]
20620:
20621: 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
20622:
20623: * ldap.c:
20624: Add support for using gss_krb5_ccache_name() instead of setting
20625: KRB5CCNAME. Also use sudo_unsetenv() in the non-
20626: gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
20627: original environment. TODO: configure setup for
20628: gss_krb5_ccache_name()
20629: [fcafa5a49caf]
20630:
20631: * README.LDAP:
20632: add krb5_ccname
20633: [fceb8f883886]
20634:
20635: * README.LDAP, ldap.c:
20636: Add support for sasl_secprops in ldap.conf
20637: [1f06f4bf7347]
20638:
20639: * env.c, sudo.h:
20640: Add sudo_unsetenv() and refactor private env syncing code into
20641: sync_env().
20642: [045ecb3fd22b]
20643:
20644: * README.LDAP, ldap.c:
20645: The ldap.conf variable is sasl_auth_id not sasl_authid.
20646: [a5f98491311b]
20647:
20648: 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
20649:
20650: * ldap.c, sudo.c, sudo.h:
20651: Add support for krb5_ccname in ldap.conf. If specified, it will
20652: override the default value of KRB5CCNAME in the environment for the
20653: duration of the call to ldap_sasl_interactive_bind_s().
20654: [b08a10c3045b]
20655:
20656: * env.c, sudo.h:
20657: Remove format_env() Add sudo_setenv() to replace most format_env() +
20658: insert_env() combinations. insert_env() no longer takes a struct
20659: environment *
20660: [131da52f43f3]
20661:
20662: * ldap.c:
20663: Fix use_sasl vs. rootuse_sasl logic.
20664: [0c0417b6918c]
20665:
20666: * README.LDAP, config.h.in, configure, configure.in, ldap.c:
20667: Add support for SASL auth when connecting to an LDAP server. Adapted
20668: from a diff by Tom McLaughlin.
20669: [a6285f1356ea]
20670:
20671: 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
20672:
20673: * configure, configure.in:
20674: Only enable AIX or BSD auth if no other exclusive auth method has
20675: been chosen. Allows people to e.g., use PAM on AIX without adding
20676: --without-aixauth. A better solution is needed to deal with default
20677: authentication since if a non-exclusive method is chosen we will
20678: still get an error.
20679: [83f7afdc0ec3]
20680:
20681: 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
20682:
20683: * HISTORY, Makefile.in, history.pod:
20684: Generate HISTORY from history.pod (which is also used for web pages)
20685: [60bcd5164931]
20686:
20687: 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
20688:
20689: * sudo.man.in, sudoers.man.in:
20690: regen
20691: [63956a366191]
20692:
20693: * sudo.pod:
20694: Better explanation of environment handling in the sudo man page.
20695: [6c247742f7ee]
20696:
20697: * env.c, sudo.c:
20698: Defer setting user-specified env vars until after authentication.
20699: [4750b79323ee]
20700:
20701: * env.c:
20702: honor def_default_path for PATH set on the command line
20703: [6db31d9b6d65]
20704:
20705: * env.c, sudo.c, sudo.pod, sudoers.pod:
20706: Allow user to set environment variables on the command line as long
20707: as they are allowed by env_keep and env_check. Ie: apply the same
20708: restrictions as normal environment variables. TODO: deal with
20709: secure_path
20710: [26c0da3840cf]
20711:
20712: 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
20713:
20714: * sudo.c, sudo_edit.c:
20715: Call rebuild_env() in call cases. Pass original envp to sudo_edit().
20716: Don't allow -E or env var setting in sudoedit mode. More accurate
20717: usage() when called as sudoedit.
20718: [a4af20658361]
20719:
20720: * ldap.c:
20721: warn -> warning
20722: [d87d1192b048]
20723:
20724: * sudo.pod:
20725: add -c option to sudoedit synopsis
20726: [15b596a7e2db]
20727:
20728: * TODO:
20729: udpate to reality
20730: [e2f8fde89db1]
20731:
20732: * parse.c:
20733: Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
20734: value from {user,host,runas,cmnd}_matches(). Rename *matches
20735: variables -> *match. Purely cosmetic.
20736: [e54a44c00a88]
20737:
20738: * parse.c:
20739: Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
20740: in behavior.
20741: [c6272b4f2127]
20742:
20743: * sudoers:
20744: add SETENV tag
20745: [3a3066bb6788]
20746:
20747: 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
20748:
20749: * parse.c:
20750: Make pwcheck local to the pwflag block. Use pwcheck even if user
20751: didn't match since Defaults options may still apply.
20752: [45da9efbbafd]
20753:
20754: * check.c, sudo.c:
20755: Do not update timestamp if user not validated by sudoers.
20756: [a4a9d4364827]
20757:
20758: * set_perms.c:
20759: for PERM_RUNAS, set the egid to the runas user's gid and restore to
20760: the user's original in PERM_ROOT
20761: [1514bfb32847]
20762:
20763: * logging.c, mon_systrace.c, set_perms.c, sudo.h:
20764: PERM_FULL_ROOT is now no different than PERM_ROOT so remove
20765: PERM_FULL_ROOT
20766: [b9d047a3178c]
20767:
20768: * check.c:
20769: don't check timestamp mtime if we are just going to remove it
20770: [5d2470bc6cbd]
20771:
20772: * sudoers.pod:
20773: Move sudoers defaults parameters into their own section.
20774: [54701fbc0ff3]
20775:
20776: * testsudoers.c:
20777: Reduce a level of indent by a few placed continue statements.
20778: [5d5a9838c8ef]
20779:
20780: * parse.c:
20781: Make matching but negated commands/hosts/runas entries override a
20782: previous match as expected. Also reduce some levels of indent by a
20783: few placed continue statements.
20784: [dd59fa4b91a1]
20785:
20786: 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
20787:
20788: * parse.c:
20789: Print default runas in "sudo -l" if sudoers don't specify one.
20790: [07d408c400bd]
20791:
20792: * match.c:
20793: Less hacky way of testing whether the domain was set.
20794: [a537059776e5]
20795:
20796: 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
20797:
20798: * INSTALL:
20799: Mention pam-devel and openldap-devel for Linux
20800: [9e708c54ecc3]
20801:
20802: 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
20803:
20804: * README.LDAP:
20805: or vs. are
20806: [abe8c0f3a410]
20807:
20808: 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
20809:
20810: * sudo.c:
20811: fix typo in Solaris project support
20812: [2ffeb2d80959]
20813:
20814: * HISTORY:
20815: update
20816: [df162b36f120]
20817:
20818: * sudo.c:
20819: Make -- on the command line match the manual page. The implied shell
20820: case has been simplified as a result.
20821: [cd217a1f6694]
20822:
20823: 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
20824:
20825: * sudoers2ldif:
20826: add simplistic support for sudoRunas; note that if a sudoers entry
20827: contains multiple Runas users, all will apply to the sudoRole
20828: [65b11421f5c8]
20829:
20830: * sudoers2ldif:
20831: honor SETENV and NOSETENV tags
20832: [2c0d5ba7a09b]
20833:
20834: 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
20835:
20836: * mon_systrace.c:
20837: Redo setting of user_args. We now build up a private copy of argv
20838: first and then replace the NULs?with spaces.
20839: [ccbba72ea112]
20840:
20841: * mon_systrace.c:
20842: getcwd() returns NULL on failure, not 0 on success
20843: [88cd9e66e530]
20844:
20845: * mon_systrace.c:
20846: allow chunksiz to reach 1 before erroring out
20847: [619d68f14964]
20848:
20849: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
20850: visudo.man.in:
20851: regen
20852: [8db512d3caf0]
20853:
20854: 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
20855:
20856: * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
20857: logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
20858: toke.c, toke.l:
20859: Add support for setting environment variables on the command line.
20860: This is only allowed if the setenv sudoers options is enabled or if
20861: the command is prefixed with the SETENV tag.
20862: [5744caebd969]
20863:
20864: * README.LDAP:
20865: replace Aaron's email address with the sudo-workers list
20866: [2ffce5f9afc0]
20867:
20868: * configure:
20869: regen
20870: [8013dff82c0c]
20871:
20872: 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
20873:
20874: * schema.OpenLDAP, schema.iPlanet:
20875: Break schema out into separate files.
20876: [15e598e4c60b]
20877:
20878: * Makefile.in, README.LDAP:
20879: Break schema out into separate files.
20880: [1a53966ca1fa]
20881:
20882: 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
20883:
20884: * auth/aix_auth.c:
20885: free message if set by authenticate()
20886: [849c220c1236]
20887:
20888: * match.c:
20889: deal with NULL gr_mem
20890: [49e4d74f0bbe]
20891:
20892: 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
20893:
20894: * config.h.in:
20895: regen
20896: [fead999ad3e9]
20897:
20898: * configure.in:
20899: add template for HAVE_PROJECT_H
20900: [e6c42c2eaad1]
20901:
20902: * closefrom.c:
20903: include fcntl.h
20904: [54d98b382f03]
20905:
20906: 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
20907:
20908: * INSTALL:
20909: mention --with-project
20910: [d3ea3baad7c5]
20911:
20912: * config.h.in, configure.in, sudo.c:
20913: Add Solaris 10 "project" support. From Michael Brantley.
20914: [f14f3c8c6554]
20915:
20916: * sudoers.pod:
20917: fix typo
20918: [50db81a19787]
20919:
20920: * configure:
20921: regen
20922: [ea71afd3e564]
20923:
20924: * configure.in:
20925: Fix preservation of LDFLAGS in the LDAP case.
20926: [40a3a47e8059]
20927:
20928: * memrchr.c:
20929: Remove dependecy on NULL
20930: [c957ae5e1733]
20931:
20932: * configure:
20933: regen
20934: [4955ce0c6912]
20935:
20936: * aclocal.m4, configure.in:
20937: Can't use the regular autoconf fnmatch() check since we need
20938: FNM_CASEFOLD so go back to our custom one.
20939: [f10d76237486]
20940:
20941: * env.c:
20942: Fix preserving of variables in env_keep.
20943: [d040049d6b84]
20944:
20945: * env.c:
20946: add XAUTHORIZATION
20947: [0d589a5fe015]
20948:
20949: * UPGRADE:
20950: expand upon env resetting and mention that it began in 1.6.9 not
20951: 1.7.
20952: [dba251655c76]
20953:
20954: * sudoers.pod:
20955: Update descriptions of env_keep and env_check to match current
20956: reality.
20957: [dba77357954b]
20958:
20959: 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
20960:
20961: * env.c:
20962: Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
20963: LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
20964: [eec4632bd190]
20965:
20966: * env.c, logging.c:
20967: Treat USERNAME environemnt variable like LOGNAME/USER
20968: [09f52dcfd70c]
20969:
20970: * env.c:
20971: Don't need to populate keepenv table with the contents of the
20972: checkenv table.
20973: [527a14afd973]
20974:
20975: * sudo.c:
20976: Don't force sudo into the C locale.
20977: [8a5bd301ef96]
20978:
20979: * env.c:
20980: Make env_check apply when env_reset it true. Environment variables
20981: are passed through unless they contain '/' or '%'. There is no need
20982: to have a variable in both env_check and env_keep.
20983: [840c802721e4]
20984:
20985: 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
20986:
20987: * visudo.c:
20988: Remove an duplicate lock_file() call and add a comment.
20989: [5af9dcdf0eb6]
20990:
20991: * UPGRADE:
20992: Add sudo 1.6.9 upgrade note.
20993: [1585149f2914]
20994:
20995: 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
20996:
20997: * interfaces.c:
20998: Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
20999: small. From Klaus Wagner.
21000: [d6899fc44f77]
21001:
21002: * logging.c, sudo.h:
21003: Redo the long syslog line splitting based on a patch from Eygene
21004: Ryabinkin. Include memrchr() for systems without it.
21005: [66a50e8d553a]
21006:
21007: * memrchr.c:
21008: Redo the long syslog line splitting based on a patch from Eygene
21009: Ryabinkin. Include memrchr() for systems without it.
21010: [2f6702b7d41b]
21011:
21012: * Makefile.in, config.h.in, configure, configure.in:
21013: Redo the long syslog line splitting based on a patch from Eygene
21014: Ryabinkin. Include memrchr() for systems without it.
21015: [407a46190921]
21016:
21017: * configure.in:
21018: Since we need to be able to convert timespec to timeval for utimes()
21019: the last 3 digits in the tv_nsec are not significant. This makes the
21020: sudoedit file date comparison work again.
21021: [9d0258849fa9]
21022:
21023: 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
21024:
21025: * aclocal.m4, configure, configure.in:
21026: Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
21027: This deals with exclusive authentication methods in a simple way.
21028: [7d70072c0f35]
21029:
21030: 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
21031:
21032: * LICENSE:
21033: mkstemp.c is BSD code too.
21034: [29e236d98162]
21035:
21036: * sudo.pod, sudoers.pod, visudo.pod:
21037: No commercial support for now.
21038: [7c76b3e192dd]
21039:
21040: 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
21041:
21042: * sudo.c:
21043: cleanenv() is no more.
21044: [518080514408]
21045:
21046: 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
21047:
21048: * ChangeLog:
21049: Display branch info in Changelog
21050: [44e3b27427c7]
21051:
21052: * utimes.c:
21053: Include config.h early so we have it for TIME_WITH_SYS_TIME
21054: [4bf1a00d0703]
21055:
21056: * ChangeLog:
21057: Fix Changelog generation and update.
21058: [6e960dbcbece]
21059:
21060: 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
21061:
21062: * closefrom.c:
21063: Use /proc/self/fd instead of /proc/$$/fd
21064:
21065: Move old-style fd closing into closefrom_fallback() and call that if
21066: /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
21067: [faa7e4810758]
21068:
21069: * auth/kerb5.c, config.h.in, configure.in:
21070: o use krb5_verify_user() if available instead of doing it by hand o
21071: use krb5_init_secure_context() if we have it o pass an encryption
21072: type of 0 to krb5_kt_read_service_key() instead of
21073: ENCTYPE_DES_CBC_MD5 to let kerberos choose.
21074: [df7acf72bd7c]
21075:
21076: * env.c:
21077: Check TERM and COLORTERM for '%' and '/' characters. From Debian.
21078: [f92d05197e40]
21079:
21080: * configure.in:
21081: Fix closefrom() substitution in the Makefile
21082: [b642b13fcc5c]
21083:
21084: * TROUBLESHOOTING:
21085: Mention alternate sudo pronunciation.
21086: [7c71dc73409f]
21087:
21088: 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
21089:
21090: * env.c:
21091: Remove KRB5_KTNAME from environment. Allow COLORTERM.
21092: [70f35a79f780]
21093:
21094: * auth/kerb5.c:
21095: If we cannot get a valid service key using the default keytab it is
21096: a fatal error. Fixes a bug where sudo could be tricked into allowing
21097: access when it should not by a fake KDC. From Thor Lancelot Simon.
21098: [a3ae6a47cb23]
21099:
21100: 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
21101:
21102: * aclocal.m4, configure, configure.in:
21103: Update long long checks to use AC_CHECK_TYPES and to cache values.
21104: [047318eaaeb2]
21105:
21106: * aclocal.m4, configure.in:
21107: Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
21108: use AC_REPLACE_FNMATCH since that assumes replacing with GNU
21109: fnmatch.
21110: [80513a1003ea]
21111:
21112: 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
21113:
21114: * configure, configure.in:
21115: Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
21116: need it for visudo now too.
21117: [50837c7c2b5e]
21118:
21119: 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
21120:
21121: * sudoers.pod:
21122: Attempt to clarify the bit talking about network numbers w/o
21123: netmasks.
21124: [211e68c1d034]
21125:
21126: * sudo.pod:
21127: Clarify timestamp dir ownership sentence.
21128: [9178f132c7f7]
21129:
21130: 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
21131:
21132: * auth/pam.c:
21133: Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
21134: Dmitry V. Levin.
21135: [81fce91667bc]
21136:
21137: 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
21138:
21139: * sudo.c:
21140: -i is also one of the mutually exclusive options to list it in the
21141: warning message. Noted by Chris Pepper.
21142: [7da73fb248e9]
21143:
21144: 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
21145:
21146: * visudo.pod:
21147: The sudoers variable is env_editor, not enveditor. From Jean-
21148: Francois Saucier.
21149: [2a86ec09a6db]
21150:
21151: 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
21152:
21153: * redblack.c:
21154: I tracked down the original author so credit him and include his
21155: license info.
21156: [3733553a1bba]
21157:
21158: 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
21159:
21160: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
21161: sudoers.pod:
21162: Fix typos; from Jason McIntyre.
21163: [1ee4ce2512f2]
21164:
21165: * logging.c:
21166: Restore signal mask before calling reapchild(). Fixes a possible
21167: race condition that could prevent sudo from properly waiting for the
21168: child.
21169: [9ee4192385dc]
21170:
21171: 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
21172:
21173: * pwutil.c:
21174: Don't declare pw_free() if we are not going to use it.
21175: [adb79a4289ca]
21176:
21177: * env.c:
21178: Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
21179: LDR_PRELOAD64. The 64-bit version is not currently supported. Remove
21180: zero_env() prototype as it no longer exists.
21181: [b4fe65027fb6]
21182:
21183: 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
21184:
21185: * logging.c:
21186: Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
21187: [78002ad90f7b]
21188:
21189: 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
21190:
21191: * auth/pam.c:
21192: If the user enters ^C at the password prompt, abort instead of
21193: trying to authenticate with an empty password (which causes an
21194: annoying delay).
21195: [da3f27b747c7]
21196:
21197: 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
21198:
21199: * closefrom.c, config.h.in, configure, configure.in:
21200: Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
21201: Darren Tucker.
21202: [0331b7780759]
21203:
21204: * pwutil.c:
21205: pw_free() is only used by sudo_freepwcache() so ifdef it out too.
21206: [0014c0d9eeba]
21207:
21208: 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
21209:
21210: * config.guess, config.sub:
21211: Update to latest versions from cvs.savannah.gnu.org
21212: [aa0143101c20]
21213:
21214: 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
21215:
21216: * pwutil.c, sudo_edit.c:
21217: Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
21218: we can close the passwd/group files early.
21219: [559074bd7eb7]
21220:
21221: * config.h.in, configure, configure.in, set_perms.c:
21222: Add seteuid() flavor of set_perms() for systems without setreuid()
21223: or setresuid() that have a working seteuid(). Tested on Darwin.
21224: [508d8da99189]
21225:
21226: 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
21227:
21228: * mon_systrace.c:
21229: systrace_read() returns ssize_t
21230: [9f97d1d1a59d]
21231:
21232: * configure, configure.in:
21233: Fix typo, -lldap vs. -ldap; from Tim Knox.
21234: [a8cc43c3bb2a]
21235:
21236: 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
21237:
21238: * HISTORY:
21239: Fix typo; Matt Ackeret
21240: [86964ee3dfbd]
21241:
21242: 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
21243:
21244: * sudo.c:
21245: Print sudoers path in -V mode for root.
21246: [dc43f2d75bd9]
21247:
21248: 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
21249:
21250: * ldap.c:
21251: Do a sub tree search instead of a base search (one level in the tree
21252: only) for sudo right objects. This allows system administrators to
21253: categorize the rights in a tree to make them easier to manage.
21254: [6d2d9abf996e]
21255:
21256: 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
21257:
21258: * sudo.pod:
21259: fix typo
21260: [1473413bcbda]
21261:
21262: 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
21263:
21264: * ldap.c:
21265: Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
21266: bind_timelimit support; adapted from gentoo.
21267: [afc816093026]
21268:
21269: 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
21270:
21271: * ldap.c:
21272: Support comments that start in the middle of a line
21273: [c25df6ee3db8]
21274:
21275: * configure, configure.in:
21276: Define LDAP_DEPRECATED until we start using ldap_get_values_len()
21277: [ee249bfe230a]
21278:
21279: 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
21280:
21281: * closefrom.c:
21282: Silence gcc -Wsign-compare; djm@openbsd.org
21283: [28769ce6418d]
21284:
21285: * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
21286: cleanup() now takes an int as an arg so it can be used as a signal
21287: handler too.
21288: [2bb0df34d09c]
21289:
21290: * sudo.c:
21291: Make a copy of the shell field in the passwd struct for NewArgv to
21292: avoid a use after free situation after sudo_endpwent() is called.
21293: [5dcc9ffd362e]
21294:
21295: 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
21296:
21297: * config.h.in, configure, configure.in:
21298: Add mkstemp() for those poor souls without it.
21299: [5fdd02e863e0]
21300:
21301: * mkstemp.c:
21302: Add mkstemp() for those poor souls without it.
21303: [c99401207860]
21304:
21305: * Makefile.in:
21306: Add mkstemp() for those poor souls without it.
21307: [9c1cf2678f24]
21308:
21309: 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
21310:
21311: * env.c:
21312: Add PERL5DB to list of environment variables to remove.
21313: [7375c27ecf75]
21314:
21315: 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
21316:
21317: * mon_systrace.c, mon_systrace.h:
21318: Instead of calling the check function twice with a state cookie use
21319: separate check/log functions.
21320:
21321: Check more ioctl() calls for failure.
21322:
21323: systrace_{read,write} now return the number of bytes read/written or
21324: -1 on error.
21325: [3dc8946d90e9]
21326:
21327: * env.c:
21328: Add more environment variables to remove; from gentoo linux Add some
21329: comments about what bad env variables go to what (more to do)
21330: [6918110a6b82]
21331:
21332: 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
21333:
21334: * sudo.c, sudo_edit.c:
21335: Move sudo_end{gr,pw}ent() until just before the exec since they free
21336: up our cached copy of the passwd structs, including sudo_user and
21337: sudo_runas. Fixes a use-after-free bug.
21338: [54de3778bad0]
21339:
21340: * visudo.c:
21341: Close all fd's before executing editor.
21342: [4fcc05e1bec8]
21343:
21344: * sudo.c:
21345: Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
21346: [ef0e8ffa5c9f]
21347:
21348: * check.c:
21349: Fix fd leak when lecture file option is enabled. From Jerry Brown
21350: [ce97f9207cd8]
21351:
21352: 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
21353:
21354: * env.c:
21355: Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
21356: environment variables to remove. From Charles Morris
21357: [c96e1367d1c1]
21358:
21359: 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
21360:
21361: * env.c:
21362: add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
21363: [72a6a1571226]
21364:
21365: 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
21366:
21367: * env.c:
21368: add PS4 and SHELLOPTS to initial_badenv_table for bash
21369: [89dfb3f318f3]
21370:
21371: 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
21372:
21373: * sudoers.pod:
21374: Fix typo; Toby Peterson
21375: [b7a3222b23f4]
21376:
21377: 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
21378:
21379: * tsgetgrpw.c:
21380: Make return buffers static so they don't get clobbered
21381: [13323a39b9f5]
21382:
21383: 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
21384:
21385: * auth/securid5.c:
21386: Fix securid5 authentication, was not checking for ACM_OK. Also add
21387: default cases for the two switch()es. Problem noted by ccon at
21388: worldbank
21389: [14091e418333]
21390:
21391: 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
21392:
21393: * ldap.c:
21394: Remove ncat() in favor of just counting bytes and pre-allocating
21395: what is needed.
21396: [25b8712adb61]
21397:
21398: 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
21399:
21400: * ldap.c:
21401: Fix up some comments Add missing fclose() for the rootbinddn case
21402: [ae95c8a89711]
21403:
21404: * ldap.c:
21405: align struct ldap_config
21406: [35d0d64c76f8]
21407:
21408: * ldap.c:
21409: use LINE_MAX for max conf file line size
21410: [da116cb8853d]
21411:
21412: * pathnames.h.in:
21413: add _PATH_LDAP_SECRET
21414: [128b04ecfab7]
21415:
21416: * README.LDAP:
21417: Mention rootbinddn Give example ou=SUDOers container
21418: [852edc69bd1c]
21419:
21420: 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
21421:
21422: * INSTALL, configure, configure.in, ldap.c:
21423: Support rootbinddn in ldap.conf
21424: [1615c91522a1]
21425:
21426: * env.c, sudo.pod, sudoers.pod:
21427: Preserve DISPLAY environment variable by default.
21428: [05f503d5f438]
21429:
21430: * acsite.m4, configure:
21431: set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
21432: [18a04dea8d05]
21433:
21434: * acsite.m4, configure:
21435: set need_version=no for all cases; this is safe for LD_PRELOAD
21436: [b542560e1a73]
21437:
21438: * aclocal.m4:
21439: typo
21440: [c040df0fcd5a]
21441:
21442: * configure, configure.in:
21443: Add dragonfly
21444: [f13794618636]
21445:
21446: * auth/pam.c:
21447: Fix call to pam_end() when pam_open_session() fails.
21448: [0be47cdfdef1]
21449:
21450: * configure:
21451: regen
21452: [7f5c13b4b800]
21453:
21454: * acsite.m4:
21455: rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
21456: ltsugar.m4 ltversion.m4
21457: [a7ba9fd1a2ab]
21458:
21459: * config.guess, config.sub, ltmain.sh:
21460: merge in local changes: config.guess: o better openbsd support
21461: config.sub: o hiuxmpp support ltmain.sh o remove requirement that
21462: libs must begin with "lib" o don't print a bunch of crap about
21463: library installs o don't run ldconfig
21464: [f4149f2c720f]
21465:
21466: * config.guess, config.sub, ltmain.sh:
21467: libtool 1.9f
21468: [82a534e7121f]
21469:
21470: * configure.in:
21471: Update with autoupdate and make minor changes for libtool 1.9f
21472: [11b5ae5c1428]
21473:
21474: 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
21475:
21476: * parse.c:
21477: don't call sudo_ldap_display_cmnd if ldap not setup
21478: [8bcf6c094ffe]
21479:
21480: * sudo_edit.c, visudo.c:
21481: Move declatation of struct timespec to its own include files for
21482: systems without it since it needs time_t defined.
21483: [b95c333299a0]
21484:
21485: * gettime.c:
21486: Move declatation of struct timespec to its own include files for
21487: systems without it since it needs time_t defined.
21488: [021b4569cc0c]
21489:
21490: * fileops.c:
21491: Move declatation of struct timespec to its own include files for
21492: systems without it since it needs time_t defined.
21493: [dd8573b2ee7d]
21494:
21495: * emul/timespec.h:
21496: Move declatation of struct timespec to its own include files for
21497: systems without it since it needs time_t defined.
21498: [f95137771564]
21499:
21500: * check.c, compat.h:
21501: Move declatation of struct timespec to its own include files for
21502: systems without it since it needs time_t defined.
21503: [2ef2ace8fe85]
21504:
21505: * ldap.c:
21506: Don't set safe_cmnd for the "sudo ALL" case.
21507: [ad7fa9e07da0]
21508:
21509: 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
21510:
21511: * auth/pam.c:
21512: Call pam_open_session() and pam_close_session() to give pam_limits a
21513: chance to run. Idea from Karel Zak.
21514: [fed46d471350]
21515:
21516: 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
21517:
21518: * check.c, sudo.c:
21519: Add explicit cast from mode_t -> u_int in printf to silence warnings
21520: on Solaris
21521: [17bb961fe22d]
21522:
21523: * parse.c:
21524: include grp.h to silence a warning on Solaris
21525: [14386fbab640]
21526:
21527: 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
21528:
21529: * parse.c:
21530: Fix printing of += and -= defaults.
21531: [a667604c56cd]
21532:
21533: 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
21534:
21535: * mon_systrace.c:
21536: Sanity check number of syscall args with argsize. Not really needed
21537: but a little paranoia never hurts.
21538: [6bb455a2c2d6]
21539:
21540: * mon_systrace.c, mon_systrace.h:
21541: Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
21542: for systrace lengths (since it uses int)
21543: [3cafccffcffd]
21544:
21545: 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
21546:
21547: * mon_systrace.c:
21548: Add some memsets for paranoia Fix namespace collsion w/ error Check
21549: rval of decode_args() and update_env() Remove improper setting of
21550: validated variable
21551: [3d385158354d]
21552:
21553: 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
21554:
21555: * parse.c, sudo.c, sudo.h:
21556: In -l mode, only check local sudoers file if def_ignore_sudoers is
21557: not set and call LDAP versions from display_privs() and
21558: display_cmnd() instead of directly from main(). Because of this we
21559: need to defer closing the ldap connection until after -l processing
21560: has ocurred and we must pass in the ldap pointer to display_privs()
21561: and display_cmnd().
21562: [1dfc2e8c9f2b]
21563:
21564: * ldap.c:
21565: Reorganize LDAP code to better match normal sudoers parsing. Instead
21566: of storing strings for later printing in -l mode we do another query
21567: since the authenticating user and the user being listed may not be
21568: the same (the new -U flag). Also add support for "sudo -l command".
21569:
21570: There is still a fair bit if duplicated code that can probably be
21571: refactored.
21572: [e9568f19bde5]
21573:
21574: 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
21575:
21576: * ldap.c:
21577: Replace pass variable with do_netgr for better readability.
21578: [1bba841b6e79]
21579:
21580: * ldap.c:
21581: use DPRINTF macro
21582: [02b159b66bb5]
21583:
21584: * ldap.c:
21585: estrdup, not strdup
21586: [22cdee7973c1]
21587:
21588: 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
21589:
21590: * parse.c:
21591: Add macro to test if the tag changed to improve readability.
21592: [4e11b4819556]
21593:
21594: * parse.c:
21595: Avoid printing defaults header if there are no defaults to print...
21596: [41a28627df03]
21597:
21598: * glob.c:
21599: Fix a warning on systems without strlcpy().
21600: [6814e0f0e4f4]
21601:
21602: * pwutil.c:
21603: Use macros where possible for sudo_grdup() like sudo_pwdup().
21604: [30f201ff35cd]
21605:
21606: 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
21607:
21608: * utimes.c:
21609: It is possible for tv_usec to hold >= 1000000 usecs so add in
21610: tv_usec / 1000000.
21611: [794ac4d53a65]
21612:
21613: 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
21614:
21615: * auth/kerb5.c:
21616: The component in krb5_principal_get_comp_string() should be 1, not 0
21617: for Heimdal. From Alex Plotnick.
21618: [fefa351c5044]
21619:
21620: 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
21621:
21622: * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
21623: interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
21624: redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
21625: Add efree() for consistency with emalloc() et al. Allows us to rely
21626: on C89 behavior (free(NULL) is valid) even on K&R.
21627: [7876bb80d87c]
21628:
21629: * parse.c, sudo.c:
21630: Move initgroups() for -U option into display_privs() so group
21631: matching in sudoers works correctly.
21632: [b074428ad2ca]
21633:
21634: 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
21635:
21636: * ldap.c:
21637: Removed duplicate call to ldap_unbind_s introduced along with
21638: sudo_ldap_close.
21639: [19acc1c20f7c]
21640:
21641: * parse.c:
21642: Add missing space in Defaults printing
21643: [95d2935bf6d4]
21644:
21645: 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
21646:
21647: * pwutil.c:
21648: Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
21649: and string copies.
21650: [6b6b241495e5]
21651:
21652: 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
21653:
21654: * pwutil.c:
21655: Zero old pw_passwd before replacing with version from shadow file.
21656: [3251b349dfe1]
21657:
21658: * configure, configure.in:
21659: Only attempt shadow password detection if PAM is not being used Add
21660: shadow_* variables to make shadow password detection more generic.
21661: [d498a3423ac9]
21662:
21663: * configure.in:
21664: Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
21665: [04d55bbd5e35]
21666:
21667: 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
21668:
21669: * sudoers.pod:
21670: use a non-breaking space to avoid a double space after e.g.
21671: [11cdb54bdf7b]
21672:
21673: * sudo.pod:
21674: commna, not colon after e.g.
21675: [8d5875ff72e0]
21676:
21677: 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
21678:
21679: * sudo_noexec.c:
21680: Add __ variants of the exec functions. GNU libc at least uses
21681: __execve() internally.
21682: [d1880473d790]
21683:
21684: * indent.pro:
21685: Match reality a bit more.
21686: [633e3fa875a7]
21687:
21688: * pwutil.c:
21689: Missed piece from rev. 1.6, fix sudo_getpwnam() too.
21690: [128f7b21c2ee]
21691:
21692: * pwutil.c:
21693: Store shadow password after making a local copy of struct passwd in
21694: case normal and shadow routines use the same internal buffer in
21695: libc.
21696: [f806052a6ffc]
21697:
21698: 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
21699:
21700: * alloc.c, logging.c:
21701: Make varargs usage consistent with the rest of the code.
21702: [3d45affc9851]
21703:
21704: 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
21705:
21706: * sudo_noexec.c:
21707: Wrap more of the exec family since on Linux the others do not appear
21708: to go through the normal execve() path.
21709: [8167769b4e19]
21710:
21711: * visudo.c:
21712: make print_unused static like proto says
21713: [ecf10e1bae55]
21714:
21715: * glob.c:
21716: silence a warning on K&R systems
21717: [2e00425f1a5c]
21718:
21719: * alias.c, error.c:
21720: make this build in K&R land
21721: [156f65f8525a]
21722:
21723: * parse.c:
21724: make this build in K&R land
21725: [6fc9276889cb]
21726:
21727: 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
21728:
21729: * toke.c:
21730: regen
21731: [3b349748cd21]
21732:
21733: 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
21734:
21735: * ldap.c:
21736: return(foo) not return foo optimize _atobool() slightly
21737: [11d09d154ed5]
21738:
21739: * ldap.c:
21740: Use TRUE/FALSE
21741: [53999320d98f]
21742:
21743: * ldap.c:
21744: Reformat to match the rest of sudo's code.
21745: [1bd0f2afa0e7]
21746:
21747: * sudo.pod:
21748: I am the primary author
21749: [5d311ecd85c6]
21750:
21751: 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
21752:
21753: * Makefile.in, README, RUNSON:
21754: The RUNSON file is toast--it confused too many people and really
21755: isn't needed in a configure-oriented world.
21756: [96a6ef7bbc08]
21757:
21758: * INSTALL:
21759: alternate -> alternative
21760: [b65015c5d0a2]
21761:
21762: * tgetpass.c:
21763: Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
21764: TCSAFLUSH.
21765: [c66b4763ffdc]
21766:
21767: * toke.l:
21768: Allow leading blanks before Defaults and Foo_Alias definitions
21769: [2add513d9277]
21770:
21771: * Makefile.in:
21772: fix rules to build toke.o and gram.o in devel mode
21773: [96cbb414ebd3]
21774:
21775: 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
21776:
21777: * sudoers.pod:
21778: env_keep overrides set_logname
21779: [401877193a15]
21780:
21781: * env.c:
21782: Fix disabling set_logname and make env_keep override set_logname.
21783: [0906e7a5ed93]
21784:
21785: * compat.h, config.h.in, configure, configure.in:
21786: No longer need memmove()
21787: [43bdb6efe3f2]
21788:
21789: * env.c, sudo.c:
21790: Just clean the environment once. This assumes that any further
21791: setenv/putenv will be able to handle the fact that we replaced
21792: environ with our own malloc'd copy but all the implementations I've
21793: checked do.
21794: [11658fe92ba2]
21795:
21796: 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
21797:
21798: * env.c, sudo.c:
21799: In -i mode, base the value of insert_env()'s dupcheck flag on
21800: DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
21801: [8365b0bd0c71]
21802:
21803: 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
21804:
21805: * env.c, sudo.c:
21806: Move setting of user_path, user_shell, user_prompt and prev_user
21807: into init_vars() since user_shell at least is needed there.
21808: [37e22dce66e9]
21809:
21810: 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
21811:
21812: * Makefile.in:
21813: fix devel builds
21814: [9fbb15ef164c]
21815:
21816: * sudo.c:
21817: Fix some printf format mismatches on error.
21818: [ffc1c3f11740]
21819:
21820: * check.c:
21821: Fix some printf format mismatches on error.
21822: [7b3b508adf50]
21823:
21824: * configure, gram.c, toke.c:
21825: regen
21826: [aa76f9d8b02a]
21827:
21828: * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
21829: auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
21830: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
21831: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
21832: auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
21833: closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
21834: emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
21835: getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
21836: interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
21837: parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
21838: snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
21839: sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
21840: testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
21841: visudo.pod, zero_bytes.c:
21842: Update copyright years.
21843: [0610c3654739]
21844:
21845: * Makefile.binary.in:
21846: Update copyright years.
21847: [d78ffc9f2e2b]
21848:
21849: * LICENSE:
21850: Update copyright years.
21851: [f60473bca4b1]
21852:
21853: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
21854: version 1.7
21855: [aa977a544ca1]
21856:
21857: * WHATSNEW:
21858: What's new in sudo 1.7, based on the 1.7 CHANGES entries.
21859: [ecfcf7269c14]
21860:
21861: 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
21862:
21863: * compat.h, logging.h, sudo.h:
21864: Add __printflike and use it with gcc to warn about printf-like
21865: format mismatches
21866: [b192ad4a0548]
21867:
21868: 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
21869:
21870: * CHANGES, ChangeLog:
21871: Replaced CHANGES file with ChangeLog generated from cvs logs
21872: [d9ace9dab98f]
21873:
21874: * set_perms.c:
21875: Use warning/error instead of perror/fatal.
21876: [e33259df7738]
21877:
21878: * config.guess:
21879: Update OpenBSD section
21880: [9d2c23de6801]
21881:
21882: * UPGRADE:
21883: Add upgrading noted for 1.7
21884: [1fb6b6d6df07]
21885:
21886: * env.c, sudo.c, sudoers.pod:
21887: Instead of zeroing out the environment, just prune out entries based
21888: on the env_delete and env_check lists. Base building up the new
21889: environment on the current environment and the variables we removed
21890: initially.
21891: [fc192df8fd15]
21892:
21893: * config.h.in, configure, configure.in, sudo.c:
21894: Set locale to "C" if locales are supported, just to be safe.
21895: [91fbaa98f02e]
21896:
21897: * toke.c, toke.l:
21898: Cast?argument to ctype functions to unsigned char.
21899: [e096b4d65796]
21900:
21901: 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
21902:
21903: * env.c:
21904: correct value for DID_USER
21905: [b5b05d36ec15]
21906:
21907: * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
21908: #include <compat.h> not "compat.h"
21909: [7a0ad9a0ccd7]
21910:
21911: * defaults.c:
21912: Reset the environment by default.
21913: [4ecc6423e0f0]
21914:
21915: * sudo.c:
21916: Alloc an extra slot in NewArgv. Removes the need to malloc an new
21917: vector if execve() fails.
21918: [83dfb6f584a7]
21919:
21920: 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
21921:
21922: * INSTALL, config.h.in, configure, configure.in, sudo.c:
21923: Use execve(2) and wrap the command in sh if we get ENOEXEC.
21924: [c0c6af4e2a21]
21925:
21926: 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
21927:
21928: * sudo_noexec.c:
21929: Only include time.h on systems that lack struct timespec which gets
21930: defind in compat.h (using time_t).
21931: [e373e518b4cb]
21932:
21933: * sudo_noexec.c:
21934: Include time.h for time_t in compat.h for systems w/o struct
21935: timespec.
21936: [a34b5637e458]
21937:
21938: * compat.h, config.h.in, configure, configure.in:
21939: use bcopy on systems w/o memmove
21940: [f835eafd78c6]
21941:
21942: * compat.h:
21943: __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
21944: use to gcc >= 2.8.
21945: [1cb9a4e58566]
21946:
21947: * Makefile.in:
21948: Add explicit rule to build sudo_noexec.lo
21949: [df1dfcf8dd77]
21950:
21951: 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
21952:
21953: * INSTALL.configure, Makefile.in:
21954: No longer depend on VPATH; pointed out a bunch of missed
21955: dependencies.
21956: [601a45d4af6b]
21957:
21958: * TROUBLESHOOTING:
21959: Help for PAM when account section is missing
21960: [9b8221256756]
21961:
21962: * auth/pam.c:
21963: Give user a clue when there is a missing "account" section in the
21964: PAM config.
21965: [2529625c0495]
21966:
21967: * auth/pam.c:
21968: Better error handling.
21969: [518c9bda23d8]
21970:
21971: * config.h.in, configure, configure.in:
21972: Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
21973: possible. Silences a warning about isblank() on linux.
21974: [19c94d7ecdc8]
21975:
21976: * auth/pam.c:
21977: Fix typo (missing comma) that caused an incorrect number of args to
21978: be passed to log_error().
21979: [0099dfec560f]
21980:
21981: 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
21982:
21983: * pwutil.c:
21984: Don't try to destroy a tree we didn't create.
21985: [d43c4fe03aa4]
21986:
21987: 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
21988:
21989: * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
21990: auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
21991: auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
21992: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
21993: compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
21994: fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
21995: goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
21996: match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
21997: sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
21998: strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
21999: tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
22000: Add __unused to rcsids
22001: [ad6b4ac45705]
22002:
22003: 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
22004:
22005: * configure, configure.in:
22006: Fix error message when mixing invalid auth types
22007: [68069b3ff5bc]
22008:
22009: * INSTALL:
22010: PAM, AIX auth, BSD auth and login_cap are now on by default if the
22011: OS supports them.
22012: [4e44e9098cf0]
22013:
22014: * auth/sudo_auth.h, config.h.in:
22015: s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
22016: [2d569b43b23e]
22017:
22018: * configure.in:
22019: Better checking for conflicting authentication methods Display the
22020: authentication methods used at the end of configure Rename --with-
22021: authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
22022: --with-pam, --with-logincap by default on systems that support them
22023: unless disabled. Add OSMAJOR variable that replaces old OSREV; now
22024: OSREV has full version number
22025: [a21115b6fe9f]
22026:
22027: 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
22028:
22029: * def_data.c, def_data.in, sudo.c, sudoers.pod:
22030: s/-O/-C/
22031: [ee73f1b81923]
22032:
22033: 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
22034:
22035: * configure.in:
22036: Replace: test -n "$FOO" || FOO="bar"
22037:
22038: With: : ${FOO='bar'}
22039: [37552d9054fc]
22040:
22041: 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
22042:
22043: * pwutil.c, testsudoers.c, tsgetgrpw.c:
22044: Use function pointers to only call private passwd/group routines
22045: when using a nonstandard passwd/group file.
22046: [215908681dfb]
22047:
22048: 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
22049:
22050: * CHANGES:
22051: sync
22052: [2e55c03f5790]
22053:
22054: * tsgetgrpw.c:
22055: Can't use strtok() since it doesn't handle empty fields so add
22056: getpwent()/getgrent() functions and call those.
22057: [bdaa5b0db70e]
22058:
22059: 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
22060:
22061: * Makefile.in:
22062: Fix dummied out toke.c and gram.c dependencies.
22063: [4b909c8b2ebe]
22064:
22065: * Makefile.in:
22066: Rename PARSESRCS -> GENERATED since it is only used in the clean
22067: target Add devdir variable and use it to specify the path to parser
22068: sources
22069: [f27b3f41ca23]
22070:
22071: * configure:
22072: regen
22073: [22c6435dbd46]
22074:
22075: * configure.in:
22076: Add a devdir variables that defaults to $(srcdir) and is set to . if
22077: --devel was specified. Allows for proper dependecies building the
22078: parser.
22079: [a36d694c6d21]
22080:
22081: * testsudoers.c:
22082: Add support for custom passwd/group files.
22083: [296549ff4b87]
22084:
22085: * Makefile.in:
22086: Build private copy of pwutil.o for testsudoers with MYPW defined so
22087: it uses our own passwd/group routines.
22088: [bafa54ec78ca]
22089:
22090: * visudo.c:
22091: Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
22092: stubs instead. We can now just use the caching sudo_*{pw,gr}*
22093: functions in pwutil.c Add comment about wanting to call
22094: sudo_endpwent/sudo_endgrent in cleanup()
22095: [7e59d6b5510d]
22096:
22097: * tsgetgrpw.c:
22098: Remove caching; we will just use what is in pwutil.c Use global
22099: buffers for passwd/group structs Rename functions from sudo_* to
22100: my_*
22101: [8c1e068f574c]
22102:
22103: * logging.c, sudo.c:
22104: g/c pwcache_init/pwcache_destroy
22105: [60a24909b947]
22106:
22107: * sudo.h:
22108: Undo last commit and add sudo_setspent and sudo_endspent instead.
22109: [bac80db08296]
22110:
22111: * getspwuid.c, pwutil.c:
22112: Move all but the shadow stuff from getspwuid.c to pwutil.c and
22113: pwcache_get and pwcache_put as they are no longer needed. Also add
22114: preprocessor magic to use private versions of the passwd and group
22115: routines if MYPW is defined (for use by testsudoers).
22116: [a16b8678a426]
22117:
22118: * tsgetgrpw.c:
22119: zero out struct passwd/group before filling it in so if there are
22120: fields we don't handle they end up as 0.
22121: [274cb6a93301]
22122:
22123: * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
22124: Adapt to pwutil.c
22125: [43ebd04c8b82]
22126:
22127: * Makefile.in:
22128: Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
22129: readability.
22130: [7f88c6061e2d]
22131:
22132: * tsgetgrpw.c:
22133: Passwd and group lookup routines for testsudoers that support
22134: alternate passwd and group files.
22135: [d7803101d34e]
22136:
22137: * getspwuid.c, pwutil.c:
22138: Split off pw/gr cache and dup code into its own file. This allows
22139: visudo and testsudoers to use the pw/gr cache too.
22140: [ef333d3ffedf]
22141:
22142: 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
22143:
22144: * parse.c:
22145: Print Defaults info in "sudo -l" output and wrap lines based on the
22146: terminal width.
22147: [e559eae4250e]
22148:
22149: 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
22150:
22151: * match.c, testsudoers.c, visudo.c:
22152: Only check group vector in usergr_matches() if we are matching the
22153: invoking or list user. Always check the group members, even if there
22154: was a group vector.
22155: [d0c7ceb2a041]
22156:
22157: 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
22158:
22159: * LICENSE, Makefile.in, fnmatch.3:
22160: No longer bundle fnmatch.3
22161: [72db4a4ff4e1]
22162:
22163: * CHANGES, TODO:
22164: checkpoint
22165: [e92781bfd99c]
22166:
22167: 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
22168:
22169: * sudo.c:
22170: sort usage
22171: [15e3b876ec2c]
22172:
22173: * sudo.pod:
22174: Sort command line options
22175: [c1fa56584bc4]
22176:
22177: * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
22178: sudo.pod, sudoers.pod:
22179: Add closefrom sudoers option to start closing at a point other than
22180: 3. Add closefrom_override sudoers option and -C sudo flag to allow
22181: the user to specify a different closefrom starting point.
22182: [370652b099d1]
22183:
22184: * pathnames.h.in:
22185: Add _PATH_DEVNULL for those without it.
22186: [0c4c3e0ceb8b]
22187:
22188: * LICENSE:
22189: no more UCB strcasecmp
22190: [397a6298e07f]
22191:
22192: * strcasecmp.c:
22193: replace BSD licensed one with version derived from pdksh
22194: [d7cfda8c57a2]
22195:
22196: 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
22197:
22198: * sudo.c:
22199: Fix last commit.
22200: [7afb9a180532]
22201:
22202: * sudo.c:
22203: Make sure stdin, stdout and stderr are open and dup them to
22204: /dev/null if not.
22205: [590f387068bd]
22206:
22207: 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
22208:
22209: * ldap.c, mon_systrace.c, sudo.c, sudo.h:
22210: add sudo_ldap_close
22211: [4273a36765a7]
22212:
22213: * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
22214: Use TIME_WITH_SYS_TIME
22215: [c32b59bf15fb]
22216:
22217: * config.h.in, configure, configure.in:
22218: Add TIME_WITH_SYS_TIME_H
22219: [57cb146f451d]
22220:
22221: 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
22222:
22223: * env.c:
22224: Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
22225: unconditionally on darwin. From Toby Peterson.
22226: [d69959681c87]
22227:
22228: * getspwuid.c:
22229: Check rbinsert() return value. In the case of faked up entries there
22230: is usually a negative response cached that we need to overwrite.
22231:
22232: In pwfree() don't try to zero out a NULL pw_passwd pointer.
22233: [00b32d1a48c1]
22234:
22235: * mon_systrace.c:
22236: Use the double fork trick to avoid the monitor process being waited
22237: for by the main program run through sudo.
22238: [e0ce556712ff]
22239:
22240: 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
22241:
22242: * sudo.c:
22243: Call initgroups() in -U mode so group matches work normally.
22244: [2235bea15283]
22245:
22246: * def_data.h, mkdefaults:
22247: Don't print a trailing comma for the last entry in enum def_tupple
22248: [c43a96bb31df]
22249:
22250: 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
22251:
22252: * sudoers.cat, sudoers.man.in, sudoers.pod:
22253: Mention values when lecture, listpw and verifypw are used in boolean
22254: context.
22255: [a0b5c0abaccf]
22256:
22257: * def_data.c, def_data.in:
22258: verifypw when used in a boolean TRUE context should be "all", not
22259: "any".
22260: [2eb076ddd5e2]
22261:
22262: 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
22263:
22264: * def_data.in, defaults.c:
22265: Allow tuples that can be used as booleans to be used as boolean
22266: TRUE. In this case the 2nd possible value of the tuple is used for
22267: TRUE.
22268: [bd99aa77e88b]
22269:
22270: 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
22271:
22272: * configure, configure.in:
22273: Correct the test for 2-parameter timespecsub
22274: [d41c9cb26b97]
22275:
22276: * sudo.h:
22277: Add strub struct definitions for passwd, timeval and timespec
22278: [c4ce5c43d8c5]
22279:
22280: * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
22281: Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
22282: and fix a typo in the gettimeofday check.
22283: [8ac9893057ce]
22284:
22285: 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
22286:
22287: * match.c, testsudoers.c:
22288: Deal with user_stat being NULL as it is for visudo and testsudoers.
22289: [3605a6ff64d0]
22290:
22291: * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
22292: Add -U option to use in conjunction with -l instead of -u. Add
22293: support for "sudo -l command" to test a specific command.
22294: [99638789d415]
22295:
22296: * gram.c, gram.y, sudo.c:
22297: Set safe_cmnd after sudoers_lookup() if it has not been set.
22298: Previously it was set by sudo "ALL" in the parser but at that point
22299: the fully-qualified pathname has not yet been found.
22300: [ac30d98f8225]
22301:
22302: 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
22303:
22304: * parse.c, testsudoers.c:
22305: Correctly handle multiple privileges per userspec and runas
22306: inheritence.
22307: [a98a965181af]
22308:
22309: 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
22310:
22311: * defaults.c:
22312: Zero out sd_un for each entry in sudo_defs_table in init_defaults.
22313: [031d3cd4a848]
22314:
22315: 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
22316:
22317: * toke.c, toke.l:
22318: make per-command defaults work with sudoedit
22319: [e56fe33db916]
22320:
22321: * ldap.c, parse.c, sudo.c, sudo.h:
22322: Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. Instead,
22323: we just set the approriate defaults variable.
22324: [756eeecc1d86]
22325:
22326: * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
22327: Document per-command Defaults.
22328: [92a0f84b91c1]
22329:
22330: * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
22331: sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
22332: Add support for command-specific Defaults entries. E.g.
22333: Defaults!/usr/bin/vi noexec
22334: [be3d52bf01cf]
22335:
22336: * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
22337: Change an occurence of user_matches() -> runas_matches() missed
22338: previously runas_matches(), host_matches() and cmnd_matches() only
22339: really need to pass in a list of members. user_matches() still needs
22340: to pass in a passwd struct because of "sudo -l"
22341: [833b22fc6fa0]
22342:
22343: * parse.c:
22344: Check def_authenticate, def_noexec and def_monitor when setting
22345: return flags. XXX May be better to just set the defaults directly
22346: and get rid of those flags.
22347: [b6db22b59d69]
22348:
22349: * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
22350: auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
22351: auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
22352: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
22353: defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
22354: getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
22355: gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
22356: mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
22357: strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
22358: sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
22359: visudo.c, zero_bytes.c:
22360: Use: #include <config.h> Not: #include "config.h" That way we get
22361: the correct config.h when build dir != src dir
22362: [97e5670a442b]
22363:
22364: * Makefile.in:
22365: Back out part of rev 1.263; fix -I order
22366: [197ea01cad5d]
22367:
22368: * toke.c, toke.l:
22369: More robust parsing if #include; could be much better still.
22370: [31bc3cd8f045]
22371:
22372: * sudo_edit.c, visudo.c:
22373: Make arg splitting in visudo and sudoedit consistent.
22374: [7bc74485f246]
22375:
22376: * Makefile.in, alias.c, gram.c, gram.y, parse.h:
22377: Split alias routines out into their own file.
22378: [d90f633cf9ae]
22379:
22380: * error.h:
22381: __attribute__ is already defined in compat.h
22382: [676ed3fe9203]
22383:
22384: * visudo.c:
22385: quit() should not be __noreturn__ as it is non-void on some
22386: platforms.
22387: [e528c2b6ba10]
22388:
22389: * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
22390: Add local error/warning functions like err/warn but that call an
22391: additional cleanup routine in the error case. This means we no
22392: longer need to compile a special version of alloc.o for visudo.
22393: [e78e8aae882e]
22394:
22395: * parse.h:
22396: Clarify comments about the data structures
22397: [ae894e266701]
22398:
22399: 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
22400:
22401: * visudo.c:
22402: Add support for VISUAL and EDITOR containing command line args. If
22403: env_editor is not set any args in VISUAL and EDITOR are ignored.
22404: Arguments are also now supported in def_editor.
22405: [ff7303b8e298]
22406:
22407: 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
22408:
22409: * parse.h:
22410: alias_matches() is no more
22411: [b59825e28084]
22412:
22413: * CHANGES, TODO:
22414: sync
22415: [2b8f5f63c1de]
22416:
22417: * Makefile.in:
22418: When regenerating the parser, don't replace gram.h unless it has
22419: changed.
22420: [819949668018]
22421:
22422: * Makefile.in:
22423: remove Makefile.binary for distclean
22424: [351eec8d00b2]
22425:
22426: * env.c:
22427: Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
22428: sure we can't overflow new_env.
22429: [3284d17b9c6d]
22430:
22431: * sudo_edit.c:
22432: paranoia when stripping trailing slashes from tempdir.
22433: [012f1aa2b81f]
22434:
22435: * sudo.c:
22436: Set user_ngroups to 0 if getgroups() returns an error.
22437: [c46d43e9449a]
22438:
22439: 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
22440:
22441: * config.h.in, configure, configure.in, sudo.c:
22442: Add configure check for getgroups()
22443: [5d8a214e2cef]
22444:
22445: * ldap.c:
22446: Use supplementary group vector in struct sudo_user.
22447: [3d0c463c034d]
22448:
22449: * match.c:
22450: Only do string comparisons on the group members if there is no
22451: supplemental group list.
22452: [be1c8362f7ef]
22453:
22454: * CHANGES, TODO:
22455: sync
22456: [db188bc5b975]
22457:
22458: * sudo_edit.c:
22459: On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
22460: chop off any trailing slashes we see and add an explicit one.
22461: [e1b477dafee1]
22462:
22463: * match.c:
22464: remove bogus XXX comment
22465: [8aecb8a28d40]
22466:
22467: * match.c:
22468: Get rid of alias_matches and correctly fall through to the non-alias
22469: cases when there is no alias with the specified name.
22470: [2cd555246f09]
22471:
22472: * getspwuid.c:
22473: Cache non-existent passwd/group entries too.
22474: [8de9a467d271]
22475:
22476: * gram.c:
22477: regen
22478: [9ece18c58f36]
22479:
22480: * getspwuid.c:
22481: fix typo
22482: [9a7ae371eac1]
22483:
22484: * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
22485: mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
22486: Implement group caching and use the passwd and group caches
22487: throughout.
22488: [f1d8c5015169]
22489:
22490: 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
22491:
22492: * match.c:
22493: Properly negate the return value of alias_matches() when
22494: appropriate.
22495: [ce59c4ce77ad]
22496:
22497: * match.c:
22498: Make hostname_matches() return TRUE for a match, else FALSE like the
22499: caller expects.
22500: [1dc03902d3a2]
22501:
22502: * Makefile.in:
22503: Add missing dependencies on gram.h
22504: [4f94bbb1d50c]
22505:
22506: * match.c:
22507: Use runas_matches in alias_matches() now that we have it.
22508: [284d22e91178]
22509:
22510: * parse.c, parse.h:
22511: Expand aliases in "sudo -l" mode
22512: [f67a38b79c44]
22513:
22514: * gram.y, match.c:
22515: Use ALIAS for the member type when storing an alias instead of
22516: HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
22517: more generic type. Expand runas_matches instead of calling
22518: user_matches() inside of it since user_matches() looks up
22519: USERALIASes, not RUNASALIASes.
22520: [52004d75232b]
22521:
22522: * CHANGES, getspwuid.c:
22523: Paranoia; zero out pw_passwd before freeing passwd entry.
22524: [bd1b22638f00]
22525:
22526: * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
22527: configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
22528: error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
22529: sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
22530: Add local error/warning functions like err/warn but that call an
22531: additional cleanup routine in the error case. This means we no
22532: longer need to compile a special version of alloc.o for visudo.
22533: [25000b676cfe]
22534:
22535: * match.c:
22536: Use userpw_matches() to compare usernames, not strcmp(), since the
22537: latter checks for "#uid".
22538: [fcbe4b859f66]
22539:
22540: * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
22541: Cache passwd db entries in 2 reb-black trees; one indexed by uid,
22542: the other by user name. The data returned from the cache should be
22543: considered read-only and is destroyed by sudo_endpwent().
22544: [ee2418ff3f86]
22545:
22546: * match.c:
22547: add cast to uid_t
22548: [eb6415302d84]
22549:
22550: * gram.y:
22551: missing free in alias_destroy
22552: [572ecb680ad8]
22553:
22554: * redblack.c:
22555: Can't use rbapply() for rbdestroy since the destructor is passed a
22556: data pointer, not a node pointer.
22557: [11ce713830c0]
22558:
22559: * getspwuid.c, logging.c, sudo.c, sudo.h:
22560: Create and use private versions of setpwent() and endpwent() that
22561: set/end the shadow password file too.
22562: [616bc76d23bf]
22563:
22564: * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
22565: Store aliases in a red-black tree.
22566: [ce017d540416]
22567:
22568: * Makefile.in, redblack.c, redblack.h:
22569: red-black tree implementation
22570: [cd5586e8f48b]
22571:
22572: * visudo.c:
22573: Edit all sudoers file if there were unused or undefined aliases and
22574: we are in strict mode.
22575: [b6d5f5bb7262]
22576:
22577: 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
22578:
22579: * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
22580: find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
22581: Bring back the "secure_path" Defaults option now that Defaults take
22582: effect before the path is searched.
22583: [2e52c0e27606]
22584:
22585: 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
22586:
22587: * logging.c, parse.c:
22588: A user can always list their own entries, even with -u. Better error
22589: message when failing to list another user's entries.
22590: [e2e24deb0071]
22591:
22592: * parse.c, sudo.c, sudo.h:
22593: The syntax to list another user's entries is now "-u otheruser -l".
22594: Only root or users with sudo "ALL" may list other user's entries.
22595: [3c0657e8f5fe]
22596:
22597: * sudo.cat, sudo.man.in, sudo.pod:
22598: Update env variable info in SECURITY NOTES
22599: [299716071024]
22600:
22601: * env.c:
22602: strip CDPATH too
22603: [9b97643b26f9]
22604:
22605: * env.c:
22606: strip exported bash functions from the environment.
22607: [9e5090c8284f]
22608:
22609: 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
22610:
22611: * sudo.c:
22612: Only reset sudo_user.pw based on SUDO_USER environment variables for
22613: real commands and sudoedit. This avoids a confusing message when a
22614: user tries "sudo -l" or "sudo -v" and is denied.
22615: [3ea6d0053274]
22616:
22617: * gram.c, gram.y, parse.h:
22618: Extend LIST_APPEND to deal with appending lists too
22619: [d963e42f622f]
22620:
22621: 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
22622:
22623: * logging.c:
22624: Convert some bitwise AND to ISSET
22625: [130dc40d268e]
22626:
22627: * lex.yy.c, toke.c:
22628: toke.c replaces lex.yy.c
22629: [048858df79e7]
22630:
22631: * CHANGES, TODO:
22632: sync
22633: [d19e7abf251c]
22634:
22635: * BUGS:
22636: new parser fixes most of the outstanding bugs
22637: [0891f66e3758]
22638:
22639: * configure:
22640: regen
22641: [1a3358cc7283]
22642:
22643: * visudo.c:
22644: Rework for the new parser. Now checks for unused aliases in sudoers.
22645: [ad462ede3094]
22646:
22647: * testsudoers.c:
22648: Rewrite for the new parser. Now supports a -d flag (dump) and adds a
22649: -h flag (host). It now defaults to the local hostname unless
22650: otherwise specified.
22651: [1b69685cc601]
22652:
22653: * sudo.h:
22654: Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
22655: [2e4fb3abfef0]
22656:
22657: * sudo.c:
22658: Update for new parse. We now call find_path() *after* we have
22659: updated the global defaults based on sudoers. Also adds support for
22660: listing other user's privs if you are root.
22661: [cf3db9fc3024]
22662:
22663: * mon_systrace.c:
22664: Working LDAP support; also remove a now-unneeded rewind().
22665: [649ecf1baf6b]
22666:
22667: * logging.c, logging.h:
22668: Add NO_STDERR flag.
22669: [6cb935af94e0]
22670:
22671: * ldap.c:
22672: Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
22673: udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
22674: connecto to LDAP, apply the default options, find the command in the
22675: user's path, and then check whether the user is allowed to run it.
22676: The important thing here is that the default runas user may be
22677: specified as a default option and that needs to be set before we
22678: search for the command.
22679: [fc0426abc6f1]
22680:
22681: * ldap.c:
22682: Add casts to unsigned char for isspace() to quiet a gcc warning.
22683: [e5358e3df439]
22684:
22685: * defaults.h:
22686: Add prototype for update_defaults()
22687: [564dac3db74e]
22688:
22689: * defaults.c:
22690: Don't warn about line numbers now that we operate on a set of data
22691: structures (or LDAP) and not a file.
22692: [bcd9ffb9b67c]
22693:
22694: * config.h.in:
22695: No long use lsearch()
22696: [9d048c587319]
22697:
22698: * Makefile.in:
22699: Update for new and changed file names.
22700: [6f424a7c4515]
22701:
22702: * LICENSE:
22703: no more BSD lsearch.c
22704: [463a96d89026]
22705:
22706: * match.c:
22707: foo_matches() routines now live in match.c Added user_matches(),
22708: runas_matches(), host_matches(), cmnd_matches() and alias_matches()
22709: that operate on the parsed sudoers file.
22710: [b14da8a0567e]
22711:
22712: * parse.lex, toke.l:
22713: Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
22714: WORD no longer needs to exclude '@' kill yywrap()
22715: [a922294eb7b7]
22716:
22717: * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
22718: sudo.tab.h:
22719: Rewritten parser that converts sudoers into a set of data
22720: structures. This eliminates ordering issues and makes it possible to
22721: apply sudoers Defaults entries before searching for the command.
22722: [30d2ec4d203c]
22723:
22724: * configure.in, emul/search.h, lsearch.c:
22725: We won't be using lsearch() any longer.
22726: [29c4d54bfac0]
22727:
22728: * ldap.c:
22729: sudo should not send mail if someone who runs 'sudo -l' has no
22730: entry.
22731: [6fc27a69fd9c]
22732:
22733: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
22734: visudo.man.in:
22735: regen
22736: [8166347917f3]
22737:
22738: * visudo.pod:
22739: Update warnings to match new visudo
22740: [004c0766798f]
22741:
22742: * sudoers.pod:
22743: The new parser doesn't have the old ordering constraints.
22744: [ffd43bd08661]
22745:
22746: * sudo.pod:
22747: Document that -l now takes an optional username argument
22748: [278f9557de8b]
22749:
22750: 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
22751:
22752: * RUNSON:
22753: AIX 5.2.0.0 works
22754: [523acd29d858]
22755:
22756: * ldap.c:
22757: If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
22758: a compilation problem with Solaris 9's native LDAP.
22759:
22760: Set FLAG_MONITOR when needed.
22761: [35824ade672d]
22762:
22763: 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
22764:
22765: * mon_systrace.c:
22766: Call sudo_goodpath() *after* changing the cwd to match the traced
22767: process. Fixes relative paths.
22768: [12ee111d0ad7]
22769:
22770: 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
22771:
22772: * testsudoers.c:
22773: Kill set_perms() stub--it is no longer needed.
22774: [116ed702935d]
22775:
22776: 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
22777:
22778: * sudoers.cat, sudoers.man.in, sudoers.pod:
22779: stay_setuid now requires set_reuid() or setresuid()
22780: [8511f67e25d5]
22781:
22782: * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
22783: configure.in, set_perms.c, sudo.c, sudo.h:
22784: Kill use of POSIX saved uids; they aren't worth bothering with.
22785: [b3b1f19f18c1]
22786:
22787: 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
22788:
22789: * glob.c:
22790: remove call to issetugid()
22791: [63f2e492c08f]
22792:
22793: * sudoers.cat, sudoers.man.in, sudoers.pod:
22794: Remove warning about wildcards. Now that we use glob() the bug is
22795: fixed.
22796: [b15729d32266]
22797:
22798: * parse.c:
22799: Use glob(3) instead of fnmatch(3) for matching pathnames and stat
22800: each result that matches the basename of the user's command. This
22801: makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
22802: /usr/bin/blah. Fixes bug #143.
22803: [e31eb6310340]
22804:
22805: * config.h.in, configure, configure.in:
22806: Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
22807: GLOB_BRACE)
22808: [677ed6661e17]
22809:
22810: * config.h.in, configure, configure.in:
22811: Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
22812: [aaa2329dd266]
22813:
22814: * LICENSE:
22815: reference glob
22816: [bedc9a923423]
22817:
22818: * glob.c:
22819: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
22820: removed.
22821: [81799451473c]
22822:
22823: * emul/glob.h:
22824: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
22825: removed.
22826: [0335cf31fb1e]
22827:
22828: 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
22829:
22830: * mon_systrace.c:
22831: Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably means
22832: we are out of space in the stack gap...
22833: [5b02b702021e]
22834:
22835: * CHANGES:
22836: sync
22837: [be3826273e56]
22838:
22839: * mon_systrace.c:
22840: Take a stab at ldap sudoers support here.
22841: [9d023695b0de]
22842:
22843: * mon_systrace.c, mon_systrace.h:
22844: Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
22845: doesn't cause reboot to inadvertanly kill itself.
22846: [d4aab2365610]
22847:
22848: * mon_systrace.c:
22849: put "monitor" in the proctitle, not "systrace"
22850: [9a9025767d86]
22851:
22852: * mon_systrace.c:
22853: When modifying the environment, don't replace envp when we can get
22854: away with just rewriting pointers in the traced process.
22855: [c03622f7a2e2]
22856:
22857: * mon_systrace.c, mon_systrace.h:
22858: Add environment updating via STRIOCINJECT (if available).
22859: [037291016870]
22860:
22861: * sudoers.cat, sudoers.man.in:
22862: regen
22863: [869acc511046]
22864:
22865: 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
22866:
22867: * lex.yy.c:
22868: regen
22869: [4e61a9bd3c97]
22870:
22871: * parse.lex:
22872: Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
22873: [b70d7bd6e147]
22874:
22875: * mon_systrace.c:
22876: Include file is now mon_systrace.h
22877: [ead4e36d92ae]
22878:
22879: * Makefile.in, configure, configure.in, def_data.c, def_data.h,
22880: def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
22881: sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
22882: No longer call it tracing, it is now "monitoring" which should be
22883: more a obvious name to non-hackers.
22884: [aa811ded0789]
22885:
22886: 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
22887:
22888: * mon_systrace.c, mon_systrace.h:
22889: Fix some XXX
22890: [a271072dacc6]
22891:
22892: * mon_systrace.c, mon_systrace.h:
22893: No need to include syscall.h, use 1024 as the max # of entries (the
22894: max that systrace(4) allows).
22895:
22896: Only need to use SYSTR_POLICY_ASSIGN once
22897:
22898: Change check_syscall() -> find_handler() and have it return the
22899: handler instead of just running it. We need this since handler now
22900: have two parts: one part that generates and answer and another that
22901: gets called after the answer is accepted (to do logging).
22902:
22903: Add some missing check_exec for emul execv
22904: [a89d243f0525]
22905:
22906: * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
22907: Add $Sudo$ tags.
22908: [6f3fedb0daba]
22909:
22910: * config.h.in:
22911: Add missing HAVE_LINUX_SYSTRACE_H
22912: [ff75ab7bfc53]
22913:
22914: * Makefile.in:
22915: add trace_systrace.o dependency
22916: [88a408668ab2]
22917:
22918: 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
22919:
22920: * configure, configure.in:
22921: Also look for systrace.h in /usr/include/linux
22922: [98b98b436cf3]
22923:
22924: * mon_systrace.c, mon_systrace.h:
22925: Move all struct defs and prototypes into trace_systrace.h and mark
22926: all but systace_attach() static.
22927: [85511253b570]
22928:
22929: * mon_systrace.c, mon_systrace.h:
22930: Add support for tracing emulations. At the moment, all emulations
22931: are compiled in. It might make sense to #ifdef them in the future,
22932: though this impeeds readability.
22933: [87bb50abf277]
22934:
22935: * Makefile.in, configure, configure.in:
22936: rename systrace.c -> trace_systrace.c
22937: [31cfa4407d93]
22938:
22939: * parse.yacc, sudo.tab.c:
22940: Allow this to build with a K&R compiler again
22941: [32876af5bb98]
22942:
22943: * TODO:
22944: sync
22945: [46865bd70f7c]
22946:
22947: * compat.h, sudo.c, visudo.c:
22948: Use __attribute__((__noreturn__))
22949: [65bbad71fe89]
22950:
22951: * visudo.c:
22952: Exit() takes a negative value to indicate it was not called via
22953: signal.
22954: [b93032ed7b60]
22955:
22956: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
22957: visudo.man.in:
22958: regen
22959: [45bcf4661558]
22960:
22961: * Makefile.in, visudo.c:
22962: Define Err() and Errx() that are like err() and errx() but call
22963: Exit() instead of exit(). Build private copy of alloc.o for visudo
22964: that calls Err() and Errx().
22965: [c6d02bf42edd]
22966:
22967: 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
22968:
22969: * lex.yy.c, sudo.tab.c:
22970: regen
22971: [39de7e7c59da]
22972:
22973: * CHANGES:
22974: sync
22975: [ba481d9ed1aa]
22976:
22977: * visudo.c:
22978: Overhaul visudo for editing multiple files: o visudo has been broken
22979: out into functions (more work needed here) o each file is now edited
22980: before sudoers is re-parsed o if a #include line is added that file
22981: will be edited too
22982:
22983: TODO: o cleanup temp files when exiting via err() or errx() o
22984: continue breaking things out into separate functions
22985: [80c35cf534eb]
22986:
22987: * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
22988: Add keepopen arg to open_sudoers that open_sudoers can use to
22989: indicate to the caller that the fd should not be closed when it is
22990: done with it. To be used by visudo to keep locked fds from being
22991: closed prematurely (and thus losing the lock).
22992: [f330fe632470]
22993:
22994: * parse.yacc, sudo.c:
22995: Add errorfile global that contains the name of the file that caused
22996: the error.
22997: [98079c7a37ed]
22998:
22999: * parse.lex:
23000: return COMMENT to yacc grammar for a #include line
23001: [2024a8de4fa8]
23002:
23003: * parse.lex:
23004: Remove us of unput() in favor of yyless() which is cheaper.
23005: [c61291902beb]
23006:
23007: * parse.yacc:
23008: Allow an empty sudoers file.
23009: [62fb111db2e7]
23010:
23011: 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
23012:
23013: * mon_systrace.c:
23014: Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
23015: [9e15869ef597]
23016:
23017: * lex.yy.c, sudo.tab.c:
23018: regen
23019: [c29bdd43bfad]
23020:
23021: * visudo.c:
23022: Do signal setup before calling edit_sudoers(). Don't shadow the
23023: "quiet" global.
23024: [74252efd09ff]
23025:
23026: * visudo.c:
23027: If a sudoers file includes other files, edit those too. Does not yes
23028: deal with creating the new includes files itself.
23029: [06af7b9c173f]
23030:
23031: * testsudoers.c:
23032: init_parser now takes a path
23033: [b5ee186eb192]
23034:
23035: * parse.c, parse.h, parse.lex, parse.yacc:
23036: More scaffolding for dealing with multiple sudoers files: o
23037: init_parser() now takes a path used to populate the sudoers global o
23038: the sudoers global is used to print the correct file in yyerror() o
23039: when switching to a new sudoers file, perserve old file name and
23040: line number
23041: [d9be4970b8bd]
23042:
23043: * Makefile.in, pathnames.h.in:
23044: Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
23045: multiple sudoers files.
23046: [6ccc4e921c43]
23047:
23048: * parse.c, sudo.c:
23049: Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
23050: we start at the right file position when reading include files.
23051: [91fcb961e7a4]
23052:
23053: * sudoers.pod:
23054: document #include
23055: [fbb92a25a726]
23056:
23057: * lex.yy.c:
23058: regen
23059: [50cd7a4c9dff]
23060:
23061: * parse.lex:
23062: Add max depth of 128 for the include stack to avoid loops.
23063:
23064: Since yyerror() doesn't stop parsing, pass return values back to
23065: yylex and call yyterminate() on error.
23066: [e79dbffb729d]
23067:
23068: 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
23069:
23070: * sudoers.pod:
23071: document tracing
23072: [165a467eadd8]
23073:
23074: * sudo.pod:
23075: Mention PREVENTING SHELL ESCAPES section of sudoers man page
23076: [3217ccecd834]
23077:
23078: * lex.yy.c, sudo.tab.c:
23079: regen
23080: [fbd58d1d3a76]
23081:
23082: * parse.lex:
23083: Add support for #include in sudoers (visudo support TBD)
23084: [a78015ca81af]
23085:
23086: * parse.yacc:
23087: make yyerror()'s argument const
23088: [7d8e168c019a]
23089:
23090: * testsudoers.c, visudo.c:
23091: Add open_sudoers() stubs.
23092: [087466787198]
23093:
23094: * sudo.c, sudo.h:
23095: Rename check_sudoers() open_sudoers() and make it return a FILE *
23096: [142fc511fc65]
23097:
23098: 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
23099:
23100: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
23101: version.h:
23102: Crank version
23103: [1adc3f839480]
23104:
23105: * Makefile.in, sudo.psf:
23106: Better HP-UX depot construction
23107: [2d952b000e63]
23108:
23109: 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
23110:
23111: * mon_systrace.c:
23112: o Made children global so check_exec() can lookup a child. o
23113: Replaced uid in struct childinfo with struct passwd * (for runas) o
23114: new_child() now takes a parent pid so the runas info can be
23115: inherited o Added find_child() to lookup a child by its pid o
23116: update_child() now fills in a struct passwd o Converted the big
23117: if/else mess in set_policy to a switch o Syscalls that change uid
23118: are now "ask" so we get SYSTR_MSG_UGID events
23119: [29b9ea3f09a3]
23120:
23121: * getspwuid.c:
23122: Add flag to sudo_pwdup that indicates whether or not to lookup the
23123: shadow password. Will be used to a struct passwd that has the shadow
23124: password already filled in.
23125: [e19d43dd7238]
23126:
23127: * mon_systrace.c:
23128: add missing increment of addr in read_string()
23129: [f9eb0f060cb6]
23130:
23131: * mon_systrace.c:
23132: Remove bogus call to update_child() and some cosmetic fixes
23133: [701ab0b97fef]
23134:
23135: * mon_systrace.c:
23136: Don't leak /dev/systrace fd to tracee Make initialized global for
23137: simplicity If STRIOCATTACH returns EBUSY we are already being traced
23138: Check for user_args == NULL in setproctitle() call Add missing calls
23139: to STRIOCANSWER
23140: [1956edf9bc3a]
23141:
23142: * sudo.c:
23143: g/c sudo_pwdup proto
23144: [b7c4d6249ecb]
23145:
23146: * Makefile.in, sudo.psf:
23147: Add target for building a depot file
23148: [357019efd99b]
23149:
23150: * mon_systrace.c:
23151: trim includes
23152: [501534428471]
23153:
23154: 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
23155:
23156: * lex.yy.c, sudo.tab.c, sudo.tab.h:
23157: regen
23158: [52fd250c6986]
23159:
23160: * INSTALL:
23161: document --with-systrace
23162: [79623927c94e]
23163:
23164: * config.h.in, configure, configure.in:
23165: Add check for setproctitle
23166: [1730cf1c26ed]
23167:
23168: * mon_systrace.c:
23169: pass struct str_msg_ask in to syscall checker so it can set the
23170: error code
23171: [1703fd2fdef6]
23172:
23173: * mon_systrace.c:
23174: systrace(4) support for sudo. On systems with the systrace(4) kernel
23175: facility (OpenBSD, NetBSD, Linux w/ patches) sudo can intercept exec
23176: calls and check the exec args against the sudoers file. In other
23177: words, sudo can now control subcommands and shell escapes.
23178: [928c9217c386]
23179:
23180: * sudo.c, sudo.h:
23181: Call systrace_attach() if FLAG_TRACE is set.
23182: [014ba9402fa5]
23183:
23184: * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
23185: Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
23186: [a99904db5e56]
23187:
23188: * parse.c, sudo.c:
23189: Don't close sudoers_fp, keep it open and set close on exec flag
23190: instead.
23191: [43a9fec60bee]
23192:
23193: * def_data.c, def_data.h, def_data.in:
23194: Add trace option
23195: [5b643b86730a]
23196:
23197: * Makefile.in:
23198: Add systrace
23199: [47a0519c427c]
23200:
23201: * INSTALL:
23202: SunOS /bin/sh blows up with configure
23203: [005a23cc5615]
23204:
23205: * configure, configure.in:
23206: Include sys/param.h before systrace.h
23207: [9345bc8efecf]
23208:
23209: * configure:
23210: regen
23211: [a8f53fcbb254]
23212:
23213: * pathnames.h.in:
23214: _PATH_DEV_SYSTRACE
23215: [d2ad1e492a00]
23216:
23217: * configure.in:
23218: line up options in --help
23219: [fa51f2821d09]
23220:
23221: * config.h.in, configure.in:
23222: Add --with-systrace
23223: [a264d54bc413]
23224:
23225: 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
23226:
23227: * configure:
23228: regen
23229: [a4dad0bcc523]
23230:
23231: * aclocal.m4, configure.in:
23232: make this work with autoconf-2.59
23233: [c4a92b6a684a]
23234:
23235: 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
23236:
23237: * sudo_edit.c:
23238: Simplify logic around open & stat of files and do sanity on edited
23239: file even if we lack fstat (still racable but worth doing).
23240: [adda65ade70c]
23241:
23242: 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
23243:
23244: * HISTORY:
23245: Add support url
23246: [bf6590fbde9f]
23247:
23248: * Makefile.in:
23249: versino 1.6.8p1
23250: [b84ebfaf1552] [SUDO_1_6_8p1]
23251:
23252: * CHANGES:
23253: more changes for 1.6.8p1
23254: [e23a9c0393b6]
23255:
23256: * version.h:
23257: 1.6.8p1
23258: [872f14504b5f]
23259:
23260: * CHANGES, sudo_edit.c:
23261: Add sanity check so we don't try to edit something other than a
23262: regular file.
23263: [350134ec6d4e]
23264:
23265: 2004-09-15 Aaron Spangler <aaron777@gmail.com>
23266:
23267: * CHANGES:
23268: sync
23269: [3091ca9eae00]
23270:
23271: * INSTALL:
23272: document --with-ldap-conf-file
23273: [0e2cd6b896f1]
23274:
23275: 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
23276:
23277: * CHANGES, ins_csops.h:
23278: political correctness strikes again
23279: [428e8bc77f55]
23280:
23281: * RUNSON:
23282: sync
23283: [27f44bd423dc]
23284:
23285: 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
23286:
23287: * Makefile.binary.in, Makefile.in:
23288: Install sudoedit man link
23289: [19a55234fc1f]
23290:
23291: * INSTALL:
23292: Update PAM note and mention where HP-UX users can download gcc
23293: binaries.
23294: [d37cdbbabfd4]
23295:
23296: * Makefile.in:
23297: libtool wants to install stuff from .libs so fake one up for binary
23298: installations.
23299: [a681bc6fcfba]
23300:
23301: * Makefile.binary.in:
23302: rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
23303: [3e0c4b3372cc]
23304:
23305: * Makefile.in:
23306: Deal with "uname -m" having slashes in it rm -f old sudoedit link
23307: instead of using ln -f
23308: [cff33fb97e5b]
23309:
23310: * Makefile.binary, Makefile.binary.in:
23311: Makefile.binary -> Makefile.binary.in for config.status substitution
23312: Add support for installing noexec bits
23313: [37d8bb3483c6]
23314:
23315: * Makefile.in:
23316: Copy noexec bits into binary dists too No longer use my old arch
23317: script for making binary dists
23318: [e7058bab9e33]
23319:
23320: * Makefile.binary:
23321: Install sudoedit link.
23322: [417d1e101711]
23323:
23324: 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
23325:
23326: * emul/utime.h:
23327: avoid __P so there is no need for compat.h to be included
23328: [6d8d1f1abf7d]
23329:
23330: * utimes.c:
23331: Don't use HAVE_UTIME_H before including config.h.
23332: [013b7bb61181]
23333:
23334: 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
23335:
23336: * compat.h:
23337: Fix Solatis futimes macro
23338: [d4eda2ca0d29]
23339:
23340: 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
23341:
23342: * sudo_edit.c:
23343: Rename ots -> omtim for improved readability.
23344: [127ca5bb297c]
23345:
23346: 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
23347:
23348: * sudo_edit.c:
23349: Redo changes in revision 1.7. Don't really need to keep the temp
23350: file open; re-opening it with the invoking user's euid is
23351: sufficient.
23352: [55a883165a95]
23353:
23354: * CHANGES:
23355: sync
23356: [9015b291170d]
23357:
23358: * sudo.cat, sudo.man.in:
23359: regen
23360: [c0313f6ed783]
23361:
23362: * sudo.pod:
23363: back out revision 1.70; it is no long applicable
23364: [b641d503aff6]
23365:
23366: * env.c:
23367: Let the loader initialize nep
23368: [bec192139b02]
23369:
23370: * config.h.in, configure, configure.in:
23371: Removed unneed check for fchown Add check for gettimeofday Move
23372: autoheader template stuff into separate AH_TEMPLATE lines
23373: [bfc0edbd43f2]
23374:
23375: * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
23376: Use timespec throughout.
23377: [1a178a23b69b]
23378:
23379: * Makefile.in:
23380: gettime.[co]
23381: [6aeb48a7ab7f]
23382:
23383: * gettime.c:
23384: function to return the current time in a struct timespec
23385: [bf8eb12cb63f]
23386:
23387: * utimes.c:
23388: Not a darpa-sponsored file.
23389: [121ce5e2036c]
23390:
23391: 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
23392:
23393: * compat.h, config.h.in, configure, configure.in:
23394: Add a check for struct timespec and provide it for those without.
23395: [42124055030d]
23396:
23397: * config.h.in, configure, configure.in, sudo_edit.c:
23398: Add checks for st_mtim and st_mtimespec and add macros for pulling
23399: the mtime sec and nsec out of struct stat. These are used in
23400: sudo_edit() to better tell whether or not the file has changed.
23401: [23debfbb3fab]
23402:
23403: * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
23404: Add an extra param to touch() for nsec
23405: [56f7a4ba8ddb]
23406:
23407: * sudo_edit.c:
23408: Call mkstemp() as the in invoking user so we don't have to chown the
23409: file later. Only touch() the temp file if we can do it via the file
23410: descriptor. Don't check for modification of the temp file if we lack
23411: fstat(). Catch errors read()ing the temp file.
23412: [665f52c70836]
23413:
23414: * fileops.c:
23415: If path is NULL and fd == -1 return -1.
23416: [757a518a824c]
23417:
23418: * sudo_edit.c:
23419: closefrom() is overkill, the only extra fds are the ones we opened
23420: so just close those in the child.
23421: [f361c9d2a1f4]
23422:
23423: * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
23424: configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
23425: visudo.c:
23426: Use utimes() and futimes() instead of utime() in touch(), emulating
23427: as needed. Not all systems are able to support setting the times of
23428: an fd so touch() takes both an fd and a file name as arguments.
23429: [3d9276f29717]
23430:
23431: 2004-09-07 Aaron Spangler <aaron777@gmail.com>
23432:
23433: * env.c:
23434: Rare SEGV
23435: [8995f828782d]
23436:
23437: 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
23438:
23439: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
23440: visudo.man.in:
23441: regen
23442: [b8e9406711c5]
23443:
23444: * sudo.pod, sudoers.pod, visudo.pod:
23445: Add SUPPORT section and re-order some of the sections to match the
23446: order we use in OpenBSD.
23447: [fa37bd917e2c]
23448:
23449: 2004-09-06 Aaron Spangler <aaron777@gmail.com>
23450:
23451: * env.c:
23452: Openldap ~/.ldaprc fix
23453: [1a37afe6850f]
23454:
23455: 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
23456:
23457: * sudo.pod:
23458: Talk about how the editor must write its changes to the original
23459: file and not just use rename(2).
23460: [c55ed91c5ee9]
23461:
23462: * CHANGES:
23463: sync
23464: [62af26bd37a2]
23465:
23466: * sudo_edit.c:
23467: Keep the temp file open instead of re-opening after the editor has
23468: exited.
23469: [de41eeb6dcf2]
23470:
23471: * sample.pam:
23472: Update for current redhat/fedora core.
23473: [8cf083077333]
23474:
23475: 2004-09-03 Aaron Spangler <aaron777@gmail.com>
23476:
23477: * README.LDAP:
23478: tls_ examples
23479: [ba783d88a034]
23480:
23481: 2004-09-02 Aaron Spangler <aaron777@gmail.com>
23482:
23483: * ldap.c:
23484: config tls_* options
23485: [0b0e0797b3b9]
23486:
23487: 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
23488:
23489: * configure, configure.in:
23490: No need for -lcrypt when using pam.
23491: [41fff3a53e68]
23492:
23493: 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
23494:
23495: * configure:
23496: regen
23497: [75820aecce2c]
23498:
23499: 2004-08-27 Aaron Spangler <aaron777@gmail.com>
23500:
23501: * configure.in, ldap.c, pathnames.h.in:
23502: Allow --with-ldap-conf-file option to override LDAP_CONF
23503: [c9909bc484a5]
23504:
23505: * ldap.c:
23506: cleanup debug message
23507: [1f6ca4824d8d]
23508:
23509: 2004-08-26 Aaron Spangler <aaron777@gmail.com>
23510:
23511: * README.LDAP:
23512: more config info
23513: [f2e7147fd507]
23514:
23515: 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
23516:
23517: * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
23518: Add cmnd_base to struct sudo_user and set it in init_vars(). Add
23519: cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
23520: longer use gross statics in command_matches(). Also rename some
23521: variables for improved clarity.
23522: [7169a6c7bea4]
23523:
23524: 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
23525:
23526: * INSTALL:
23527: document HP's crippled compiler deficiency.
23528: [c405ea5a8d4c]
23529:
23530: * INSTALL:
23531: Fix some thinkos in --with-editor and --with-env-editor
23532: descriptions. Noticed by Norihiko Murase.
23533: [dd781de1c985]
23534:
23535: * configure, configure.in:
23536: --with-noexec takes an optional PATH argument.
23537: [8f6ab77f22cc]
23538:
23539: * INSTALL:
23540: document --with-noexec
23541: [50cb1fc627ce]
23542:
23543: 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
23544:
23545: * RUNSON, TODO:
23546: sync
23547: [f2503bd13373] [SUDO_1_6_8]
23548:
23549: * sudo_edit.c:
23550: Better warning message when sudoedit is unable to write to the
23551: destination file.
23552: [f78c18f2ffa8]
23553:
23554: * sudo.cat, sudo.man.in:
23555: regen
23556: [7e2bf63d6d9a]
23557:
23558: * sudo.pod:
23559: Don't italicize the string "sudoedit"
23560: [c691643bd269]
23561:
23562: 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
23563:
23564: * HISTORY:
23565: Mention GratiSoft.
23566: [dc53de581b2d]
23567:
23568: 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
23569:
23570: * sudo.tab.c:
23571: regen
23572: [8ae0484dfc38]
23573:
23574: * parse.yacc:
23575: Reset used_runas to FALSE when re-intializing the parser.
23576: [b7403f353a02]
23577:
23578: 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
23579:
23580: * config.guess:
23581: Correct OpenBSD mips support
23582: [314fc7afc165]
23583:
23584: * config.guess:
23585: Add OpenBSD/mips
23586: [ac87d0a773ef]
23587:
23588: 2004-08-07 Aaron Spangler <aaron777@gmail.com>
23589:
23590: * README.LDAP:
23591: More behavior notes
23592: [13be1d212b47]
23593:
23594: * README.LDAP:
23595: Updates on current behavior
23596: [d498a8866d6f]
23597:
23598: 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
23599:
23600: * sudoers.pod:
23601: =back does not take an indentlevel (makes no difference to formatted
23602: files).
23603: [9c8523bb382a]
23604:
23605: * sudo.pod:
23606: =back does not take an indentlevel (makes no difference to formatted
23607: files).
23608: [e5f479e24fa8]
23609:
23610: * CHANGES:
23611: new
23612: [2dbd9aba8b33]
23613:
23614: * sudo.c:
23615: Consistency. Use same error for bad -u #uid when targetpw is set as
23616: we do when a bad -u username is specified.
23617: [922961c4a9d6]
23618:
23619: * TODO:
23620: Add checksum idea from Steve Mancini
23621: [e6ece1b766ba]
23622:
23623: * sudoers.cat, sudoers.man.in:
23624: regen
23625: [370d2317829f]
23626:
23627: * sudo.cat, sudo.man.in:
23628: regen
23629: [f93d41fc38b1]
23630:
23631: * sudo.pod, sudoers.pod:
23632: Document the restriction on uids specified via -u when targetpw is
23633: set.
23634: [878fedb455db]
23635:
23636: * sudo.c:
23637: Error out when targetpw is enabled and sudo is run with -u #uid but
23638: #uid does not exist in the passwd database. We can't do target
23639: authentication when the target is not in passwd!
23640: [27c5888c86eb]
23641:
23642: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
23643: regen
23644: [ceb65711050c]
23645:
23646: * TODO:
23647: Some more todo for the next release.
23648: [7b7417be7601]
23649:
23650: * INSTALL:
23651: Make it clear that PAM should be used for DCE support when possible.
23652: [7502029fd385]
23653:
23654: * sudoers.pod:
23655: o Document problems with wildcards and relative paths. o Make the
23656: order requirements more prominent. o Change a "set" to "reset" for
23657: clarity.
23658: [bacdd181b33f]
23659:
23660: 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
23661:
23662: * sudo.pod:
23663: Mention --with-secure-path, not SECURE_PATH.
23664: [41283ddde5e1]
23665:
23666: 2004-08-03 Aaron Spangler <aaron777@gmail.com>
23667:
23668: * ldap.c:
23669: reflect changes to parse.c
23670: [8880fe9b724d]
23671:
23672: 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
23673:
23674: * sudo.tab.c:
23675: regen
23676: [a57658ca9177]
23677:
23678: * parse.c, parse.h, testsudoers.c, visudo.c:
23679: Don't pass user_cmnd and user_args to command_matches(), just use
23680: the globals there. Since we keep state with statics anyway it is
23681: misleading to pretend that passing in different cmnd and cmnd_args
23682: will work.
23683: [0a2544991fd6]
23684:
23685: * parse.yacc:
23686: Don't pass user_cmnd and user_args to command_matches(), just use
23687: the globals there. Since we keep state with statics anyway it is
23688: misleading to pretend that passing in different cmnd and cmnd_args
23689: will work.
23690: [a4910bf6032b]
23691:
23692: * parse.c:
23693: Fix a bug introduced in rev. 1.149. When checking for pseudo-
23694: commands check for a '/' anywhere in cmnd, not just the first
23695: character.
23696: [ce98142f03ca]
23697:
23698: 2004-07-31 Aaron Spangler <aaron777@gmail.com>
23699:
23700: * sudo.man.in, sudo.pod:
23701: Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
23702: [a91800e094b1]
23703:
23704: * sudoers.man.in, sudoers.pod:
23705: Add ignore_local_sudoers
23706: [741ddcbf7083]
23707:
23708: * README.LDAP:
23709: Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
23710: janth@moldung.no
23711: [742c02e07cd9]
23712:
23713: 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
23714:
23715: * CHANGES:
23716: typo
23717: [e7cdefbd7a9a]
23718:
23719: 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
23720:
23721: * CHANGES:
23722: sync
23723: [734dafc4a85e]
23724:
23725: * parse.c:
23726: Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
23727: PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
23728: [151b7f593568]
23729:
23730: 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
23731:
23732: * CHANGES:
23733: PAM change
23734: [d8fb6d6a22d0]
23735:
23736: 2004-07-08 Aaron Spangler <aaron777@gmail.com>
23737:
23738: * ldap.c:
23739: Better debugging of ALL command
23740: [9db3e84029dc]
23741:
23742: 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
23743:
23744: * parse.c:
23745: When matching for "sudoedit" in sudoers check both the command the
23746: user typed *and* the command that is listed in the sudoers entry.
23747: [f36ca1f94095]
23748:
23749: 2004-07-04 Aaron Spangler <aaron777@gmail.com>
23750:
23751: * ldap.c:
23752: Added !command feature
23753: [ed539574611b]
23754:
23755: 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
23756:
23757: * auth/pam.c:
23758: Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
23759: [2be8e0e8813a]
23760:
23761: 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
23762:
23763: * LICENSE:
23764: License is ISC-style, not BSD-style
23765: [ac0589e1dd5d]
23766:
23767: * CHANGES:
23768: sync
23769: [16058a30f404]
23770:
23771: 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
23772:
23773: * sudo.cat, sudo.man.in:
23774: regen
23775: [8820eb9c809b]
23776:
23777: * sudo.pod:
23778: o Update some out of date bits to reality o Change the shell promt
23779: in examples to bourne-shell style o Clarify some details o Add a
23780: CAVEAT about "sudo cd /foo"
23781: [b0af373214b6]
23782:
23783: * check.c:
23784: Don't ask for a password if invoking user == target user.
23785: [dd5c96141132]
23786:
23787: * sudo.c:
23788: typo in comment
23789: [278d20f9b249]
23790:
23791: 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
23792:
23793: * sudoers.cat, sudoers.man.in:
23794: regen
23795: [9036c6f39eff]
23796:
23797: * sudoers.pod:
23798: Expand on NOEXEC a little.
23799: [9a13756aebe4]
23800:
23801: * TODO:
23802: sync
23803: [8d2c1af48de8]
23804:
23805: * visudo.cat, visudo.man.in:
23806: regen
23807: [3921f01607c8]
23808:
23809: * sudo.tab.c:
23810: regen
23811: [9338c3d68250]
23812:
23813: * visudo.pod:
23814: Add a check in visudo for runas_default being set after it has
23815: already been used.
23816: [6700358d7ad8]
23817:
23818: * CHANGES, parse.yacc, visudo.c:
23819: Add a check in visudo for runas_default being set after it has
23820: already been used.
23821: [803560986a8a]
23822:
23823: * sudo.tab.c:
23824: regen
23825: [b60636e2cf63]
23826:
23827: * parse.yacc:
23828: Add a MATCHED macro for testing whether foo_matches has been set to
23829: TRUE or FALSE. This is more readable than checking for >=0 or < 0.
23830: Doesn't change the actual code generated.
23831: [f376da8ccdc8]
23832:
23833: 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
23834:
23835: * sudoers.cat:
23836: regen
23837: [6cceb6d6c9bd]
23838:
23839: * sudoers.man.in:
23840: regen
23841: [5acd12b730b3]
23842:
23843: * sudoers.pod:
23844: Correct description of where Defaults specs should go.
23845: [6b11ff53d7ad]
23846:
23847: * sudoers:
23848: Correct description of where Defaults specs should go.
23849: [868db857630d]
23850:
23851: * testsudoers.c, visudo.c:
23852: update (c) year
23853: [272c8a53604c]
23854:
23855: * logging.h:
23856: update (c) year
23857: [3cec76d400ce]
23858:
23859: * ldap.c:
23860: update (c) year
23861: [f264632488a0]
23862:
23863: * find_path.c:
23864: update (c) year
23865: [40c227af9227]
23866:
23867: * auth/pam.c:
23868: update (c) year
23869: [87149e0eed50]
23870:
23871: * auth/bsdauth.c, auth/kerb5.c:
23872: update (c) year
23873: [d72eb434c068]
23874:
23875: 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
23876:
23877: * sudo.tab.c:
23878: regen
23879: [83408d9e9d2e]
23880:
23881: * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
23882: Remove trailing spaces, no actual code changes.
23883: [4c3bf2819293]
23884:
23885: * tgetpass.c:
23886: Remove trailing spaces, no actual code changes.
23887: [96f6e0a24c26]
23888:
23889: * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
23890: Remove trailing spaces, no actual code changes.
23891: [c7075d1cbed5]
23892:
23893: * getcwd.c:
23894: Remove trailing spaces, no actual code changes.
23895: [776cc0374547]
23896:
23897: * find_path.c:
23898: Remove trailing spaces, no actual code changes.
23899: [7ed7099f3c71]
23900:
23901: * compat.h, defaults.c, env.c:
23902: Remove trailing spaces, no actual code changes.
23903: [893e83c33795]
23904:
23905: * check.c:
23906: Remove trailing spaces, no actual code changes.
23907: [f77750f8803b]
23908:
23909: * sudo.tab.c:
23910: regen
23911: [62e0ed883b31]
23912:
23913: * parse.yacc:
23914: Fix a >=0 that should be <0 that was improperly converted when
23915: UNSPEC was added.
23916: [ad1531a55a49]
23917:
23918: * parse.yacc:
23919: Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
23920: NOMATCH when resetting it.
23921: [ae017a12870a]
23922:
23923: * parse.yacc:
23924: Fix pastos introduced in SETNMATCH addition.
23925: [6ea1c9d80681]
23926:
23927: 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
23928:
23929: * README.LDAP:
23930: Update for configure changes
23931: [637a635da287]
23932:
23933: * sudo.tab.c:
23934: regen
23935: [4753c2788713]
23936:
23937: * sudo.h:
23938: Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
23939: these in parse.yacc. Also in parse.yacc initialize the *_matches
23940: vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
23941: when setting *_matches to a value that may be
23942: NOMATCH/UNSPEC/TRUE/FALSE.
23943: [2ba622e15a4d]
23944:
23945: * parse.yacc:
23946: Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
23947: these in parse.yacc. Also in parse.yacc initialize the *_matches
23948: vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
23949: when setting *_matches to a value that may be
23950: NOMATCH/UNSPEC/TRUE/FALSE.
23951: [746b519e41a6]
23952:
23953: * parse.yacc:
23954: Initialize runas to -2, not -1 since we need to be able to
23955: distinguish between the initialized value and the value of a non-
23956: match when passing along the runas value to multiple commands.
23957:
23958: The result of this is that an unmatched runas is now set to -1, not
23959: 0. This is required now that parse.c treats a FALSE value for runas
23960: as being explicitly denied.
23961: [7791ed3621f6]
23962:
23963: 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
23964:
23965: * sudo.c, visudo.c:
23966: Error out if argc < 1.
23967: [ce6b2a9eda3c]
23968:
23969: * getprogname.c:
23970: Error out if argc < 1.
23971: [c566cce8dc78]
23972:
23973: * configure, configure.in:
23974: Add tests for what libs we need to link with for ldap and for
23975: whether or not lber.h needs to be explicitly included.
23976: [b2e9729cc4e7]
23977:
23978: 2004-06-03 Aaron Spangler <aaron777@gmail.com>
23979:
23980: * ldap.c:
23981: Solaris native LDAP build fix
23982: [39929e40eb11]
23983:
23984: 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
23985:
23986: * ldap.c:
23987: Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
23988: unset variable.
23989: [6a4c20a66f98]
23990:
23991: * sudo.h:
23992: Add prototype for sudo_ldap_list_matches
23993: [443b007a8dab]
23994:
23995: * configure, configure.in:
23996: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
23997: version too. Added check for dd_fd in `DIR' if no dirfd is found;
23998: this is now used to confitionally define the dirfd macro in
23999: compat.h.
24000: [567656978f7e]
24001:
24002: * config.h.in:
24003: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
24004: version too. Added check for dd_fd in `DIR' if no dirfd is found;
24005: this is now used to confitionally define the dirfd macro in
24006: compat.h.
24007: [34eace4faec8]
24008:
24009: * compat.h:
24010: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
24011: version too. Added check for dd_fd in `DIR' if no dirfd is found;
24012: this is now used to confitionally define the dirfd macro in
24013: compat.h.
24014: [8d50ff1bbf2a]
24015:
24016: * closefrom.c:
24017: Only check /proc/$$/fd if we have the dirfd function/macro.
24018: [15e3ccce7553]
24019:
24020: * compat.h, config.h.in, configure, configure.in:
24021: Add a check for a dirfd() function (like Linux) and add a dirfd
24022: macro in compat.h if there is no dirfd() function or macro.
24023: [1e95756edb50]
24024:
24025: * closefrom.c, getcwd.c:
24026: dirfd() is now defined in compat.h as needed.
24027: [bb1d79271188]
24028:
24029: * CHANGES:
24030: Clarify closefrom() note.
24031: [f4e4a5508dda]
24032:
24033: * parse.c:
24034: When checking for a command in the directory, only copy the base dir
24035: once.
24036: [7a3276808b87]
24037:
24038: * closefrom.c:
24039: If there is a /proc/$$/fd directory, behave like the Solaris
24040: closefrom() and only close the descriptors listed therein.
24041: [19de23779e84]
24042:
24043: * alloc.c:
24044: compat.h guarantees INT_MAX is defined.
24045: [1bf0c79d4606]
24046:
24047: * compat.h:
24048: Add definitions of OPEN_MAX and INT_MAX for those without it and
24049: remove definition of RLIM_INFINITY (now unused).
24050: [f827d1ebf96e]
24051:
24052: * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
24053: sudo.c, sudo.h, visudo.c:
24054: Use PATH_MAX, not MAXPATHLEN since the former is standardized.
24055: [59788f211c24]
24056:
24057: 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
24058:
24059: * CHANGES:
24060: sync
24061: [d32fa124f1ad]
24062:
24063: * RUNSON:
24064: Add some entries that were mailed in a while ago
24065: [ff8d5bfec54e]
24066:
24067: * closefrom.c:
24068: o sysconf returns a long, not an int. o check for negative return
24069: value from sysconf/getdtablesize and use OPEN_MAX in this case. o
24070: define OPEN_MAX to 256 for those without it (a fair guess...)
24071: [ccf81ae6deb2]
24072:
24073: 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
24074:
24075: * UPGRADE:
24076: Mention change in parse order for RunAs entries.
24077: [dc73b0bca617]
24078:
24079: * configure:
24080: regen
24081: [07cce8e0534e]
24082:
24083: 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
24084:
24085: * INSTALL, README.LDAP, config.h.in, configure.in:
24086: o --with-ldap now takes an optional dir as a parameter o added check
24087: for ldap_initialize() and start_tls_s()
24088: [2b846c7974c6]
24089:
24090: * README.LDAP:
24091: Fix some typos, word choice and formatting issues.
24092: [00dc8ca84b10]
24093:
24094: 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
24095:
24096: * tgetpass.c:
24097: Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
24098: read/write as it is simpler.
24099: [30f5446ee8b0]
24100:
24101: * configure, configure.in:
24102: Remove hack overriding cross-compiler check. It should no longer be
24103: needed.
24104: [22a6cbd88608]
24105:
24106: * compat.h:
24107: Remove select() compat bits since we no longer use select().
24108: [d7bbf7cd36f5]
24109:
24110: * CHANGES, tgetpass.c:
24111: Use alarm() instead of select() for the timeout for systems that
24112: don't fully/properly implement select().
24113: [d7cc60f15800]
24114:
24115: 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
24116:
24117: * CHANGES:
24118: synbc
24119: [132a39788e07]
24120:
24121: * RUNSON:
24122: update
24123: [61ef508380c6]
24124:
24125: * set_perms.c:
24126: Deal with systems that have no way of setting the effective uid such
24127: as nsr-tandem-nsk.
24128: [306e00e9b5a4]
24129:
24130: * configure, configure.in:
24131: Define NO_SAVED_IDS if we don't find seteuid()
24132: [8588f18345cf]
24133:
24134: * config.h.in, configure, configure.in:
24135: Add back check for setreuid() since NSK doesn't have it.
24136: [43127bd703d1]
24137:
24138: * sudoers.cat, sudoers.man.in:
24139: regen
24140: [af4f4b20e422]
24141:
24142: * CHANGES:
24143: sync
24144: [29ca3b699c24]
24145:
24146: * BUGS:
24147: sync
24148: [3593f17f72ed]
24149:
24150: * parse.c:
24151: In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
24152: explicitly denied and the command matched. This fixes a long-
24153: standing bug and makes: foo machine = (ALL) /usr/bin/blah foo
24154: machine = (!bar) /usr/bin/blah
24155:
24156: equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
24157: [2f5ee244985a]
24158:
24159: * sudoers.pod:
24160: Clarify mail_noperm
24161: [3238b2d41989]
24162:
24163: 2004-05-20 Aaron Spangler <aaron777@gmail.com>
24164:
24165: * Makefile.in:
24166: Missing DESTDIR in make install for sudo_noexec.la
24167: [91431e821525]
24168:
24169: 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
24170:
24171: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
24172: visudo.man.in:
24173: regen
24174: [cdfde0dcb556]
24175:
24176: * TODO:
24177: sync
24178: [4799b7d8b62c]
24179:
24180: * sudoers.pod:
24181: Remove fastboot/fasthalt (who still remembers these?) and add a
24182: minimal sudoedit example.
24183: [19d299f233cd]
24184:
24185: * sample.sudoers:
24186: Remove fastboot/fasthalt (who still remembers these?) and add a
24187: minimal sudoedit example.
24188: [b1bca73d6250]
24189:
24190: * UPGRADE, sudo.c, visudo.c:
24191: filesystem -> file system
24192: [1e1afaf30469]
24193:
24194: * TROUBLESHOOTING:
24195: filesystem -> file system
24196: [39fb594e9338]
24197:
24198: * CHANGES, INSTALL:
24199: filesystem -> file system
24200: [85948b608ffe]
24201:
24202: * sudo.pod, sudoers.pod:
24203: Fix some minor typos and formatting goofs
24204: [e94d243a0b90]
24205:
24206: * lex.yy.c:
24207: regen
24208: [2eed0ab1f4c4]
24209:
24210: * visudo.pod:
24211: remove my email addr
24212: [b63262c0389b]
24213:
24214: * sudo.pod, sudoers.pod, visudo.pod:
24215: Use @mansectform@ and @mansectsu@ everywhere Make man page
24216: references links with L<>
24217: [f459f4b9ddb9]
24218:
24219: * parse.lex:
24220: Accept quoted globbing characters and pass them verbatim for
24221: fnmatch()
24222: [8248b86e9380]
24223:
24224: * UPGRADE:
24225: Document that /tmp/.odus is gone.
24226: [3667b66af5bb]
24227:
24228: * pathnames.h.in:
24229: No longer use /tmp/.odus as a possible timestamp dir unless
24230: specifically configured to do so. Instead, if no /var/run exists,
24231: use /var/adm/sudo or /usr/adm/sudo.
24232: [48d94c9f9ad4]
24233:
24234: * configure:
24235: No longer use /tmp/.odus as a possible timestamp dir unless
24236: specifically configured to do so. Instead, if no /var/run exists,
24237: use /var/adm/sudo or /usr/adm/sudo.
24238: [058d7b8cf07b]
24239:
24240: * aclocal.m4:
24241: No longer use /tmp/.odus as a possible timestamp dir unless
24242: specifically configured to do so. Instead, if no /var/run exists,
24243: use /var/adm/sudo or /usr/adm/sudo.
24244: [cf52c4c2803f]
24245:
24246: * CHANGES:
24247: No longer use /tmp/.odus as a possible timestamp dir unless
24248: specifically configured to do so. Instead, if no /var/run exists,
24249: use /var/adm/sudo or /usr/adm/sudo.
24250: [6058c4cefcec]
24251:
24252: * set_perms.c, sudo.c, tgetpass.c, visudo.c:
24253: Preliminary changes to support nsr-tandem-nsk. Based on patches from
24254: Tom Bates.
24255: [2e5f81834383]
24256:
24257: * logging.c:
24258: Preliminary changes to support nsr-tandem-nsk. Based on patches from
24259: Tom Bates.
24260: [934bbe6872b6]
24261:
24262: * check.c, compat.h:
24263: Preliminary changes to support nsr-tandem-nsk. Based on patches from
24264: Tom Bates.
24265: [390b698b5924]
24266:
24267: 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
24268:
24269: * CHANGES:
24270: There was no 1.6.7p6.
24271: [8013d2e6b062]
24272:
24273: * BUGS, CHANGES:
24274: sync
24275: [c38b41f32857]
24276:
24277: * Makefile.in:
24278: add missing files to DISTFILES
24279: [e6a80ad03039]
24280:
24281: * sudo.cat, sudoers.cat, visudo.cat:
24282: regen
24283: [027bc9746dd5]
24284:
24285: * sudoers.man.in:
24286: regen
24287: [f5e85ef686cf]
24288:
24289: * Makefile.in:
24290: Fix some line wrap and update (c) year
24291: [bad1f46aa1ca]
24292:
24293: 2004-04-28 Aaron Spangler <aaron777@gmail.com>
24294:
24295: * README.LDAP:
24296: Build Note
24297: [7a061248249b]
24298:
24299: 2004-04-07 Aaron Spangler <aaron777@gmail.com>
24300:
24301: * Makefile.in:
24302: Fix install-dirs
24303: [be0726dd92e7]
24304:
24305: 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
24306:
24307: * sudo.tab.c:
24308: regen
24309: [3f4f0d1ab8b9]
24310:
24311: * visudo.c:
24312: In Exit() when used as a signal handler, emsg is a pointer so
24313: sizeof() is wrong so make it a #define instead. Also avoid using a
24314: negative exit value. Found by Aaron Campbell
24315: [78716a3a3fdc]
24316:
24317: 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
24318:
24319: * sudoers.pod:
24320: Remove bogus sentence about uids in a User_List. Document usernames
24321: vs. uid parsing in a Runas_List.
24322: [7ca510b5031c]
24323:
24324: * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
24325: If the user specified a uid with the -u flag and the uid exists in
24326: the passwd file, set runas_user to the name, not the uid.
24327:
24328: When comparing usernames in sudoers, if a name is really a uid
24329: (starts with '#') compare it numerically to pw_uid.
24330: [8d6935d04673]
24331:
24332: 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
24333:
24334: * auth/kerb5.c:
24335: krb5_mcc_ops should be const; Johnny C. Lam
24336: [aa8c753e426e]
24337:
24338: 2004-02-28 Aaron Spangler <aaron777@gmail.com>
24339:
24340: * CHANGES, config.h.in, ldap.c:
24341: Added start_tls support
24342: [7ef864c15b69]
24343:
24344: 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
24345:
24346: * Makefile.in:
24347: Clean up libtool stuff for 'make distclean' and add def_data.c,
24348: def_data.h to PARSESRCS.
24349: [bf9bb6bb06ab]
24350:
24351: 2004-02-14 Aaron Spangler <aaron777@gmail.com>
24352:
24353: * strlcat.c, strlcpy.c:
24354: Un-Fix last license munge
24355: [42654b77ac71]
24356:
24357: 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
24358:
24359: * configure:
24360: regen
24361: [e4de6b23a4dc]
24362:
24363: * CHANGES, RUNSON, TODO:
24364: checkpoint
24365: [94e1ace84d5c]
24366:
24367: * lex.yy.c, sudo.tab.c:
24368: regen
24369: [8ce784505643]
24370:
24371: * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
24372: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
24373: emul/search.h, emul/utime.h:
24374: More to a less restrictive, ISC-style license.
24375: [a31b20e48003]
24376:
24377: * auth/kerb5.c, auth/pam.c:
24378: More to a less restrictive, ISC-style license.
24379: [e41f92b41216]
24380:
24381: * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
24382: More to a less restrictive, ISC-style license.
24383: [87534c164a52]
24384:
24385: * auth/bsdauth.c:
24386: More to a less restrictive, ISC-style license.
24387: [e21be6594b58]
24388:
24389: * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
24390: More to a less restrictive, ISC-style license.
24391: [6d234be91c5e]
24392:
24393: * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
24394: visudo.man.in, visudo.pod:
24395: More to a less restrictive, ISC-style license.
24396: [b02aea324fd6]
24397:
24398: * sudo_noexec.c:
24399: More to a less restrictive, ISC-style license.
24400: [a6da7631e0b2]
24401:
24402: * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
24403: sudo_edit.c:
24404: More to a less restrictive, ISC-style license.
24405: [71cdcc241e94]
24406:
24407: * sigaction.c, strerror.c:
24408: More to a less restrictive, ISC-style license.
24409: [4bccdedca58a]
24410:
24411: * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
24412: set_perms.c:
24413: More to a less restrictive, ISC-style license.
24414: [64d772d70ab3]
24415:
24416: * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
24417: ins_goons.h, insults.h, interfaces.c, interfaces.h:
24418: More to a less restrictive, ISC-style license.
24419: [520381c60a54]
24420:
24421: * find_path.c, getprogname.c:
24422: More to a less restrictive, ISC-style license.
24423: [f605d5eab6f1]
24424:
24425: * fileops.c:
24426: More to a less restrictive, ISC-style license.
24427: [4129a8b38a67]
24428:
24429: * env.c:
24430: More to a less restrictive, ISC-style license.
24431: [d5bd859757de]
24432:
24433: * defaults.h:
24434: More to a less restrictive, ISC-style license.
24435: [008f5d5743f5]
24436:
24437: * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
24438: defaults.c:
24439: More to a less restrictive, ISC-style license.
24440: [d8d7bfc8a18b]
24441:
24442: * utime.c, version.h:
24443: More to a less restrictive, ISC-style license.
24444: [e2e038ad8209]
24445:
24446: * parse.lex, parse.yacc:
24447: More to a less restrictive, ISC-style license.
24448: [2f5942e847a1]
24449:
24450: * Makefile.binary:
24451: More to a less restrictive, ISC-style license.
24452: [1ed561734535]
24453:
24454: 2004-02-13 Aaron Spangler <aaron777@gmail.com>
24455:
24456: * sudoers2ldif:
24457: Merged in LDAP Support
24458: [3994c4d05947]
24459:
24460: * ldap.c, sudo.c, sudo.h:
24461: Merged in LDAP Support
24462: [547eaa346fcc]
24463:
24464: * def_data.c, def_data.h, def_data.in:
24465: Merged in LDAP Support
24466: [8fb255280e42]
24467:
24468: * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
24469: Merged in LDAP Support
24470: [1038092a161e]
24471:
24472: 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
24473:
24474: * sudo.h, sudo_noexec.c:
24475: Only do "extern int errno" if errno is not a macro.
24476: [b2e02a08be8b]
24477:
24478: 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
24479:
24480: * set_perms.c:
24481: setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
24482: euid first, then just call setuid(0) to set the real uid too.
24483: [f08546e2e0ee]
24484:
24485: * set_perms.c:
24486: Use setresuid() and setreuid() for PERM_RUNAS when appropriate
24487: instead of seteuid() which may not exist.
24488: [ba508581befb]
24489:
24490: 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
24491:
24492: * LICENSE:
24493: 2004
24494: [37425513a342]
24495:
24496: * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
24497: Add --with-pc-insults configure option
24498: [7daa5294c17b]
24499:
24500: * visudo.man.in:
24501: Prefer VISUAL over EDITOR like old vipw did.
24502: [996252a4ab65]
24503:
24504: 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
24505:
24506: * sudo.man.in, sudoers.man.in:
24507: regen
24508: [a247f1c52eb9]
24509:
24510: * sudoers.pod:
24511: Add a note that noexec is not a cure-all.
24512: [9e7fc535367d]
24513:
24514: * sudoers.pod:
24515: Mention that disabling "root_sudo" is pretty pointless.
24516: [f38a415afba0]
24517:
24518: * configure, configure.in:
24519: Substitute for root_sudo in sudoers.pod
24520: [ce483cfc86be]
24521:
24522: * sudo.pod:
24523: Add sudoedit to the NAME section
24524: [51bc453ec2f6]
24525:
24526: * sudoers.pod:
24527: Document that fact that setting ignore_dot in sudoers has no effect
24528: due to the fact that find_path() is called *before* sudoers is read.
24529: [6808df7e417c]
24530:
24531: 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
24532:
24533: * sudo_edit.c:
24534: Do not require _PATH_USRTMP to be set.
24535: [546f3270dd10]
24536:
24537: * BUGS, CHANGES, TODO:
24538: sync
24539: [4205ddeab781]
24540:
24541: * sudo.man.in:
24542: regen
24543: [e2143690a88a]
24544:
24545: * sudo.pod:
24546: Clarify that when sudo is run by root with the SUDO_USER variable
24547: set, the sudoers lookup happens for root and not the SUDO_USER user.
24548: [47207bec1bdf]
24549:
24550: 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
24551:
24552: * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
24553: set_perms.c, sigaction.c, sudo.c, tgetpass.c:
24554: Use the SET, CLR and ISSET macros.
24555: [a8b0d7f1e8fd]
24556:
24557: * fnmatch.c:
24558: Use the SET, CLR and ISSET macros.
24559: [1afbcba22ba6]
24560:
24561: * defaults.c, env.c:
24562: Use the SET, CLR and ISSET macros.
24563: [2f39431e0a49]
24564:
24565: * interfaces.h:
24566: MAIN was replaced with _SUDO_MAIN some time ago.
24567: [ea1b38f2ac9d]
24568:
24569: * sudo.c:
24570: Don't look at prev_user until after we've parsed sudoers and done
24571: the password check. That way, if sudo/sudoedit is run from a root
24572: process that was invoked by sudo, we check sudoers for root, not the
24573: previous user. This makes sudoedit much more useful and means that
24574: for the sudo case, we get correct logging on who actually ran the
24575: command.
24576: [431dfbf20552]
24577:
24578: 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
24579:
24580: * sudo_edit.c:
24581: Add a comment describing why we need to be notified about our child
24582: stopping.
24583: [0bec3ce4b49d]
24584:
24585: 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
24586:
24587: * def_data.c, def_data.in:
24588: Update the noexec variable descriptions
24589: [9cb7f1aa0e57]
24590:
24591: * sudoers.man.in, sudoers.pod:
24592: noexec now replaces more than just execve()
24593: [23cbdc0ee95c]
24594:
24595: * sudo_noexec.c:
24596: Alas, all the world does not go through execve(2). Many systems
24597: still have an execv(2) system call, Linux 2.6 provides fexecve(2)
24598: and it is not uncommon for libc to have underscore ('_') versions of
24599: the functions to be used internally by the library. Instead of
24600: stubbing all these out by hand, define a macro and let it do the
24601: work. Extra exec functions pointed out by Reznic Valery.
24602: [9fa0cd871b0c]
24603:
24604: * sudo.c, sudo_edit.c:
24605: Fix suspending the editor in -e mode. Because we do a fork() first
24606: we need to be notified when the child has been stopped and then send
24607: that same signal to ourself so the shell can do its job control
24608: thing.
24609: [773165eb6057]
24610:
24611: * visudo.c:
24612: Use WIFEXITED and WEXITSTATUS macros. If there are systems out there
24613: that want to run sudo that still don't support these we can try to
24614: deal with that later.
24615: [6af68e4aff60]
24616:
24617: * lex.yy.c:
24618: regen
24619: [403435317d5d]
24620:
24621: * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
24622: Document sudo -e / sudoedit
24623: [a80f6ea910af]
24624:
24625: * configure, configure.in:
24626: fix typo
24627: [5020fcdc27f4]
24628:
24629: * config.h.in, configure.in:
24630: Add SET/CLR/ISSET
24631: [03ff57286e7e]
24632:
24633: 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
24634:
24635: * sudo.c:
24636: Allow non-exclusive flags when invoked as sudoedit. Pretty print the
24637: long usage() line to not wrap (assumes 80 char display)
24638: [3941fa4004bb]
24639:
24640: * Makefile.in, sudo.c:
24641: If sudo is invoked as "sudoedit" the -e flag is implied and no other
24642: flags are permitted.
24643: [929670b01293]
24644:
24645: * sudo.h:
24646: Add a new flag, -e, that makes it possible to give users the ability
24647: to edit files with the editor of their choice as the invoking user,
24648: not the runas user. Temporary files are used for the actual edit and
24649: the temp file is copied over the original after the editor is done.
24650: [c4051414c1f4]
24651:
24652: * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
24653: Add a new flag, -e, that makes it possible to give users the ability
24654: to edit files with the editor of their choice as the invoking user,
24655: not the runas user. Temporary files are used for the actual edit and
24656: the temp file is copied over the original after the editor is done.
24657: [37ac05c8ac3c]
24658:
24659: * env.c, sudo.c:
24660: If real uid == 0 and the SUDO_USER environment variables is set, use
24661: that to determine the invoking user's true identity. That way the
24662: proper info gets logged by someone who has done "sudo su" but still
24663: uses sudo to as root. We can't do this for non-root users since that
24664: would open up a security hole, though perhaps it would be acceptable
24665: to use getlogin(2) on OSes where this a system call (and doesn't
24666: just look in the utmp file).
24667: [c2f9198708a1]
24668:
24669: * pathnames.h.in:
24670: Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
24671: [7d9e5768df93]
24672:
24673: * config.h.in, configure, configure.in:
24674: Add check for fchown(2)
24675: [a85df18798ed]
24676:
24677: 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
24678:
24679: * sudo.c:
24680: Back out portions of the -i commit that set NewArgv[0] in
24681: set_runaspw. It is far to late to set NewArgv[0] there and will have
24682: no effect anyway as cmnd and safe_cmnd have already been set.
24683: [c2d343430c1c]
24684:
24685: * visudo.c, visudo.pod:
24686: Prefer VISUAL over EDITOR like old vipw did.
24687: [ae32f477cea3]
24688:
24689: 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
24690:
24691: * env.c, sudo.c:
24692: In -i mode always set new environment based on the runas user's
24693: passwd entry.
24694: [fa653b7887a8]
24695:
24696: 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
24697:
24698: * sudo.man.in, sudo.pod:
24699: Document the new -i flag and sync SYNOPSIS section with usage() in
24700: sudo.c. Also sort the flags in the OPTIONS section.
24701: [6aabc0ffc47e]
24702:
24703: * sudo.c, sudo.h:
24704: o Add -i that acts similar to "su -", based on patches from David J.
24705: MacKenzie o Sort the flags in the usage message
24706: [c0fe7d6beffd]
24707:
24708: * sudoers.man.in, sudoers.pod:
24709: Add a missing @runas_default@ substitution.
24710: [60516fe2d090]
24711:
24712: 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
24713:
24714: * sudo.c:
24715: Change euid to runas user before calling find_path(). Unfortunately,
24716: though runas_user can be modified in sudoers we haven't parsed
24717: sudoers yet.
24718: [f469fdf2e313]
24719:
24720: * sudoers.man.in, sudoers.pod:
24721: Add missing defintion of Parameter_List and use single pipes in the
24722: Defaults EBNF definition.
24723: [f7bed6e909bf]
24724:
24725: * sudo.c:
24726: Fix a bug when set_runaspw() is used as a callback. We don't want to
24727: reset the contents of runas_pw if the user specified a user via the
24728: -u flag.
24729:
24730: Avoid unnecessary passwd lookups in set_authpw(). In most cases we
24731: already have the info in runas_pw.
24732: [efc35623ba09]
24733:
24734: 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
24735:
24736: * check.c:
24737: Add Stan Lee / Uncle Ben quote to the lecture from RedHat
24738: [ebd5a76ccd7e]
24739:
24740: * sudo.h:
24741: Update sudo_getepw() proto and add one for set_runaspw()
24742: [6ed65795c17f]
24743:
24744: * parse.c:
24745: If we can't stat the command as root, try as the runas user instead.
24746: [ae713fca0e15]
24747:
24748: * testsudoers.c, visudo.c:
24749: Add stub set_runaspw() function
24750: [42aa37050053]
24751:
24752: * sudo.c:
24753: Add set_runaspw() function to fill in runas_pw. This will be used as
24754: a callback to update runas_pw when the runas user changes.
24755: [e570aa0088d0]
24756:
24757: * env.c, sudo.c:
24758: PERM_RUNAS -> PERM_FULL_RUNAS
24759: [51eec6f9e89a]
24760:
24761: * set_perms.c, sudo.h:
24762: Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
24763: changes the euid.
24764: [877c6fe4d12c]
24765:
24766: * getspwuid.c:
24767: Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
24768: one chunk for easy free()ing. Also change it from static to extern.
24769: [ab503260a7ec]
24770:
24771: * defaults.c, defaults.h:
24772: Add callback support
24773: [a61c4ca983fb]
24774:
24775: * mkdefaults:
24776: Add a callback field and use it for runas_default
24777: [96b69c27df5e]
24778:
24779: * def_data.c, def_data.in:
24780: Add a callback field and use it for runas_default
24781: [d3e9f06872b8]
24782:
24783: 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
24784:
24785: * auth/fwtk.c:
24786: Add support for chalnecho and display server responses used by fwtk
24787: >= 2.0
24788: [b1870f7aaf0d]
24789:
24790: 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
24791:
24792: * sudoers.man.in, sudoers.pod:
24793: ld.so is ld.so.1 on solaris
24794: [2bf9a123fa4c]
24795:
24796: * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
24797: Use closefrom() instead of doing the equivalent inline.
24798: [7e3ef6072884]
24799:
24800: * closefrom.c:
24801: closefrom(3) for systems w/o it
24802: [35caf58bb636]
24803:
24804: 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
24805:
24806: * sudoers.man.in:
24807: Update from .pod file.
24808: [d4c94fc0e0c9]
24809:
24810: * configure, configure.in:
24811: Substitute noexec_file for the sudoers man page
24812: [203d3376a551]
24813:
24814: * sudo.man.in, sudo.pod:
24815: Mention noexec
24816: [014375ddbb06]
24817:
24818: * sudoers.man.in, sudoers.pod:
24819: Document noexec
24820: [49a65d06201f]
24821:
24822: * auth/pam.c, config.h.in, configure.in:
24823: Move PAM_CONST macro definition from config.h to pam.c where it
24824: belongs. We can't have this in config.h since that gets included too
24825: early.
24826: [e64748071637]
24827:
24828: * auth/pam.c, config.h.in, configure, configure.in:
24829: Some PAM implementations put their headers in /usr/include/pam
24830: instead of /usr/include/security.
24831: [8cc749e9575c]
24832:
24833: * configure.in:
24834: I missed changing the EXEC macro -> EXECV here when I changed this
24835: in config.h.in and sudo.c a while ago.
24836: [6f5afac7789f]
24837:
24838: * acsite.m4:
24839: OpenBSD vax/m88k/hppa don't do shared libs
24840: [e4901d958bb7]
24841:
24842: * configure, configure.in:
24843: o merge the hpux case entries into a single entry w/ its own sub-
24844: case statement. o HP-UX >= 11 support getspnam(), use it in
24845: preference to getprpwuid()
24846: [0caad428894e]
24847:
24848: * configure, configure.in:
24849: eval $shrext so that it expands nicely on MacOS X
24850: [40419343eef8]
24851:
24852: * Makefile.in:
24853: Don't lie about making a module, it does the wrong thing on mach
24854: [7629b28f5688]
24855:
24856: * ltmain.sh:
24857: Remove requirement that libs must begin with "lib". They don't when
24858: we point directly at the lib using LD_PRELOAD or its equivalent.
24859: [d66f3de6ec85]
24860:
24861: * acsite.m4:
24862: Disable support for c++, f77 and java. We don't need it, it takes a
24863: lot of time, and it hosed our check for shared lib support.
24864: [4f5749c52ce4]
24865:
24866: * configure:
24867: regen
24868: [160865e9d15f]
24869:
24870: * configure.in:
24871: Call AC_ENABLE_SHARED and check the status of enable_shared to know
24872: when shared libs are available.
24873: [42504c1668fc]
24874:
24875: * acsite.m4:
24876: Duh, OpenBSD suports shared libs too
24877: [8e3cd9417475]
24878:
24879: * config.h.in, configure.in:
24880: Only OpenPAM and Linux PAM use const qualifiers.
24881: [b2f76476e866]
24882:
24883: * configure, configure.in:
24884: o No need to check for sed, libtool config does that for us o move
24885: check for --with-noexec until after libtool magic is run so we can
24886: use $can_build_shared and $shrext
24887: [668c656e89cc]
24888:
24889: * ltmain.sh:
24890: Don't print a bunch of crap about library installs since we are not
24891: really installing a library.
24892: [83fbcad29fe4]
24893:
24894: * env.c:
24895: Make format_env() varargs Add noexec support for Darwin, MacOS X,
24896: Irix, and Tru64
24897: [468885d75d10]
24898:
24899: * acsite.m4, ltconfig, ltmain.sh:
24900: Update to libtool 1.5 with local changes: o no ldconfig in the
24901: finish step o assume no libprefix or version is needed
24902: [4961cffc3797]
24903:
24904: * sudo_noexec.c:
24905: Fix compilation under K&R
24906: [8b309bf0b1b2]
24907:
24908: 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
24909:
24910: * CHANGES:
24911: checkpoint
24912: [3c368badab32]
24913:
24914: * sudo_noexec.c:
24915: stub execve() that just returns EACCES; used for noexec
24916: functionality
24917: [1297acae283a]
24918:
24919: * sudo.tab.h:
24920: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
24921: generated code.
24922: [dcab78c49273]
24923:
24924: * sudo.tab.c:
24925: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
24926: generated code.
24927: [0a61c735eabe]
24928:
24929: 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
24930:
24931: * def_data.c, def_data.h, def_data.in:
24932: Move the environment defaults to the end and shorten a few of the
24933: descriptions.
24934: [66787b9c612c]
24935:
24936: * configure, configure.in:
24937: no shared libs on ultris or convexos
24938: [2c5f3c456e32]
24939:
24940: * Makefile.in, configure, configure.in:
24941: Build sudo_noexec shared object using libtool; could use some
24942: cleanup.
24943: [373f483555dd]
24944:
24945: * acsite.m4, ltconfig, ltmain.sh:
24946: libtool scaffolding
24947: [c903a42e3d90]
24948:
24949: * parse.yacc, sudo.tab.c:
24950: Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
24951: important.
24952: [c6e8a34639a4]
24953:
24954: * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
24955: parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
24956: update copyright year
24957: [a16372ae1711]
24958:
24959: * configure, configure.in, defaults.c, env.c, pathnames.h.in:
24960: Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
24961: option. The default value of noexec_file is set to this.
24962: [7d88e1d3c494]
24963:
24964: * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
24965: parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
24966: sudo.tab.h:
24967: Add support for preloading a shared object containing a dummy
24968: execve() function that just sets error and returns -1. This adds a
24969: "noexec_file" option to load the filename as well as a "noexec" flag
24970: to enable it unconditionally. There is also a NOEXEC tag that can be
24971: attached to specific commands and an EXEC tag to disable it.
24972: [c8b6712feb91]
24973:
24974: * mkdefaults:
24975: add missing newline to usage statement
24976: [e84746618362]
24977:
24978: * config.h.in, sudo.c:
24979: Rename EXEC macro -> EXECV
24980: [ddaa0c027299]
24981:
24982: * logging.c:
24983: Don't truncate usernames to 8 characters in the log message.
24984: [f62a20f27075]
24985:
24986: * check.c, sudoers.man.in, sudoers.pod:
24987: Update copyright year
24988: [ca9964054085]
24989:
24990: * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
24991: sudoers.pod:
24992: Add a new option, lecture_file, that can be used to point to a
24993: custom sudo lecture.
24994: [940133231216]
24995:
24996: 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
24997:
24998: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
24999: auth/sudo_auth.c:
25000: Add a zero_bytes() function to do the equivalent of bzero in such a
25001: way that will heopfully not be optimized away by sneaky compilers.
25002: [161b6d74bfb4]
25003:
25004: * zero_bytes.c:
25005: Add a zero_bytes() function to do the equivalent of bzero in such a
25006: way that will heopfully not be optimized away by sneaky compilers.
25007: [d035abf0af94]
25008:
25009: * Makefile.in, sudo.h:
25010: Add a zero_bytes() function to do the equivalent of bzero in such a
25011: way that will heopfully not be optimized away by sneaky compilers.
25012: [ff136de3e255]
25013:
25014: * err.c:
25015: Use #ifdef __STDC__, not #if __STDC__.
25016: [6889dd6bc51a]
25017:
25018: 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
25019:
25020: * mkdefaults:
25021: Always put at least one space between the def_* macro name and its
25022: definition.
25023: [6b3ad0e6619a]
25024:
25025: * configure, configure.in:
25026: Adjust code for --without-lecture to match new values.
25027: [062aa788a6b9]
25028:
25029: * visudo.man.in:
25030: regen after pasto fix
25031: [3deec16906c0]
25032:
25033: * sudoers.man.in, sudoers.pod:
25034: Document that "lecture" has changed from a flag to a tuple.
25035: [e2c03062b533]
25036:
25037: * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
25038: defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
25039: Add support for tuples in def_data.in; these are implemented as an
25040: enum type. Currently there is only a single tuple enum but in the
25041: future we may have one tuple enum per T_TUPLE entry in def_data.in.
25042: Currently listpw, verifypw and lecture are tuples. This avoids the
25043: need to have two entries (one ival, one str) for pwflags and syslog
25044: values.
25045:
25046: lecture is now a tuple with the following values: never, once,
25047: always
25048:
25049: We no longer use both an int and string entry for syslog facilities
25050: and priorities. Instead, there are logfac2str() and logpri2str()
25051: functions that get used when we need to print the string values.
25052: [5293f946c836]
25053:
25054: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
25055: auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
25056: check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
25057: logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
25058: sudo.tab.c, visudo.c:
25059: Create def_* macros for each defaults value so we no longer need the
25060: def_{flag,ival,str,list,mode} macros (which have been removed). This
25061: is a step toward more flexible data types in def_data.in.
25062: [009c02934106]
25063:
25064: * TODO:
25065: checkpoint
25066: [0a99a4bb5d15]
25067:
25068: 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
25069:
25070: * sudo.c:
25071: If we are in -k/-K mode, just spew to stderr. It is not unusual for
25072: users to place "sudo -k" in a .logout file which can cause sudo to
25073: be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
25074: Previously, this would result in useless mail and logging.
25075: [d282e7ed63af]
25076:
25077: 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
25078:
25079: * visudo.pod:
25080: fix pasto in VISUAL description
25081: [1c6a6148b5f9]
25082:
25083: 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
25084:
25085: * configure:
25086: regen
25087: [f44312c63799]
25088:
25089: * CHANGES:
25090: checkpoint
25091: [0c42e38f78d5]
25092:
25093: * TROUBLESHOOTING:
25094: Some OSes (like Solaris) allow export w/ nosuid too
25095: [973ce85ffa12]
25096:
25097: 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
25098:
25099: * compat.h:
25100: We don't use FD_ZERO anymore so just define FD_SET (if not already
25101: there).
25102: [d1c8c11905cd]
25103:
25104: 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
25105:
25106: * auth/pam.c:
25107: Fix a core dump on Solaris by preserving the pam_handle_t we used
25108: during authentication for pam_prep_user(). If we didn't authenticate
25109: (ie: ticket still valid), we call pam_init() from pam_prep_user().
25110: This is something of a hack; it may be better to change the auth API
25111: and add an auth_final() function that acts like pam_prep_user().
25112: [f787de49b175]
25113:
25114: 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
25115:
25116: * set_perms.c:
25117: Add explicit declaration of printerr variable in function header
25118: (was defaulting to int which is OK but oh so K&R :-). From Theo.
25119: [492c2358783f]
25120:
25121: 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
25122:
25123: * config.h.in, configure.in:
25124: s/HAVE_STOW/USE_STOW/
25125: [4b99e1824ece]
25126:
25127: * logging.c:
25128: Also exit waitpid() loop when pid == 0. Fixes a problem where the
25129: sudo process would spin eating up CPU until sendmail finished when
25130: it has to send mail.
25131: [ec3d5792b9b4]
25132:
25133: 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
25134:
25135: * fnmatch.c:
25136: Remove advertising clause, UCB has disavowed it
25137: [43a26bbd6628]
25138:
25139: * fnmatch.3:
25140: Remove advertising clause, UCB has disavowed it
25141: [3ff24291bcfa]
25142:
25143: 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
25144:
25145: * parse.c:
25146: Don't assume that getgrnam() calls don't modify contents of struct
25147: passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
25148: Based on a patch from Kirk Webb.
25149: [5574c68f60f3]
25150:
25151: 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
25152:
25153: * configure.in:
25154: missing ;;
25155: [22378f2a9d31]
25156:
25157: * configure.in:
25158: darwin has a broken setreuid() in at least some versions
25159: [d572aed930d2]
25160:
25161: * env.c:
25162: Fix an off by one error when reallocating the environment; Kevin Pye
25163: [3d98e7cf097a]
25164:
25165: 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
25166:
25167: * sudoers.pod:
25168: Fix User_Spec definition; SEKINE Tatsuo
25169: [49b0da65e090]
25170:
25171: 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
25172:
25173: * HISTORY:
25174: More info on the early days from Coggs.
25175: [9381ca10b06b]
25176:
25177: 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
25178:
25179: * auth/kerb5.c:
25180: remove errant semicolon that prevented compilation under heimdal
25181: [d2f2bb73a598]
25182:
25183: 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
25184:
25185: * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
25186: add DARPA credit on affected files
25187: [7020785ee50d]
25188:
25189: * sudoers.pod:
25190: add DARPA credit on affected files
25191: [83b46318750b]
25192:
25193: * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
25194: sudoers.man.in:
25195: add DARPA credit on affected files
25196: [d8adf1c2ba22]
25197:
25198: * set_perms.c:
25199: add DARPA credit on affected files
25200: [3d79fdabb582]
25201:
25202: * pathnames.h.in:
25203: add DARPA credit on affected files
25204: [e334cdda422f]
25205:
25206: * logging.c, parse.c:
25207: add DARPA credit on affected files
25208: [8f75f822755b]
25209:
25210: * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
25211: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
25212: find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
25213: interfaces.h:
25214: add DARPA credit on affected files
25215: [da66e28fb3f5]
25216:
25217: * auth/kerb5.c, auth/pam.c:
25218: add DARPA credit on affected files
25219: [15da3021b49c]
25220:
25221: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
25222: auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
25223: version.h:
25224: add DARPA credit on affected files
25225: [868d54cbddea]
25226:
25227: * env.c:
25228: add DARPA credit on affected files
25229: [90239f51ef0a]
25230:
25231: * defaults.c, defaults.h:
25232: add DARPA credit on affected files
25233: [6a64205fd1eb]
25234:
25235: * compat.h:
25236: add DARPA credit on affected files
25237: [316a735783c4]
25238:
25239: * Makefile.in, alloc.c, check.c:
25240: add DARPA credit on affected files
25241: [cd939e05c810]
25242:
25243: * LICENSE:
25244: slightly different wording for the darpa credit
25245: [e468909c4a21]
25246:
25247: 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
25248:
25249: * LICENSE:
25250: Add DARPA credit
25251: [8eb20e2cd63e]
25252:
25253: 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
25254:
25255: * auth/kerb5.c:
25256: Use krb5_princ_component() instead of krb5_princ_realm() for MIT
25257: Kerberos like we did before I messed things up ;-)
25258:
25259: Use krb5_principal_get_comp_string() to do the same thing w/
25260: Heimdal. I'm not sure if the component should be 0 or 1 in this
25261: case.
25262:
25263: #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
25264: older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
25265: should be a configure check for this I guess.
25266: [74919a3933fe]
25267:
25268: 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
25269:
25270: * sample.sudoers:
25271: builtin -> built-in; Jason McIntyre
25272: [027f2187923e]
25273:
25274: * TROUBLESHOOTING, config.h.in, configure, configure.in:
25275: builtin -> built-in; Jason McIntyre
25276: [70b81ac48943]
25277:
25278: * sudoers.pod:
25279: built in -> built-in; Jason McIntyre
25280: [da658ef5138d]
25281:
25282: 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
25283:
25284: * CHANGES:
25285: checkpoint for 1.6.7p3
25286: [da85f989fadf]
25287:
25288: * HISTORY:
25289: Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
25290: Amazingly, sudo source from 1985 is available via groups.google.com
25291: [39e0fc85b89f]
25292:
25293: * sudo.c:
25294: Don't change rl.rlim_max for RLIMIT_CORE. We need only set
25295: rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
25296: RLIMIT_CORE restoration on some OSes.
25297: [7e2c1a7adfd8]
25298:
25299: 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
25300:
25301: * auth/kerb5.c:
25302: Make this compile on Heimdal and MIT Kerberos 5
25303: [44c07d615868]
25304:
25305: * config.h.in, configure, configure.in:
25306: Check for heimdal even if we found krb5-config and define
25307: HAVE_HEIMDAL.
25308: [aba0126f0059]
25309:
25310: * auth/kerb5.c:
25311: Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is no
25312: longer defined by MIT kerb5 (though it used to be and indeed remains
25313: so in Heimdal).
25314: [e5a6c64d7cd5]
25315:
25316: 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
25317:
25318: * mkinstalldirs:
25319: Remove newer stuff that passes multiple (possibly duplicate)
25320: directories to "mkdir -p" since that seems to break on Tru64 Unix at
25321: least. This basically brings back what shipped with sudo 1.6.6.
25322: [f2a1abd872b3]
25323:
25324: 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
25325:
25326: * auth/kerb5.c:
25327: Correct number of args to krb5_principal_get_realm() and fix an
25328: unclosed comment that hid the bug.
25329: [0b37f8ce7824]
25330:
25331: * configure:
25332: regen
25333: [1876cb840fe0]
25334:
25335: * configure.in:
25336: ++version
25337: [480aff7c048e]
25338:
25339: * README:
25340: ++version
25341: [488e0bbff613]
25342:
25343: * Makefile.in:
25344: ++version
25345: [97ef63cedc38]
25346:
25347: * INSTALL.binary:
25348: ++version
25349: [a506204e77d0]
25350:
25351: * INSTALL:
25352: ++version
25353: [555aeba5c2bf]
25354:
25355: * CHANGES, version.h:
25356: ++version
25357: [f66985a64063]
25358:
25359: * BUGS:
25360: ++version
25361: [ea3573432412]
25362:
25363: * configure.in:
25364: use krb5-config to determine Kerberos V details if it exists
25365: [7b46bbdaf774]
25366:
25367: * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
25368: auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
25369: find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
25370: testsudoers.c, visudo.c:
25371: Use warn/err and getprogname() throughout. The main exception is
25372: openlog(). Since the admin may be filtering logs based on the
25373: program name in the log files, hard code this to "sudo".
25374: [9f180d015cfa]
25375:
25376: * Makefile.in:
25377: Add getprogname.c and err.c
25378: [d411c54a07dc]
25379:
25380: * configure:
25381: regen
25382: [6d585d391acc]
25383:
25384: * config.h.in, configure.in:
25385: Add checks for getprognam(), __progname and err.h
25386: [bcbccf61d34a]
25387:
25388: * emul/err.h:
25389: For systems withour err/warn functions.
25390: [1b33118884d9]
25391:
25392: * err.c:
25393: For systems withour err/warn functions.
25394: [26721f6b041f]
25395:
25396: * getprogname.c:
25397: For systems neither getprogname() nor __progname; uses Argv[0].
25398: [841cf42af1eb]
25399:
25400: 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
25401:
25402: * CHANGES:
25403: checkpoint for 1.6.7p1
25404: [5bfdaf441dce]
25405:
25406: * sudo.c, testsudoers.c:
25407: fix strlcpy() rval check (innocuous)
25408: [e05ac7e0d1f3]
25409:
25410: * check.c:
25411: oflow detection in expand_prompt() was faulty (false positives). The
25412: count was based on strlcat() return value which includes the length
25413: of the entire string.
25414: [086c5a0acb25]
25415:
25416: 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
25417:
25418: * RUNSON, TODO:
25419: checkpoint for the sudo 1.6.7 release
25420: [096bab4da29a] [SUDO_1_6_7]
25421:
25422: * CHANGES:
25423: checkpoint for the sudo 1.6.7 release
25424: [87322187ed78]
25425:
25426: 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
25427:
25428: * logging.c:
25429: g/c unused variable
25430: [c57cd4a17765]
25431:
25432: * configure:
25433: regen
25434: [e7c1f581dfac]
25435:
25436: * configure.in:
25437: use man sections 8 and 5 for csops
25438: [87de581bda88]
25439:
25440: 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
25441:
25442: * configure:
25443: regen
25444: [cb1433a9c7a1]
25445:
25446: * configure.in:
25447: Add -lskey or -lopie directly to SUDO_LIBS instead of having
25448: AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
25449: [ac5667978939]
25450:
25451: * configure:
25452: regen
25453: [638459118a2a]
25454:
25455: * configure.in:
25456: Add --with-blibpath for AIX. An alternate libpath may be specified
25457: or
25458: -blibpath support can be disabled. Also change conifgure such that
25459: -blibpath is not specified if no -L libpaths were added to
25460: SUDO_LDFLAGS.
25461: [c7d17b480cad]
25462:
25463: * aclocal.m4:
25464: Add --with-blibpath for AIX. An alternate libpath may be specified
25465: or
25466: -blibpath support can be disabled. Also change conifgure such that
25467: -blibpath is not specified if no -L libpaths were added to
25468: SUDO_LDFLAGS.
25469: [37022e991575]
25470:
25471: * INSTALL:
25472: Add --with-blibpath for AIX. An alternate libpath may be specified
25473: or
25474: -blibpath support can be disabled. Also change conifgure such that
25475: -blibpath is not specified if no -L libpaths were added to
25476: SUDO_LDFLAGS.
25477: [4b4bbe5bbe1b]
25478:
25479: * configure.in:
25480: add AIX blibpath support
25481: [16ba788bf086]
25482:
25483: * INSTALL, configure.in:
25484: --with-skey and --with-opie now take an option directory argument
25485: This obsoletes a --with-csops hack (/tools/cs/skey)
25486:
25487: Also remove the remaining direct uses of "echo"
25488: [5b4986a90c03]
25489:
25490: 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
25491:
25492: * configure.in:
25493: Detect KTH Kerberos IV and deal with it. Also make -lroken optional
25494: for KTH Kerberos IV and V.
25495: [119f97b48e18]
25496:
25497: * aclocal.m4:
25498: Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
25499: -R/path/to/dir if $with_rpath) to the specified variable.
25500: [e55e49d076ce]
25501:
25502: * INSTALL, configure.in:
25503: Add -R/path/to/libs for Solaris and SVR4. There is a new configure
25504: option, --with-rpath to control this behavior.
25505: [d4730c5399ab]
25506:
25507: * configure.in:
25508: for kerb4 put libdes after libkrb on the link line
25509: [5c566100eab6]
25510:
25511: * auth/kerb4.c:
25512: typo
25513: [6541b72b64a3]
25514:
25515: * configure.in:
25516: fix kerberos lib check when a path is specified
25517: [ae833a914c6f]
25518:
25519: * logging.c:
25520: Fix boolean thinko in SIGCHLD reaper and call reapchild after
25521: sending mail instead of doing a conditional sudo_waitpid.
25522: [86fa9a35df5a]
25523:
25524: 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
25525:
25526: * configure:
25527: regen
25528: [e6275cf528ba]
25529:
25530: * configure.in:
25531: replace =DIR with [=DIR] where sensible
25532: [c39a59173b38]
25533:
25534: * configure.in:
25535: o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
25536: detection based on openssh's configure.in
25537: [5b7a340912df]
25538:
25539: * INSTALL:
25540: --with-kerb4 and --with-kerb5 now take an optional argument.
25541: [71ed87fc9c64]
25542:
25543: 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
25544:
25545: * auth/securid.c:
25546: Kill remaining strcpy(), the programmer's guide says username is 32
25547: bytes.
25548: [bdba70fcd08d]
25549:
25550: * auth/kerb4.c:
25551: trat uid_t as unsigned long for printf and use snprintf, not sprintf
25552: [8072f5f8966d]
25553:
25554: * auth/rfc1938.c:
25555: use snprintf
25556: [fc0c70c665fe]
25557:
25558: 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
25559:
25560: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
25561: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
25562: auth/rfc1938.c, auth/sudo_auth.c:
25563: update copyright year
25564: [b0a10ccb1d0e]
25565:
25566: * sudo.man.in, sudoers.man.in, visudo.man.in:
25567: update copyright year
25568: [8fce0034eb51]
25569:
25570: * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
25571: configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
25572: parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
25573: sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
25574: update copyright year
25575: [d541e75fe520]
25576:
25577: * check.c, env.c, sudo.c:
25578: Cast [ug]ids to unsigned long and printf with %lu
25579: [2ede64d3592b]
25580:
25581: * configure:
25582: regen
25583: [c7c3245bdf3e]
25584:
25585: * configure.in:
25586: correct error messages for --with-sudoers-{mode,uid,gid}
25587: [77fc15b1c9db]
25588:
25589: * alloc.c:
25590: make the malloc(0) error specific to each function to aid tracking
25591: down bugs.
25592: [a58c34374b4b]
25593:
25594: * alloc.c:
25595: deal with platforms where size_t is signed and there is no SIZE_MAX
25596: or SIZE_T_MAX
25597: [7192abb4ab4e]
25598:
25599: * auth/kerb5.c:
25600: Make this compile w/ Heimdal and fix some gcc warnings.
25601: [f52f026f31c2]
25602:
25603: * sudo.c:
25604: Use stat_sudoers macro so --with-stow can work
25605: [c3674735c139]
25606:
25607: * INSTALL, config.h.in, configure, configure.in:
25608: Add support for --with-stow based on patches from Robert Uhl
25609: [b274cc1dd52c]
25610:
25611: * env.c:
25612: fix indentation
25613: [110d9f1721b1]
25614:
25615: * configure.in:
25616: back out rev 1.352
25617: [1eee91c83f11]
25618:
25619: * lex.yy.c:
25620: regen
25621: [72fba1c9590b]
25622:
25623: * parse.lex:
25624: use strlcpy, not strncpy
25625: [4faccbaeccef]
25626:
25627: * set_perms.c:
25628: Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
25629: [33bf0d18fdc1]
25630:
25631: * logging.c:
25632: use pid_t
25633: [3e0536993d2c]
25634:
25635: 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
25636:
25637: * strlcat.c, strlcpy.c:
25638: Make gcc shutup about unused rcsid
25639: [1669a0c74e9e]
25640:
25641: * interfaces.c:
25642: Move the n == 0 check for the non-getifaddrs cas
25643: [2460be061b2a]
25644:
25645: * auth/rfc1938.c:
25646: skeychallenge() on NetBSD take a size parameter
25647: [05acc2012801]
25648:
25649: * configure:
25650: regen
25651: [24bccf4749e8]
25652:
25653: * configure.in:
25654: put -ldl after -lpam, not before; fixes static linking on Linux
25655: [7f06b7b2b4d8]
25656:
25657: * interfaces.c:
25658: Avoid malloc(0) and fix the loop invariant for the getifaddrs()
25659: case.
25660: [239a55068646]
25661:
25662: * sudo.cat, sudoers.cat, visudo.cat:
25663: regen
25664: [4a2eed3981ca]
25665:
25666: * sudo.man.in, sudoers.man.in, visudo.man.in:
25667: regen
25668: [2c96ea2cf930]
25669:
25670: * Makefile.in:
25671: Preserve copyright notice from .pod file in .man.in file
25672: [519fbd09aebc]
25673:
25674: * visudo.pod:
25675: Add sudoers(5) to SEE ALSO
25676: [77ecfe3aedf1]
25677:
25678: 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
25679:
25680: * lex.yy.c:
25681: regen
25682: [6f5751ce0b74]
25683:
25684: * parse.lex:
25685: Don't assume libc can realloc() a NULL string. If malloc/realloc
25686: fails, make sure we just return; yyerror() is not terminal.
25687: [1b8618623708]
25688:
25689: * lex.yy.c:
25690: regen
25691: [5d31b46191c6]
25692:
25693: * parse.lex:
25694: simplify fill_args a little and use strlcpy for paranoia
25695: [0ea35a55542b]
25696:
25697: * sudo.tab.c:
25698: regen
25699: [5a8d508d708b]
25700:
25701: * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
25702: testsudoers.c:
25703: Use strlc{at,py} for paranoia's sake and exit on overflow. In all
25704: cases the strings were either pre-allocated to the correct size of
25705: length checks were done before the copy but a little paranoia can go
25706: a long way.
25707: [e73d28f1d14e]
25708:
25709: * sudo.h:
25710: Add strlc{at,py} protos
25711: [748ffc7fc7f4]
25712:
25713: * env.c, interfaces.c:
25714: Use erealloc3()
25715: [47f2cb46aba8]
25716:
25717: * configure:
25718: regen
25719: [e7e2fb79f935]
25720:
25721: * alloc.c:
25722: Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
25723: memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
25724: [7e0fa4d6fc1d]
25725:
25726: * sudo.c:
25727: snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
25728: configure.
25729: [09ea4d3959e9]
25730:
25731: * aclocal.m4:
25732: In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
25733: [31b4fdfdb8bf]
25734:
25735: 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
25736:
25737: * sudo.c:
25738: Use snprintf() for paranoia
25739: [a2659ceb46de]
25740:
25741: * parse.yacc:
25742: Use emalloc2 and erealloc3
25743: [90a069842401]
25744:
25745: * Makefile.in:
25746: strlc{at,py} for those w/o it
25747: [bac82dc916ee]
25748:
25749: * strlcat.c, strlcpy.c:
25750: stlc{at,py} for those w/o it.
25751: [ce7254f5db09]
25752:
25753: * config.h.in, configure, configure.in:
25754: Add stlc{at,py} for those w/o it.
25755: [00f08219657a]
25756:
25757: * alloc.c, sudo.h:
25758: Add erealloc3(), a realloc() version of emalloc2().
25759: [c96eaf08bbed]
25760:
25761: * interfaces.c, sudo.c:
25762: Use emalloc2() to allocate N things of a certain size.
25763: [1e0aba365555]
25764:
25765: * alloc.c, sudo.h:
25766: Add emalloc2() -- like calloc() but w/o the bzero and with
25767: error/oflow checking.
25768: [292150bc4153]
25769:
25770: * alloc.c:
25771: Error out on malloc(0); suggested by theo
25772: [995279e81326]
25773:
25774: 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
25775:
25776: * configure, configure.in:
25777: fix a typo; David Krause
25778: [f161213a17ab]
25779:
25780: 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
25781:
25782: * sudo.pod:
25783: fix typo
25784: [3ae5ad9a351a]
25785:
25786: 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
25787:
25788: * env.c:
25789: Remove DYLD_ from the environment for MacOS X; from bbraun
25790: [38caad5a3935]
25791:
25792: 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
25793:
25794: * config.h.in, configure.in:
25795: not not; Anil Madhavapeddy
25796: [d4f4f0bfc66b]
25797:
25798: 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
25799:
25800: * sudo.pod, sudoers.pod, visudo.pod:
25801: typos; jmc@openbsd.org
25802: [868c0f09bf9e]
25803:
25804: 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
25805:
25806: * parse.yacc:
25807: Add some missing ';' rule terminators that bison warns about.
25808: [535b0b8dcce5]
25809:
25810: * config.sub:
25811: fix typo I introduced in last merge
25812: [81db4e4f43fe]
25813:
25814: * configure:
25815: regenerate with autoconf 2.57
25816: [ca0c1e9564f8]
25817:
25818: * config.h.in:
25819: Add missing "$HOME"
25820: [209186197ad1]
25821:
25822: * configure.in:
25823: Add some more square backets to make autoconf 2.57 happy
25824: [b5639c14faf7]
25825:
25826: * config.sub, mkinstalldirs:
25827: Updates from autoconf-2.57
25828: [36be35eb331b]
25829:
25830: * config.guess:
25831: Updates from autoconf-2.57
25832: [ea0f8ca622af]
25833:
25834: 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
25835:
25836: * sudo.tab.h:
25837: regen
25838: [13a65a421567]
25839:
25840: * lex.yy.c, sudo.tab.c:
25841: regen
25842: [0b529db7cb6d]
25843:
25844: * parse.lex, parse.yacc, sudoers.pod:
25845: Add support for Defaults>RunasUser
25846: [20d726373175]
25847:
25848: 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
25849:
25850: * visudo.c:
25851: fclose() yyin after each yyparse() is done and use fopen() instead
25852: of using freopen().
25853: [587f8a2df857]
25854:
25855: * parse.lex:
25856: Better fix for sudoers files w/o a newline before EOF. It looks like
25857: the issue is that yyrestart() does not reset the start condition to
25858: INITIAL which is an issue since we parse sudoers multiple times.
25859: [920f8326968a]
25860:
25861: 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
25862:
25863: * parse.lex:
25864: Work around what appears to be a flex bug when dealing with files
25865: that lack a final newline before EOF. This adds a rule to match EOF
25866: in the non-initial states which resets the state to INITIAL and
25867: throws an error.
25868: [b94943bb1f81]
25869:
25870: * visudo.c:
25871: o The parser needs sudoers to end with a newline but some editors
25872: (emacs) may not add one. Check for a missing newline at EOF and add
25873: one if needed. o Set quiet flag during initial sudoers parse (to get
25874: options) o Move yyrestart() call and always use freopen() to open
25875: yyin after initial sudoers parse.
25876: [12d12f9b07aa]
25877:
25878: 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
25879:
25880: * set_perms.c:
25881: Fix pasto/thinko in setresgid()/setregid() usage. Want to set
25882: effective gid, not real gid, when reading sudoers.
25883: [c7d18b810fcd]
25884:
25885: * set_perms.c:
25886: don't compile set_perms_posix if we have setreuid or setresuid
25887: [b9cea7a81a29]
25888:
25889: 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
25890:
25891: * sudo.pod, sudoers.pod:
25892: document new prompt escapes
25893: [2f088076b640]
25894:
25895: * check.c:
25896: Add %U and %H escapes and redo prompt rewriting. "%%" now gets
25897: collapsed to "%" as was originally intended. This also gets rid of
25898: lastchar (does lookahead instead of lookback) which should simplify
25899: the logic slightly.
25900: [4b707b77b3c7]
25901:
25902: 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
25903:
25904: * tgetpass.c:
25905: Write the prompt *after* turning off echo to avoid some password
25906: characters being echoed on heavily-loaded machines with fast
25907: typists.
25908: [d38c57775915]
25909:
25910: * config.sub:
25911: Add support for mipseb; wiz@danbala.tuwien.ac.at
25912: [cfdac87ed5c8]
25913:
25914: * configure.in:
25915: Fix IRIX fallout from name changes in man dir/sect Makefile
25916: variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
25917: [9a7618755c23]
25918:
25919: * auth/pam.c:
25920: Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
25921: the global copy. Problem noted by Peter Pentchev.
25922: [d0a3e189cb06]
25923:
25924: 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
25925:
25926: * sudo.tab.c:
25927: regen
25928: [23b931359087]
25929:
25930: * parse.yacc:
25931: Add missing yyerror() calls; YYERROR does not seem to call this for
25932: us.
25933: [0be7aeb3ac57]
25934:
25935: 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
25936:
25937: * sudo.c:
25938: fix typo in comment; Pedro Bastos
25939: [d7406c460e99]
25940:
25941: 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
25942:
25943: * INSTALL:
25944: document --disable-setresuid
25945: [fbd03d03a027]
25946:
25947: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
25948: auth/sudo_auth.c:
25949: Sprinkle some volatile qualifiers to prevent over-enthusiastic
25950: optimizers from removing memset() calls.
25951: [5370ac0e6129]
25952:
25953: * logging.c, parse.yacc:
25954: minor sign fixes pointed out by gcc -Wsign-compare
25955: [db872438337f]
25956:
25957: * set_perms.c, sudo.c, sudo.h:
25958: Revamp set_perms. We now use a version based on setresuid() or
25959: setreuid() when possible since that allows us to support the
25960: stay_setuid option and we always know exactly what the semantics
25961: will be (various Linux kernels have broken POSIX saved uid support).
25962: [523bc212396c]
25963:
25964: * config.h.in, configure:
25965: regen from configure.in
25966: [351877ea2624]
25967:
25968: * configure.in:
25969: Add checks for setresuid() and a way to disable using it
25970: [a5b21653d169]
25971:
25972: * compat.h:
25973: No long need to emulate set*[ug]id() via setres[ug]id() or
25974: setre[ug]id(). The new set_perms stuff only uses things it knows are
25975: there.
25976: [47884bd5d1d9]
25977:
25978: * sudo.c:
25979: Before exec, restore state of signal handlers to be the same as when
25980: we were initialy invoked instead of just reseting to SIG_DFL. Fixes
25981: a problem when using sudo with nohup. Based on a patch from Paul
25982: Markham.
25983: [f8f5a1484faa]
25984:
25985: * sudo.c:
25986: o timestamp_uid should be uid_t, not int o clarify error message
25987: when sudo is run by root and no_root_sudo is set
25988: [19dda0734264]
25989:
25990: 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
25991:
25992: * README:
25993: update ftp link for bison
25994: [98bc191016e3]
25995:
25996: 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
25997:
25998: * set_perms.c:
25999: Error out if setusercontext() fails and the runas user is not root.
26000: [089f9ade4686]
26001:
26002: 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
26003:
26004: * auth/securid5.c:
26005: Fix rcsid
26006: [07e9e85dcc2f]
26007:
26008: * configure.in:
26009: Fix SecurID API test
26010: [5ec201f454a5]
26011:
26012: 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
26013:
26014: * env.c:
26015: typo in comment
26016: [9d385c9ac533]
26017:
26018: * configure.in:
26019: securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
26020: but I don't see a better way at the moment.
26021: [f89e55cbb313]
26022:
26023: * Makefile.in, auth/securid5.c:
26024: SecurID API version 5 support from Michael Stroucken
26025: [68500ac7e531]
26026:
26027: * configure.in:
26028: Add check for SecurID 5.0 API
26029: [1ee242e6de6b]
26030:
26031: 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
26032:
26033: * strerror.c:
26034: We actually do still need config.h to get the 'const' definition for
26035: K&R C.
26036: [d9c982032d85]
26037:
26038: 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
26039:
26040: * configure:
26041: regen with autoconf 2.5.3
26042: [c71fc086eef5]
26043:
26044: * configure.in:
26045: Don't set sysconfdir to '/etc' if the user has specified a --prefix.
26046: [d90da1efafd9]
26047:
26048: * configure.in:
26049: Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
26050: LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
26051: [dd67afefa90d]
26052:
26053: * env.c, sudo.c, sudo.h:
26054: No need for dump_badenv() now that dump_defaults() knows how to dump
26055: lists.
26056: [6bcda468501d]
26057:
26058: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
26059: version.h:
26060: ++version
26061: [44e3b8f95f0b]
26062:
26063: * sudoers.pod:
26064: document timestampowner
26065: [37ebd69e9dd1]
26066:
26067: * check.c:
26068: Don't call set_perms() when doing timestamp stuff unless
26069: timestamp_uid != 0.
26070: [63a63d41d18c]
26071:
26072: * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
26073: sudo.h, testsudoers.c:
26074: g/c second arg to set_perms--it is no longer used
26075: [7ac4ce50c612]
26076:
26077: 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
26078:
26079: * check.c, set_perms.c, sudo.c, sudo.h:
26080: Add support for non-root timestamp dirs. This allows the timestamp
26081: dir to be shared via NFS (though this is not recommended).
26082: [faa83dd2b7fb]
26083:
26084: * def_data.c, def_data.h, def_data.in:
26085: Add timestampowner, "Owner of the authentication timestamp dir"
26086: [d47640d4c86a]
26087:
26088: 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
26089:
26090: * env.c:
26091: Don't try to pre-compute the size of the new envp, just allocate
26092: space up front and realloc as needed. Changes to the new env pointer
26093: must all be made through insert_env() which now keeps track of
26094: spaced used and allocates as needed.
26095: [39bc934a9f2c]
26096:
26097: 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
26098:
26099: * configure:
26100: regen
26101: [0e12c09bb790]
26102:
26103: * configure.in:
26104: Fix two typo/pastos; from jrj@purdue.edu
26105: [b718a4bf1181]
26106:
26107: 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
26108:
26109: * INSTALL.binary, README:
26110: ++version
26111: [a1e33027278c] [SUDO_1_6_6]
26112:
26113: * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
26114: visudo.cat, visudo.man.in:
26115: regen
26116: [19eb2be283ef]
26117:
26118: * CHANGES, RUNSON, TODO:
26119: Sync with 1.6.6
26120: [2ff9a9087f63]
26121:
26122: * check.c:
26123: The the loop used to expand %h and %u, the lastchar variable was not
26124: being initialized. This means that if the last char in the prompt is
26125: '%' and the first char is 'h' or 'u' a extra copy of the host or
26126: user name would be copied, for which space had not been allocated.
26127: [b2e27197857d]
26128:
26129: 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
26130:
26131: * BUGS, INSTALL, Makefile.in, configure.in, version.h:
26132: crank version to 1.6.6
26133: [cfd08689e597]
26134:
26135: * auth/afs.c:
26136: #undef VOID to get rid of an AFS warning
26137: [b40760564dc1]
26138:
26139: * env.c:
26140: Use easprintf instead of emalloc + sprintf for some things.
26141: [e7bfe2e69a03]
26142:
26143: 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
26144:
26145: * lex.yy.c, sudo.tab.c:
26146: regen
26147: [35327104383d]
26148:
26149: * parse.c, parse.lex, parse.yacc, testsudoers.c:
26150: Remove Chris Jepeway's email address so people don't bug him ;-)
26151: [c03410747a69]
26152:
26153: 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
26154:
26155: * sudo.c:
26156: Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
26157: endgrent() at the same time.
26158: [28b6097d5d1a]
26159:
26160: 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
26161:
26162: * INSTALL:
26163: Make it clear which configure options take arguments.
26164: [38529e7efad0]
26165:
26166: 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
26167:
26168: * compat.h:
26169: HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
26170: RLIM_INFINITY, just pretend it is -1. This works because we only
26171: check for RLIM_INFINITY and do not set anything to that value.
26172: [53173d34e6eb]
26173:
26174: 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
26175:
26176: * auth/pam.c:
26177: Zero and free allocated memory when there is a conversation error.
26178: [e342133db579]
26179:
26180: * auth/bsdauth.c:
26181: Use sigaction() not signal()
26182: [126c2790561f]
26183:
26184: * INSTALL:
26185: Mention that some linux kernels have broken POSIX saved ID support
26186: [571ef1a893d3]
26187:
26188: * CHANGES:
26189: checkpoint for 1.6.5p2
26190: [9e9e456f7f43]
26191:
26192: * configure:
26193: regen
26194: [d53703a46708]
26195:
26196: * configure.in:
26197: Add --disable-setreuid flag
26198: [3b9f2679cb55]
26199:
26200: * INSTALL:
26201: Document new --disable-setreuid option and change description for
26202: --disable-saved-ids to match new error message.
26203: [14fd3e5f60a5]
26204:
26205: * set_perms.c:
26206: fatal() now takes an argument that determines whether or not to call
26207: perror().
26208: [d826b25e62ff]
26209:
26210: * TROUBLESHOOTING:
26211: Update for new error messages from set_perms()
26212: [78007c3f76a9]
26213:
26214: * PORTING:
26215: Update for new error messages from set_perms()
26216: [60c545a6bcff]
26217:
26218: 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
26219:
26220: * auth/pam.c:
26221: Make this compile w/o warnings
26222: [b90843a29af5]
26223:
26224: * auth/pam.c:
26225: Mention that we can't use pam_acct_mgmt()
26226: [1dfc5a6e0479]
26227:
26228: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
26229: The user's password was not zeroed after use when AIX
26230: authentication, BSD authentication, FWTK or PAM was in use.
26231: [b18fff30b1e7]
26232:
26233: 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
26234:
26235: * auth/pam.c:
26236: Avoid giving PAM a NULL password response, use the empty string
26237: instead. This avoids a log warning when the user hits ^C at the
26238: password prompt when PAM is in use.
26239: [c3315805e4e4]
26240:
26241: * auth/pam.c:
26242: Don't check the return value of pam_setcred(). In Linux-PAM 0.75
26243: pam_setcred() returns the last saved return code, not the return
26244: code for the setcred module. Because we haven't called
26245: pam_authenticate(), this is not set and so pam_setcred() returns
26246: PAM_PERM_DENIED.
26247: [73db145fa179]
26248:
26249: * Makefile.in:
26250: Don't need a '/' between $(DESTDIR) and a directory.
26251: [0901ca618176]
26252:
26253: * Makefile.binary:
26254: Don't need a '/' between $(DESTDIR) and a directory.
26255: [cd7eb6098b87]
26256:
26257: 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
26258:
26259: * configure:
26260: regen
26261: [41b12c039282]
26262:
26263: * configure.in:
26264: o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
26265: setreuid() o new NetBSD has a real setreuid() o add check for
26266: freeifaddrs() if getifaddrs() exists.
26267: [a82ee3b01733]
26268:
26269: * config.h.in, interfaces.c:
26270: Older BSDi releases lack freeifaddrs() so add a test for that and if
26271: it is not present just use free().
26272: [6270671ea9d5]
26273:
26274: 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
26275:
26276: * CHANGES, RUNSON:
26277: Checkpoint for 1.6.5p1
26278: [26134ecf9b36]
26279:
26280: * auth/passwd.c:
26281: Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
26282: to normal passwords, not AUTH_FATAL (which just causes an exit).
26283: [785e0f4bc0e2]
26284:
26285: * visudo.c:
26286: Don't use memory after it has been freed.
26287: [c60492739fdb]
26288:
26289: * auth/passwd.c:
26290: skeyaccess() wants a struct passwd * not a char *; Patch from
26291: Phillip E. Lobbes
26292: [65a1d3806fcd] [SUDO_1_6_5]
26293:
26294: * BUGS:
26295: ++version
26296: [b2e1825e692e]
26297:
26298: * CHANGES, RUNSON, TODO:
26299: checkpoint for sudo 1.6.5
26300: [d730945622e7]
26301:
26302: 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
26303:
26304: * configure:
26305: regen
26306: [49744c403ac9]
26307:
26308: * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
26309: version 1.6.5
26310: [ec30a5f7fc45]
26311:
26312: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
26313: visudo.man.in:
26314: sudo version 1.6.5
26315: [458a3bed535d]
26316:
26317: * logging.c:
26318: o when invoking the mailer as root use a hard-coded environment that
26319: doesn't include any info from the user's environment. Basically
26320: paranoia.
26321:
26322: o Add support for the NO_ROOT_MAILER compile-time option and run the
26323: mailer as the user and not root if NO_ROOT_MAILER is defined.
26324: [4df351ec92ce]
26325:
26326: * set_perms.c, sudo.h:
26327: Bring back PERM_FULL_USER
26328: [edb6039bb284]
26329:
26330: * configure:
26331: regen
26332: [3eb2943afa03]
26333:
26334: * version.h:
26335: version 1.6.5
26336: [044fc9a0c72b]
26337:
26338: * INSTALL, config.h.in, configure.in:
26339: Add --disable-root-mailer option to run the mailer as the user and
26340: not root.
26341: [e9f805397963]
26342:
26343: * CHANGES:
26344: checkpoint for 1.6.4p2
26345: [b58aae5aa98a]
26346:
26347: * PORTING:
26348: Mention the "seteuid(0): Operation not permitted" problem here too
26349: just for good measure.
26350: [90135b37a691]
26351:
26352: 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
26353:
26354: * env.c, getspwuid.c, sudo.c:
26355: The SHELL environment variable was preserved from the user's
26356: environment instead of being reset based on the passwd database when
26357: the "env_reset" option was used. Now it is reset as it should be.
26358: [300066ef3c71]
26359:
26360: * configure:
26361: regen
26362: [a47d779e6552]
26363:
26364: * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
26365: sudo.c:
26366: Add a configure option to turn off use of POSIX saved IDs
26367: [fb18cc8e94d0]
26368:
26369: * configure:
26370: regen
26371: [d4f2f20025b6]
26372:
26373: * configure.in:
26374: add --with-efence option
26375: [45c4f33a8e88]
26376:
26377: * sudo.c:
26378: Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
26379: "sudo -l" would not work if always_set_home was set.
26380: [c3a6de6c4800]
26381:
26382: * lex.yy.c:
26383: regen
26384: [417424452998]
26385:
26386: * parse.lex:
26387: Quoted commas were not being treated correctly in command line
26388: arguments.
26389: [753415541b37]
26390:
26391: * sudo.c:
26392: o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
26393: Otherwise, the set_home option has no effect.
26394:
26395: o Fix use of freed memory when the "fqdn" flag is set. This was
26396: introduced by the fix for the "segv when gethostbynam() fails" bug.
26397: Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
26398: there is no need to check the "fqdn" flag in set_fqdn() itself.
26399: [4b6a4245c04e]
26400:
26401: * env.c:
26402: Add 'continue' statements to optimize the switch statement. From
26403: Solar.
26404: [a82c76975ae5]
26405:
26406: 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
26407:
26408: * sudoers.cat, sudoers.man.in:
26409: Regen from new sudoers.pod
26410: [6ecc07b3d0e1] [SUDO_1_6_4]
26411:
26412: * sudoers.pod:
26413: Add caveat about stay_setuid flag
26414: [9d228a7bea1b]
26415:
26416: * sudo.c:
26417: If set_perms == set_perms_posix and the stay_setuid flag is not set,
26418: set all uids to 0 and use set_perms_fallback().
26419: [c4e54d1ec86f]
26420:
26421: * set_perms.c, sudo.h:
26422: Remove PERM_FULL_USER (which is no longer used) and add
26423: PERM_FULL_ROOT (used when exec'ing the mailer).
26424: [15406c522ea2]
26425:
26426: * logging.c:
26427: Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
26428: never want to run the mailer setuid.
26429: [2294853e0666]
26430:
26431: 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
26432:
26433: * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
26434: visudo.pod:
26435: Use sudo.ws instead of courtesan.com in URLs
26436: [55204002a308]
26437:
26438: * Makefile.binary, Makefile.in:
26439: Fix mansect substitution
26440: [b7b5cbc3aa91]
26441:
26442: * Makefile.in:
26443: Substitute man sections in Makefile.binary
26444: [040deb785e56]
26445:
26446: * Makefile.binary:
26447: Sync install targets with Makefile.in and substitute in man
26448: sections.
26449: [77882a275281]
26450:
26451: * INSTALL, INSTALL.binary:
26452: version is 1.6.4
26453: [0f87aabbcb70]
26454:
26455: * Makefile.in:
26456: Repair bindist target
26457: [8d43bfe7e2d1]
26458:
26459: * CHANGES:
26460: sync for 1.6.4
26461: [13ca3d4a0a72]
26462:
26463: 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
26464:
26465: * install-sh:
26466: Fix case where neither whoami nor id are found
26467: [424dd270bc47]
26468:
26469: 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
26470:
26471: * install-sh:
26472: If neither whoami nor id exists, just assume we are root.
26473: [2d2644e42c53]
26474:
26475: * alloc.c:
26476: Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
26477: on AIX which for some reason isn't pulling in the malloc prototype.
26478: [231440d2ee3b]
26479:
26480: 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
26481:
26482: * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
26483: (c) 2002
26484: [700e3b41a68e]
26485:
26486: * CHANGES:
26487: checkpoint
26488: [33e604bd8d5b]
26489:
26490: * sudo.c:
26491: Defer assigning new environment until right before the exec.
26492: [f13c49e75c1c]
26493:
26494: * parse.c:
26495: kill extra blank line
26496: [12ef22e9dae3]
26497:
26498: 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
26499:
26500: * configure:
26501: regen
26502: [a6cd2d788f74]
26503:
26504: * configure.in:
26505: Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
26506: compiler doesn't recognise -O2.
26507: [5234aa543692]
26508:
26509: * HISTORY:
26510: Clarify origins of Root Group sudo a bit based on info from
26511: billp@rootgroup.com
26512: [4deef01c4208]
26513:
26514: 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
26515:
26516: * LICENSE:
26517: 2002
26518: [6c8e089dbd1a]
26519:
26520: * CHANGES:
26521: checkpoint for 1.6.4rc1
26522: [3349eb87a49f]
26523:
26524: 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
26525:
26526: * config.h.in:
26527: now generated via autoheader
26528: [84657d303cb9]
26529:
26530: * configure:
26531: regen
26532: [207bfa6a13f6]
26533:
26534: * compat.h:
26535: Move in some stuff that was previously in config.h.
26536: [e576d8b6480f]
26537:
26538: * aclocal.m4, configure.in:
26539: Add info for autoheader.
26540: [0549cd5da27c]
26541:
26542: 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
26543:
26544: * Makefile.in:
26545: o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and -g
26546: to facilitate non-root installs
26547: [619216038f56]
26548:
26549: * install-sh:
26550: Add -M option (like -m but only for root) If we can't find "whoami",
26551: use "id" w/ some sed.
26552: [b39121c8b792]
26553:
26554: * configure:
26555: regen
26556: [b39b93ff9804]
26557:
26558: * configure.in:
26559: allow user to always override mansectsu and mansectform
26560: [0fca5e63bd90]
26561:
26562: 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
26563:
26564: * mkinstalldirs:
26565: update from autoconf 2.52
26566: [07bd75a508c3]
26567:
26568: * config.guess, config.sub:
26569: Update from autoconf 2.52
26570: [857b90fe31b7]
26571:
26572: * configure:
26573: regen with autoconf 2.52
26574: [08e7d1ea2aeb]
26575:
26576: * configure.in:
26577: o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
26578: mode o Remove compiler-specific checks for HP-UX now that we use
26579: AC_PROG_CC_STDC
26580: [d433a70b6208]
26581:
26582: * RUNSON:
26583: Checkpoint
26584: [babf6d2235d1]
26585:
26586: * auth/pam.c:
26587: o Add pam_prep_user function to call pam_setcred() for the target
26588: user; on Linux this often sets resource limits. o When calling
26589: pam_end(), try to convert the auth->result to a PAM_FOO value. This
26590: is a hack--we really need to stash the last PAM_FOO value received
26591: and use that instead.
26592: [6ad6f340dd2a]
26593:
26594: * set_perms.c, sudo.h:
26595: o Add pam_prep_user function to call pam_setcred() for the target
26596: user; on Linux this often sets resource limits.
26597: [67795421ac82]
26598:
26599: * env.c:
26600: Fix off by one error in number of bytes allocated via malloc (does
26601: not affected any released version of sudo).
26602: [5f5915360111]
26603:
26604: 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
26605:
26606: * lex.yy.c:
26607: regen
26608: [8208c0277775]
26609:
26610: * parse.lex:
26611: Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
26612: requiring that they be quoted.
26613: [ae59bc8f68dd]
26614:
26615: * sudoers.cat, sudoers.man.in, sudoers.pod:
26616: Mention that no double quotes are needed when
26617: adding/deleting/assigning a single value to a list.
26618: [25efc940a1f0]
26619:
26620: * Makefile.in:
26621: Don't rely on mkdefaults being executable, call perl explicitly.
26622: [6edc97ba5f1d]
26623:
26624: * sudo.tab.c:
26625: regen
26626: [49130b2e7e4d]
26627:
26628: * parse.yacc:
26629: Remove some XXX that are no longer relevant.
26630: [d460ac0d3767]
26631:
26632: * defaults.c:
26633: o Roll our own loop instead of using strpbrk() for better
26634: grokability o When adding to a list we must malloc() and use
26635: memcpy(), not strdup() since we must only copy len bytes from str.
26636: [649bef08e1f0]
26637:
26638: 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
26639:
26640: * sudo.tab.c:
26641: regen
26642: [f0bbf2c38c0e]
26643:
26644: * parse.yacc:
26645: typo in comment
26646: [2563711ff593]
26647:
26648: 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
26649:
26650: * CHANGES:
26651: checkpoint
26652: [a6d8a29fb30e]
26653:
26654: * configure:
26655: regen
26656: [bdfcaaf3bd13]
26657:
26658: * configure.in:
26659: avoid the -g flag unless --with-devel was specified
26660: [a976707bef30]
26661:
26662: * Makefile.in:
26663: mkdefaults, def_data.in and sigaction.c were missing from the
26664: tarball
26665: [6917ffbaa412]
26666:
26667: * Makefile.in:
26668: def_data.c was missing
26669: [87c78b11453d]
26670:
26671: 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
26672:
26673: * env.c:
26674: Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
26675: allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
26676: [fc8698e6a45e]
26677:
26678: * TODO:
26679: Another TODO item
26680: [6f251d6cd466]
26681:
26682: * sudoers:
26683: Add comment for Default section so folks know where it should go.
26684: [7edba626f392]
26685:
26686: 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
26687:
26688: * tgetpass.c:
26689: Use TCSETAF, not TCSETA to set terminal in termio case
26690: [fbd172f6c5d3]
26691:
26692: * sudoers.cat, sudoers.man.in:
26693: regen from sudoers.pod
26694: [64edd2de816e]
26695:
26696: * sudoers.pod:
26697: o Typo, Runas_User_List should be Runas_List o a User_List can not
26698: contain a uid o mention that the Defaults section should come after
26699: Alias definitions but before the user specifications
26700: [54070ba2092b]
26701:
26702: 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
26703:
26704: * sudoers.cat, sudoers.man.in:
26705: regen
26706: [e62d1d97693c]
26707:
26708: * sudoers.pod:
26709: Fix listpw and verifypw sections, they were not being formatted
26710: properly.
26711: [123868c2f3e9]
26712:
26713: * sudoers.cat, sudoers.man.in:
26714: regen
26715: [f94841f8b374]
26716:
26717: * sudoers.pod:
26718: fix typos
26719: [f278f1c1184e]
26720:
26721: * configure:
26722: regen
26723: [d2270049ba9f]
26724:
26725: * config.h.in, configure.in:
26726: use AC_SYS_POSIX_TERMIOS instead of rolling our own
26727: [c1a13f1354b9]
26728:
26729: * README:
26730: Reference sudo.ws not courtesan.com
26731: [ca13be67ebd7]
26732:
26733: * PORTING:
26734: Add notes on shadow passwords
26735: [aa13863f2314]
26736:
26737: * BUGS:
26738: In list mode (sudo -l), characters escaped with a backslash are
26739: shown verbatim with the backslash.
26740: [1a75a2858be2]
26741:
26742: * sudoers:
26743: Add simple examples from OpenBSD (Marc Espie)
26744: [3ae9a9ae4125]
26745:
26746: * tgetpass.c:
26747: Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
26748: [f8817699ee10]
26749:
26750: * CHANGES:
26751: minor prettyification
26752: [f523587929b9]
26753:
26754: * CHANGES:
26755: Updated change log
26756: [39d9010ee7a8]
26757:
26758: * testsudoers.c:
26759: Fix CIDR handling here too.
26760: [c91db8344c32]
26761:
26762: * auth/pam.c:
26763: Apparently a NULL response is OK
26764: [83bae61078d9]
26765:
26766: * TODO:
26767: Checkpoint for upcoming beta release
26768: [efb95c09df2a]
26769:
26770: * TROUBLESHOOTING:
26771: Many people believe that adding a runas spec should obviate the need
26772: for the -u flag. It does not.
26773: [c698bad85b0e]
26774:
26775: * RUNSON:
26776: checkpoint update for upcoming 1.6.4 beta
26777: [009e465a0a45]
26778:
26779: * config.h.in:
26780: o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
26781: if HAVE_STRING_H is defined -- this is safe now
26782: [d27c035f4e14]
26783:
26784: * PORTING:
26785: Add signals section
26786: [2d24c13cb3c8]
26787:
26788: * configure:
26789: regen
26790: [2b80a939e2ed]
26791:
26792: * configure.in:
26793: Fix check for sigaction_t
26794: [6fa41c89ab20]
26795:
26796: * sudo.c:
26797: XXX - should call find_path() as runas user, not root. Can't do that
26798: until the parser changes though.
26799: [f0b4f85651bd]
26800:
26801: * sudo.c:
26802: If find_path() fails as root, try again as the invoking user (useful
26803: for NFS). Idea from Chip Capelik.
26804: [e03fa7872692]
26805:
26806: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
26807: Regenerate after pod file changes
26808: [48e4bd75ec21]
26809:
26810: * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
26811: sudo.pod, sudoers.pod:
26812: Add new sudoers option "preserve_groups". Previously sudo would not
26813: call initgroups() if the target user was root. Now it always calls
26814: initgroups() unless the -P command line option or the
26815: "preserve_groups" sudoers option is set. Idea from TJ Saunders.
26816: [4f730359f101]
26817:
26818: 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
26819:
26820: * compat.h, config.h.in:
26821: Use new HAVE_SIGACTION_T define
26822: [dfb25f3cae5b]
26823:
26824: * logging.c:
26825: Fix compilation on K&C
26826: [7355e3275e34]
26827:
26828: * configure:
26829: regen
26830: [a710584f92f0]
26831:
26832: * configure.in:
26833: Add check for sigaction_t -- IRIX already defines this so don't
26834: redefine it.
26835: [df9c5737f6da]
26836:
26837: * snprintf.c:
26838: fix typo
26839: [3d782b8134c8]
26840:
26841: * interfaces.c:
26842: need stdlib.h here too
26843: [c789d8973ab2]
26844:
26845: * configure:
26846: regen
26847: [44822856bf46]
26848:
26849: * configure.in:
26850: Remove redundant checks for string.h, strings.h and unistd.h
26851: [933c94f8bbf4]
26852:
26853: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
26854: visudo.man.in:
26855: Regen from pod files
26856: [ad18c590f638]
26857:
26858: * BUGS:
26859: Update for 1.6.4
26860: [26bc88b69d22]
26861:
26862: * configure, lex.yy.c, sudo.tab.c:
26863: regen
26864: [bef89fd6fa2d]
26865:
26866: * strerror.c:
26867: Return EINVAL if errnum > sys_nerr
26868: [0512374e6661]
26869:
26870: * auth/sudo_auth.h:
26871: o Update copyright year
26872: [a877016db6e2]
26873:
26874: * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
26875: config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
26876: sudo.pod:
26877: o Update copyright year
26878: [e15a1b39039f]
26879:
26880: * configure.in:
26881: o Don't define STDC_HEADERS unconditionally for IRIX o Update
26882: copyright year
26883: [82a8cb819e07]
26884:
26885: * README:
26886: update version
26887: [d82e523a16b4]
26888:
26889: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
26890: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
26891: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
26892: auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
26893: set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
26894: visudo.c:
26895: o Reorder some headers and use STDC_HEADERS define properly o Update
26896: copyright year
26897: [fe39f76b3795]
26898:
26899: * lsearch.c:
26900: o Reorder some headers and use STDC_HEADERS define properly o Update
26901: copyright year
26902: [764ba3d4fa13]
26903:
26904: * getspwuid.c, goodpath.c, interfaces.c:
26905: o Reorder some headers and use STDC_HEADERS define properly o Update
26906: copyright year
26907: [fb46d46140d4]
26908:
26909: * getcwd.c:
26910: o Reorder some headers and use STDC_HEADERS define properly o Update
26911: copyright year
26912: [b199d70ac7ab]
26913:
26914: * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
26915: fnmatch.c:
26916: o Reorder some headers and use STDC_HEADERS define properly o Update
26917: copyright year
26918: [dab8f192a3ed]
26919:
26920: * configure:
26921: regen
26922: [156658f25cea]
26923:
26924: * tgetpass.c:
26925: flags set in signal handlers should be volatile sig_atomic_t
26926: [c22931a5535e]
26927:
26928: * config.h.in, configure.in:
26929: Add checks for volatile and sig_atomic_t
26930: [b03b3341381d]
26931:
26932: * configure, lex.yy.c:
26933: regen
26934: [ed9daba88217]
26935:
26936: * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
26937: sudo.c, sudoers.pod:
26938: Remove "secure_path" Defaults option since it cannot work with the
26939: existing parser.
26940: [c9e54a0f5971]
26941:
26942: * find_path.c, sudo.c:
26943: Unset "secure_path" if user_is_exempt()
26944: [fb7544565ae8]
26945:
26946: * env.c, pathnames.h.in:
26947: o Remove assumption that PATH and TERM are not listed in env_keep o
26948: If no PATH is in the environment use a default value o If TERM is
26949: not set in the non-reset case also give it a default value.
26950: [c987eb7df268]
26951:
26952: * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
26953: _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
26954: systems that define in paths.h
26955: [51865b0cdebf]
26956:
26957: * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
26958: Add support for skeyaccess(3) if it is present in libskey.
26959: [8add77c7d3e7]
26960:
26961: 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
26962:
26963: * sudo.c:
26964: Only need to do 'lc = login_getclass(NULL)' if lc == NULL
26965: [5a3d3cbf2c6d]
26966:
26967: * parse.lex:
26968: '\\' is a perfectly legal character to have in a command line
26969: argument.
26970: [c15a466ef00e]
26971:
26972: * sudo.c:
26973: o Defer call to set_fqdn() until it is safe to use log_error() o
26974: Don't print errno string value if gethostbyname fails, it is not
26975: relevant
26976: [c0c6bcf08bcb]
26977:
26978: * parse.c:
26979: Fix CIDR -> in_addr_t conversion.
26980: [2f307ebeb63f]
26981:
26982: 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
26983:
26984: * sudoers.pod:
26985: Remove an extra "User_List" in the User_Spec definition From
26986: ybertrand AT snoopymail.com
26987: [97bde59ea280]
26988:
26989: * parse.c:
26990: Make 'listpw=never' work for users who are not explicitly mentioned
26991: in sudoers.
26992: [258f0f30a428]
26993:
26994: * sudoers.pod:
26995: Remove gratuitous '=' in EBNF grammar; era AT iki.fi
26996: [4b0f03872ee1]
26997:
26998: * sudoers.pod:
26999: Document new list Defaults type and convert env_keep and env_delete
27000: to lists. Document new env_check option.
27001: [a07f1f079fe3]
27002:
27003: * lex.yy.c, sudo.tab.c, sudo.tab.h:
27004: regen parser
27005: [e39ac6c6581b]
27006:
27007: * parse.lex:
27008: Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
27009: to #[0-9-]+.
27010: [69c5388908f3]
27011:
27012: * configure:
27013: regen
27014: [0f1877b88cb3]
27015:
27016: * aclocal.m4:
27017: Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
27018: [6545503ae361]
27019:
27020: * config.h.in, configure.in:
27021: Add check for skeyaccess(3)
27022: [6caf69fe6359]
27023:
27024: * visudo.pod:
27025: Document new -c, -f, and -q options
27026: [13d0203c21d3]
27027:
27028: * visudo.c:
27029: o Add -f option (alternate sudoers file) o Convert to use getopt(3)
27030: [4c2b664d617d]
27031:
27032: * configure:
27033: regen
27034: [6d5bd932e7b5]
27035:
27036: * aclocal.m4, config.h.in, configure.in:
27037: Add check for isblank and a replacement macro if it doesn't exist.
27038: [b524f5e4f953]
27039:
27040: 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
27041:
27042: * visudo.c:
27043: In check-only mode, don't create sudoers if it does not already
27044: exist.
27045: [c748a2d5acad]
27046:
27047: * parse.yacc:
27048: o Add a new token, DEFVAR, to indicate a Defaults variable name o
27049: Add support for "+=" and "-=" list operators o replace some 1 and 0
27050: with TRUE and FALSE for greater legibility.
27051: [554cb174b37e]
27052:
27053: * parse.lex:
27054: o Use exclusive start conditions to remove some ambiguity in the
27055: lexer. Also reorder some things for clarity. o Add support for "+="
27056: and "-=" list operators. o Use the new DEFVAR token to denote a
27057: Defaults variable name.
27058: [3a2cf8323e26]
27059:
27060: * sudo.h:
27061: Prototype init_envtables()
27062: [b74916469dab]
27063:
27064: * env.c:
27065: o Convert environment handling to use lists instead of strings. This
27066: greatly simplifies routines that need to do "foreach" type
27067: operations. o Add new init_envtables() function to set env_check and
27068: env_delete defaults based on initial_badenv_table and
27069: initial_checkenv_table (formerly sudo_badenv_table).
27070: [0a8b404658b6]
27071:
27072: * defaults.c, defaults.h:
27073: o Add a new LIST type and functions to manipulate it. o This is for
27074: use with environment handling variables. o Call new init_envtables()
27075: routine inside init_defaults() to initialize the environment lists.
27076: [ae73e64f0902]
27077:
27078: * def_data.c, def_data.h, def_data.in:
27079: Convert environment options to use the new LIST type and add a new
27080: one, env_check that only deletes if the sanity check fails.
27081: [3019503936de]
27082:
27083: * testsudoers.c:
27084: Add dummy version of init_envtables()
27085: [9d9e3ee609d9]
27086:
27087: * parse.yacc:
27088: honor quiet mode
27089: [8330fba6167c]
27090:
27091: * visudo.c:
27092: Add check-only mode
27093: [dab411bc8c35]
27094:
27095: * mkdefaults:
27096: Fix generation of entries with NULL descriptions.
27097: [ea75b9fed02e]
27098:
27099: 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
27100:
27101: * tgetpass.c:
27102: Use sigaction_t and quiet a gcc warning.
27103: [6f67d719c452]
27104:
27105: * sudo.c:
27106: Must reset signal handlers before we exec
27107: [300418120e1a]
27108:
27109: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
27110: auth/sudo_auth.c:
27111: Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
27112: version needs testing. Set SIGTSTP to SIG_DFL during password entry
27113: so user can suspend us.
27114: [00304aa58747]
27115:
27116: * tgetpass.c:
27117: Add support for interrupting/suspending tgetpass via keyboard input.
27118: If you suspend sudo from the password prompt and resume it will re-
27119: prompt you.
27120: [4af2b5101d32]
27121:
27122: * sudo.c:
27123: Don't block keyboard interrupt signals, just set them to SIG_IGN.
27124: [d46d7f67ef6b]
27125:
27126: 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
27127:
27128: * config.h.in:
27129: add back HAVE_SIGACTION
27130: [c9c7702c603e]
27131:
27132: * configure:
27133: regen
27134: [09fe669d337f]
27135:
27136: * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
27137: Kill POSIX_SIGNALS define and old signal support now that we emulate
27138: POSIX ones Also be sure to correctly initialize struct sigaction.
27139: [4bc2a6dbb2be]
27140:
27141: * strerror.c:
27142: Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
27143: [1ad64a19f328]
27144:
27145: * compat.h:
27146: Add scaffolding for POSIX signal emulation
27147: [945861d4c93b]
27148:
27149: * sigaction.c:
27150: o Add missing ';' so this compiles o Can't use NULL since we don't
27151: include stdio.h
27152: [04d0cac7438f]
27153:
27154: * sigaction.c:
27155: Emulate sigaction() using sigvec()
27156: [d0b54a989875]
27157:
27158: 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
27159:
27160: * sudoers.pod:
27161: Document new behavior of negative values of timestamp_timeout Fix a
27162: typo
27163: [4c0716570d01]
27164:
27165: * sudo.pod:
27166: Add security note about command not being logged after 'sudo su' and
27167: friends.
27168: [43294851a33c]
27169:
27170: * sudo.pod:
27171: Mention that -V prints default values when run as root, including
27172: the list of environment variables to clear.
27173: [d9e5e550a8c3]
27174:
27175: * Makefile.in:
27176: Run pod2man with --quotes=none to avoid stupid quoting of C<>
27177: entries.
27178: [997b23c35dbe]
27179:
27180: 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
27181:
27182: * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
27183: Add mail_badpass option Also modify mail_always behavior to also
27184: send mail when the password is wrong
27185: [838d40ccafce]
27186:
27187: * env.c, sudo.c, sudo.h:
27188: Dump default bad env table when 'sudo -V' is run by root.
27189: [f67f1b8048b0]
27190:
27191: * sudoers.pod:
27192: document env_delete
27193: [d74f893663a2]
27194:
27195: * env.c:
27196: Add support for '*' in env_keep when not resetting the environment
27197: (ie: the normal case).
27198: [fd4fb62ea8fd]
27199:
27200: * env.c:
27201: Add env_delete variable that lets the user replace/add to the
27202: bad_env_table. Allow '*' wildcard in env_keep entries.
27203: [aa728bc35e29]
27204:
27205: 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
27206:
27207: * mkinstalldirs:
27208: Force umask to 022 to guarantee sane directory permissions.
27209: [9ab3cfe70569]
27210:
27211: 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
27212:
27213: * Makefile.in:
27214: add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
27215: [671010465e6f]
27216:
27217: * mkdefaults:
27218: fix breakage in last commit
27219: [8318f8851e56]
27220:
27221: * Makefile.in:
27222: acsite.m4 -> aclocal.m4
27223: [30c146873a01]
27224:
27225: * check.c:
27226: fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
27227: [4dc8b39954da]
27228:
27229: * def_data.c:
27230: regenerated from def_data.in
27231: [915ea16ce1eb]
27232:
27233: * check.c, defaults.c, defaults.h:
27234: Add new T_UINT type that most things use instead of T_INT If
27235: timestamp_timeout is < 0 then treat the ticket as never expiring (to
27236: be expired manually by the user).
27237: [3a3a636a2a5d]
27238:
27239: * def_data.in:
27240: change most T_INT -> T_UINT
27241: [a2228d2457af]
27242:
27243: * mkdefaults:
27244: fix warning when no args
27245: [ca70a5394af5]
27246:
27247: * visudo.c:
27248: Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
27249: we are a signal handler. We no longer print the signal number but
27250: the user can just check the exit value for that.
27251: [dc424f631fef]
27252:
27253: 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
27254:
27255: * logging.c:
27256: when setting up pipes in child process check for case where stdin ==
27257: pipe fd 0
27258: [518112d76184]
27259:
27260: 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
27261:
27262: * visudo.c:
27263: Ignore editor exit value since XPG4 says vi's exit value is the
27264: count of editing errors made (failed searches, etc).
27265: [b9d952284865]
27266:
27267: 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
27268:
27269: * configure:
27270: regen
27271: [cb3aa586f03b]
27272:
27273: * configure.in:
27274: sco now is identified by config.guess as *-sco-*
27275: [46664bbdea61]
27276:
27277: * configure.in:
27278: Check for getspnam() in -lgen if not in -lc for UnixWare.
27279: [0f152ad1ba93]
27280:
27281: 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
27282:
27283: * sudoers.pod, visudo.pod:
27284: "upper case" -> "uppercase"
27285: [f9151f232326]
27286:
27287: * sudoers.pod:
27288: fix typos and grammar; pjanzen@foatdi.harvard.edu
27289: [2855d73d0237]
27290:
27291: 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
27292:
27293: * sudoers.pod:
27294: Missing word (specify); krapht@secureops.com
27295: [65523eb37a2c]
27296:
27297: 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
27298:
27299: * sudo.c:
27300: If we fail to lookup a login class, apply the default one.
27301: [d4869faa6816]
27302:
27303: * logging.c:
27304: In log_error() free message, not logline unconditionally, then free
27305: logline if it is not the same as message. No function change but
27306: this mirrors how they are allocated.
27307: [565e5f6cc643]
27308:
27309: 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
27310:
27311: * configure:
27312: regenerate
27313: [834a48f548a2]
27314:
27315: * configure.in:
27316: remove some backslash quotes that are unneeded
27317: [50d401d6e2ca]
27318:
27319: * configure.in:
27320: o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
27321: instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
27322: can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
27323: to AC_DEFINE things manually.
27324: [f502c5f15f92]
27325:
27326: * config.guess, config.sub:
27327: Updated from autoconf-2.50
27328: [6140205915ef]
27329:
27330: 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
27331:
27332: * README:
27333: Update mailing list section. We use mailman now, not majordomo.
27334: [b9a8ca45e6dc]
27335:
27336: 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
27337:
27338: * getspwuid.c, logging.c, sudo.c:
27339: Use setpwent()/endpwent() + all the shadow variants to make sure we
27340: don't inadvertantly leak an fd to the child. Apparently Linux's
27341: shadow routines leave the fd open even if you don't call setspent().
27342: Reported by mike@gistnet.com; different patch used.
27343: [d33792ef6c01]
27344:
27345: 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
27346:
27347: * sudoers.pod:
27348: s/eg./e.g./
27349: [bd32a0acaf93]
27350:
27351: * tgetpass.c:
27352: select() may return EAGAIN. If so, continue like we do for EINTR.
27353: [5f202c943818]
27354:
27355: * logging.c:
27356: Fix a non-exploitable buffer overflow in the word splitting code.
27357: This should really be rewritten.
27358: [4c724363863a]
27359:
27360: * Makefile.in:
27361: FAQ link goes away
27362: [1d26dd6c8972]
27363:
27364: * INSTALL:
27365: Tell people to look in sample.syslog.conf for examples, not FAQ
27366: [affcae3f43ca]
27367:
27368: * TROUBLESHOOTING:
27369: Update list of env vars that are cleared
27370: [234e56f1435a]
27371:
27372: * sudo.c:
27373: remove struct env_table decl since that stuff has all moved to env.c
27374: [5dd923148777]
27375:
27376: 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
27377:
27378: * fileops.c:
27379: Fix a pasto in flock-style unlocking and include <sys/file.h> for
27380: flock on older systems; twetzel@gwdg.de
27381: [d5420d9d2861]
27382:
27383: * configure:
27384: regen to get NeXT lockf/flock fix
27385: [d3ba6ed70e15]
27386:
27387: * configure.in:
27388: force NeXT to use flock since lockf is broken
27389: [bd5391dca1bb]
27390:
27391: 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
27392:
27393: * check.c:
27394: Use stashed user_gid when checking against exempt gid since sudo
27395: sets its gid to a a value that makes sudoers readable. Previously if
27396: you used gid 0 as the exempt group everyone would be exempt. From
27397: Paul Kranenburg <pk@cs.few.eur.nl>
27398: [0b140cc3a817]
27399:
27400: 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
27401:
27402: * configure:
27403: regen
27404: [cc455408f32b]
27405:
27406: * aclocal.m4:
27407: #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
27408: some types (such as ssize_t) therein.
27409: [b6aee85ca331]
27410:
27411: 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
27412:
27413: * defaults.c:
27414: Fix negation of paths in a boolean context. Problem found by
27415: apt@UH.EDU
27416: [8aee217a7cdf]
27417:
27418: 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
27419:
27420: * visudo.c:
27421: pasto
27422: [ad32b277bf68]
27423:
27424: 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
27425:
27426: * visudo.c:
27427: SA_RESETHAND means the opposite of what I was thinking--oops To
27428: block all signals in old-style signals use ~0, not 0xffffffff
27429: [6ecdd793590a]
27430:
27431: 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
27432:
27433: * defaults.c:
27434: coerce difference of pointers to int when used in a string length
27435: printf format; deraadt@openbsd.org
27436: [a9d10f07180d]
27437:
27438: 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
27439:
27440: * visudo.c:
27441: Block all signals in Exit() to avoid a signal race. There is still a
27442: tiny window but I'm not going to worry about it.
27443: [6661805c0458]
27444:
27445: 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
27446:
27447: * env.c:
27448: glibc uses the LANGUAGE env var so clear that too; Solar Designer
27449: [d4ba95628afb]
27450:
27451: * lex.yy.c:
27452: Regenerate with a fix to flex.skl that preserves errno from
27453: clobbering by isatty().
27454: [607eec736e19]
27455:
27456: 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
27457:
27458: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
27459: auth/sia.c, auth/sudo_auth.c:
27460: Some defaults I_ defines got renamed.
27461: [ec19b23caaf3]
27462:
27463: * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
27464: defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
27465: set_perms.c, sudo.c, sudo.tab.c:
27466: Move defaults info into its own files from which we generate .h and
27467: .c files. This makes adding or rearranging variables much simpler.
27468: [e91b880b5043]
27469:
27470: 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
27471:
27472: * configure, configure.in:
27473: fix typo in last commit
27474: [10a6ee2bae71]
27475:
27476: * compat.h, config.h.in, configure, configure.in:
27477: Add check + emulation for setegid (like seteuid).
27478: [29492092bd2f]
27479:
27480: * env.c:
27481: Make env_keep override badenv_table as documented Fix traversal of
27482: badenv_table (broken in last commit)
27483: [37c9f0d22673]
27484:
27485: * set_perms.c, sudo.c, sudo.h:
27486: Don't try and build saved uid version of set_perms on systems w/o
27487: them. Rename set_perms_saved_uid() -> set_perms_posix() Make
27488: set_perms_setreuid simply be set_perms_fallback() and simply include
27489: the appropriate function at compile time (setreuid() vs. setuid()).
27490: [3107333c062c]
27491:
27492: * sudoers.cat, sudoers.man.in, sudoers.pod:
27493: PATH is also preserved when env_reset is in effect
27494: [90e45c5711ff]
27495:
27496: * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
27497: configure.in, defaults.c, defaults.h, env.c, find_path.c,
27498: getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
27499: sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
27500: visudo.c, visudo.cat, visudo.man.in:
27501: New Defaults options: o stay_setuid - sudo will remain setuid if
27502: system has saved uids or setreuid(2) o env_reset - reset the
27503: environment to a sane default o env_keep - preserve environment
27504: variables that would otherwise be cleared
27505:
27506: No longer use getenv/putenv/setenv functions--do environment munging
27507: by hand. Potentially dangerous environment variables can be cleared
27508: only if they contain '/' pr '%' characters to protect buggy
27509: programs. Moved environment routines into env.c (new file)
27510: [c2f97651db4c]
27511:
27512: * INSTALL:
27513: Clear up --without-passwd description
27514: [2f336dab6733]
27515:
27516: * putenv.c, sudo_setenv.c:
27517: We now build up a new environment from scratch and assign it to
27518: "environ".
27519: [6ae6152f2238]
27520:
27521: 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
27522:
27523: * sudo.pod, visudo.pod:
27524: Grammatical fixes from Paul Janzen
27525: [e03ead2e56f8]
27526:
27527: 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
27528:
27529: * visudo.c:
27530: If there was a syntax error and the user just wants to quit, unlink
27531: sudoers if it is zero length.
27532: [74ba7921f520]
27533:
27534: * visudo.c:
27535: 'Q' means ignore parse error, not 'q'
27536: [e8d0e4491fe6]
27537:
27538: * visudo.c:
27539: Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
27540: <dim@xs4all.nl>
27541: [b24990a72491]
27542:
27543: 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
27544:
27545: * set_perms.c:
27546: Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
27547: [41a8db10e076]
27548:
27549: 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
27550:
27551: * config.guess, config.sub:
27552: Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
27553: [6052da895d2e]
27554:
27555: 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
27556:
27557: * sudo.c, visudo.c:
27558: Use exit(127), not exit(-1)
27559: [9ff0c3eada34]
27560:
27561: * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
27562: Move set_perms() to its own file and use POSIX saved uid or
27563: setreuid() if available.
27564:
27565: Added stay_setuid option for systems that have libraries that
27566: perform extra paranoia checks in system libraries for setuid
27567: programs (ie: anything with issetugid(2)).
27568: [28960f842698]
27569:
27570: * sudo.c:
27571: strip more bits from the environment and add a facility for
27572: stripping things only if they contain '/' or '%' to address printf
27573: format string vulnerabilities in other programs.
27574: [b98d6375f299]
27575:
27576: 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
27577:
27578: * configure:
27579: regen
27580: [7e74e5c91049]
27581:
27582: * configure.in:
27583: For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
27584: strcasecmp().
27585: [a418e9e70442]
27586:
27587: * configure:
27588: regen
27589: [bbff244a52bc]
27590:
27591: * configure.in:
27592: Check for strcasecmp(3) in -lc89 for NCR Unix
27593: [361c99576681]
27594:
27595: 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
27596:
27597: * config.h.in:
27598: Define HAVE_INNETGR #ifdef HAVE__INNETGR
27599: [473cdb92b6db]
27600:
27601: * configure:
27602: regen
27603: [4e6364a195e0]
27604:
27605: * compat.h, config.h.in, configure.in:
27606: Add check for _innetgr(3) since NCR systems have that instead of
27607: innetgr(3).
27608: [25e6852e7494]
27609:
27610: 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
27611:
27612: * auth/securid.c:
27613: check return value of creadcfg() call sd_close() after sd_auth()
27614: store username in sd->username so we don't rely on the USER env
27615: variable
27616: [d106b4f42722]
27617:
27618: 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
27619:
27620: * INSTALL:
27621: document --with-bsdauth
27622: [f1518ecc2ee9]
27623:
27624: * configure:
27625: regen
27626: [dceb35071ea8]
27627:
27628: * configure.in:
27629: --with-bsdauth assumes --with-logincap
27630: [4200778083fd]
27631:
27632: * auth/bsdauth.c, auth/fwtk.c:
27633: When prompting for a response to a challenge, if the user just hits
27634: return then reprompt with echo turned on.
27635: [a539b6474a97]
27636:
27637: 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
27638:
27639: * sudo.c:
27640: Remove debugging code that should not have been committed, oops.
27641: [9862607b77a7]
27642:
27643: * auth/bsdauth.c:
27644: Use lower-level routines and get the password ourselves. Checks for
27645: a challenge and if there is one echo is not turned off.
27646: [2d8fcd166baa]
27647:
27648: * auth/pam.c, auth/sudo_auth.h:
27649: minor housekeeping, no real code changes
27650: [d0074a277fb4]
27651:
27652: 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
27653:
27654: * sudo.c:
27655: Fix a coredump in the logging functions if gethostname(2) fails by
27656: deferring the call to log_error() until things are better setup.
27657:
27658: Fix return value of set_loginclass() in non-BSD-auth case.
27659:
27660: Hard-code 'sudo' in the usage message so we can fit more options on
27661: a line
27662: [d9d1b7579818]
27663:
27664: * logging.c:
27665: Fix errant ';' (typo) that broken MSG_ONLY
27666: [849b2276a470]
27667:
27668: 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
27669:
27670: * sudo.cat, sudo.man.in:
27671: regen
27672: [bb3c8c6704d1]
27673:
27674: * sudo.pod:
27675: Document -a flag
27676: [e18316cebaac]
27677:
27678: * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
27679: configure, configure.in, getspwuid.c, sudo.c:
27680: Add support for BSD authentication.
27681: [f374cfd9ca0d]
27682:
27683: 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
27684:
27685: * sudoers.pod:
27686: Fix typo; from sato@complex.eng.hokudai.ac.jp
27687: [3085fee9766e]
27688:
27689: 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
27690:
27691: * sudoers.pod:
27692: Mention negating umask
27693: [c9e410294dae]
27694:
27695: * defaults.c:
27696: Allow user to specify umask of 0777 (same as !umask)
27697: [bb771daa96fe]
27698:
27699: 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
27700:
27701: * sudo.pod, visudo.pod:
27702: Fix a typo and give a URL for the sudo history.
27703: [77f73199aedb]
27704:
27705: 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
27706:
27707: * defaults.c, sudo.pod:
27708: fix typos; pepper@reppep.com
27709: [5532c7421340]
27710:
27711: 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
27712:
27713: * sudo.c, sudo.h, sudo_setenv.c:
27714: sudo_setenv() now exits on memory alloc failure instead of returning
27715: -1.
27716: [71f1cf18f47b]
27717:
27718: 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
27719:
27720: * sudo.c:
27721: Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
27722: and possibly others.
27723: [b69d985b0d22]
27724:
27725: * logging.c:
27726: Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
27727: that "%m" won't be expanded but we don't use that anyway since the
27728: logging routines may splat to stderr as well.
27729: [8d37a544d0c0]
27730:
27731: * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
27732: sudoers.pod:
27733: Add always_set_home variable
27734: [dbcaff646e07]
27735:
27736: * configure, configure.in:
27737: Have to hard code default values in help since the defaults are set
27738: _after_ the help stuff.
27739: [7b5d6d72f55c]
27740:
27741: 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
27742:
27743: * lex.yy.c, parse.lex:
27744: Allow special characters (including '#') to be embedded in pathnames
27745: if quoted by a '\\'. The quoted chars will be dealt with by
27746: fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
27747: [3ed33cf09977]
27748:
27749: 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
27750:
27751: * install-sh:
27752: Better path searching for programs we need.
27753: [60517cb1f0d6]
27754:
27755: * TROUBLESHOOTING:
27756: Add section on "C compiler cannot create executables" errors.
27757: [e4ada6eaee59]
27758:
27759: * Makefile.binary, Makefile.in, version.h:
27760: Crank version
27761: [93d1bd5b7f5e]
27762:
27763: * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
27764: sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
27765: visudo.man.in, visudo.pod:
27766: Substitute values from configure into man pages.
27767: [619854c356c1]
27768:
27769: 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
27770:
27771: * parse.c, sudo.c:
27772: The listpw and verifypw sudoers options would not take effect
27773: because the value of the default was checked *before* sudoers was
27774: parsed. Instead of passing in the value of PWCHECK_* to
27775: sudoers_lookup(), pass in the arg for def_ival() so the check can be
27776: deferred until after sudoers is parsed.
27777: [4f596e358f72]
27778:
27779: 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
27780:
27781: * tgetpass.c:
27782: When writing prompt, no need to write the NUL as well;
27783: hag@linnaean.org
27784: [fbcdd7b431ee]
27785:
27786: 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
27787:
27788: * install-sh:
27789: When looking for chown, check in /sbin too
27790: [657ba6653f8c]
27791:
27792: 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
27793:
27794: * visudo.c:
27795: Remove extraneous call to init_defaults() and set runas_user to NULL
27796: betweem parses so init_defaults will reset it each time, thus
27797: avoiding a reference to free()d data.
27798: [7421fcd692af]
27799:
27800: 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
27801:
27802: * config.h.in, interfaces.c, interfaces.h, sudo.c:
27803: Add support for using getifaddrs() to get the list of ip addr /
27804: netmask pairs. Currently IPv4-only.
27805: [a35bc4f7306d]
27806:
27807: * visudo.c:
27808: Add a missing check for UserEditor == NULL Add missing '+' before
27809: line number when invoking editor to fix a syntax error
27810: [f0d4635f6082]
27811:
27812: 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
27813:
27814: * sudo.c:
27815: Call clean_env very early in main() for paranoia's sake. Idea from
27816: Marc Esipovich.
27817: [f8d72ebd0115]
27818:
27819: 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
27820:
27821: * sudo.h:
27822: Update proto for evasprintf and easprintf
27823: [d147d6e58419]
27824:
27825: * alloc.c:
27826: Make easprintf() and evasprintf() return an int.
27827: [b2ca5d089667]
27828:
27829: * check.c:
27830: If the targetpw flag is set, use target username as part of the
27831: timestamp path. If tty tickets are in effect cat the tty and the
27832: target username with a ':' as the separator.
27833: [de11abc693c2]
27834:
27835: 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
27836:
27837: * auth/pam.c:
27838: Backout part of last change; setting PAM_USER to the invoking user
27839: breaks things like targetpw.
27840: [427218a7387f]
27841:
27842: * auth/pam.c:
27843: set tty and username via pam_set_item
27844: [85d1922dbcc9]
27845:
27846: * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
27847: Fix root, runas, and target authentication for non-passwd file auth
27848: methods.
27849: [a14535e7b30c]
27850:
27851: 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
27852:
27853: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
27854: sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
27855: Use B<-Z> not C<-Z> for command line flags in all places. This is
27856: more consistent and works around a bug in Pod::Man.
27857: [64b5a05f30c5]
27858:
27859: * sudoers.cat, sudoers.man.in, sudoers.pod:
27860: Fix an occurence of 'semicolon' that should be 'colon'
27861: [4ea5aacae3fb]
27862:
27863: 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
27864:
27865: * configure, configure.in:
27866: Fix --with-badpri help line
27867: [3cc40977c043]
27868:
27869: 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
27870:
27871: * defaults.c, logging.c, sudo.c:
27872: Bracket calls to syslog with an openlog() and closelog() since some
27873: authentication methods (like PAM) may do their own logging via
27874: syslog. Since we don't use syslog much (usually just once per
27875: session) this doesn't really incur a performance penalty. It also
27876: Fixes a SEGV with pam_kafs.
27877: [fe1cc28529f6]
27878:
27879: 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
27880:
27881: * sudo.c:
27882: Fix -H flag. runas_homedir is only valid after set_perms(PERM_RUNAS,
27883: mode)
27884: [ce9b1c6f68a6]
27885:
27886: 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
27887:
27888: * INSTALL:
27889: Clarify the fact that insults are not enabled just by including them
27890: in the binary.
27891: [d5a31d48320c]
27892:
27893: 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
27894:
27895: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
27896: visudo.man.in:
27897: Regenerated with perl 5.6.0 pod2man
27898: [21751433768b]
27899:
27900: * Makefile.in:
27901: Give date string to pod2man since its default is ugly and it ain't
27902: got no alibi.
27903: [0080b2f6298f]
27904:
27905: * Makefile.in:
27906: Do section substitution on the output of pod2man and remove hack
27907: needed for old pod2man.
27908: [1ef843d5c78b]
27909:
27910: * sudo.pod, sudoers.pod, visudo.pod:
27911: Put back real man sections, we will do the substitution later.
27912: [f728c1abad7e]
27913:
27914: 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
27915:
27916: * configure, configure.in:
27917: Don't bother checking for the path to vi if user specified --with-
27918: editor
27919: [bf698487e0d5]
27920:
27921: 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
27922:
27923: * CHANGES, visudo.c:
27924: Visudo now does its own fork/exec instead of calling system(3).
27925: [99bbcd88863b]
27926:
27927: * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
27928: sudoers.pod, visudo.c:
27929: Visudo now checks for the existence of an editor and gives a
27930: sensible error if it does not exist.
27931:
27932: The path to the editor for visudo is now a colon-separated list of
27933: allowable editors. If the user has $EDITOR set and it matches one of
27934: the allowed editors that editor will be used. If not, the first
27935: editor in the list that actually exists is used.
27936: [cc86eb9f5440]
27937:
27938: * sudo.cat, sudo.man.in, sudo.pod:
27939: Clear up confusion wrt sudo's return value.
27940: [9385b12d8e79]
27941:
27942: 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
27943:
27944: * Makefile.in:
27945: Strip sudo and visudo for bindist target
27946: [a995ddd79177]
27947:
27948: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
27949: sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
27950: Use @mansectsu@ and @mansectform@ in the man page bodies as well.
27951: [5eb9e60a726f] [SUDO_1_6_3]
27952:
27953: * visudo.cat, visudo.man.in, visudo.pod:
27954: Typo: @sysconf@ -> @sysconfdir@
27955: [f07f52fcd099]
27956:
27957: * Makefile.in:
27958: 'make dist' should not cause any files to be modified so remove its
27959: dependencies.
27960: [7f44a2666a9c]
27961:
27962: * CHANGES:
27963: Whoops, forgot to add release marker
27964: [16c0f16b35b8]
27965:
27966: 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
27967:
27968: * CHANGES:
27969: Final change for 1.6.3 (or so I hope)
27970: [473c89da6123]
27971:
27972: * sudo.cat, sudoers.cat, visudo.cat:
27973: Use SYSV man sections since BSD systems will have nroff...
27974: [0a6bd154324e]
27975:
27976: 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
27977:
27978: * parse.yacc, sudo.tab.c:
27979: When checking to see if the host/user matches in a defaults spec,
27980: check against TRUE, not just non-zero since it might be -1.
27981: [41f2b7ad3fdd]
27982:
27983: * configure, configure.in:
27984: OSF/1 puts file formats in section 4, not 5.
27985: [d77c1301afa9]
27986:
27987: * CHANGES, INSTALL, sudo.c:
27988: Make login class support work on BSD/OS
27989: [e9bbe3c08ade]
27990:
27991: * RUNSON:
27992: Update for 1.6.3
27993: [c40ce1d76c4d]
27994:
27995: * configure, configure.in:
27996: If there is no inet_addr but there *is* an __inet_addr that's ok
27997: since inet_addr is probably just a macro then. The better thing to
27998: do would be to look for the macro, but this is fine for now.
27999: [1b8865ae4d68]
28000:
28001: * configure, configure.in:
28002: Don't use shlicc for BSD/OS 4.x
28003: [83fbf6dedd2c]
28004:
28005: * Makefile.in, configure, configure.in:
28006: *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
28007: configure variable so we can deal with this. Also, only remove *.man
28008: for 'distclean' not 'clean'.
28009: [30d56e6de214]
28010:
28011: * sudo.c:
28012: set_loginclass() should be static like the proto says
28013: [d570a2d55fb8]
28014:
28015: 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
28016:
28017: * fnmatch.c:
28018: Add #ifdef __STDC__ around the rangematch function header to avoid
28019: promotion of test to int, thus violating the prototype. Gcc handles
28020: this gracefully but more std ANSI compilers will complain.
28021: [7d98c3e332b2]
28022:
28023: * emul/fnmatch.h:
28024: Pull in newer fnmatch(3) that supports FNM_CASEFOLD
28025: [4e1320852f8b]
28026:
28027: * aclocal.m4, configure, fnmatch.3, fnmatch.c:
28028: Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
28029: FNM_CASEFOLD in configure
28030: [9ef952bf1896]
28031:
28032: * CHANGES, TODO:
28033: update for 1.6.3
28034: [e4ba6368a0c5]
28035:
28036: * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
28037: Fully qualified hosts w/ wildcards were not matching the FQHOST
28038: token type. There's really no need for a separate token for fully-
28039: qualified vs. unqualified anymore so FQHOST is now history and
28040: hostname_matches now decides which hostname (short or long) to check
28041: based on whether or not the pattern contains a '.'.
28042: [fbd2887d9811]
28043:
28044: * parse.h:
28045: Fully qualified hosts w/ wildcards were not matching the FQHOST
28046: token type. There's really no need for a separate token for fully-
28047: qualified vs. unqualified anymore so FQHOST is now history and
28048: hostname_matches now decides which hostname (short or long) to check
28049: based on whether or not the pattern contains a '.'.
28050: [dd7bbe223461]
28051:
28052: * lex.yy.c, parse.c, parse.lex, parse.yacc:
28053: Fully qualified hosts w/ wildcards were not matching the FQHOST
28054: token type. There's really no need for a separate token for fully-
28055: qualified vs. unqualified anymore so FQHOST is now history and
28056: hostname_matches now decides which hostname (short or long) to check
28057: based on whether or not the pattern contains a '.'.
28058: [630d9d205397]
28059:
28060: * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
28061: sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
28062: Add support for wildcards in the hostname.
28063: [d8d821ed4238]
28064:
28065: * Makefile.in:
28066: Add targets for *.man.in, using config.status to generate *.man from
28067: *.man.in
28068: [640e50ede485]
28069:
28070: * sudoers.cat, sudoers.man.in, sudoers.pod:
28071: Document set_logname option and enbolden refs to sudo and visudo.
28072: [9622b3a48707]
28073:
28074: * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
28075: sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
28076: visudo.cat, visudo.man.in, visudo.pod:
28077: Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
28078: from Michael D. Marchionna. configure now does substitution on the
28079: man pages, allowing us to fix up the paths and set the section
28080: correctly. Based on an idea from Michael D. Marchionna.
28081: [463e928a0a2f]
28082:
28083: * auth/passwd.c:
28084: Better fix for handling HP-UX aging info.
28085: [3950f42d8549]
28086:
28087: * sudo.c:
28088: Add support for set_logname run-time default
28089: [c6a7cc76b8b4]
28090:
28091: * sudo.man.in, sudoers.man.in, visudo.man.in:
28092: configure does substitution on these to produce *.man
28093: [b83fc3c1bfc9]
28094:
28095: * sudo.man, sudoers.man, visudo.man:
28096: These files now get generated from *.man.in at configure time.
28097: [c499061f79e0]
28098:
28099: 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
28100:
28101: * defaults.c, defaults.h:
28102: Add set_logname option so users can turn off setting of LOGNAME/USER
28103: environment variables.
28104: [6316869180b8]
28105:
28106: * lsearch.c, parse.c, testsudoers.c:
28107: kill register
28108: [6e104e653748]
28109:
28110: 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
28111:
28112: * auth/passwd.c:
28113: HP-UX adds extra info at the end for password aging so when
28114: comparing the result of crypt to pw_passwd we only compare the first
28115: len(epass) bytes *unless* the user entered an empty string for a
28116: password.
28117: [3d24d4e4e889]
28118:
28119: * logging.c:
28120: Get rid of grandchild hack, it was causing problems and there is
28121: really no need for it. This fixes a bug where we spin eating up CPU
28122: when the user runs a long-running process like a shell.
28123: [5743b10b1e81]
28124:
28125: 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
28126:
28127: * sudo.c:
28128: User can always specify a login class if he/she is already root.
28129: [710d160cef9f]
28130:
28131: * config.h.in, configure, configure.in, defaults.c, defaults.h,
28132: sudo.c, sudo.h:
28133: FreeBSD login class (login.conf) support.
28134: [026b981d6328]
28135:
28136: 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
28137:
28138: * auth/sudo_auth.c:
28139: HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
28140: [9cd4929f1a78]
28141:
28142: 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
28143:
28144: * auth/passwd.c:
28145: Truncate unencrypted password to 8 chars if encrypted password is
28146: exactly 13 characters (indicateing standard a DES password). Many
28147: versions of crypt() do this for you, but not all (like HP-UX's).
28148: [a9d0259cb193]
28149:
28150: 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
28151:
28152: * INSTALL, RUNSON:
28153: Mention that gcc on dynix may have problems
28154: [77b97fa5bf1b]
28155:
28156: 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
28157:
28158: * Makefile.in:
28159: Link visudo with NET_LIBS since we now call syslog via defaults.c
28160: [9e3830b277cc]
28161:
28162: * defaults.c:
28163: Use Argv[0] as the first arg to openlog() since visudo uses this
28164: too.
28165: [e61078f328ec]
28166:
28167: 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
28168:
28169: * sudo.c:
28170: Stash coredumpsize resource limit and retsore it before the exec()
28171: Otherwise the child ends up with a coredumpsize of 0.
28172: [f6a4783835a3]
28173:
28174: 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
28175:
28176: * sudo.cat, sudo.man, sudo.pod:
28177: document -S flag
28178: [3ebd805b7142]
28179:
28180: * sudo.c:
28181: fix usage string
28182: [66b2dfa47fe8]
28183:
28184: * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
28185: auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
28186: Added -S flag (read passwd from stdin) and tgetpass_flags global
28187: that holds flags to be passed in to tgetpass(). Change echo_off
28188: param to tgetpass() into a flags field. There are currently 2
28189: possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
28190: tgetpass(), abstract the echo set/clear via macros and if (flags &
28191: TGP_ECHO) but echo is not set on the terminal, but sure to set it.
28192: [a4fcbb712cd0]
28193:
28194: * tgetpass.c:
28195: Fixed a bug that caused an infinite loop when the password timeout
28196: was disabled.
28197: [2be1ffc5a39f]
28198:
28199: 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
28200:
28201: * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
28202: sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
28203: Add rootpw, runaspw, and targetpw options.
28204: [2d4563e46df7]
28205:
28206: * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
28207: visudo.c:
28208: enveditor -> env_editor
28209: [ddc5f856e583]
28210:
28211: 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
28212:
28213: * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
28214: sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
28215: visudo.man:
28216: crank versino to 1.6.3
28217: [a5f7d3e74360]
28218:
28219: * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
28220: sudoers.pod, visudo.c:
28221: Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
28222: them. This means that visudo will now parse the sudoers file
28223: *before* it is edited so a bogus sudoers file will cause a warning
28224: to go to stderr. Also, visudo checks the variables once--it does not
28225: check them after each editor run since that could be confusing.
28226: [9f5af18e9212]
28227:
28228: 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
28229:
28230: * RUNSON:
28231: 1.6.2 -> 1.6.2p1
28232: [e25b74f1d1af]
28233:
28234: * check.c, sudo.c, sudo.h:
28235: Move user_is_exempt prototype into sudo.h
28236: [daf26a6ded8a]
28237:
28238: 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
28239:
28240: * configure, configure.in:
28241: Fix thinko, some && should have been || in the last commit
28242: [4b9b2d487ded]
28243:
28244: * configure, configure.in:
28245: Don't initialized Makefile variables to be NULL since the user may
28246: want to import variables from their environment.
28247: [7be019f4422c]
28248:
28249: 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
28250:
28251: * configure, configure.in:
28252: typo
28253: [38f4d8971f0a]
28254:
28255: 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
28256:
28257: * sudo.tab.c:
28258: fix a yacc (skeleton.c) warning
28259: [a2da228a937b]
28260:
28261: 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
28262:
28263: * INSTALL, RUNSON, configure, configure.in:
28264: Make pam work on HP-UX 11.0;jaearick@colby.edu
28265: [b94de0ff6f42]
28266:
28267: * CHANGES:
28268: recent changes; prepare for 1.6.2p1
28269: [b291635ea141]
28270:
28271: * find_path.c:
28272: Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
28273: [4306285c4f6e]
28274:
28275: 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
28276:
28277: * sudo.tab.c:
28278: Regen with yacc that has a memory leak plugged.
28279: [e26383a04eb7]
28280:
28281: * sudoers.cat, sudoers.man, sudoers.pod:
28282: Expanded docs on sudoers 'defaults' options based on INSTALL file
28283: info.
28284: [54c3d62d6c74]
28285:
28286: * INSTALL:
28287: Fix some while lies
28288: [d15311782150]
28289:
28290: 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
28291:
28292: * Makefile.in:
28293: When making a bindist, link FAQ to TROUBLESHOOTING instead of
28294: copying.
28295: [2d88a6ac88cf]
28296:
28297: * sudoers.cat, sudoers.man, sudoers.pod:
28298: Add netgroup caveat
28299: [28d119f466e3] [SUDO_1_6_2]
28300:
28301: * RUNSON:
28302: Last minute updates
28303: [89fb4ed22d52]
28304:
28305: * TROUBLESHOOTING:
28306: PAM entry
28307: [a9fd59f39457]
28308:
28309: * auth/pam.c:
28310: correct a comment
28311: [a29627225ba9]
28312:
28313: * CHANGES, RUNSON:
28314: update for 1.6.2
28315: [b7f1c40ea732]
28316:
28317: * auth/pam.c:
28318: Better detection of PAM errors and fix custom prompts with PAM.
28319: Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
28320: [ff69234b94a5]
28321:
28322: 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
28323:
28324: * snprintf.c:
28325: Cast ULONG_MAX to unsigned long long when comparing to an unsigned
28326: long long value.
28327: [9d918c3a2ecd]
28328:
28329: 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
28330:
28331: * CHANGES, config.h.in, configure, configure.in, visudo.c:
28332: Fix sudoers locking in visudo. We now lock the sudoers file itself,
28333: not the temp file (since locking the temp file can foul up editors).
28334: The previous locking scheme didn't work because the fd was closed
28335: too early.
28336: [de2011bb11ed]
28337:
28338: * config.h.in, configure, configure.in:
28339: Don't need test for ftruncate() any more.
28340: [e5f71c848104]
28341:
28342: * configure, configure.in:
28343: Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
28344: the unbundled HP-UX cc.
28345: [2c373612c644]
28346:
28347: 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
28348:
28349: * sudoers.cat, sudoers.man, sudoers.pod:
28350: "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
28351: [05360d2c314e]
28352:
28353: 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
28354:
28355: * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
28356: parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
28357: version.h, visudo.c:
28358: update copyright year on changed files
28359: [5792a2a28a4c]
28360:
28361: * RUNSON:
28362: updates
28363: [edf8f19aa403]
28364:
28365: * CHANGES:
28366: aix fix
28367: [4d4a243b31e2]
28368:
28369: * INSTALL:
28370: Crank version to 1.6.2
28371: [bcb5cb411624]
28372:
28373: * configure:
28374: Crank version to 1.6.2
28375: [32a19f33427f]
28376:
28377: * sudo.c:
28378: When using rlimit check for RLIM_INFINITY When computing the value
28379: of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
28380: [8c16166802e5]
28381:
28382: * CHANGES:
28383: recent changes
28384: [09fc7112e44d]
28385:
28386: * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
28387: sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
28388: Crank version to 1.6.2
28389: [055fa61a7c61]
28390:
28391: * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
28392: Add 'shell_noargs' runtime option back in. We have to defer checking
28393: until after the sudoers file has been parsed but since there are now
28394: other options that operate that way this one can too. Based on a
28395: patch from bguillory@email.com.
28396: [231db7a007a6]
28397:
28398: * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
28399: Add "listpw" and "verifypw" options.
28400: [190683bac878]
28401:
28402: * sudoers.cat, sudoers.man, sudoers.pod:
28403: o Fix some typos/omissions o Add section on verifypw and listpw o
28404: Define how NOPASSWD interacts with the -v and -l flags
28405: [6feb7350eb79]
28406:
28407: 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
28408:
28409: * configure, configure.in:
28410: For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
28411: -D_HPUX_SOURCE to CPPFLAGS.
28412: [06cc35d89dc8]
28413:
28414: * defaults.c, defaults.h:
28415: In struct sudo_defs_types, move the union to the end and don't
28416: initialize the union member since that only works with an ANSI
28417: compiler. We set the value of the union by hand in init_defaults()
28418: anyway. This allows sudo to compile on a K&R compiler again.
28419: [623487e1fcfa]
28420:
28421: 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
28422:
28423: * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
28424: netgr_matches needs to check shost as well as host since they may be
28425: different.
28426: [3f43ace23d3e]
28427:
28428: * tgetpass.c:
28429: End on \r as well as \n
28430: [cb7c6e6f4202]
28431:
28432: 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
28433:
28434: * sudo.c:
28435: Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
28436: from 0400 to whatever SUDOERS_MODE is (converting from the old
28437: sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
28438: 0400 which should always be the case.
28439: [34cd83d49d20]
28440:
28441: * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
28442: Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
28443: w/o a passwd if there is *any* entry for the user on the host with a
28444: NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
28445: the user on the host w/ the specified runas user have the NOPASSWD
28446: flag set.
28447: [4b3b85697653]
28448:
28449: * Makefile.in:
28450: add check target
28451: [3d24d34a76fd]
28452:
28453: 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
28454:
28455: * visudo.c:
28456: Treat EOF at whatnow prompt like 'x' instead of looping.
28457: [5deffc27114c]
28458:
28459: 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
28460:
28461: * CHANGES:
28462: recent changes
28463: [5836a9452568] [SUDO_1_6_1]
28464:
28465: 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
28466:
28467: * config.h.in, configure, configure.in, sudo.c:
28468: Add check for initgroups() since old SYSV lacks this.
28469: [657a6005a569]
28470:
28471: * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
28472: parse.c, testsudoers.c:
28473: o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
28474: exists.
28475: [17d081e917d6]
28476:
28477: 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
28478:
28479: * auth/sudo_auth.c:
28480: Don't allow insults to be enabled if the insults[] array is empty.
28481: Otherwise there would be division by zero.
28482: [b20c14db6029]
28483:
28484: * insults.h:
28485: Don't allow insults to be enabled if the insults[] array is empty.
28486: Otherwise there would be division by zero.
28487: [028f130204b0]
28488:
28489: * CHANGES, RUNSON:
28490: Don't allow insults to be enabled if the insults[] array is empty.
28491: Otherwise there would be division by zero.
28492: [974f4780254b]
28493:
28494: * insults.h:
28495: Don't care about USE_INSULTS #define since the insult stuff may be
28496: overridden at runtime.
28497: [b873df8b299c]
28498:
28499: * auth/sudo_auth.c:
28500: Honor insults flag.
28501: [756111640fdc]
28502:
28503: * CHANGES, parse.c:
28504: Don't ask the user for a password if the user is not allowed to run
28505: the command and the authenticate flag (in sudoers) is false.
28506: [cea9fdc09c76]
28507:
28508: * CHANGES, RUNSON, lex.yy.c, parse.lex:
28509: o Whenever we get a bare newline we change to the INITIAL state. o
28510: Enter GOTRUNAS when we see Runas_Alias
28511:
28512: This allows #uid to work in a RunasAlias.
28513: [a475513e7c7a]
28514:
28515: 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
28516:
28517: * CHANGES, parse.yacc, sudo.tab.c:
28518: fix parsing of runas lists: o oprunasuser and runaslist now return a
28519: value o in a runasspec, if a runaslist does not return TRUE, set
28520: runas_matches to FALSE. Normally, a runaslist only returns FALSE for
28521: explicitly denied users. o since runaslist does not modify the stack
28522: there is no need for a push/pop in runasalias.
28523: [82b305b34a8c]
28524:
28525: * check.c, sudo.c:
28526: Don't kill the user's tickets until after sudoers has been parsed
28527: since tty_tickets and ticket_dir could be set in sudoers.
28528: [f43e25367f3a]
28529:
28530: * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
28531: configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
28532: sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
28533: crank version to 1.6
28534: [95f8bdcf9bb2]
28535:
28536: * testsudoers.c:
28537: add set_fqdn() stub
28538: [bbc81af5b41a]
28539:
28540: 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
28541:
28542: * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
28543: sudoers.man, sudoers.pod, visudo.c:
28544: o Kill shell_noargs option, it cannot work since the command needs
28545: to be set before sudoers is parsed. o Fix the "set_home" sudoers
28546: option (only worked at compile time). o Fix "fqdn" sudoers option.
28547: We now set host/shost via set_fqdn which gets called when the "fqdn"
28548: option is set in sudoers. o Move the openlog() to store_syslogfac()
28549: so this gets overridden correctly from the sudoers file.
28550: [3dca861f0f5d]
28551:
28552: * auth/securid.c:
28553: SecurID support should compile now.
28554: [a544e5c6ea34]
28555:
28556: 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
28557:
28558: * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
28559: visudo.man, visudo.pod:
28560: fix some syntactic goofs
28561: [b3451f0d5239]
28562:
28563: 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
28564:
28565: * Makefile.in, sudo.html, sudoers.html, visudo.html:
28566: No longer need the .html files as they are generated automatically
28567: on the web site.
28568: [1b4aa4204584]
28569:
28570: * CHANGES, LICENSE:
28571: kill characters that made wml unhappy
28572: [b988fbc6da56]
28573:
28574: * HISTORY:
28575: typo
28576: [a418963f7fce]
28577:
28578: 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
28579:
28580: * README:
28581: majordomo@cs.colorado.edu -> majordomo@courtesan.com
28582: [5d151e8ffd3b]
28583:
28584: * Makefile.in, configure:
28585: Wrap script execution w/ /bin/sh for the benefit of ctm
28586: [3a9c4766b2c3]
28587:
28588: 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
28589:
28590: * sudo.c:
28591: Make the -s flag be exclusive too. Also reorder the flags in the
28592: exclusive usage message so they are alphabetical.
28593: [4c7af200db34]
28594:
28595: 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
28596:
28597: * auth/pam.c:
28598: make pam errors other than PAM_PERM_DENIED fatal
28599: [64bcb3fd2baf]
28600:
28601: * auth/API:
28602: fix typo
28603: [f3134c88b12e]
28604:
28605: * INSTALL:
28606: make it clear that /etc/pam.d/sudo is required on linux
28607: [213cc3eaad82]
28608:
28609: * auth/pam.c:
28610: fix a warning on redhat and spew an error if pam_authenticate()
28611: returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
28612: [7e46dd19da89]
28613:
28614: * sudo.cat, sudo.html, sudo.man, sudo.pod:
28615: Be very clear that the password required is the user's not root's
28616: [a6da127347e5]
28617:
28618: 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
28619:
28620: * Makefile.in:
28621: add sample.syslog.conf to DISTFILES and BINFILES
28622: [8661c27c007e]
28623:
28624: 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
28625:
28626: * RUNSON:
28627: updates from Brian Jackson + some formatting
28628: [6d31c6fa63f8]
28629:
28630: 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
28631:
28632: * INSTALL.binary, Makefile.binary, README, RUNSON:
28633: o One RUNSon update o Changes for automating real binary releases
28634: [dd9585f4406c]
28635:
28636: * Makefile.in:
28637: Add bindist target
28638: [546ed3fa94bb]
28639:
28640: 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
28641:
28642: * TROUBLESHOOTING:
28643: talk about run-time options in addition to compile-time options
28644: [1eb813ff0a9a] [SUDO_1_6_0]
28645:
28646: * CHANGES:
28647: fix typos
28648: [65e92bb70a7b]
28649:
28650: * sudo.c:
28651: need sys/time.h if HAVE_SETRLIMIT
28652: [ce31655a8a60]
28653:
28654: * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
28655: sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
28656: get rid of references to sudo-bugs. Now mention the web site or the
28657: sudo@ alias
28658: [a9db861fd8c6]
28659:
28660: * sudoers.html:
28661: repair pod2html damage
28662: [62ece4277f1f]
28663:
28664: * RUNSON, TODO:
28665: Update for 1.6 release
28666: [98569c57ba2a]
28667:
28668: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
28669: Add warning about using ALL in a command context.
28670: [6c77685ab280]
28671:
28672: 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
28673:
28674: * visudo.c:
28675: Call yyrestart() on a parse error to reset the lexer state.
28676: [1370a27acdb2]
28677:
28678: * lex.yy.c, parse.lex:
28679: Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
28680: since it might not get called in yywrap if we get a parse error (and
28681: we only reread the file on error anyway).
28682: [37f4b449e28e]
28683:
28684: * lex.yy.c, parse.lex:
28685: Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
28686: might still exist. Call yyrestart() instead of using the deprecated
28687: YY_NEW_FILE macro.
28688: [7d0d873046c6]
28689:
28690: * lex.yy.c, parse.lex:
28691: flex doesn't need %N table size declarations
28692: [268b020fd60a]
28693:
28694: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
28695: Mention what characters need to be escaped in names.
28696: [72ccbb6b0f31]
28697:
28698: 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
28699:
28700: * configure:
28701: regen
28702: [65827abb5c7b]
28703:
28704: * INSTALL:
28705: clarify Mac OS X entry
28706: [8da1549a71f5]
28707:
28708: * RUNSON:
28709: update
28710: [0cff8df7459f]
28711:
28712: * configure.in:
28713: o Use AC_MSG_ERROR throughout o Check syslog configure options for
28714: danity
28715: [4cb81e642e5c]
28716:
28717: 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
28718:
28719: * defaults.c:
28720: Fix printing of type T_MODE in dump_defaults()
28721: [a868bb6f5515]
28722:
28723: * strcasecmp.c:
28724: missing sys/types.h
28725: [ca694ca325b6]
28726:
28727: * INSTALL:
28728: Break out options that may be overridden at run time into their own
28729: section. Add a not about Max OS X and correct some lies.
28730: [d8bcfd120593]
28731:
28732: 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
28733:
28734: * CHANGES, config.h.in, configure, configure.in, sudo.c:
28735: o Now use getrlimit to find the highest fd when closing all non-std
28736: fd's o Turn off core dumps via setrlimit for the sake of paranoia
28737: [dd9f651b6def]
28738:
28739: * RUNSON:
28740: updates
28741: [f581841fe615]
28742:
28743: 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
28744:
28745: * CHANGES:
28746: updates
28747: [553baa1d44c7]
28748:
28749: * tgetpass.c:
28750: When read()'ing, do a single character at a time to be sure we don't
28751: go oast the newline.
28752: [907d33f55bb4]
28753:
28754: * sudo.c:
28755: For the sudo_root option, check against user_uid, not getuid() since
28756: at this point, ruid == euid == 0.
28757: [92d5c51939b4]
28758:
28759: * RUNSON:
28760: some updates
28761: [e3ed0c1f312b]
28762:
28763: * logging.h:
28764: Fix compilation problem when --with-logging=file was specified. This
28765: means that syslog is now required to build sudo but that should not
28766: be a problem. If it is it can be fixed trivially with a configure
28767: check for syslog() or syslog.h.
28768: [839a4b069190]
28769:
28770: * tgetpass.c:
28771: Make this work again for things like "sudo echo hi | more" where the
28772: tty gets put into character at a time mode. We read until we read
28773: end of line or we run out of space (similar to fgets(3)).
28774: [c8f746df2e63]
28775:
28776: 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
28777:
28778: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
28779: change ital to bold
28780: [f860978e530a]
28781:
28782: * RUNSON:
28783: update
28784: [9bcfbb405568]
28785:
28786: 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
28787:
28788: * defaults.c:
28789: Error out if syslog parameters are given without a value. For Ultrix
28790: or 4.2BSD "syslog" is allowed without a value since there are no
28791: facilities in the 4.2BSD syslog.
28792: [69e7a686f5f0]
28793:
28794: 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
28795:
28796: * defaults.c:
28797: Ignore the syslog facility for systems w/ old syslog like Ultrix.
28798: [5c250adbbb84]
28799:
28800: * TROUBLESHOOTING:
28801: people with "." early in their path can have problems running sudo
28802: from the build dir ;-)
28803: [20a1744a24a4]
28804:
28805: 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
28806:
28807: * sudo.cat, sudo.html, sudo.man, sudo.pod:
28808: Remove -r realm option
28809: [127caa537f95]
28810:
28811: * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
28812: configure.in, sudo.c:
28813: New krb5 code from Frank Cusack <fcusack@iconnet.net>.
28814: [7177a3893a62]
28815:
28816: * CHANGES:
28817: update to reality
28818: [766cfbb512d6]
28819:
28820: 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
28821:
28822: * auth/fwtk.c:
28823: include <auth.h> to get function prototypes.
28824: [d6c7c12d09fe]
28825:
28826: * sudo.cat, sudo.html, sudo.man, sudo.pod:
28827: document -L flag
28828: [dc803e1ce0d7]
28829:
28830: 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
28831:
28832: * sudo.c:
28833: in set_perms(), always call setuid(0) before changing the ruid/euid
28834: so we always know it will succeed.
28835: [8cced1b862bf]
28836:
28837: * defaults.h:
28838: #undef T_FOO to avoid conflicts with system defines (like on
28839: ULTRIX).
28840: [d9f0aac092b0]
28841:
28842: * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
28843: sudoers.pod:
28844: Docuement "Defaults" lines in /etc/sudoers. Still needs some
28845: fleshing out but this is a start.
28846: [521a1e629bbc]
28847:
28848: 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
28849:
28850: * use strtol, not strtoul since not everyone has not strtoul
28851: [988462f093cc]
28852:
28853: * defaults.c:
28854: use strtol, not strtoul since not everyone has not strtoul
28855: [fce835ce62e3]
28856:
28857: * lex.yy.c, parse.lex:
28858: last {WORD} rule should only apply in the INITIAL state
28859: [9b57570bfa83]
28860:
28861: * lex.yy.c, parse.lex:
28862: o Add support for escaped characters in the WORD macro o Modify
28863: fill() to squash escape chars
28864: [87572d59e4e0]
28865:
28866: * defaults.c, defaults.h:
28867: o Add T_PATH flag to allow simple sanity checks for default values
28868: that are supposed to be pathnames. o Fix a duplicate free when
28869: visudo finds an error.
28870: [bdc6855a6c6d]
28871:
28872: 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
28873:
28874: * defaults.c, defaults.h, logging.c:
28875: mail_if_foo -> mail_foo
28876: [cbee9415875d]
28877:
28878: 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
28879:
28880: * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
28881: o Add requiretty option o Move O_NOCTTY to compat.h
28882: [65b8bf0e1795]
28883:
28884: * logging.c:
28885: The exit() in log_error() was mistakenly removed in a previous
28886: version. Put it back...
28887: [9473449130a4]
28888:
28889: 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
28890:
28891: * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
28892: auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
28893: configure, configure.in, defaults.c, defaults.h, find_path.c,
28894: getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
28895: o Change defaults stuff to put the value right in the struct. o
28896: Implement mailer_flags o Store syslog stuff both in int and string
28897: form. Setting the string form magically updates the int version. o
28898: Add boolean attribute to strings where it makes sense to say !foo
28899: [4698953f9a36]
28900:
28901: * tgetpass.c:
28902: add O_NOCTTY when opening /dev/tty just in case
28903: [4c6d1d1bb300]
28904:
28905: 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
28906:
28907: * auth/API:
28908: cleanup function no longer takes a status arg
28909: [0819edbfe7f8]
28910:
28911: * INSTALL:
28912: the the
28913: [19aadb65ea28]
28914:
28915: 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
28916:
28917: * TODO, config.h.in, configure, configure.in, logging.c:
28918: Use strftime() instead of ctime() if it is available.
28919: [fb60ea63b514]
28920:
28921: 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
28922:
28923: * defaults.c:
28924: fix copyright date
28925: [4a53b54aa72f]
28926:
28927: * RUNSON:
28928: update ReliantUNIX entry
28929: [de618a4f67d9]
28930:
28931: * defaults.c, defaults.h, logging.c:
28932: add log_year option
28933: [251a9e20568a]
28934:
28935: * configure, configure.in:
28936: add --without-sendmail to help output
28937: [93162f199902]
28938:
28939: * configure, configure.in:
28940: enforce an otctal arg for --with-suoders-mode
28941: [45e1b04ccad3]
28942:
28943: 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
28944:
28945: * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
28946: auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
28947: auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
28948: defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
28949: parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
28950: testsudoers.c, version.c, visudo.c:
28951: Add support for "Defaults" line in sudoers to make configuration
28952: variables changable at runtime (and on a global, per-host and per-
28953: user basis). Both the names and the internal representation are
28954: still subject to change. It was necessary to make sudo_user.runas
28955: but a char ** instead of a char * since this value can be changed by
28956: a Defaults line. There is a similar (but more complicated) issue
28957: with sudo_user.prompt but it is handled differently at the moment.
28958:
28959: Add a "-L" flag to list the name of options with their descriptions.
28960: This may only be temporary.
28961:
28962: Move some prototypes to parse.h
28963:
28964: Be much less restrictive on what is allowed for a username.
28965: [f71abf7ba80c]
28966:
28967: * sample.syslog.conf:
28968: Add more info
28969: [e952e6f42d4d]
28970:
28971: 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
28972:
28973: * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
28974: strcasecmp.c:
28975: UCB has dropped the advertising clause from their license.
28976: [a5602b36a341]
28977:
28978: 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
28979:
28980: * auth/sudo_auth.h:
28981: move dce_verofy proto to correct section
28982: [972c815af558]
28983:
28984: * auth/dce.c:
28985: remove XXX
28986: [820631855be0]
28987:
28988: 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
28989:
28990: * emul/fnmatch.h:
28991: Add fnmatch() prototype
28992: [79e84576d92a]
28993:
28994: * fnmatch.c, parse.c, testsudoers.c:
28995: Move inclusion of emul/fnmatch.h to be after sudo.h for __P
28996: [1182c89fa811]
28997:
28998: * sudo.h:
28999: add strcasecmp proto
29000: [512d1d8a6a0c]
29001:
29002: * auth/sudo_auth.c:
29003: add check for case where there are no auth methods
29004: [e4af2b91b43e]
29005:
29006: * configure, configure.in:
29007: Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
29008: SunOS4 w/ gcc
29009: [746ce8bcec23]
29010:
29011: * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
29012: include strings.h everywhere we include string.h
29013: [6f7d5d437e7b]
29014:
29015: * version.c:
29016: nicer output when showing auth methods
29017: [0eac4b977f9d]
29018:
29019: * version.c:
29020: Add support for SEND_MAIL_WHEN_NO_HOST
29021: [9f20a3a3fae6]
29022:
29023: * config.h.in, configure, configure.in:
29024: Add _GNU_SOURCE for Linux
29025: [c7bd8c511847]
29026:
29027: * lex.yy.c, parse.lex:
29028: fix definition of OCTECT
29029: [4af30e63244d]
29030:
29031: * configure, configure.in:
29032: aix_auth.o not authenticate.o
29033: [fe95dfb08df4]
29034:
29035: 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
29036:
29037: * sudo.c:
29038: Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
29039: keyboard). Since we run with ruid/euid == 0 the user can't really
29040: signal us in nasty ways.
29041: [a7f6487c0f48]
29042:
29043: * visudo.c:
29044: Don't need to worry about catching too many signals since we do
29045: locking on the tmp file. If a lockfile is really stale, it will be
29046: detected and overwritten.
29047: [28983db3e749]
29048:
29049: * INSTALL, Makefile.in:
29050: include auth/API in tarball
29051: [014991600252]
29052:
29053: * auth/sudo_auth.c:
29054: move memset() of plaintext pw outside of verify loop and only do the
29055: memset if we are *not* in standalone mode.
29056: [66f8e87567e2]
29057:
29058: * auth/sudo_auth.c, auth/sudo_auth.h:
29059: DCE is not a standalone method
29060: [34963e2d8a1b]
29061:
29062: * sudo.c:
29063: fix --enable-noargs-shell
29064: [4234062abbb0]
29065:
29066: * snprintf.c:
29067: "#ifdef __STDC__" not "#if __STDC__" (I missed one)
29068: [c430b80454c6]
29069:
29070: * auth/fwtk.c, auth/sia.c:
29071: _cleanup() function returns an int.
29072: [d1a1cc071ec1]
29073:
29074: * auth/dce.c:
29075: there were still some return(0)'s hanging around, make them
29076: AUTH_FAILURE
29077: [1002aa1962c3]
29078:
29079: * parse.c:
29080: typo in comment
29081: [5abc410dbfd2]
29082:
29083: * version.c:
29084: add missing semicolon
29085: [a262283b52a5]
29086:
29087: * auth/sudo_auth.h:
29088: missing backslash
29089: [bf89f6bd2900]
29090:
29091: 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
29092:
29093: * CHANGES, config.h.in, configure, configure.in:
29094: Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
29095: [f1a9bca0cf67]
29096:
29097: * Makefile.in:
29098: add parse.h to HDRS
29099: [a3d054987766]
29100:
29101: * Makefile.in, configure, configure.in:
29102: Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
29103: LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
29104: network libs like -lsocket, -lnsl go in NET_LIBS. This allows
29105: testsudoers to build on Solaris and is a bit cleaner in general.
29106: [4e6239e97002]
29107:
29108: * UPGRADE:
29109: mention ptmp -> sudoers.tmp
29110: [ec3baa0fe8a1]
29111:
29112: * config.h.in, configure, configure.in:
29113: Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
29114: [6f93dc7f39f5]
29115:
29116: * RUNSON:
29117: add 2 reports
29118: [ce0fcc00ee4e]
29119:
29120: * auth/kerb5.c:
29121: Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
29122: return a value more like a system function
29123: [0dd56aa21424]
29124:
29125: * auth/dce.c:
29126: Add an XXX
29127: [58fc8562c212]
29128:
29129: * TODO:
29130: more things todo!
29131: [5a459d0cf339]
29132:
29133: * sample.sudoers:
29134: update based on what is in the man page
29135: [1a0477db96fa]
29136:
29137: * parse.yacc, sudo.tab.c:
29138: minor change to first line printed in -l mode
29139: [69eb57d96952]
29140:
29141: * sudo.cat, sudo.html, sudo.man, sudo.pod:
29142: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
29143: standard and add "EXAMPLES" section
29144: [7e543335ebe1]
29145:
29146: * visudo.cat, visudo.html, visudo.man, visudo.pod:
29147: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
29148: standard
29149: [f82d87ed65c2]
29150:
29151: * logging.c, parse.c, sudo.h:
29152: add FLAG_NO_CHECK
29153: [c7d69176a2d7]
29154:
29155: * lex.yy.c, parse.lex:
29156: make an OCTET really be limited to 0-255
29157: [6ee568dd6a02]
29158:
29159: * UPGRADE:
29160: mention timestamp changes
29161: [e44d5302bf60]
29162:
29163: * PORTING:
29164: cosmetic cleanup
29165: [36fa3a2664dd]
29166:
29167: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
29168: new sudoers(8) man page
29169: [e674d06283d0]
29170:
29171: 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
29172:
29173: * version.c:
29174: Update comments about syslog name tables
29175: [63830a782dcb]
29176:
29177: * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
29178: strcasecmp.c, sudo.tab.c:
29179: include strcasecmp() for those without it
29180: [a0d8e2488bbc]
29181:
29182: * sample.sudoers:
29183: Use the : operator some more and fix a typo
29184: [18804c70da86]
29185:
29186: * HISTORY:
29187: update the history of sudo
29188: [9d9b3d5279b3]
29189:
29190: * parse.c, parse.lex, testsudoers.c:
29191: CIDR-style netmask support
29192: [768644467353]
29193:
29194: * CHANGES:
29195: recent changes
29196: [a4319e9d07cb]
29197:
29198: * sudo.tab.c, sudo.tab.h:
29199: these should be generated with byacc, not bison
29200: [f57b9489b752]
29201:
29202: * lex.yy.c:
29203: regen
29204: [522461f95dfa]
29205:
29206: * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
29207: In "sudo -l" mode, the type of the stored (expanded) alias was not
29208: stored with the contents. This could lead to incorrect output if the
29209: sudoers file had different alias types with the same name. Normal
29210: parsing (ie: not in '-l' mode) is unaffected.
29211: [823fe2bc4b79]
29212:
29213: 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
29214:
29215: * configure, configure.in:
29216: define _XOPEN_SOURCE to get at crypt() proto on some systems
29217: [1b3769b86fb9]
29218:
29219: 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
29220:
29221: * snprintf.c:
29222: fix comment
29223: [fc1264df00f7]
29224:
29225: * tgetpass.c:
29226: don't need limits.h
29227: [f1631829af45]
29228:
29229: * snprintf.c:
29230: kill bogus reference to vfprintf
29231: [a0b99b25d389]
29232:
29233: * sample.sudoers, sudoers:
29234: better examples
29235: [b4d87ea64cc8]
29236:
29237: * snprintf.c:
29238: Add some const in the K&R defs. This is safe since we define const
29239: away if the compiler doesn't grok it.
29240: [614d6e83d45e]
29241:
29242: * aclocal.m4, configure:
29243: Better test for working long long support. Ultrix compiler supports
29244: basic long long but not all operations on them.
29245: [5da1508710ed]
29246:
29247: * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
29248: snprintf.c, sudo.c:
29249: Add check for LONG_IS_QUAD #undef MAXINT before including
29250: hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
29251: in snprintf.c and use LONG_IS_QUAD
29252: [a1f7993367fc]
29253:
29254: 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
29255:
29256: * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
29257: snprintf.c:
29258: UCB-derived snprintf + asprintf support. Supports quads if the
29259: compiler does. No floating point yet, perhaps later...
29260: [0caf05aba945]
29261:
29262: 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
29263:
29264: * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
29265: goodpath.c, logging.c, parse.c, sudo.c:
29266: Run most of the code as root, not the invoking user. It doesn't
29267: really gain us anything to run as the user since an attacker can
29268: just have an setuid(0) in their egg. Running as root solves
29269: potential problems wrt signalling.
29270: [408e530dda01]
29271:
29272: * sudo.tab.c:
29273: regen
29274: [f8cfb37e37de]
29275:
29276: 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
29277:
29278: * logging.c, sudo.c:
29279: Don't wait for child to finish in log_error(), let the signal
29280: handler get it if we are still running, else let init reap it for
29281: us. The extra time it takes to wait lets the user know that mail is
29282: being sent.
29283:
29284: Install SIGCHLD handler in main() and for POSIX signals, block
29285: everything
29286: *except* SIGCHLD.
29287: [d2b6ab0ef3be]
29288:
29289: * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
29290: parse.yacc, sudo.c, sudo.h:
29291: sudoers_lookup() now returns a bitmap instead of an int. This makes
29292: it possible to express things like "failed to validate because user
29293: not listed for this host". Some thigns that were previously
29294: VALIDATE_FOO are now FLAG_FOO. This may change later on.
29295:
29296: Reorganized code in log_auth() and sudo.c to deal with above
29297: changes.
29298:
29299: Safer versions of push/pushcp with in the do { ... } while (0) style
29300:
29301: parse.yacc now saves info on the stack to allow parse.c to determine
29302: if a user was listed, but not for the host he/she tried to run on.
29303:
29304: Added --with-mail-if-no-host option
29305: [63326cb01efc]
29306:
29307: 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
29308:
29309: * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
29310: visudo.man, visudo.pod:
29311: o NewArgv and NewArgc don't need to be externally visible. o If
29312: pedantic > 1, it is a parse error. o Add -s (strict) option to
29313: visudo which sets pedantic to 2.
29314: [5d7d81b55cd5]
29315:
29316: * HISTORY, INSTALL:
29317: Just have sudo-bugs contact info in one place
29318: [e7f6588ea683]
29319:
29320: * sudo.cat, sudo.html, sudo.man, sudo.pod:
29321: Add BUGS section
29322: [6607d96ea510]
29323:
29324: * Makefile.in, configure, configure.in:
29325: Add testsudoers to default build target if --with-devel Don't clean
29326: generated parser files unless "distclean".
29327: [5827b769dc57]
29328:
29329: * parse.yacc, sudo.tab.c:
29330: In pedantic mode we need to save *all* the aliases, not just those
29331: that match, or we get spurious warnings.
29332: [24f5b1f0e1de]
29333:
29334: * TROUBLESHOOTING:
29335: reference samples.sylog.conf
29336: [11841668380a]
29337:
29338: 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
29339:
29340: * sample.syslog.conf:
29341: Sample entries for syslog.conf
29342: [0f7697d878a1]
29343:
29344: * CHANGES:
29345: recent changes
29346: [8bca8810c6bd]
29347:
29348: * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
29349: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
29350: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
29351: auth/sudo_auth.c, auth/sudo_auth.h:
29352: In struct sudo_auth, turn need_root and configured into flags and
29353: add a flag to specify an auth method is running alone (the only
29354: one). Pass auth methods their sudo_auth pointer, not the data
29355: pointer. This allows us to get at the flags and tell if we are the
29356: only auth method. That, in turn, allows the method to be able to
29357: decide what should/should not be a fatal error. Currently only
29358: rfc1938 uses it this way, which allows us to kill the OTP_ONLY
29359: define and te hackery that went with it. With access to the
29360: sudo_auth struct, methods can also get at a string holding their
29361: cannonical name (useful in error messages).
29362: [b7e320fc6511]
29363:
29364: * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
29365: getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
29366: sudo.tab.h:
29367: o --with-otp deprecated, use --without-passwd instead o real
29368: dependencies in the Makefile o --with-devel option to enable yacc,
29369: lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
29370: back to being a token, not a string but don't leak memory o rename
29371: hsotspec -> host in parse.yacc
29372: [912c45226cb2]
29373:
29374: 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
29375:
29376: * BUGS, CHANGES:
29377: recent changes
29378: [801fa6e55687]
29379:
29380: * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
29381: sudo.c, sudo.h:
29382: o Digital UNIX needs to check for *snprintf() before -ldb is added
29383: to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
29384: for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
29385: functions in snprintf.c to fix -Wall o Add missing includes to fix
29386: more -Wall
29387: [8d207203e126]
29388:
29389: * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
29390: configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
29391: visudo.c:
29392: o Add a "pedentic" flag to the parser. This makes sudo warn in cases
29393: where an alias may be used before it is defined. Only turned on for
29394: visudo and testsudoers. o Add --disable-authentication option that
29395: makes sudo not require authentication by default. The PASSWD tag can
29396: be used to require authentication for an entry. We no longer
29397: overload --without-passwd.
29398: [f307e09adf98]
29399:
29400: * lex.yy.c, parse.lex:
29401: Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
29402: username can contain just about anything so be very permissive. Also
29403: drop the unused \. punctuation.
29404: [06a50614ff89]
29405:
29406: 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
29407:
29408: * parse.yacc, sudo.tab.c:
29409: o add a 'val' element to aliasinfo struct and move -> parse.h o
29410: find_alias() now returns an aliasinfo * instead of boolean o
29411: add_alias() now takes a value parameter to store in the
29412: aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
29413: return: 1) positive match 0) negative match (due to '!')
29414: -1) no match This means setting $$ explicitly in all cases, which I
29415: should have done in the first place. It also means that we always
29416: store a value that is != -1 and when we see a '!' we can set
29417: *_matches to !rv if rv != -1. The upshot of all of this is that '!'
29418: now works the way it should in lists and some of the rules are more
29419: uniform and sensible.
29420: [ad8e73b5d581]
29421:
29422: * Makefile.in:
29423: add parse.h dependency
29424: [4ccccd464d30]
29425:
29426: * parse.h:
29427: kill unused *_matched macros
29428: [02cba6dcb732]
29429:
29430: * parse.yacc:
29431: Allow a list of users as the first thing in a user spec, not just a
29432: single entry. This makes things more uniform, though it does allow
29433: you to write user specs that are hard to read.
29434: [3c4c91c508ca]
29435:
29436: * sudo.tab.c:
29437: parse.yacc
29438: [feca81881bb6]
29439:
29440: * configure:
29441: regen
29442: [6f247010bb3b]
29443:
29444: * configure.in:
29445: fix check for crypt() in libufc
29446: [82770736f4b0]
29447:
29448: 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
29449:
29450: * README:
29451: sudo-users list now exists
29452: [4716d2bb0bbf]
29453:
29454: * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
29455: Update to reality.
29456: [1eda2d57e42a]
29457:
29458: * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
29459: config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
29460: version.c, visudo.c:
29461: o Move lock_file() and touch() into fileops.c so visudo can use them
29462: o Visudo now locks the sudoers temp file instead of bailing when the
29463: temp file already exists. This fixes the problem of stale temp files
29464: but it does *require* that you not try to put the temp file in a
29465: world-writable directory. This shoud not be an issue as the temp
29466: file should live in the same dir as sudoers. o Visudo now only
29467: installs the temp file as sudoers if it changed.
29468: [2517cd06c070]
29469:
29470: 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
29471:
29472: * logging.c:
29473: add fcntl locking
29474: [c304adeaf515]
29475:
29476: * config.h.in, configure, configure.in, logging.c:
29477: Lock the log file.
29478: [d8652704fbdf]
29479:
29480: * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
29481: visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
29482: o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
29483: temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
29484: -> _PATH_SUDOERS_TMP
29485: [68cad8975807]
29486:
29487: 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
29488:
29489: * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
29490: o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
29491: root sudo -V config reporting
29492: [cdd2613a9dcf]
29493:
29494: * configure, configure.in:
29495: aix_auth.o not authenticate.o
29496: [d972e35f6730]
29497:
29498: * config.h.in:
29499: Add --with-goodpri and --with-badpri configure options to specify
29500: the syslog priority to use.
29501: [2595ae50ab86]
29502:
29503: * INSTALL, configure, configure.in, logging.h:
29504: Add --with-goodpri and --with-badpri configure options to specify
29505: the syslog priority to use.
29506: [8276ee9b2b49]
29507:
29508: * compat.h:
29509: kill crufty AIX stuff
29510: [a4f35ef9854e]
29511:
29512: * Makefile.in:
29513: Sigh, some versions of make (like Solaris's) don't deal with $< like
29514: I would expect. Both GNU and BSD makes get this right but... So, we
29515: just expand $< inline at the cost of some ugliness.
29516: [b1b456f8801f]
29517:
29518: * version.c:
29519: If the invoking user is root, sudo will now print configure info in
29520: -V mode. Currently just prints logging info, to be expanded later.
29521: [392f7ed99267]
29522:
29523: * logging.c, logging.h, sudo.c, sudo.h:
29524: o new defines for syslog facility and priority o use new
29525: print_version() functino for -V mode
29526: [78abc5142985]
29527:
29528: * check.c:
29529: Don't need version.c
29530: [db9a830ad893]
29531:
29532: * aclocal.m4, config.h.in, configure, configure.in:
29533: Add check for syslog facilities and priorities tables in syslog.h
29534: [b86213e5fc5c]
29535:
29536: * Makefile.in:
29537: o authenticate -> aix_auth o add version.c
29538: [44b6b9a8d0f5]
29539:
29540: * auth/sudo_auth.c:
29541: Missed a prompt -> user_prompt conversion
29542: [e4c60b1f210c]
29543:
29544: 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
29545:
29546: * TODO:
29547: sudo should lock its logfile
29548: [6d2830b28b07]
29549:
29550: * parse.yacc, sudo.tab.c:
29551: o Add '!' correctly when expanding Aliases. o Add shortcut macros
29552: for append() to make things more readable. o The separator in
29553: append() is now a string instead of a char. o In append(), only
29554: prepend the separator if the last char is not a '!'. This is a hack
29555: but it greatly simplifies '!' handling. o In -l mode, Runas lists
29556: and NOPASSWD/PASSWD tags are now inherited across entries in a list
29557: (matches current behavior). o Fix formatting in -l mode such that
29558: items in a list are separated by a space. Greatlt improves
29559: readability. o Space for name field in struct aliasinfo is now
29560: allocated dyanically instead of using a (big) buffer. o In
29561: add_alias(), only search the list once (lsearch instead of lfind +
29562: lsearch)
29563: [51f7e07addb9]
29564:
29565: * lex.yy.c, sudo.tab.c, sudo.tab.h:
29566: regen
29567: [5c19bb05dc21]
29568:
29569: * configure, configure.in:
29570: Solais pam doesn't require anye xtra setup
29571: [a25ba03d91d1]
29572:
29573: * parse.yacc:
29574: o Simpler '!' support now that the lexer deals with multiple !'s for
29575: us. o In the case of opFOO, have FOO give a boolean return value and
29576: set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
29577: it gets fill()'d in parse.lex--fixes a small memory leak. In the
29578: long run it may be better to just fix parse.lex and make ALL back
29579: into a token. However, having it be a string is useful since it can
29580: be easily passed back to the parent rule if we so desire.
29581: [b3c64b443018]
29582:
29583: * parse.lex:
29584: o Remove some unnecessary backslashes o collapse multiple !'s by
29585: using !+ and checking if yyleng is even or odd. this allows us to
29586: simplify ! handling in parse.yacc
29587: [76330e8da8e3]
29588:
29589: * sudo.c:
29590: -u flag was being ignored
29591: [e30283207585]
29592:
29593: 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
29594:
29595: * Makefile.in:
29596: correct fix
29597: [a0e2377dec8f]
29598:
29599: * Makefile.in:
29600: work around pod2man stupididy
29601: [7c755640b67f]
29602:
29603: * Makefile.in:
29604: correct dependencies for .cat
29605: [5ed7b0653b68]
29606:
29607: * sudo.cat, sudo.man, visudo.cat, visudo.man:
29608: regen
29609: [b74510dd6a0a]
29610:
29611: * sudo.pod, visudo.pod:
29612: Add copyright Update to reality
29613: [188e9b046c15]
29614:
29615: * parse.c, sudo.c, sudo.h:
29616: rename validate() to the more descriptive sudoers_lookup()
29617: [7a1cb652f379]
29618:
29619: * auth/aix_auth.c:
29620: use tgetpass
29621: [b8ba5daec40a]
29622:
29623: 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
29624:
29625: * CHANGES:
29626: updates
29627: [e61460cdf4a0]
29628:
29629: * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
29630: configure, configure.in, sudo.c:
29631: Sudo, not CU Sudo
29632: [9061b3573c0c]
29633:
29634: * LICENSE:
29635: add 4th term to license similar to term 5 in the apache license
29636: [92712e895afb]
29637:
29638: * emul/search.h, emul/utime.h:
29639: add 4th term to license similar to term 5 in the apache license
29640: [4f93a8b9396e]
29641:
29642: * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
29643: auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
29644: auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
29645: auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
29646: logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
29647: pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
29648: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
29649: visudo.c:
29650: add 4th term to license similar to term 5 in the apache license
29651: [afae9f2bf9ec]
29652:
29653: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
29654: add 4th term to license similar to term 5 in the apache license
29655: [c389d3fdafac]
29656:
29657: * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
29658: getspwuid.c, goodpath.c:
29659: add 4th term to license similar to term 5 in the apache license
29660: [969e63dbd38e]
29661:
29662: * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
29663: insults.h, logging.c, sudo.c, sudo.h:
29664: there was a 1995 release too
29665: [5963fd89457a]
29666:
29667: 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
29668:
29669: * CHANGES:
29670: updates
29671: [254b794f16ab]
29672:
29673: * check.c:
29674: Use dirs instead of files for timestamp. This allows tty and non-
29675: tty schemes to coexist reasonably. Note, however, that when you
29676: update a tty ticket, the mtime on the user dir gets updated as well.
29677: [44bfac32f799]
29678:
29679: * configure, configure.in:
29680: Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
29681: when linking test program, not just -lprot. Also add check for
29682: getspnam(). The SCO docs indicate that /etc/shadow can be used but
29683: this may be a lie.
29684: [2ba21d36cc1e]
29685:
29686: 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
29687:
29688: * auth/API:
29689: first cut at auth API description
29690: [3d10df021eb8]
29691:
29692: 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
29693:
29694: * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
29695: auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
29696: auth/sudo_auth.h:
29697: auth API change. There is now an init method that gets run before
29698: the main loop. This allows auth routines to differentiate between
29699: initialization that happens once vs. setup that needs to run each
29700: time through the loop.
29701: [76df1c0d3478]
29702:
29703: * auth/kerb5.c, logging.c:
29704: use easprintf() and evasprintf()
29705: [fd97d96dc12f]
29706:
29707: * alloc.c, sudo.h:
29708: add easprintf() and evasprintf(), error checking versions of
29709: asprintf() and vasprintf()
29710: [f54385de20b7]
29711:
29712: * TODO:
29713: remove 2 items. One done, one won't do.
29714: [64513b47bc7a]
29715:
29716: * lex.yy.c, sudo.tab.c:
29717: regen
29718: [4aa299de2752]
29719:
29720: * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
29721: visudo.html, visudo.man:
29722: regen
29723: [553c0d1209be]
29724:
29725: * CHANGES:
29726: new changes
29727: [d7be00b7e36b]
29728:
29729: * sudo.pod:
29730: o Document -K flag and update meaning of -k flag. o BSD-style
29731: copyright o Document clearing of BIND resolver environment variables
29732: o Clarify bit about shared libs o suggest rc files create /tmp/.odus
29733: if your OS gives away files
29734: [4a4092be1455]
29735:
29736: * visudo.pod:
29737: BSD license
29738: [ad0bfd0a4630]
29739:
29740: * version.h:
29741: BSD-style copyright
29742: [ecc6479325be]
29743:
29744: * tgetpass.c:
29745: o BSD copyright o no need to block signals, we now do that in main()
29746: o cosmetic changes
29747: [61958beda7ab]
29748:
29749: * testsudoers.c, visudo.c:
29750: o BSD-style copyright o Use "struct sudo_user" instead of old
29751: globals. o some cometic cleanup
29752: [88c0c6924082]
29753:
29754: * sudo_setenv.c:
29755: BSD-style copyright
29756: [df20290129a0]
29757:
29758: * sudo.h:
29759: o BSD copyright o logging and parser bits moved to their own .h
29760: files o new "struct sudo_user" to encapsulate many of the old
29761: globals.
29762: [50fc86bf25cb]
29763:
29764: * sudo.c:
29765: o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
29766: logging routines o simplified flow of control o BIND resolver
29767: additions to badenv_table
29768: [8c53f15bfcb0]
29769:
29770: * strerror.c:
29771: BSD-style copyright
29772: [7c906c3a82ac]
29773:
29774: * snprintf.c:
29775: Now compiles on more K&R compilers
29776: [07ab1d3231c7]
29777:
29778: * putenv.c:
29779: BSD-style copyright, cosmetic changes
29780: [c42371295881]
29781:
29782: * pathnames.h.in:
29783: BSD-style copyright
29784: [e5c34ebd4cf1]
29785:
29786: * parse.c, parse.h, parse.lex, parse.yacc:
29787: BSD-style copyright. Move parser-specific defines and structs into
29788: parse.h + other cosmetic changes
29789: [d3088efb6228]
29790:
29791: * logging.h:
29792: defines for logging routines
29793: [13147941c02d]
29794:
29795: * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
29796: BSD-style copyright, cosmetic changes
29797: [e8205e91a4fa]
29798:
29799: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
29800: interfaces.h:
29801: BSD-style copyright
29802: [b9499da7cdce]
29803:
29804: * configure.in:
29805: o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
29806: kill --disable-tgetpass o add --without-passwd o changes to fill in
29807: AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
29808: v?asprintf() o replace --with-AuthSRV with --with-fwtk
29809: [9a3f39b9c128]
29810:
29811: * config.h.in:
29812: BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
29813: HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
29814: HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
29815: [9a09054db53a]
29816:
29817: * compat.h:
29818: BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
29819: [25509c566975]
29820:
29821: * alloc.c:
29822: BSD-style copyright
29823: [4967be892363]
29824:
29825: * TROUBLESHOOTING:
29826: no more --with-getpass
29827: [afd5b670c196]
29828:
29829: * TODO:
29830: Take out things I've done...
29831: [375420c8270e]
29832:
29833: * README:
29834: Refer to LICENSE
29835: [c486c8db30f6]
29836:
29837: * PORTING:
29838: --with-getpass no longer exists
29839: [db48202df1bb]
29840:
29841: * Makefile.in:
29842: BSD-style copyright. Update to reflect reality wrt new files and new
29843: auth modules.
29844: [61a2ca7940fb]
29845:
29846: * INSTALL:
29847: Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
29848: --without-passwd.
29849: [64e8f9e1c05e]
29850:
29851: * HISTORY:
29852: Update history a bit
29853: [df60c0a871b8]
29854:
29855: * COPYING, LICENSE:
29856: Now distributed under a BSD-style license
29857: [d1a184ccabe1]
29858:
29859: * auth/sudo_auth.c:
29860: o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
29861: options. o skey/opie replaced by rfc1938 code o new struct sudo_user
29862: global
29863: [891b57060868]
29864:
29865: * auth/pam.c, auth/sia.c:
29866: BSD-style copyright and use new log functions
29867: [65c44445ea84]
29868:
29869: * auth/kerb5.c:
29870: o BSD-style copyright o Use new log functiongs o Use asprintf() and
29871: snprintf() where sensible.
29872: [1ff0feaacf95]
29873:
29874: * check.c:
29875: Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
29876: done more reasonably--better sanity checks and tty-based stamps are
29877: now done as files in a directory with the same name as the invoking
29878: user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
29879: to mix tty and non-tty based ticket schemes but this may change in
29880: the future (it requires sudo to use a directory instead of a file in
29881: the non-tty case). Also, ``sudo -k'' now sets the ticket back to the
29882: epoch and ``sudo -K'' really deletes the file. That way you don't
29883: get the lecture again just because you killed your ticket in
29884: .logout. BSD-style copyright now.
29885: [ec3460f85be8]
29886:
29887: * logging.c:
29888: o rewritten logging routines. log_error() now takes printf-style
29889: varargs and log_auth() for the return value of validate(). o BSD-
29890: style copyright
29891: [438292025c4e]
29892:
29893: * auth.c, check_sia.c, dce_pwent.c, secureware.c:
29894: superceded by new auth API
29895: [412060590da7]
29896:
29897: * auth/kerb4.c:
29898: BSD-style copyright
29899: [cc4e800833c7]
29900:
29901: * auth/fwtk.c:
29902: Use snprintf() where it makes sense and add a BSD-style copyright
29903: [1b7502388a74]
29904:
29905: * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
29906: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
29907: BSD-style copyright
29908: [42583bedae5c]
29909:
29910: * emul/utime.h, utime.c:
29911: BSD-style copyright
29912: [3985c90aba47]
29913:
29914: * emul/search.h:
29915: this has been rewritten so use my BSD-style copyright
29916: [176df1b0de6f]
29917:
29918: 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
29919:
29920: * snprintf.c:
29921: include malloc.h if no stdlib.h
29922: [7b123f1d1d03]
29923:
29924: * snprintf.c:
29925: KTH snprintf()/asprintf() for systems w/o them
29926: [3ca9aefb9d01]
29927:
29928: * strerror.c:
29929: strerror() for systems w/o it
29930: [7f0bd8a1c1b4]
29931:
29932: 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
29933:
29934: * visudo.c:
29935: stylistic changes
29936: [6f99aceb7170]
29937:
29938: * parse.c, parse.lex, parse.yacc:
29939: Add contribution info in the main comment
29940: [e50cec10acd6]
29941:
29942: 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
29943:
29944: * auth/pam.c:
29945: remove missed ref to PAM_nullpw
29946: [a43e59692cdb]
29947:
29948: * auth/sudo_auth.h:
29949: pasto
29950: [891ff138ab89]
29951:
29952: * auth/kerb5.c:
29953: more or less complete now--still untested
29954: [21036732faa0]
29955:
29956: * auth/afs.c, auth/pam.c:
29957: don't use user_name macro, it will go away
29958: [def7cf727349]
29959:
29960: * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
29961: combine skey/opie code into rfc1938.c
29962: [44d88ca93d3e]
29963:
29964: * auth/dce.c, auth/sudo_auth.h:
29965: DCE authentication method; basically unchanged from dce_pwent.c
29966: [4d468473dd6f]
29967:
29968: * auth/aix_auth.c, auth/sudo_auth.h:
29969: AIX authenticate() support. Could probably be much better
29970: [000013321a33]
29971:
29972: * auth/sia.c:
29973: Fix an uninitialized variable and some cleanup. Now works (tested)
29974: [fd6ad88ff055]
29975:
29976: * auth/sia.c, auth/sudo_auth.h:
29977: SIA support for digital unix
29978: [5335f3e70eab]
29979:
29980: * auth/pam.c:
29981: don't use prompt global, it will go away
29982: [fadd22dd6ce4]
29983:
29984: * auth/secureware.c:
29985: correct copyright years
29986: [6aa07c49f51b]
29987:
29988: * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
29989: auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
29990: auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
29991: New authentication API and methods
29992: [9debe9b59c79]
29993:
29994: 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
29995:
29996: * sudo.tab.c:
29997: regen
29998: [84578e82c1a6]
29999:
30000: * parse.yacc:
30001: only save an entry if user_matches && host_matches, even if the
30002: stack is empty (fix for previous commit)
30003: [00984b078d8a]
30004:
30005: * sudo.tab.c:
30006: regen
30007: [66acf160b4b7]
30008:
30009: * parse.yacc:
30010: 1) Always save an entry on the stack if it is empty. This fixes the
30011: -l and -v flags that were broken by earlier parser changes.
30012:
30013: 2) In a Runas list, don't negate FALSE -> TRUE since that would make
30014: !foo match any time the user specified a runas user (via -u) other
30015: than foo.
30016: [f322eb54b015]
30017:
30018: * testsudoers.c:
30019: interfaces and num_interfaces are now auto, not extern
30020: [113add5c6518]
30021:
30022: 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
30023:
30024: * auth.c:
30025: use a static global to keep stae about empty passwords
30026: [bc02e30807d8]
30027:
30028: * check_sia.c:
30029: make PASSWORD_NOT_CORRECT logging consistent with other modules
30030: [21962549d5fd]
30031:
30032: 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
30033:
30034: * auth.c:
30035: PAM prompt code was wrong, looks like we have to kludge it after
30036: all.
30037: [91f246155ead]
30038:
30039: * auth.c:
30040: In the PAM code, when a user hits return at the first password
30041: prompt, exit without a warning just like the normal auth code
30042: [918f59bacdb7]
30043:
30044: * configure, configure.in:
30045: kludge around cross-compiler false positives
30046: [5e5fc8356400]
30047:
30048: * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
30049: New (correct) PAM code Tgetpass now takes an echo flag for use with
30050: PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
30051: useless umask setting Change error from BAD_ALLOCATION ->
30052: BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
30053: for consistency
30054: [e71397f09dd8]
30055:
30056: * sudo.c:
30057: Some -Wall and kill some trailing spaces
30058: [8229b43d5c4e]
30059:
30060: * configure.in:
30061: define -D__EXTENSIONS__ for solaris so we get crypt() proto
30062: [7533e4436cab]
30063:
30064: 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
30065:
30066: * RUNSON:
30067: add Dynix 4.4.4
30068: [b69f773efbce]
30069:
30070: * INSTALL, config.h.in, configure, configure.in:
30071: for kerberos V < version, fall back on old kerb4 auth code
30072: [d685ed3a1d8e]
30073:
30074: * INSTALL:
30075: clarify some things
30076: [2f5ba2e8e53a]
30077:
30078: * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
30079: typos
30080: [8925a109c093]
30081:
30082: 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
30083:
30084: * sudo.c:
30085: mention why DONT_LEAK_PATH_INFO is not the default
30086: [0346260cb4ec]
30087:
30088: 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
30089:
30090: * tgetpass.c:
30091: Fix open(2) return value checking, was NULL for fopen, should be -1
30092: for open
30093: [355878bf6d8a]
30094:
30095: * configure:
30096: regen
30097: [68bf82871862]
30098:
30099: * configure.in:
30100: better wording for solaris pam notice
30101: [04e88c7a6c42]
30102:
30103: * CHANGES:
30104: document recent changes
30105: [7c922c5622ef]
30106:
30107: * TROUBLESHOOTING:
30108: Update shadow password section
30109: [e8448bae7d66]
30110:
30111: * auth.c:
30112: move authentication code from check.c to auth.c
30113: [e9f6ecae2399]
30114:
30115: * Makefile.in, check.c, sudo.h:
30116: move authentication code to auth.c
30117: [124cded85f46]
30118:
30119: 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
30120:
30121: * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
30122: getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
30123: logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
30124: sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
30125: visudo.c:
30126: Move interface-related defines to interfaces.h so we don't have to
30127: include <netinet/in.h> everywhere.
30128: [e7599d8ea0bf]
30129:
30130: 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
30131:
30132: * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
30133: parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
30134: o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
30135: turns out the old DES crypt does the right thing with passwords
30136: longert than 8 characters. o Fix common typo (necesary -> necessary)
30137: o Update TODO list
30138: [ad75007a6f13]
30139:
30140: 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
30141:
30142: * sudo.c:
30143: set $LOGNAME when we set $USER
30144: [391596210fd7]
30145:
30146: 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
30147:
30148: * INSTALL:
30149: add comment about digital unix and interfaces.c warning with gcc
30150: [e20f815901cc]
30151:
30152: 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
30153:
30154: * sample.sudoers:
30155: use modern paths and give examples for some of the new parser
30156: features
30157: [e7b2e507c695]
30158:
30159: 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
30160:
30161: * parse.c:
30162: fix comment
30163: [5eb0d005a65f]
30164:
30165: * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
30166: getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
30167: parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
30168: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
30169: Function names should be flush with the start of the line so they
30170: can be found trivially in an editor and with grep
30171: [3c400abde574]
30172:
30173: * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
30174: sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
30175: free(3) is already void, no need to cast it
30176: [6981e1ebda0f]
30177:
30178: * logging.c, sudo.c, sudo.h:
30179: catch case where cmnd_safe is not set (this should not be possible)
30180: [3e1e3038546c]
30181:
30182: * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
30183: testsudoers.c, visudo.c:
30184: Stash the "safe" path (ie: the one listed in sudoers) to the command
30185: instead of stashing the struct stat. Should be safer.
30186: [aa2883fcf57e]
30187:
30188: 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
30189:
30190: * INSTALL, Makefile.in, UPGRADE:
30191: notes on updating from an earlier release
30192: [df9fffa4ab2c]
30193:
30194: * CHANGES:
30195: updated
30196: [574f5065d15a]
30197:
30198: 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
30199:
30200: * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
30201: sudoers.man, sudoers.pod:
30202: You can now specifiy a host list instead of just a host or alias.
30203: Ie: user = host1,host2,ALIAS,!host3 my_command now works.
30204: [e3942bb78021]
30205:
30206: * testsudoers.c:
30207: Quiet -Wall
30208: [a3edc8b08c3a]
30209:
30210: * parse.yacc, sudo.tab.c:
30211: Move the push from the beginning of cmndspec to the end. This means
30212: we no longer have to do a push at the end of privilege, just reset
30213: some values.
30214: [8ea66e5860c6]
30215:
30216: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
30217: runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
30218: use "!" most everywhere
30219: [aadae4d1c9d5]
30220:
30221: 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
30222:
30223: * sudoers.pod:
30224: modernize paths and update su example based on sample.sudoers one
30225: [3f6a37e16c83]
30226:
30227: * sample.sudoers:
30228: New runas semantics
30229: [756ee92865b7]
30230:
30231: * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
30232: strdup.c, sudo.h:
30233: In estrdup(), do the malloc ourselves so we don't need to rely on
30234: the system strdup(3) which may or may not exist. There is now no
30235: need to provide strdup() for those w/o it. Also, the prototype for
30236: estrdup() was wrong, it returns char * and its param is const.
30237: [5f1f984da8e3]
30238:
30239: * getcwd.c:
30240: $Sudo tag
30241: [e4188a35e68c]
30242:
30243: * check.c:
30244: buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
30245: [2aec87c86cde]
30246:
30247: * CHANGES, TODO, parse.yacc, sudo.tab.c:
30248: It is now possible to use the '!' operator in a runas list as well
30249: as in a Cmnd_Alias, Host_Alias and User_Alias.
30250: [a4fdaabda990]
30251:
30252: * logging.c, sudo.h:
30253: Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
30254: [73d0376785ae]
30255:
30256: * sudo.h:
30257: Definitions of *_matched were wrong--user top, not top-2 as
30258: subscript.
30259: [5f8350a57362]
30260:
30261: * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
30262: Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
30263: command but the NOPASSWD flag was set. Make runasspec, runaslist,
30264: runasuser, and nopasswd typeless in parse.yacc Add support for '!'
30265: in the runas list Fix double printing of '%' and '+' for groups and
30266: netgroups respectively Add *_matched macros (no need for local stack
30267: variable). Should only be used directly after a pop (since top must
30268: be >= 2).
30269: [392b1400c4e6]
30270:
30271: * aclocal.m4, configure.in:
30272: Add copyright, somewhat silly
30273: [55c2cdd82dca]
30274:
30275: 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
30276:
30277: * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
30278: compat.h, config.h.in, configure, configure.in, dce_pwent.c,
30279: emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
30280: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
30281: lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
30282: putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
30283: sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
30284: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
30285: visudo.man:
30286: Crank version to 1.6 and combine copyright statements
30287: [0e1c791658ae]
30288:
30289: * sample.sudoers:
30290: Use ! not ^ to do negation
30291: [1480a0761730]
30292:
30293: * lex.yy.c, sudo.tab.c:
30294: regen
30295: [89ca5a46684b]
30296:
30297: * parse.lex, parse.yacc:
30298: Make runas and NOPASSWD tags persistent across entris in a command
30299: list. Add a PASSWD tag to reverse NOPASSWD. When you override a
30300: runas or *PASSWD tag the value given becomes the new default for the
30301: rest of the command list.
30302: [f1bbb4066542]
30303:
30304: 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
30305:
30306: * CHANGES, RUNSON:
30307: update for 1.5.9
30308: [a1ae9d4a7d54] [SUDO_1_5_9]
30309:
30310: * visudo.c:
30311: Shift return value of system(3) by 8 to get real exit value and if
30312: it is not 1 or 0 print the retval along with the error message.
30313: [c1ff50d743fb]
30314:
30315: 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
30316:
30317: * Makefile.in:
30318: testsudoers needs LIBOBJS too
30319: [972571b4e4bf]
30320:
30321: * parse.c, parse.yacc, sudo.tab.c:
30322: Fix another parser bug. For a sudoers entry like this: millert
30323: ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
30324: as root.
30325: [51968e1eb33d]
30326:
30327: * CHANGES:
30328: new change
30329: [271c6110bb62]
30330:
30331: * parse.yacc, sudo.tab.c:
30332: Save entries that match a ! command on the matching stack too
30333: [5afb5107116c]
30334:
30335: * sudo.c:
30336: Make sudo's usage info better when mutually exclusive args are given
30337: and don't rely on argument order to detect this; nick@zeta.org.au
30338: [2422753c88fd]
30339:
30340: 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
30341:
30342: * CHANGES, Makefile.in, RUNSON:
30343: updates from CU
30344: [b37381e3dafb]
30345:
30346: * Makefile.in:
30347: use gzip
30348: [94a64e52a166]
30349:
30350: * parse.yacc, sudo.tab.c:
30351: Fix off by one error introduced in *alloc changes
30352: [95ede581153a]
30353:
30354: * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
30355: check_sia.c, compat.h, config.h.in, configure, configure.in,
30356: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
30357: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
30358: interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
30359: pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
30360: sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
30361: sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
30362: visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
30363: ++version
30364: [c6d88f024e37]
30365:
30366: * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
30367: interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
30368: putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
30369: sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
30370: Use emalloc/erealloc/estrdup
30371: [44221d97361a]
30372:
30373: * alloc.c:
30374: error checking memory allocation routines
30375: [5f8c1e7bbc71]
30376:
30377: * parse.yacc, sudo.tab.c:
30378: Still not right, this fixes it for real
30379: [ad553b6f5339]
30380:
30381: * parse.yacc, sudo.tab.c:
30382: Fix for previous commit
30383: [4d6f989f9bf2]
30384:
30385: * CHANGES, INSTALL, parse.yacc:
30386: Fix a parser bug that was exposed when mixing different runas specs
30387: and ! commands. For example: millert ALL=(daemon)
30388: /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
30389: as well as daemon when it should just allow daemon. The problem was
30390: that comma-separated commands in a list shared the same entry on the
30391: matching stack. Now they get their own entry iff there is a full
30392: match. It may be better to just make the runas spec persistent
30393: across all commands in a list like the user and host entries of the
30394: matching stack. However, since that is a fairly major change it
30395: should gets its own minor rev increase.
30396: [c4b939cdcc8e]
30397:
30398: 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
30399:
30400: * check.c, config.h.in:
30401: Simplify PAM code and fix a PAM-related warning on Linux
30402: [2468399523b6]
30403:
30404: 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
30405:
30406: * CHANGES:
30407: updates
30408: [29d4a997769c]
30409:
30410: * sample.sudoers:
30411: better su entry
30412: [76d8285a72ba]
30413:
30414: * configure:
30415: regen
30416: [b7450cc6975d]
30417:
30418: * check.c, configure.in:
30419: new pam code that works on solaris, should work on linux too;
30420: aelberg@home.com
30421: [84c16c0ff259]
30422:
30423: 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
30424:
30425: * RUNSON:
30426: more entries
30427: [b6bef8660759]
30428:
30429: * config.h.in:
30430: only include strings.h if there is no string.h
30431: [b66054a32b00]
30432:
30433: 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
30434:
30435: * config.guess:
30436: Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
30437: [c086d2fe63af]
30438:
30439: 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
30440:
30441: * sudo.c:
30442: shost must be set before log functions are called #ifdef HOST_IN_LOG
30443: [d49a7944358f]
30444:
30445: 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
30446:
30447: * CHANGES, lex.yy.c, parse.lex:
30448: Fix a bug wrt quoting characters in command args. Stop processing an
30449: arg when you hit a backslash so the quoted-character detection can
30450: catch it.
30451: [2281438d7f41]
30452:
30453: 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
30454:
30455: * interfaces.c:
30456: include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
30457: [31118a9e9916]
30458:
30459: 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
30460:
30461: * configure, configure.in:
30462: add missing case statement so --without-sendmail works
30463: [ca25614f7dd9]
30464:
30465: 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
30466:
30467: * CHANGES:
30468: more
30469: [4d70e44f7f93]
30470:
30471: 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
30472:
30473: * configure, configure.in:
30474: only search for -lsun in irix <= 4.x
30475: [e604238317b1]
30476:
30477: * configure, configure.in:
30478: back out last configure.in change now that I've hacked autoconf to
30479: fix the real problem and add a missing newline
30480: [2dabf59a79b5]
30481:
30482: * CHANGES:
30483: updated
30484: [bb35d526552f]
30485:
30486: * getcwd.c:
30487: add def of dirfd() for those without it
30488: [95f0173d8441]
30489:
30490: * configure, configure.in:
30491: When falling back to checking for socket() when linking with
30492: "-lsocket -lnsl" check for main() instead since autoconf has already
30493: cached the results of checking for socket() in -lsocket. This is
30494: really an autoconf bug as it should use the extra libs as part of
30495: the cache variable name.
30496: [a845f8b710ad]
30497:
30498: * configure.in:
30499: typo
30500: [a7d62f62a478]
30501:
30502: 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
30503:
30504: * configure.in:
30505: fix occurrence of $with_timeout that should be
30506: $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
30507: bochum.de
30508: [8c4da2cf73d1]
30509:
30510: 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
30511:
30512: * sudo.cat, sudo.html, sudo.man, sudo.pod:
30513: fix grammar; espie@openbsd.org
30514: [7031d9dfbc3e] [SUDO_1_5_8]
30515:
30516: 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
30517:
30518: * parse.yacc, sudo.c, testsudoers.c:
30519: add cast for strdup in places it does not have it
30520: [7ce4478d3b0f]
30521:
30522: 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
30523:
30524: * configure, configure.in:
30525: define for_BSD_TYPES irix
30526: [858337ff4af8]
30527:
30528: 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
30529:
30530: * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
30531: Make it clear that it is the user's password, not root's, that we
30532: want.
30533: [ae0f51b35ee4]
30534:
30535: * check.c, sudo.h:
30536: If the user enters an empty password and really has no password,
30537: accept the empty password they entered. Perviously, they could enter
30538: anything
30539: *but* an empty password. Also, add GETPASS macro that calls either
30540: tgetpass() or getpass() depending on how sudo was configured.
30541: Problem noted by jdg@maths.qmw.ac.uk
30542: [2fde21ce94c1]
30543:
30544: 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
30545:
30546: * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
30547: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
30548: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
30549: interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
30550: pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
30551: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
30552: visudo.c:
30553: add explicate copyright
30554: [d3b4449834a5]
30555:
30556: * CHANGES:
30557: mention -lsocket, -lnsl configure changes
30558: [9140af4ad8ae]
30559:
30560: 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
30561:
30562: * sudo.c:
30563: Don't clobber errno after calling check_sudoers().
30564: [59bd581b2654]
30565:
30566: 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
30567:
30568: * configure, configure.in:
30569: When linking with both -lsocket and -lnsl be sure to do so in that
30570: order. Also, when we can't find socket() or inet_addr() and have to
30571: try linking with both libs, issue a warning.
30572: [0ee547163067]
30573:
30574: * sudo.cat, sudo.man, sudo.pod:
30575: clarify bad timestamp and fmt
30576: [70e42cf56c75]
30577:
30578: 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
30579:
30580: * INSTALL, RUNSON:
30581: be clear that pam is linux-only and add a RUNSON entry
30582: [7fdeab875e0d]
30583:
30584: 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
30585:
30586: * CHANGES, INSTALL, configure, configure.in:
30587: fix and correctly document --with-umask; problem noted by
30588: adap@adap.org
30589: [11cd0481d63a]
30590:
30591: 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
30592:
30593: * configure, configure.in:
30594: only use /usr/{man,catman}/local to store man pages if suer didn't
30595: override prefix or mandir
30596: [781ad2cbe9be]
30597:
30598: * INSTALL, configure, configure.in:
30599: fix typo, make --with-SecurID take an arg
30600: [026a9b4014fc]
30601:
30602: 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
30603:
30604: * RUNSON:
30605: updates from users
30606: [2286982b31e6]
30607:
30608: * CHANGES, INSTALL, check.c, configure, configure.in:
30609: FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
30610: [23aa4e5c6b02]
30611:
30612: * configure, configure.in:
30613: better fix for the problem of unresolved symbols in -lnsl or
30614: -lsocket
30615: [82fe70fc287f]
30616:
30617: * configure, configure.in:
30618: when checking for functions in -lnsl and -lsocket link with both of
30619: them to avoid unresolved symbols on some weirdo systems
30620: [1734a591808e]
30621:
30622: 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
30623:
30624: * BUGS, CHANGES, RUNSON, TODO:
30625: old changes that didn't make it into RCS before the RCS->CVS switch
30626: [846eb2b8f9aa]
30627:
30628: 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
30629:
30630: * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
30631: configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
30632: getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
30633: ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
30634: lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
30635: secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
30636: sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
30637: visudo.pod:
30638: add sudo tags
30639: [962f81eaa5ab]
30640:
30641: * sudo.h:
30642: testing Sudo tag
30643: [e84cbc521129]
30644:
30645: * version.h:
30646: testing Sudo tag
30647: [a8c3a3998b88]
30648:
30649: * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
30650: config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
30651: find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
30652: ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
30653: logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
30654: secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
30655: sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
30656: utime.c, version.h, visudo.c, visudo.cat, visudo.man:
30657: crank version and regen files
30658: [23eacf00a1a4]
30659:
30660: * Makefile.in:
30661: kill rcs goop in update_version and fix now that version is a const
30662: [e6e50bd8d1e1]
30663:
30664: * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
30665: sudo.c, sudo.h, sudo.pod:
30666: kerb5 support from fcusack@iconnet.net
30667: [8134027986e2]
30668:
30669: * realpath.c, sudo_realpath.c:
30670: we no longer use realpath
30671: [0f5f64abc646]
30672:
30673: * qualify.c:
30674: replaced by find_path.c
30675: [9e32a87e09c4]
30676:
30677: * options.h:
30678: all options are now configure flags
30679: [ee6bd9610102]
30680:
30681: * lex.yy.c:
30682: regen
30683: [bdbf8a18161f]
30684:
30685: * getwd.c:
30686: superceded by getcwd.c
30687: [1e54ee0990b4]
30688:
30689: * getpass.c:
30690: superceded by tgetpass.c
30691: [4e0d1edc30e3]
30692:
30693: * SUPPORTED:
30694: superceded by RUNSON
30695: [854c5a21cb53]
30696:
30697: * OPTIONS:
30698: No longer used now that we have configure options for everything.
30699: [9b1ae1c89259]
30700:
30701: * configure:
30702: regen based on configure.in
30703: [3a4d73936973]
30704:
30705: * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
30706: sudoers.man, visudo.cat, visudo.html, visudo.man:
30707: regen based on sudo.pod, sudoers.pod, and visudo.pod
30708: [c267beb90778]
30709:
30710: 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
30711:
30712: * check.c:
30713: fix tty tickets in remove_timestamp (didn't use ':')
30714: [fd964a74a32b]
30715:
30716: 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
30717:
30718: * interfaces.c:
30719: close sock when we are done with it
30720: [95de0380f8a4]
30721:
30722: 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
30723:
30724: * parse.yacc:
30725: never say "error on line -1"
30726: [361db1491121]
30727:
30728: 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
30729:
30730: * configure.in:
30731: check for -lnsl before -lsocket
30732: [8e966d6bbcb5]
30733:
30734: * configure.in:
30735: quote '[', ']' used in ranges correctly
30736: [fa4f9c6ff651]
30737:
30738: 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
30739:
30740: * config.h.in:
30741: add missing NO_ROOT_SUDO noted by drno@tsd.edu
30742: [c969f25d1667]
30743:
30744: 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
30745:
30746: * version.h:
30747: 1.5.7
30748: [7a22de0bc148]
30749:
30750: * INSTALL:
30751: more info for 1.5.7
30752: [30ad9e784799]
30753:
30754: * README:
30755: update for 1.5.7
30756: [cd03a0a27cd2]
30757:
30758: * parse.yacc:
30759: make increases of cm_list_size and ga_list_size be similar to
30760: increases of stacksize (ie: >= not > in initial compare).
30761: [6bd450a896c7]
30762:
30763: * parse.yacc:
30764: when we get a syntax error, report it for the previous line since
30765: that's generally where the error occurred.
30766: [c4ac84058f0b]
30767:
30768: 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
30769:
30770: * config.h.in, configure.in, interfaces.c:
30771: add back check for sys/sockio.h but only use it if SIOCGIFCONF is
30772: not defined
30773: [d197f31fd1e4] [SUDO_1_5_7]
30774:
30775: * config.h.in:
30776: define BSD_COMP for svr4
30777: [87ac1147ff79]
30778:
30779: * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
30780: goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
30781: parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
30782: testsudoers.c, tgetpass.c, utime.c, visudo.c:
30783: more -Wall
30784: [d98e2d32db2a]
30785:
30786: * configure.in:
30787: kill check for sockio,h
30788: [4399779014c1]
30789:
30790: * config.h.in:
30791: no more HAVE_SYS_SOCKIO_H
30792: [67484528e347]
30793:
30794: * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
30795: goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
30796: parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
30797: testsudoers.c, tgetpass.c, utime.c, visudo.c:
30798: -Wall
30799: [2b7e83976788]
30800:
30801: 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
30802:
30803: * sudo.c:
30804: add missing inform_user()
30805: [8689528c6d55]
30806:
30807: 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
30808:
30809: * find_path.c:
30810: return NOT_FOUND if given fully qualified path and it does not exist
30811: previously it would perror(ENOENT) which bypasses the option to not
30812: leak path info
30813: [ccbc3d0130ae]
30814:
30815: * configure.in:
30816: for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
30817: -ldes
30818: [c77d3b484ece]
30819:
30820: 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
30821:
30822: * INSTALL:
30823: tty tickets are user:tty now
30824: [a53a303a614d]
30825:
30826: * check.c:
30827: when using tty tickets make it user:tty not user.tty as a username
30828: could have a '.' in it
30829: [3160b3f5c890]
30830:
30831: 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
30832:
30833: * sudo.c:
30834: add "ignoring foo found in ." for auth successful case
30835: [24257169e0bd]
30836:
30837: 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
30838:
30839: * sudo.c:
30840: add missing printf param
30841: [8c905124f777]
30842:
30843: 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
30844:
30845: * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
30846: go back to printing "command not found" unless --disable-path-info
30847: specified. Also, tell user when we ignore '.' in their path and it
30848: would have been used but for --with-ignore-dot.
30849: [066e118c11e4]
30850:
30851: * check.c, sudo.c:
30852: Only one space after a colon, not two, in printf's
30853: [38452f4c8007]
30854:
30855: 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
30856:
30857: * sudo.pod:
30858: document setting $USER
30859: [80557fe6aede]
30860:
30861: * check.c:
30862: fix bugs with prompt expansion
30863: [44c4fca5f009]
30864:
30865: * sudo.c:
30866: set $USER for root too
30867: [4b525e1c6269]
30868:
30869: 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
30870:
30871: * getspwuid.c:
30872: typo
30873: [5107446f43e0]
30874:
30875: * configure.in:
30876: HP-UX's iscomsec is in -lsec, not libc
30877: [03c9f700b795]
30878:
30879: * configure.in:
30880: remove some entries in the OS case statement that did nothing
30881: [ea96e7e0f624]
30882:
30883: * TROUBLESHOOTING:
30884: add "cd" section and flush out syslog section
30885: [5107f7363b78]
30886:
30887: * Makefile.in:
30888: no more sudo-lex.yy.c
30889: [ed50826efbbc]
30890:
30891: * check_sia.c:
30892: add custom prompt support
30893: [6a285cea10b7]
30894:
30895: * testsudoers.c:
30896: kill perror("malloc") since we already have a good error messages
30897: pw_ent -> pw for brevity
30898: [eee31052921e]
30899:
30900: * sudo.c:
30901: kill perror("malloc") since we already have a good error messages
30902: pw_ent -> pw for brevity set $USER if -u specified
30903: [9f3753461f8a]
30904:
30905: * parse.yacc:
30906: kill perror("malloc") since we already have a good error messages
30907: [849459088ac3]
30908:
30909: * parse.c:
30910: kill perror("malloc") since we already have a good error messages
30911: pw_ent -> pw for brevity when checking if %group matches, look up
30912: user in password file so that %groups works in a RunAs spec.
30913: [0489b4ecc59a]
30914:
30915: * logging.c:
30916: kill perror("malloc") since we already have a good error messages
30917: [3191a18b3526]
30918:
30919: * check.c, getspwuid.c, interfaces.c:
30920: kill perror("malloc") since we already have a good error messages
30921: pw_ent -> pw for brevity
30922: [7193fdb38cf9]
30923:
30924: 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
30925:
30926: * tgetpass.c:
30927: the prompt is expanded before tgetpass is called
30928: [0f408f508041]
30929:
30930: * sudo.h:
30931: tgetpass now has the same args as getpass again
30932: [b6778cd9d79f]
30933:
30934: * getspwuid.c:
30935: add iscomsec, issecure support
30936: [007be7ec7ae7]
30937:
30938: * check.c:
30939: we now expand any %h or %u in the prompt before passing to tgetpass
30940: [f3db8c9ee387]
30941:
30942: * configure.in:
30943: add check for syslog(3) in -lsocket, -lnsl, -linet
30944: [5a96f902ce00]
30945:
30946: * config.h.in:
30947: add HAVE_ISCOMSEC and HAVE_ISSECURE
30948: [f640b0d4cf05]
30949:
30950: * configure.in:
30951: add check for iscomsec in HP-UX
30952: [b28b249040f0]
30953:
30954: * configure.in:
30955: check for issecure if we have getpwanam on SunOS some options are
30956: incompatible with DUNIX SIA check for dispcrypt on DUNIX
30957: [a49d05d9c913]
30958:
30959: 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
30960:
30961: * config.h.in:
30962: add HAVE_DISPCRYPT
30963: [7376d543d8d6]
30964:
30965: * secureware.c:
30966: add back support for non-dispcrypt based checking for older DUNIX
30967: [977b98e936be]
30968:
30969: * INSTALL:
30970: sia changes
30971: [c5387c06e30f]
30972:
30973: * configure.in:
30974: SIA becomes the default on Digital UNIX now havbe --disable-sia to
30975: turn it off...
30976: [3b647558ea13]
30977:
30978: * check.c:
30979: move local includes after system ones
30980: [b2abad4c4aef]
30981:
30982: 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
30983:
30984: * check.c, check_sia.c, sudo.h:
30985: add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
30986: stderr
30987: [547cbf299661]
30988:
30989: * check_sia.c:
30990: fix while loop in sia_attempt_auth() that checks the password. Only
30991: the first iteration was working.
30992: [1886fd1ac831]
30993:
30994: 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
30995:
30996: * aclocal.m4:
30997: don't trust UID_MAX or MAXUID
30998: [2aeddb1654d8]
30999:
31000: * configure.in:
31001: fix two pastos
31002: [c18f0a10b75d]
31003:
31004: * configure.in:
31005: fix typo
31006: [1eb3190ef12d]
31007:
31008: * getspwuid.c, secureware.c:
31009: init crypt_type to INT_MAX since it is legal to be negative in DUNX
31010: 5.0
31011: [cefbde04822d]
31012:
31013: * configure.in:
31014: for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
31015: -ldb since DUNX < 4.0 lacks it
31016: [e6b11d971068]
31017:
31018: 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
31019:
31020: * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
31021: secureware.c, sudo.c, tgetpass.c:
31022: getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
31023: minutes if the shadow files don't exist).
31024: [2f297d095004]
31025:
31026: 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
31027:
31028: * INSTALL:
31029: updated --with-editor blurb
31030: [77d8a3ea7328]
31031:
31032: * TROUBLESHOOTING:
31033: tell how to put sudoers in a different dir
31034: [456cd20eb1d0]
31035:
31036: * configure.in:
31037: add missing quotes around $with_editor
31038: [22881748ab1b]
31039:
31040: * configure.in:
31041: typo in --with-editor bits
31042: [ab6964580681]
31043:
31044: * INSTALL:
31045: I don't expect it to work on Solaris
31046: [1c2fceaaf56e]
31047:
31048: * check.c:
31049: add back security/pam_misc.h
31050: [6ffd30033c1e]
31051:
31052: 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
31053:
31054: * INSTALL:
31055: remove dunix note since configure checks for this now
31056: [e9904512b8e8]
31057:
31058: * configure.in:
31059: add check for broken dunix prot.h (4.0 < 4.0D is bad)
31060: [8a4c1e6aef3b]
31061:
31062: * getspwuid.c, secureware.c, tgetpass.c:
31063: new dunix shadow code, use dispcrypt(3)
31064: [1b936bc7268c]
31065:
31066: * config.h.in:
31067: add HAVE_INITPRIVS
31068: [4369f4c4f914]
31069:
31070: * sudo.c:
31071: call initprivs() if we have it for getprpwuid later on
31072: [11cf5915d826]
31073:
31074: * Makefile.in:
31075: clean pathnames.h too
31076: [5f1df3262613]
31077:
31078: * configure.in:
31079: quote "Sorry, try again." with [] since it has a comma in it set
31080: LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
31081: getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
31082: initprivs later.
31083: [e226b0a3f250]
31084:
31085: * INSTALL:
31086: update Digital UNIX note about acl.h
31087: [80132b71d73a]
31088:
31089: * INSTALL:
31090: add --with-sia
31091: --without-root-sudo -> --disable-root-sudo some reordering
31092: [198386358818]
31093:
31094: * secureware.c:
31095: add whitespace
31096: [4aadaf1a54b0]
31097:
31098: * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
31099: add SIA support
31100: [fa3ddbb9cc51]
31101:
31102: * check_sia.c:
31103: Initial revision
31104: [2968551d40e4]
31105:
31106: 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
31107:
31108: * configure.in:
31109: when checking for -lsocket, -lnsl, and -linet, check for the
31110: specific functions we need from them.
31111: [8d33e64362a3]
31112:
31113: * config.h.in, sudo.h:
31114: move Syslog_* defs into sudo.h
31115: [03d1774f25c7]
31116:
31117: * Makefile.in, sudo.h:
31118: added check_secureware
31119: [e46e3cbb9a97]
31120:
31121: * configure.in:
31122: finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
31123: [dbefe1856503]
31124:
31125: * insults.h:
31126: don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
31127: defined. configure now does that for us
31128: [e4520ea0581f]
31129:
31130: * configure.in:
31131: move some --with options around change a bunch of echo's to
31132: AC_MSG_CHECKING, AC_MSG_RESULT pairs
31133: [ffdf6869fdd7]
31134:
31135: * configure.in:
31136: change $with_foo-bar -> $with_foo_bar kill extra " that caused a
31137: syntax error add some echo verbage
31138: [3278c49bf74b]
31139:
31140: 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
31141:
31142: * check.c:
31143: moved SecureWare stuff into secureware.c
31144: [42d3d3ac35dc]
31145:
31146: * secureware.c:
31147: Initial revision
31148: [aa7f72a249cf]
31149:
31150: * INSTALL:
31151: update url to solaris gcc bins
31152: [36a3eb668777]
31153:
31154: * INSTALL:
31155: change option formatter and flesh out someentries
31156: [6fbd1db4a8ad]
31157:
31158: * TROUBLESHOOTING, sudo.pod, visudo.pod:
31159: environmental variable -> environment variable
31160: [6f14d708e32d]
31161:
31162: * BUGS:
31163: everything is now done via configure
31164: [c217858f58ab]
31165:
31166: * README:
31167: prev rev was 1.5.6
31168: [7b4177103c35]
31169:
31170: * Makefile.in:
31171: passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
31172: [31c6b0a5e0e2]
31173:
31174: * config.h.in:
31175: SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
31176: [d406a1ef6d25]
31177:
31178: * Makefile.in:
31179: merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
31180: sudoers_mode from configure
31181: [1c509500655a]
31182:
31183: * configure.in:
31184: SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
31185: the Makefile, not config.h
31186: [d4482f1492fe]
31187:
31188: * INSTALL:
31189: document all --with/--enable options
31190: [22d81b312d7f]
31191:
31192: 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
31193:
31194: * insults.h:
31195: options.h is no more
31196: [560946a33f7f]
31197:
31198: * config.h.in:
31199: assimilated options.h
31200: [dd8ce74613c1]
31201:
31202: * configure.in:
31203: moved options from options.h to configure
31204: [d39662f71b4e]
31205:
31206: * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
31207: logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
31208: sudo_setenv.c, visudo.c:
31209: no more options.h
31210: [43924bf0858d]
31211:
31212: * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
31213: remove references to options.h
31214: [ef3474295395]
31215:
31216: * dce_pwent.c, interfaces.c, sudo.c:
31217: kill sys/time.h
31218: [4d833f0034e4]
31219:
31220: * tgetpass.c:
31221: if select return < -1 still prompt for pw
31222: [e0009e5c93a2]
31223:
31224: * options.h:
31225: convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
31226: configure options
31227: [e60a1e546516]
31228:
31229: * parse.c:
31230: FAST_MATCH is no longer an optino
31231: [c448dbb3464b]
31232:
31233: * check.c:
31234: remove_timestamp() if timestamp is preposterous
31235: [70d9a86c6ecd]
31236:
31237: * options.h:
31238: convert more options to --with/--enable
31239: [34646d9b09dc]
31240:
31241: * INSTALL, aclocal.m4:
31242: logfile -> logpath
31243: [42de502bc637]
31244:
31245: * configure.in:
31246: convert more options into --with and --enable
31247: [92d0898c9844]
31248:
31249: * tgetpass.c:
31250: catch EINTR in select and restart
31251: [f045d2f234d7]
31252:
31253: * logging.c:
31254: sys/errno -> errno
31255: [7f0c5beab6f2]
31256:
31257: 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
31258:
31259: * sudo.c:
31260: UMASK -> SUDO_UMASK.
31261: [48f308661514]
31262:
31263: * check.c, logging.c:
31264: time.h, not sys/time.h
31265: [91de049c79e4]
31266:
31267: 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
31268:
31269: * logging.c:
31270: MAILER -> _PATH_SENDMAIL
31271: [df65d6896639]
31272:
31273: * INSTALL, configure.in:
31274: no more --with-C2, now it is --disable-shadow
31275: [18bfcab3b9ab]
31276:
31277: * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
31278: getspwuid.c, sudo.c, tgetpass.c:
31279: new shadow password scheme. Always include shadow support if the
31280: platform supports it and the user did not disable it via configure
31281: [2135d93bb4a9]
31282:
31283: 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
31284:
31285: * configure.in:
31286: --with-getpass -> --{enable,disable}-tgetpass
31287: [451b33fdd4c7]
31288:
31289: * Makefile.in:
31290: pathnames.h -> pathnames.h.in
31291: [b109022eca69]
31292:
31293: * check.c:
31294: fix version string
31295: [761b25c314ea]
31296:
31297: * check.c:
31298: move pam_conv to be static to auth function remove pam_misc.h
31299: (solaris doesn't have one)
31300: [a682e4da987a]
31301:
31302: * aclocal.m4:
31303: _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
31304: [e6005d0599b5]
31305:
31306: * configure.in:
31307: munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
31308: [24c0ac2155ef]
31309:
31310: * pathnames.h.in:
31311: convert to pathnames.h.in
31312: [013bddf7f684]
31313:
31314: 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
31315:
31316: * configure.in:
31317: fix typo in sysv4 matching case /.
31318: [2994c4f88cf5]
31319:
31320: 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
31321:
31322: * check.c:
31323: pam stuff needs to run as root, not user, for shadow passwords
31324: [d94ff75de503]
31325:
31326: 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
31327:
31328: * BUGS, INSTALL, README, configure.in:
31329: updated version
31330: [775adc7de7ac]
31331:
31332: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
31333: emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
31334: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
31335: logging.c, options.h, parse.c, parse.lex, parse.yacc,
31336: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
31337: testsudoers.c, tgetpass.c, utime.c, visudo.c:
31338: updated version
31339: [5ca599fb6b93]
31340:
31341: * check.c:
31342: user version.h for long message
31343: [47a52ac7e542]
31344:
31345: * check.c:
31346: this is version 1.5.6
31347: [8451ac79eee2]
31348:
31349: 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
31350:
31351: * Makefile.in:
31352: remove errant backslash
31353: [0222a8a650ff]
31354:
31355: 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
31356:
31357: * options.h, parse.yacc, pathnames.h.in:
31358: fix version string
31359: [fdee73255d64] [SUDO_1_5_6]
31360:
31361: * BUGS, CHANGES, TODO:
31362: updtaed for 1.5.6
31363: [752443bf7f26]
31364:
31365: * RUNSON:
31366: updated for 1.5.6
31367: [0f878123fe6a]
31368:
31369: 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
31370:
31371: * interfaces.c:
31372: kill unused localhost_mask var copy if name to ifr_tmp after we zero
31373: it
31374: [8e89c364cef2]
31375:
31376: 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
31377:
31378: * INSTALL:
31379: Better description of new vs. old sudoers modes fix some typos
31380: better description of /usr/ucb/cc gotchas on slowaris
31381: [c00b2a6fc1e8]
31382:
31383: * Makefile.in:
31384: add sample.pam
31385: [ec7f6cc19b00]
31386:
31387: * sudo.c:
31388: set NewArgv[0] to user_shell, not basename(user_shell)
31389: [1e907cbc9f7b]
31390:
31391: 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
31392:
31393: * README:
31394: mention TROUBLESHOOTING more fix some typos
31395: [2c2e6907d4a4]
31396:
31397: * configure.in:
31398: move --enable/--disable to be after --with
31399: [9b30097f76c1]
31400:
31401: * INSTALL:
31402: document --enable/--disable
31403: [c522362e38a8]
31404:
31405: * INSTALL:
31406: document --with-pam
31407: [7e38932c78ac]
31408:
31409: 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
31410:
31411: * configure.in:
31412: Add message for pam users
31413: [d224f277e3cd]
31414:
31415: * sample.pam:
31416: Initial revision
31417: [3a84d7045f54]
31418:
31419: * config.h.in:
31420: fix HAVE_PAM
31421: [2f0f303ebd88]
31422:
31423: * check.c, config.h.in, configure.in:
31424: pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
31425: [ea3e0a72d707]
31426:
31427: 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
31428:
31429: * config.h.in:
31430: add HOST_IN_LOG and WRAP_LOG
31431: [822c36eeb6a8]
31432:
31433: * logging.c:
31434: add WRAP_LOG and HOST_IN_LOG
31435: [3cf6052bd27e]
31436:
31437: * configure.in:
31438: add --enable-log-host and --enable-log-wrap
31439: [c968cc12b353]
31440:
31441: * aclocal.m4:
31442: use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
31443: [915fef7e11a1]
31444:
31445: 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
31446:
31447: * compat.h:
31448: add howmany macro
31449: [9107a057a7c8]
31450:
31451: * tgetpass.c:
31452: include sys/param.h to get howmany macro
31453: [7e908b5e1f32]
31454:
31455: 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
31456:
31457: * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
31458: add RUNAS_DEFAULT
31459: [1e76398ea3fd]
31460:
31461: 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
31462:
31463: * fnmatch.c:
31464: bring in stdio.h for NULL
31465: [69c016610cbb]
31466:
31467: * aclocal.m4:
31468: allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
31469: [15ab2972f8d0]
31470:
31471: * sudo.c:
31472: use HAVE_SET_AUTH_PARAMETERS
31473: [8abfdc8c80f7]
31474:
31475: * config.h.in:
31476: add HAVE_SET_AUTH_PARAMETERS
31477: [673a5ebd5539]
31478:
31479: * configure.in:
31480: add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
31481: [a401f5a7469a]
31482:
31483: * config.sub:
31484: add support for HI-UX/MPP SR220001 02-03 0 SR2201
31485: [cb657b7acaae]
31486:
31487: * interfaces.c:
31488: initialize previfname
31489: [26a1902f56dc]
31490:
31491: * interfaces.c:
31492: Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
31493: it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
31494: kludging it
31495: [fa5c890c313b]
31496:
31497: * configure.in:
31498: typo
31499: [bff579fbe95c]
31500:
31501: * Makefile.in:
31502: don't need special build line for sudo.tab.o
31503: [10c0a0a912e4]
31504:
31505: * Makefile.in:
31506: don't clean sudo.tab.[ch]
31507: [c40d5968efbb]
31508:
31509: * sudo.c:
31510: Sudo should prompt for a password before telling the user that a
31511: command could not be found.
31512: [d718c85a0047]
31513:
31514: * BUGS:
31515: for 1.5.6
31516: [0cc1fe5b9129]
31517:
31518: * INSTALL, README:
31519: no longer require yacc
31520: [d9096fc5b8b6]
31521:
31522: * Makefile.in:
31523: typo
31524: [70feb1aefbd5]
31525:
31526: * Makefile.in:
31527: y.tab -> sudo.tab include pre-yacc'd parse.yacc
31528: [cc802025fd44]
31529:
31530: * parse.lex:
31531: include sudo.tab.h, not y.tab.h don't break out of command args if
31532: you get a '='
31533: [728ad26dbda5]
31534:
31535: * insults.h:
31536: fix version ,
31537: [242bbce1b2d4]
31538:
31539: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
31540: fix version
31541: [2bb9086fea1e]
31542:
31543: * compat.h:
31544: fix version
31545: [7e634d498ce6]
31546:
31547: * getcwd.c:
31548: getcwd(3) from OpenBSD for those without it.
31549: [6c68d0df8f6c]
31550:
31551: * sudo.h:
31552: HAVE_GETWD -> HAVE_GETCWD
31553: [2ad1e64d60c0]
31554:
31555: * configure.in:
31556: pretend sunos doesn't have getcwd(3) since it opens a pipe to
31557: getpwd!
31558: [677992ba5a6a]
31559:
31560: * parse.c:
31561: use NAMLEN() macro
31562: [8f5685aa3165]
31563:
31564: * fnmatch.c:
31565: remove duplicate include of string.h
31566: [6024f3051ac3]
31567:
31568: * configure.in:
31569: call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
31570: [3d82a9c22cc2]
31571:
31572: * aclocal.m4:
31573: add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
31574: [53fbc47282f9]
31575:
31576: * config.h.in:
31577: add dev_t and ino_t
31578: [5929bb0c7e1a]
31579:
31580: 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
31581:
31582: * check.c:
31583: fix OTP_ONLY for opie
31584: [7edcfa78f2ec]
31585:
31586: 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
31587:
31588: * testsudoers.c, tgetpass.c:
31589: include stdlib.h for malloc proto
31590: [c9f4b99a2fe9]
31591:
31592: 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
31593:
31594: * Makefile.in:
31595: make update_version saner
31596: [d522f93ee04a]
31597:
31598: * config.h.in:
31599: add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
31600: [c9a2d21dc608]
31601:
31602: * configure.in:
31603: check for waitpid and wait3 or no waitpid
31604: [1f18c3224184]
31605:
31606: * logging.c:
31607: used waitpid or wait3 if we have 'em
31608: [391c3279ee65]
31609:
31610: 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
31611:
31612: * visudo.c:
31613: fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
31614: [fbf53b18178f]
31615:
31616: 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
31617:
31618: * configure.in:
31619: don't need to explicately mention -lsocket -lnsl for sequent
31620: [1898dc055352]
31621:
31622: 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
31623:
31624: * configure.in:
31625: dynix should not link with -linet
31626: [278a4b9cfe2a]
31627:
31628: 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
31629:
31630: * INSTALL:
31631: mention that HP-UX doesn't ship with yacc
31632: [bde5147198c0]
31633:
31634: 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
31635:
31636: * check.c:
31637: ignore kerberos if we can't get the local realm
31638: [1e311a091a27]
31639:
31640: 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
31641:
31642: * BUGS, INSTALL, README, configure.in:
31643: ++version
31644: [499ffc746018]
31645:
31646: * version.h:
31647: ++
31648: [35ba1ee01bd3]
31649:
31650: * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
31651: find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
31652: logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
31653: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
31654: updated version
31655: [b4990a513f31]
31656:
31657: * check.c, sudo.h:
31658: fix version
31659: [5710795834e8]
31660:
31661: * getcwd.c:
31662: don't use popen/pclose. Do it inline.
31663: [29e57b0646a4]
31664:
31665: * lsearch.c:
31666: add rcsid
31667: [b2b55c39858d]
31668:
31669: * sudo.c:
31670: typo
31671: [d381ac39ed0f]
31672:
31673: * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
31674: ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
31675: sudo.h:
31676: updated version
31677: [462d6e1a2d75]
31678:
31679: * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
31680: MAX* + 1 -> MAX*
31681: [2c2eeb78d34f]
31682:
31683: * Makefile.in:
31684: getwd.c -> getcwd.c
31685: [7d718c32fc02]
31686:
31687: * config.h.in:
31688: kill HAVE_GETWD
31689: [6ad3d702343f]
31690:
31691: * configure.in:
31692: getcwd, not getwd
31693: [33e5b9841f58]
31694:
31695: * getcwd.c:
31696: use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
31697: purpose
31698: [24e58d340161]
31699:
31700: 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
31701:
31702: * OPTIONS, options.h:
31703: add STUB_LOAD_INTERFACES
31704: [d747cb23ca83]
31705:
31706: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
31707: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
31708: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
31709: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
31710: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
31711: testsudoers.c, tgetpass.c, utime.c, visudo.c:
31712: updated version
31713: [0798229312cc]
31714:
31715: * configure.in:
31716: support *-ccur-sysv4 and fix two typos
31717: [24a823ad7cc9]
31718:
31719: 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
31720:
31721: * configure.in:
31722: don't echo about with_logfile and with_timedir
31723: [31e4a1e2d9ad]
31724:
31725: * INSTALL:
31726: document --with-logfile and --with-timedir
31727: [674f811a40e0]
31728:
31729: * aclocal.m4:
31730: support --with-logfile and --with-timedir
31731: [2fc36b35db12]
31732:
31733: * configure.in:
31734: Add --with-logfile and --with-timedir
31735: [09045bf07e29]
31736:
31737: * sudo.c:
31738: change size computation of NewArgv for UNICOS
31739: [b50df07da3a1]
31740:
31741: 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
31742:
31743: * configure.in:
31744: treate -*-sysv4* like *-*-svr4
31745: [471b7ef4dbf2]
31746:
31747: 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
31748:
31749: * configure.in:
31750: fix spacing for --with-authenticate help
31751: [8321cb37c410]
31752:
31753: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
31754: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
31755: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
31756: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
31757: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
31758: testsudoers.c, tgetpass.c, utime.c, visudo.c:
31759: updated version
31760: [dc1ab97312eb]
31761:
31762: * parse.yacc:
31763: fix off by one error in push macro
31764: [bece59c8c3a9]
31765:
31766: 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
31767:
31768: * configure.in:
31769: removed bogus alloca hack
31770: [a68dd720462d]
31771:
31772: * check.c:
31773: added AIX 4.x authenticate() support
31774: [12985eb448a0]
31775:
31776: * parse.yacc:
31777: include alloca.h if using bison and not gcc and it exists. fixes an
31778: alloca problem on hpux 10.x
31779: [e3b5c4f26072]
31780:
31781: * INSTALL:
31782: mention --with-authenticate
31783: [78a1c96820e7]
31784:
31785: * configure.in:
31786: added AIX authenticate() support
31787: [c983193ec252]
31788:
31789: * config.h.in:
31790: add HAVE_AUTHENTICATE
31791: [7b0e5f5db5d9]
31792:
31793: * interfaces.c:
31794: dynamically size ifconf buffer
31795: [10afb0e9b2f9]
31796:
31797: * configure.in:
31798: quote '[' and ']'
31799: [8fc38a4defad]
31800:
31801: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
31802: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
31803: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
31804: logging.c, options.h, parse.c, parse.lex, parse.yacc,
31805: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
31806: testsudoers.c, tgetpass.c, utime.c, visudo.c:
31807: updated version
31808: [5f66de71ec61]
31809:
31810: * visudo.pod:
31811: add ERRORS section
31812: [3df3edb73cf6]
31813:
31814: 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
31815:
31816: * TROUBLESHOOTING:
31817: add busy stmp file explanation
31818: [6c555d469b6f]
31819:
31820: 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
31821:
31822: * configure.in:
31823: the name of the cached var that signals whether or not you are cross
31824: compiling changed. It is now ac_cv_prog_cc_cross
31825: [123911c0658c]
31826:
31827: 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
31828:
31829: * INSTALL:
31830: mention glibc 2.07 is fixed wrt lsearch()\.
31831: [ded758524582]
31832:
31833: 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
31834:
31835: * sample.sudoers, sudoers.pod:
31836: better example of su but not root su
31837: [b3199610be21]
31838:
31839: 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
31840:
31841: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
31842: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
31843: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
31844: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
31845: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
31846: testsudoers.c, tgetpass.c, utime.c, visudo.c:
31847: updated version
31848: [46922b84e86b]
31849:
31850: * Makefile.in:
31851: correct regexp for updating version
31852: [8032728b2a8a]
31853:
31854: * tgetpass.c:
31855: remove bogus flush of stderr spew prompt before turning off echo.
31856: Seems to fix a weird problem where if sudo complained about a bogus
31857: stamp file the user would sometimes not have a chance to enter a
31858: password
31859: [7aa1493cc141]
31860:
31861: * check.c:
31862: fix bogus flush of stderr
31863: [6d047871c5e8]
31864:
31865: * sudo.c:
31866: close fd's <=2 not <=3 and move that chunk of code up
31867: [553e4faac195]
31868:
31869: * configure.in:
31870: support hpux1[0-9] not just hpux10
31871: [5a34a000ff8a]
31872:
31873: 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
31874:
31875: * parse.c:
31876: set sudoers_fp to nil after closing
31877: [221a8b4bbf34]
31878:
31879: 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
31880:
31881: * config.guess, config.sub:
31882: updated from autoconf 2.12
31883: [6fc86a0fc61b]
31884:
31885: * configure.in:
31886: add *-*-svr4 rule
31887: [38f0427f7c9d]
31888:
31889: 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
31890:
31891: * tgetpass.c:
31892: fix select usage for high fd's (dynamically allocate readfds)
31893: [c2d1f76e0321]
31894:
31895: * check.c:
31896: kill extra whitespace
31897: [d784b6c9c514]
31898:
31899: * sudo.c:
31900: do an initgroups() before running a command, unless the target user
31901: is root.
31902: [4ca561287480]
31903:
31904: 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
31905:
31906: * TROUBLESHOOTING:
31907: tell people to use tabs, not spaces, in syslog.conf
31908: [8ae90a205134]
31909:
31910: 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
31911:
31912: * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
31913: parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
31914: updated version
31915: [4d855ff5de26]
31916:
31917: * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
31918: logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
31919: updated version
31920: [8e007e178b33]
31921:
31922: * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
31923: insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
31924: updated version
31925: [9ddea5c8814d]
31926:
31927: * Makefile.in:
31928: more tweaks to update_version
31929: [047698752855]
31930:
31931: * Makefile.in:
31932: fixed up update_version rule
31933: [47b6fa34b77f]
31934:
31935: * configure.in:
31936: ++version
31937: [c1ca664e30b7]
31938:
31939: * Makefile.in:
31940: removed supe of check.c
31941: [8f340a05296a]
31942:
31943: * INSTALL:
31944: ++version I missed
31945: [a298e6c17491]
31946:
31947: * RUNSON:
31948: updated
31949: [a14f6057bc15]
31950:
31951: * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
31952: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
31953: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
31954: insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
31955: parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
31956: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
31957: visudo.c:
31958: updated version
31959: [02231b1a3ab3]
31960:
31961: * CHANGES:
31962: updated for 1.5.5
31963: [634e5fcaf40b]
31964:
31965: * Makefile.in:
31966: add rules to update version stuff in files so I don't need to do it
31967: by hand
31968: [3620ad60485a]
31969:
31970: * sudo.h:
31971: sudoers_fp is now extern
31972: [88c6e9b9ea84]
31973:
31974: * sudo.c:
31975: in check_sudoers, cache the sudoers file handle in sudoers_fp so we
31976: don't have to open it again in the parse. This may help with weird
31977: solaris problems where EAGAIN sometime occurrs.
31978: [d3c26451ed1d]
31979:
31980: * parse.c:
31981: sudoers file open is now done only in check_sudoers() so we just do
31982: a rewind() instead of an open. May help people on solaris who were
31983: getting EAGAIN.
31984: [c8b8c7722fa5]
31985:
31986: 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
31987:
31988: * INSTALL:
31989: mention that newer glibc is fixed
31990: [20f06f5d3ef3]
31991:
31992: 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
31993:
31994: * sudo.c:
31995: newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
31996: _RLD* instead of _RLD_*
31997: [1e22c588d602]
31998:
31999: * parse.c:
32000: typo
32001: [d0b7cb85f08a]
32002:
32003: * parse.c:
32004: fix that bug for real
32005: [5a6eeca6d04b]
32006:
32007: * INSTALL:
32008: document Linux's libc6 brokenness.
32009: [0246c1aa64ee]
32010:
32011: * parse.yacc:
32012: -Wall
32013: [d0e452fb1e2d]
32014:
32015: * RUNSON:
32016: updated
32017: [4949a1bbd0a9] [SUDO_1_5_4]
32018:
32019: * TROUBLESHOOTING:
32020: remind people to HUP syslogd
32021: [590962faa4f0]
32022:
32023: * Makefile.in:
32024: add -O flag to tar
32025: [622d02de339d]
32026:
32027: * RUNSON:
32028: updated
32029: [a72930d6e615]
32030:
32031: * TODO:
32032: updated
32033: [4a51bd458390]
32034:
32035: * sudo.pod:
32036: remove author's email addr. people should mail sudo-bugs
32037: [9b6bbdb3a6d9]
32038:
32039: * INSTALL:
32040: fix version
32041: [246274c6c8af]
32042:
32043: * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
32044: find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
32045: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
32046: logging.c, options.h, parse.c, parse.lex, parse.yacc,
32047: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
32048: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
32049: ++version
32050: [f532ff4ee766]
32051:
32052: * RUNSON:
32053: updated
32054: [62d5c71358b5]
32055:
32056: * INSTALL, Makefile.in:
32057: ++version
32058: [1a7c7628edfc]
32059:
32060: * CHANGES:
32061: updated fort 1.5.4
32062: [7e4873508c99]
32063:
32064: * check.c:
32065: exit(1) if user enters no passwd
32066: [f382c0e35e4e]
32067:
32068: * BUGS:
32069: ++version
32070: [fab6a867ab67]
32071:
32072: * parse.c:
32073: commands can start with ./* not just /* -- fixes a serious security
32074: hole.
32075: [244d2fe35ee3]
32076:
32077: 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
32078:
32079: * sudo.c:
32080: Don't set the tty variable to NULL when we lack a tty, leave it as
32081: "unknown".
32082: [193b26daba03]
32083:
32084: 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
32085:
32086: * sample.sudoers:
32087: fix usage of (username) in conjunction with , and !
32088: [7ae68607f68f]
32089:
32090: * visudo.c:
32091: catch the case where the user is not in the passwd file
32092: [31650258deb0]
32093:
32094: * tgetpass.c:
32095: use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
32096: select(2)
32097: [60ab2d9a9ee8]
32098:
32099: * sudo.c:
32100: define tty global to an initial value to avoid dumping core in
32101: logging functions when passwd file is unavailable.
32102: [77056c7bc908]
32103:
32104: * sudo.c:
32105: do the set_perms(PERM_USER, sudo_mode) after we have gotten the
32106: passwd entry
32107: [1fdb8e579a5a]
32108:
32109: * sudo.pod:
32110: talk about problem of ALL
32111: [1cd1905c9f6f]
32112:
32113: 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
32114:
32115: * README:
32116: new web location
32117: [d24dc26f6da5]
32118:
32119: * INSTALL:
32120: fdesc bug is fixed in Open/Net BSD
32121: [7d4d81b08ac3]
32122:
32123: * HISTORY:
32124: updates from Nieusma
32125: [3a43769a1b78]
32126:
32127: 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
32128:
32129: * dce_pwent.c:
32130: move compat.h after the system includes
32131: [5ea43a5968ac]
32132:
32133: 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
32134:
32135: * logging.c:
32136: save errno from being clobbered by wait(). From Theo
32137: [f2d1c48cd592]
32138:
32139: 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
32140:
32141: * compat.h:
32142: fix an occurence of setresuid -> setreuid (typo)
32143: [394de35c9b1c]
32144:
32145: 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
32146:
32147: * install-sh:
32148: check for path to strip
32149: [2b7ef824bd55]
32150:
32151: 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
32152:
32153: * logging.c:
32154: deal with maxfilelen < 0 case
32155: [f0af095178d7]
32156:
32157: * OPTIONS:
32158: fixed descriptin
32159: [629f60bd4b5f]
32160:
32161: 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
32162:
32163: * sudo.c:
32164: correct error message if mode/owner wrong and not statable by owner
32165: but is statable by root.
32166: [cb631ce2e85e]
32167:
32168: 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
32169:
32170: * config.guess, config.sub:
32171: autoconf 2.11
32172: [f3cbe59e0756]
32173:
32174: 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
32175:
32176: * CHANGES, RUNSON, TODO:
32177: sudo 1.5.3.
32178: [2be3229b8626]
32179:
32180: 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
32181:
32182: * parse.yacc, sudo.h:
32183: command_alias -> generic_alias
32184: [c404ca8c510d] [SUDO_1_5_3]
32185:
32186: * sample.sudoers:
32187: added Runas_Alias example and fixed syntax errors
32188: [c304053f4a8a]
32189:
32190: * OPTIONS, options.h:
32191: updated MAILSUBJECT
32192: [18d1573fcd2a]
32193:
32194: * logging.c:
32195: added %h expansion
32196: [a4bff9b284fd]
32197:
32198: * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
32199: configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
32200: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
32201: insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
32202: parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
32203: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
32204: visudo.c:
32205: ++version
32206: [211ff20f956f]
32207:
32208: * BUGS, emul/utime.h:
32209: ++version
32210: [cde5376579e3]
32211:
32212: * sudoers.pod:
32213: document Runas_Alias
32214: [b1a58f28fb2c]
32215:
32216: * visudo.pod:
32217: q (uid) -> Q
32218: [d256649a0e6b]
32219:
32220: * visudo.c:
32221: buffer oflow checking q (uit) -> Q if yyparse() fails drop into
32222: whatnow
32223: [1cb183d15626]
32224:
32225: * parse.yacc:
32226: add size params to sprintf
32227: [9228f698921f]
32228:
32229: * parse.lex:
32230: allow trailing space after '\\' but before '\n'
32231: [f51dbbf69fdf]
32232:
32233: * find_path.c:
32234: off by one error in path size check
32235: [a6d75ccd7632]
32236:
32237: * check.c:
32238: sprintf paranoia
32239: [3ffb12d198dd]
32240:
32241: 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
32242:
32243: * parse.yacc:
32244: fixed more_aliases
32245: [aab12f2a50af]
32246:
32247: * visudo.c:
32248: now warns if killed by signal ./
32249: [310c186a0fd7]
32250:
32251: 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
32252:
32253: * parse.yacc:
32254: fix Runas_Alias stuff Alias's in runas list now get expanded (but it
32255: is gross)
32256: [45590b83120f]
32257:
32258: * sudo.c:
32259: Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
32260: [d53e01c14c58]
32261:
32262: * parse.yacc:
32263: add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
32264: [7a4a040aae2d]
32265:
32266: * parse.lex:
32267: Add Runas_Alias and simplify a rule.
32268: [6f794a769a37]
32269:
32270: * parse.yacc:
32271: always store User_Alias's since they can be used inside of a runas
32272: list. Sigh. Really need a Runas_Alias instead.
32273: [3bab058a873e]
32274:
32275: 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
32276:
32277: * visudo.c:
32278: deal with case where there is no sudoers file
32279: [fa38b3bb244d]
32280:
32281: 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
32282:
32283: * TROUBLESHOOTING:
32284: added one
32285: [e61346d06725]
32286:
32287: 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
32288:
32289: * HISTORY, testsudoers.c:
32290: developement -> development
32291: [4df55e293941]
32292:
32293: * INSTALL:
32294: added a note
32295: [3845fb83dbc0]
32296:
32297: * RUNSON:
32298: for 1.5.2
32299: [5489b7298942]
32300:
32301: * CHANGES:
32302: updated
32303: [0741834929e6]
32304:
32305: 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
32306:
32307: * PORTING:
32308: removed seteuid() notes
32309: [1010a60f281d] [SUDO_1_5_2]
32310:
32311: 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
32312:
32313: * compat.h:
32314: better seteuid() emulatino
32315: [e807623b662c]
32316:
32317: * configure.in:
32318: added check for seteuid
32319: [8cf9fabc6f4f]
32320:
32321: * config.h.in:
32322: added HAVE_SETEUID
32323: [596db46aa828]
32324:
32325: 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
32326:
32327: * configure.in:
32328: first stab at sequent support
32329: [b85a7bfcac76]
32330:
32331: * config.h.in:
32332: added HAVE_SYS_SELECT_H
32333: [93ecdd042463]
32334:
32335: * compat.h:
32336: sequent -> _SEQUENT_
32337: [63a38b6da98c]
32338:
32339: * compat.h:
32340: added seteuid() macro for DYNIX
32341: [695bd63c5ea6]
32342:
32343: * tgetpass.c:
32344: _AIX -> HAVE_SYS_SELECT_H
32345: [b31221211bc2]
32346:
32347: 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
32348:
32349: * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
32350: parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
32351: testsudoers.c, tgetpass.c, utime.c, visudo.c:
32352: ++version
32353: [8052992fd453]
32354:
32355: * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
32356: getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
32357: ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
32358: pathnames.h.in, version.h:
32359: ++version
32360: [f7ad15e1598a]
32361:
32362: * sudo.pod:
32363: added -H and SUDO_PS1
32364: [bb965241e30c]
32365:
32366: * configure.in:
32367: use SUDO_FUNC_FNMATCH
32368: [6a8350d85fb2]
32369:
32370: * aclocal.m4:
32371: added SUDO_FUNC_FNMATCH
32372: [45b32c91c4ba]
32373:
32374: * sudo.c:
32375: added -H flag
32376: [11ebc6872fd6]
32377:
32378: * sudo.h:
32379: added MODE_RESET_HOME /
32380: [67a7f8bcbbd6]
32381:
32382: 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
32383:
32384: * INSTALL:
32385: mention OPIE
32386: [5723515d5bbd]
32387:
32388: * options.h:
32389: SKEY -> OTP
32390: [c1d268130bc4]
32391:
32392: * configure.in:
32393: added opie support
32394: [123872b41b20]
32395:
32396: * compat.h, config.h.in:
32397: added HAVE_OPIE
32398: [528c71afc1e5]
32399:
32400: * check.c:
32401: added HAVE_OPIE and changed to *_OTP_*
32402: [4c62f5db872a]
32403:
32404: * OPTIONS:
32405: SKEY -> OTP
32406: [bd858e5e9652]
32407:
32408: 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
32409:
32410: * check.c:
32411: moved fclose() in skey stuff.
32412: [11f7dc8431a6]
32413:
32414: 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
32415:
32416: * putenv.c:
32417: index -> strchr remove unnecesary stuff
32418: [af2d05238062]
32419:
32420: * check.c:
32421: now call skeychallenge() to get challenge instead of making one up
32422: ourselves. this way, we get extra goodies in the prompt.
32423: [49b770d98d3a]
32424:
32425: 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
32426:
32427: * CHANGES:
32428: added one
32429: [3f5149357e2a] [SUDO_1_5_1]
32430:
32431: * parse.lex:
32432: allow logins to start with a number (YUCK!)
32433: [7ed7ef324741]
32434:
32435: 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
32436:
32437: * TROUBLESHOOTING:
32438: added soalris 2.5 vs 2.4 note
32439: [16160a251aae]
32440:
32441: * configure.in:
32442: DUNIX doesn't need -lnsl
32443: [be924cc322c3]
32444:
32445: * CHANGES:
32446: *** empty log message ***
32447: [1b2937521981]
32448:
32449: * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
32450: getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
32451: ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
32452: options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
32453: strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
32454: utime.c, version.h, visudo.c:
32455: courtesan
32456: [5f203589bbfe]
32457:
32458: * PORTING, README, RUNSON:
32459: courtesan
32460: [d72517f4937e]
32461:
32462: * INSTALL, Makefile.in, TROUBLESHOOTING:
32463: courtesan
32464: [5c007e3c7a71]
32465:
32466: * visudo.pod:
32467: *** empty log message ***
32468: [37ebe85bd4e1]
32469:
32470: * sudo.pod, visudo.pod:
32471: courtesan
32472: [37f02e2130ea]
32473:
32474: 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
32475:
32476: * HISTORY:
32477: added courtesan ./
32478: [b01435226276]
32479:
32480: 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
32481:
32482: * sudo.c:
32483: added $SUDO_PROMPT support
32484: [cb1fa72c093d]
32485:
32486: 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
32487:
32488: * check.c:
32489: print long skey challemged to stderr, not stdout
32490: [750fc775b3b2]
32491:
32492: 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
32493:
32494: * CHANGES:
32495: updated for 1.5.1
32496: [9b615f393057]
32497:
32498: * emul/utime.h:
32499: ++version
32500: [a94de18deafb]
32501:
32502: 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
32503:
32504: * RUNSON:
32505: updated for 1.5.1
32506: [4092f20ab634]
32507:
32508: 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
32509:
32510: * check.c:
32511: use shost, not host for tgetpass
32512: [6061c49ff9be]
32513:
32514: * sudo.pod:
32515: documented %u and %h
32516: [6d2922d29897]
32517:
32518: * OPTIONS:
32519: documented %u and %h
32520: [1a71da13a864]
32521:
32522: * configure.in:
32523: fixed typo
32524: [1230dec2b062]
32525:
32526: * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
32527: dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
32528: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
32529: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
32530: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
32531: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
32532: ++version
32533: [65ce8eabf77a]
32534:
32535: * BUGS:
32536: ++version
32537: [afecab53aab7]
32538:
32539: 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
32540:
32541: * Makefile.in, configure.in, version.h:
32542: ++version
32543: [fb3ff940d672]
32544:
32545: * sudo.h:
32546: new tgetpass() params
32547: [9eccc5b0f8ae]
32548:
32549: * check.c:
32550: pass use and host to tgetpass
32551: [c56d9d13c401]
32552:
32553: * tgetpass.c:
32554: added %u and %h escapes
32555: [04ae775d3e5d]
32556:
32557: * OPTIONS, check.c, options.h:
32558: added NO_MESSAGE
32559: [3927dad19057]
32560:
32561: * configure.in:
32562: added cray (unicos) support
32563: [1122210c5fb1]
32564:
32565: 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
32566:
32567: * OPTIONS, options.h, sudo.c:
32568: added SHELL_SETS_HOME
32569: [0b26909b0929]
32570:
32571: 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
32572:
32573: * INSTALL:
32574: added note about "make install"
32575: [7e56ea76d4b4]
32576:
32577: * parse.yacc:
32578: changed length/size params from int to size_t
32579: [5654e5ceb1b3]
32580:
32581: * OPTIONS:
32582: now get CSOPS insults as well by default
32583: [297323d0179a]
32584:
32585: * insults.h:
32586: use csops insults too by default
32587: [07fafc136169]
32588:
32589: * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
32590: version = 1.5
32591: [4b8772b11e3b]
32592:
32593: * sudo.c:
32594: added runas_homedir
32595: [b0e0d4417a15]
32596:
32597: * TODO:
32598: updated for 1.5
32599: [66259df825d5]
32600:
32601: * RUNSON:
32602: updated for 1.5
32603: [e08bc9ebfe95]
32604:
32605: * CHANGES:
32606: 1.5 release
32607: [8c16942fea41]
32608:
32609: * INSTALL:
32610: added "upgrading" notes
32611: [210d968964ff]
32612:
32613: 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
32614:
32615: * visudo.c:
32616: now do chmod and chown after edit of temp file and before rename
32617: [de174e34faa7] [SUDO_1_5_0]
32618:
32619: 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
32620:
32621: * Makefile.in:
32622: ++version added INSTALL.configure
32623: [c9e9214f52ae]
32624:
32625: * configure.in, version.h:
32626: ++version
32627: [5985abed3eb2]
32628:
32629: * TROUBLESHOOTING:
32630: *** empty log message ***
32631: [d65c540ec52e]
32632:
32633: * parse.yacc:
32634: added missing cast
32635: [e7247319a7d5]
32636:
32637: * sudo.c:
32638: sets $HOME to pw_dir of runas user
32639: [d3f7f4d05752]
32640:
32641: * sudo.pod:
32642: document $HOME change
32643: [854454d458c4]
32644:
32645: 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
32646:
32647: * sudo.pod:
32648: fixed up some wording
32649: [b0c8582f2c97]
32650:
32651: * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
32652: interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
32653: strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
32654: visudo.c:
32655: ++version
32656: [748be723fd8b]
32657:
32658: * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
32659: insults.h, options.h, pathnames.h.in, sudo.h:
32660: ++version
32661: [acdf8b1b2a1b]
32662:
32663: * emul/utime.h:
32664: ++version
32665: [b3f35298ab8d]
32666:
32667: * sudo.h:
32668: name nad type changes
32669: [db24ab3da141]
32670:
32671: * testsudoers.c:
32672: now works with new sudo
32673: [379346c42cc2]
32674:
32675: * parse.yacc:
32676: fixed some XXX
32677: [f5fe4c990052]
32678:
32679: * parse.yacc:
32680: some variable name changes + comment headers for functions.
32681: [3dc3bd9aa73d]
32682:
32683: * tgetpass.c:
32684: added extra paren's to make compilers happy
32685: [9e4968a34d56]
32686:
32687: * sudo.c:
32688: *** empty log message ***
32689: [70c924c1ed69]
32690:
32691: * parse.c:
32692: now uses init_parser() if not in sudoers and tries "list" or
32693: "validate" scold but don't be nasty.
32694: [c0d8fb3f8c9e]
32695:
32696: * TROUBLESHOOTING:
32697: now can use upper case login names
32698: [c772fffcefe5]
32699:
32700: * visudo.c:
32701: now uses init_parser()
32702: [b9efae7243fd]
32703:
32704: * INSTALL, README:
32705: updated
32706: [27dc8283fdc8]
32707:
32708: * PORTING:
32709: added info about PASSWORD_TIMEOUT
32710: [980e15d892f8]
32711:
32712: * INSTALL.configure:
32713: Initial revision
32714: [8292e89a08d3]
32715:
32716: * BUGS:
32717: fixed a bug ,
32718: [c6e46f5624f9]
32719:
32720: * parse.yacc:
32721: now dynamically allocates memory for the stacks -- no more
32722: overflows!
32723: [8615c35b6ad3]
32724:
32725: * sudo.pod:
32726: -l now explands command aliases
32727: [39f45605935d]
32728:
32729: * parse.yacc:
32730: hacks to expand command aliases for `sudo -l'
32731: [e4eb752608f9]
32732:
32733: * sudo.c:
32734: remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
32735: [01327ca5084b]
32736:
32737: * sudo.h:
32738: added struct command_alias
32739: [dd2f32764082]
32740:
32741: * sudo.pod:
32742: fixed a bug
32743: [e708ff08d2eb]
32744:
32745: * lsearch.c:
32746: in compar() key should be first arg
32747: [fc14c3fa62ee]
32748:
32749: 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
32750:
32751: * BUGS:
32752: fixed some bugs
32753: [639dfe425bd5]
32754:
32755: * parse.yacc:
32756: can now deal with upcase HOST and USER names
32757: [c6aa7bcfb00d]
32758:
32759: * sudo.c:
32760: don't yell too loudly at non-sudoers if they do "sudo -l"
32761: [4ef146128d89]
32762:
32763: * sudo.pod:
32764: fixed thinko
32765: [830f2f0f22e7]
32766:
32767: * parse.c:
32768: fix comment
32769: [d20ce9e17ddc]
32770:
32771: 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
32772:
32773: * parse.c, parse.yacc:
32774: added support for new `sudo -l' stuff
32775: [7dceaef3c733]
32776:
32777: * sudo.c:
32778: now uses list_matches()
32779: [293364821b61]
32780:
32781: * sudo.h:
32782: added struct sudo_match
32783: [b2684179d179]
32784:
32785: * configure.in:
32786: now more -lgnumalloc
32787: [4f8ae42617d8]
32788:
32789: 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
32790:
32791: * install-sh:
32792: added more paths for chown and whoami
32793: [6e685a19426c]
32794:
32795: 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
32796:
32797: * check.c:
32798: typo
32799: [3adfa01c04bc]
32800:
32801: 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
32802:
32803: * aclocal.m4:
32804: fixed DUNIX check for shadow pw
32805: [c25324bcd27b]
32806:
32807: * tgetpass.c:
32808: now only turn off echo if it is already on. this fixes a race when
32809: you use sudo in a pipelin
32810: [28388c2de21c]
32811:
32812: * INSTALL:
32813: updated
32814: [b45ac9366b7e]
32815:
32816: * configure.in:
32817: changed "test -z $foo && do_this" to if; then construct
32818: [2183c4426bca]
32819:
32820: 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
32821:
32822: * configure.in:
32823: added missing defines of SHADOW_TYPE
32824: [be89ea68a7f3]
32825:
32826: 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
32827:
32828: * check.c:
32829: protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
32830: only in dunix 4.x
32831: [1e7c1c677263]
32832:
32833: * getspwuid.c:
32834: added AUTH_CRYPT_C1CRYPT support
32835: [88d6b0058b20]
32836:
32837: * parse.c:
32838: no longer return VALIDATE_NOT_OK if there was a runas that didn't
32839: match. Now we can have runas stuff on more than one line.
32840: [52b68920d7b7]
32841:
32842: * getspwuid.c, sudo.c, tgetpass.c:
32843: use SHADOW_TYPE instead of HAVE_C2_SECURITY
32844: [cf401dfcbc06]
32845:
32846: * configure.in:
32847: got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
32848: something
32849: [c7a233c4dd93]
32850:
32851: * config.h.in:
32852: removed HAVE_C2_SECURITY added SPW_BSD
32853: [8314405e9754]
32854:
32855: * compat.h:
32856: use SHADOW_TYPE instead of HAVE_C2_SECURITY
32857: [6f94870df17f]
32858:
32859: * check.c:
32860: SHADOW_TYPE is always defined so just against its value
32861: [72c69a55d02f]
32862:
32863: * aclocal.m4:
32864: added SUDO_CHECK_SHADOW_DUNIX
32865: [ef025ae9d496]
32866:
32867: 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
32868:
32869: * sudoers.pod:
32870: * -> ?* in one example added another instance of (runas) and one of
32871: NOPASSWD:
32872: [d74fe1dcbe7d]
32873:
32874: 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
32875:
32876: * configure.in:
32877: added back check for config.cache from other host type
32878: [0ba87871f585]
32879:
32880: * parse.lex:
32881: removed an instance of \"
32882: [1e008d3709f6]
32883:
32884: * sample.sudoers:
32885: added an example
32886: [dbfcf68ee330]
32887:
32888: * sudoers.pod:
32889: updated wrt new wildcard matching
32890: [193fa44a475b]
32891:
32892: * configure.in:
32893: new check for shadow passwords if we don't know anything
32894: [67465df7dc9a]
32895:
32896: * aclocal.m4:
32897: new SUDO_CHECK_SHADOW_GENERIC
32898: [3563b16a41b8]
32899:
32900: * configure.in:
32901: added back check for -lsocket (oops)
32902: [a80882ee1cb6]
32903:
32904: * configure.in:
32905: better (working) check for shadow passwd type if we know to use C2.
32906: [3cdd2a59a641]
32907:
32908: * configure.in:
32909: now uses AC_CANONICAL_HOST to figure out os type
32910: [80db7fe6e704]
32911:
32912: * Makefile.in:
32913: added config.{guess,sub}
32914: [c6be7e3ca384]
32915:
32916: * aclocal.m4:
32917: removed unused stuff to figure out os type
32918: [c9a0f3b57123]
32919:
32920: * config.sub:
32921: added openbsd
32922: [bfc6bfec3668]
32923:
32924: * config.sub:
32925: Initial revision
32926: [e6e06ce0d17d]
32927:
32928: * config.guess:
32929: Initial revision
32930: [99dd06f79199]
32931:
32932: * testsudoers.c:
32933: don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
32934: pathname. need to check against sudoers_args even if user_args is
32935: nil
32936: [66e6cf77f5d6]
32937:
32938: * parse.c:
32939: don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
32940: pathname need to check against sudoers_args even if user_args is nil
32941: [74374df17311]
32942:
32943: 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
32944:
32945: * check.c:
32946: added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
32947: [cbb00261c415]
32948:
32949: * testsudoers.c:
32950: now takes command line args and uses cmnd_args
32951: [f0c2fd35a527]
32952:
32953: * parse.lex:
32954: fill_args was adding an extra leading space
32955: [692fc999b2e8]
32956:
32957: 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
32958:
32959: * visudo.c:
32960: fixed dummy command_matches()
32961: [93d9543db6e2]
32962:
32963: * parse.yacc:
32964: fixed prototype
32965: [7b0addfbd429]
32966:
32967: * sudo.h:
32968: added cmnd_args
32969: [8f47c4ae65ef]
32970:
32971: * parse.yacc:
32972: now uses flat args string
32973: [016e65877da3]
32974:
32975: * parse.c, parse.lex:
32976: now uses flat arg string
32977: [5b5f2e3f4c09]
32978:
32979: * visudo.c:
32980: added cmnd_args def
32981: [876867134775]
32982:
32983: * sudo.c:
32984: now sets cmnd_args global
32985: [e6fee70cb59b]
32986:
32987: * logging.c:
32988: cmnd_args is now exported from sudo.[ch]
32989: [7a9cd36e356f]
32990:
32991: 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
32992:
32993: * parse.yacc:
32994: can't rely on cmnd_matches as much as I thought -- added some $$
32995: stuff back in to prevent namespace pollution problems.
32996: [3c45fedb5af3]
32997:
32998: * parse.yacc:
32999: Simplified parse rules wrt runas and NOPASSWD (more consistent).
33000: [e6d838c8a4c7]
33001:
33002: 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
33003:
33004: * parse.lex:
33005: NOPASSWD may now have blanks before the ':' '(' only starts a
33006: 'runas' if in the initial state to avoid collision with command args
33007: [c5c01172f499]
33008:
33009: * configure.in:
33010: added checks for specific shadow passwd schemes
33011: [b7e3d1f7b84f]
33012:
33013: * aclocal.m4:
33014: added routines to check for specific shadow passwd types
33015: [e5e1d19960a6]
33016:
33017: 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
33018:
33019: * configure.in:
33020: added support for ncr boxen
33021: [bea9dc5aae7f]
33022:
33023: * aclocal.m4:
33024: added support for detecting ncr boxen
33025: [8653a158a924]
33026:
33027: 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
33028:
33029: * configure.in:
33030: added sinix support
33031: [5de2b2173ee1]
33032:
33033: 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
33034:
33035: * TROUBLESHOOTING:
33036: added info about "config.cache from other other" error.
33037: [845b10198e0b]
33038:
33039: * aclocal.m4:
33040: now makes sure you don't have a config.cache file from another OS
33041: [4fe32571c021]
33042:
33043: * configure.in:
33044: now sets $LIBS when needed to configure links with libs when doing
33045: tests hpux10 now uses SPW_SECUREWARE for C2 added check for
33046: bigcrypt(3) if SPW_SECUREWARE
33047: [2df6b8ca538f]
33048:
33049: * getspwuid.c:
33050: fixed typo
33051: [fe1cb1d792d6]
33052:
33053: * tgetpass.c:
33054: now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
33055: [f71138372c07]
33056:
33057: * getspwuid.c:
33058: no more SPW_HPUX10
33059: [cfdeb18bc16b]
33060:
33061: * config.h.in:
33062: no more SPW_HPUX10 added HAVE_BIGCRYPT
33063: [00d296479a61]
33064:
33065: * compat.h:
33066: now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
33067: [6c6d9e680417]
33068:
33069: * check.c:
33070: SPW_SECUREWARE now uses bigcrypt
33071: [be71fc66690f]
33072:
33073: 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
33074:
33075: * sample.sudoers:
33076: fixed 2 syntax errors
33077: [45eee19ef4ac]
33078:
33079: * sudoers:
33080: root may now run ALL as ALL
33081: [1b54c6b9b212]
33082:
33083: 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
33084:
33085: * interfaces.c:
33086: fixed a typo/thinko that broke BSD's with sa_len
33087: [603438360126]
33088:
33089: 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
33090:
33091: * check.c, configure.in:
33092: updated AFS support
33093: [e572eb8d177a]
33094:
33095: * TROUBLESHOOTING:
33096: added entry about /usr/ucb/cc
33097: [025b353aa9d3]
33098:
33099: * INSTALL:
33100: prep no longer holds gcc binaries
33101: [8b0942958049]
33102:
33103: * INSTALL:
33104: updated AFS note
33105: [7af6efd5abe4]
33106:
33107: * Makefile.in:
33108: added @AFS_LIBS@
33109: [97b6fe6ad7d6]
33110:
33111: * compat.h:
33112: AFS allows long passwords
33113: [5fb17122c302]
33114:
33115: * testsudoers.c:
33116: fixed -u user support
33117: [b1a0c1648639]
33118:
33119: * parse.c:
33120: sudo -v now groks VALIDATE_OK_NOPASS
33121: [74fc03fffe7e]
33122:
33123: * parse.yacc:
33124: fixed no_passwd vs. runas_matched
33125: [549a9b791a6a]
33126:
33127: * TROUBLESHOOTING:
33128: took out stuff about NFS-mounting since it is no longer an issue
33129: [d95ab7fbbc61]
33130:
33131: * INSTALL:
33132: added --with-libraries > --with-libpath --with-incpath
33133: [d5d15a7a0f4c]
33134:
33135: * parse.yacc:
33136: was setting runas_matches to -1 in wrong place
33137: [db2b1deb8d33]
33138:
33139: * check.c:
33140: removed usersec.h which is not present in new AFS versions
33141: [618b016dd17f]
33142:
33143: * tgetpass.c:
33144: now deals with timeout <= 0
33145: [ba53a1257255]
33146:
33147: * OPTIONS:
33148: updated
33149: [75093bd8fdca]
33150:
33151: * configure.in:
33152: BSD/OS >= 2.0 now uses shlicc instead of just gcc
33153: [ff6dbf7825c2]
33154:
33155: * sudo.c:
33156: fixed backwards compatibility with sudo 1.4 sudoers mode for root
33157: readable/writable filesystems
33158: [2694ed627221]
33159:
33160: * Makefile.in:
33161: now gives INSTALL -c flag
33162: [63db055a2fd1]
33163:
33164: * parse.yacc:
33165: slightly simpler initialization of no_passwd and runas_matches
33166: [463a1b5fa323]
33167:
33168: * testsudoers.c:
33169: added -u username support
33170: [38b072fcd6b3]
33171:
33172: * configure.in:
33173: improved --with-libraries support
33174: [047dbc5f0af2]
33175:
33176: 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
33177:
33178: * configure.in:
33179: added --with-incpath, --with-libpath, --with-libraries
33180: [20f20d6c718c]
33181:
33182: * parse.yacc:
33183: now initializes some fields that weren't getting set to -1 pretty
33184: gross -- need a rewrite.
33185: [021c160390c6]
33186:
33187: 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
33188:
33189: * alloca.c:
33190: removed emacs'isms
33191: [9d4ec2efe057]
33192:
33193: * configure.in:
33194: no longer add -lPW to *_LIBS since we include alloca.c
33195: [a626d1bbea80]
33196:
33197: * config.h.in:
33198: added HAVE_ALLOCA_H
33199: [15491e2a6cff]
33200:
33201: * Makefile.in:
33202: added alloca.c
33203: [0400f25e1fe4]
33204:
33205: * alloca.c:
33206: Initial revision
33207: [06d033aa4882]
33208:
33209: * configure.in:
33210: ++version
33211: [f52c0fb98f90]
33212:
33213: 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
33214:
33215: * sudo.c:
33216: now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
33217: not always set to a valid uid.
33218: [c2669f77704d]
33219:
33220: * OPTIONS:
33221: fixed entry for SUDO_MODE
33222: [d7272f6035b8]
33223:
33224: * sudo.c:
33225: Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
33226: being set to -2. Now beat NFS to the punch and set uid to "nobody"
33227: ourselves, preserving group 0 to read sudoers.
33228: [b1fbc5dd1e34]
33229:
33230: * parse.c:
33231: moved set_perms(PERM_ROOT) to be before yyparse()
33232: [7619d8080735]
33233:
33234: * logging.c:
33235: fixed a typo
33236: [318acc48cde0]
33237:
33238: * configure.in:
33239: no longer need AC_PROG_INSTALL
33240: [de01b1336dc8]
33241:
33242: * Makefile.in:
33243: always use install-sh to avoid install(1)'s that use get{pw,gr}nam
33244: [ea2351986406]
33245:
33246: * INSTALL:
33247: make clean -> make distclean
33248: [704a98e8ba10]
33249:
33250: 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
33251:
33252: * parse.yacc:
33253: removed some unnecsary if's
33254: [f00db6508132]
33255:
33256: * Makefile.in, version.h:
33257: ++version
33258: [bdb6740b24c8]
33259:
33260: * parse.c, testsudoers.c:
33261: now includes netgroup.h
33262: [93f5a06352bc]
33263:
33264: * interfaces.c:
33265: removed cats of ioctl to int since they didn't shut up -Wall
33266: [83e9f912cd7a]
33267:
33268: * interfaces.c:
33269: explicately cast ioctl() to int since it it not always declared
33270: [2ff9294e469e]
33271:
33272: * sudo.h:
33273: added declarations for yyparse() and yylex()
33274: [6071321ab771]
33275:
33276: * parse.yacc:
33277: fixed an occurence of '==' -> '='
33278: [2c46d2e11d57]
33279:
33280: * config.h.in, configure.in:
33281: added check for netgroup.h
33282: [73403050f4e3]
33283:
33284: * sudo.c:
33285: fixed 2 compiler warnings
33286: [680929b0bd97]
33287:
33288: * sudo.c:
33289: SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
33290: initialized
33291: [18707ecd07c2]
33292:
33293: 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
33294:
33295: * sudo.pod:
33296: fixed a typo
33297: [e4b5c12aa130]
33298:
33299: 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
33300:
33301: * parse.yacc:
33302: fixed a formatting thingie
33303: [c79327b6f19b]
33304:
33305: * parse.c, parse.yacc:
33306: fixed -u support with multiple user lists on a line
33307: [e4d1066adca2]
33308:
33309: * configure.in:
33310: unixware needs -lgen
33311: [b5bf9bca63cc]
33312:
33313: * README:
33314: updated ftp location
33315: [b25a033f7921]
33316:
33317: * sudoers.pod:
33318: add net_addr/netmask support
33319: [674e83516d1e]
33320:
33321: * sample.sudoers:
33322: added net_addr/mask example
33323: [774878e89b28]
33324:
33325: * parse.c, parse.lex:
33326: added support for net_addr/netmask
33327: [e33de27325d8]
33328:
33329: 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
33330:
33331: * sudoers.pod:
33332: ^ -> !
33333: [1a084950d6ef]
33334:
33335: 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
33336:
33337: * RUNSON:
33338: updated for 1.4.3
33339: [c82019025d09]
33340:
33341: * CHANGES:
33342: udpated for 1.4.3
33343: [ceaa81adb8f0]
33344:
33345: * BUGS, TODO, TROUBLESHOOTING:
33346: updated
33347: [ff94fae4b853]
33348:
33349: * sample.sudoers:
33350: updated with examples of new stuff
33351: [99d0b4cb4c9c]
33352:
33353: * INSTALL, README:
33354: ++version
33355: [b763b80fe836]
33356:
33357: * sudoers.pod:
33358: updated wrt -u and NOPASSWD
33359: [0b5b722ea0f4]
33360:
33361: * sudo.pod:
33362: updated wrt -u and CAVEATS
33363: [71d5d53b5d18]
33364:
33365: 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
33366:
33367: * sudo.c:
33368: fixed usage()
33369: [114c7d09b550]
33370:
33371: * parse.lex:
33372: now use :foo: character classes (makes no diff for generated lexer)
33373: [7b0aeb737a02]
33374:
33375: 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
33376:
33377: * check.c:
33378: fixed LONG_SKEY_PROMPT stuff
33379: [0efe78b4bdda]
33380:
33381: 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
33382:
33383: * visudo.c:
33384: fixed a comment
33385: [3d289017104b]
33386:
33387: * lsearch.c:
33388: make more like NetBSD one -- now compiles w/o warnings
33389: [932206296a54]
33390:
33391: * emul/search.h:
33392: fixed decls of lsearch()
33393: [c58cf4584c45]
33394:
33395: * config.h.in, configure.in, getspwuid.c:
33396: added SPW_HPUX10
33397: [d74e5eaa5f17]
33398:
33399: * check.c:
33400: hpux 10 uses bigcrypt() if C2
33401: [359eb63f4021]
33402:
33403: 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
33404:
33405: * parse.c:
33406: now always uses fnmatch to match args
33407: [a9d91f35256a]
33408:
33409: * tgetpass.c:
33410: back to using stdio instead of raw i/o since that caused some
33411: problems
33412: [e7ce2bc92974]
33413:
33414: 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
33415:
33416: * sudo.c:
33417: now give usage warning if use -l,-v,-k with args
33418: [6b48180c4fea]
33419:
33420: 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
33421:
33422: * sudo.c:
33423: NewArgc is now set to 1 for -l, -v, -k
33424: [7497cb1416a8]
33425:
33426: * sudo.c:
33427: now sets sudoers to correct group if mode is 0400
33428: [484c43d99718]
33429:
33430: * install-sh:
33431: updated to version used by inn and bind
33432: [28683ad8725a]
33433:
33434: * configure.in:
33435: now uses -lgnumalloc if it exists
33436: [3651ca4415a2]
33437:
33438: * Makefile.in:
33439: "make install" now sets uid/gid and mode on sudoers if it exists
33440: [1f5216191ae9]
33441:
33442: * sudo.c:
33443: rmeoved debugging statements
33444: [aeda278e2c26]
33445:
33446: * parse.yacc:
33447: added a missing free()
33448: [592c9482a159]
33449:
33450: * sudo.c:
33451: now uses user_gid instead of getegid (which was wrong anyway) to set
33452: SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
33453: (logging.c depends on args being in the environment)
33454: [9f5328a3b942]
33455:
33456: * logging.c:
33457: now uses SUDO_COMMAND envariable to get command args rather than
33458: building it up again.
33459: [7f8edc5bccb7]
33460:
33461: * parse.c:
33462: now uses user_gid
33463: [4b9303ae45fe]
33464:
33465: * sudo.c:
33466: fixed off by one error in allocation NewArgv
33467: [921ea1a4e7c6]
33468:
33469: * parse.c:
33470: in sudoers, 'command ""' now means command with no args
33471: [a5273648ace2]
33472:
33473: * configure.in:
33474: added check for fnmatch(3) and fnmatch.h
33475: [258916a7866f]
33476:
33477: * config.h.in:
33478: added HAVE_FNMATCH
33479: [b9860d361e93]
33480:
33481: * Makefile.in:
33482: replaced wildcat.* with fnmatch.*
33483: [03ad9ee21a1c]
33484:
33485: * testsudoers.c:
33486: now uses fnmatch()
33487: [5a7f7de987a9]
33488:
33489: 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
33490:
33491: * parse.c:
33492: now uses fnmatch() instead of wildmat a trailing star (*) by itself
33493: now matches multiple args added support for wildcards in the
33494: pathname in sudoers
33495: [1f7fb950b868]
33496:
33497: 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
33498:
33499: * fnmatch.c:
33500: now includes compat.h and config.h
33501: [090206b95cf8]
33502:
33503: * config.h.in:
33504: added HAVE_FNMATCH_H
33505: [90eb42150173]
33506:
33507: * configure.in:
33508: now checks for alloca() (if needed by bison or dce) and links with
33509: -lPW if it contains alloca() and libv and compiler do not.
33510: [cfa2b3cef49a]
33511:
33512: * emul/fnmatch.h, fnmatch.3, fnmatch.c:
33513: Initial revision
33514: [20b1f762a32a]
33515:
33516: 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
33517:
33518: * sudo.c:
33519: now fixes mode on sudoers if set to 0400 to aid in upgrade
33520: [d4bdfd521820]
33521:
33522: 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
33523:
33524: * Makefile.in:
33525: fixed pod2man usage
33526: [5adf2ec77b27]
33527:
33528: * Makefile.in, configure.in, version.h:
33529: ++version
33530: [b4029de876d0]
33531:
33532: * testsudoers.c, visudo.c:
33533: runas_user is now initialized to "root"
33534: [8537d97bff39]
33535:
33536: * sudo.h:
33537: removed PERM_FULL_ROOT
33538: [241f8bbf647f]
33539:
33540: * sudo.c:
33541: runas_user defaults to "root" so no more need to PERM_RUNAS
33542: [fc0c0dfc72ba]
33543:
33544: * parse.c:
33545: will now only running commands as root if there was no runas list
33546: (or if root is in the runas list)
33547: [40c587666c81]
33548:
33549: * logging.c:
33550: now logs "USER=%s"
33551: [b733504c87fd]
33552:
33553: * parse.yacc:
33554: runas_matches is now set to false if we get a negative match
33555: [5495b150b300]
33556:
33557: * parse.lex:
33558: make #uid work + some minor cleanup
33559: [07851bbce03a]
33560:
33561: * sample.sudoers:
33562: added support for NOPASSWD and "runas" from garp@opustel.com /
33563: [7a9c67b51fa5]
33564:
33565: * visudo.c:
33566: added support for "runas" from garp@opustel.com replaced
33567: SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
33568: SUDOERS_MODE
33569: [e714209b9885]
33570:
33571: * testsudoers.c:
33572: added support for "runas" from garp@opustel.com
33573: [b837f856da10]
33574:
33575: * sudo.h:
33576: added support for NO_PASSWD and runas from garp@opustel.com replaced
33577: SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
33578: SUDOERS_MODE
33579: [cea6f26679b7]
33580:
33581: * sudo.c:
33582: added support for NO_PASSWD and runas from garp@opustel.com replaced
33583: SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
33584: SUDOERS_MODE
33585: [61b5434237c5]
33586:
33587: * parse.yacc:
33588: added support for NO_PASSWD and runas from garp@opustel.com
33589: [72ebd3056f22]
33590:
33591: * parse.c, parse.lex:
33592: added support for NO_PASSWD and runas from garp@opustel.com
33593: [fef6dbdd114d]
33594:
33595: * logging.c:
33596: added support for SUDOERS_WRONG_MODE and "runas"
33597: [e794efc2b443]
33598:
33599: * configure.in:
33600: added --with-CC only link with -lshadow on linux (with shadow pw) if
33601: libc lacks getspnam()
33602: [3ecf4ae21002]
33603:
33604: * OPTIONS, options.h:
33605: removed NO_PASSWD since it is not possible to do this in the sudoers
33606: file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
33607: SUDOERS_GID. Added SUDOERS_MODE.
33608: [2eaa4891ef48]
33609:
33610: * Makefile.in:
33611: now uses SUDOERS_UID and SUDOERS_GID
33612: [8d615f0fdb2a]
33613:
33614: 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
33615:
33616: * INSTALL:
33617: added --with-CC
33618: [a1b8286a81b8]
33619:
33620: 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
33621:
33622: * parse.lex:
33623: added double quote support
33624: [a5e4fc7e3a2b]
33625:
33626: * sudoers.pod:
33627: documented double quoting
33628: [c6ea47969a44]
33629:
33630: 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
33631:
33632: * mkinstalldirs:
33633: Initial revision
33634: [dcb86d65ad8f]
33635:
33636: * check.c:
33637: fixed some indentation
33638: [4d1c5ab8072b]
33639:
33640: * Makefile.in:
33641: fixed a typo
33642: [0d27eebc7227]
33643:
33644: * Makefile.in:
33645: added install-dirs .
33646: [f499b99b8be7]
33647:
33648: 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
33649:
33650: * dce_pwent.c:
33651: new version from "Jeff A. Earickson" <jaearick@colby.edu>
33652: [422481be5fbd]
33653:
33654: 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
33655:
33656: * configure.in:
33657: $CSOPS -> $with_csops (whoops, missed one)
33658: [b04c6948130e]
33659:
33660: * BUGS:
33661: updated
33662: [c4d5713e227d]
33663:
33664: * parse.lex:
33665: FQHOST now has same constraints as non-FQHOST
33666: [e1c3bf2381d1]
33667:
33668: * INSTALL:
33669: added note about OS's w/ shadow passwords turned on by default
33670: [166257f43be4]
33671:
33672: 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
33673:
33674: * configure.in:
33675: fixed a typo
33676: [e5c3e2e9a359]
33677:
33678: * configure.in:
33679: added support for --without-THING sanitized shadow pw situtation by
33680: adding support for
33681: --without-C2
33682: [65dc6bf64cce]
33683:
33684: * tgetpass.c:
33685: fixed a typo wrt placement of an end paren
33686: [a8780f818231]
33687:
33688: * check.c:
33689: was closing an fd that may not have been opened
33690: [760271c7bdc9]
33691:
33692: 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
33693:
33694: * OPTIONS, options.h, sudo.c:
33695: added NO_PASSWD
33696: [28ff1dc93d7a]
33697:
33698: 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
33699:
33700: * configure.in:
33701: now always use shadow pw on some arches
33702: [069161ccffda]
33703:
33704: 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
33705:
33706: * configure.in:
33707: added pyramid support
33708: [a0eb57a3a531]
33709:
33710: * configure.in:
33711: no longer check for C2 if alternate passwd method is used no longer
33712: check for some libs twice
33713: [2d0c3c902b40]
33714:
33715: * parse.yacc:
33716: moved fqdn stuff into parse.lex (FQHOST)
33717: [d9c9abd481d8]
33718:
33719: * parse.lex:
33720: added FQHOST rules
33721: [4a1695acff6d]
33722:
33723: * tgetpass.c:
33724: now define TCSASOFT in necesary
33725: [3fac2e21c9ab]
33726:
33727: * tgetpass.c:
33728: now uses read/write instead of stdio string goop to avoid problems
33729: with select(2)
33730: [67fd174e518c]
33731:
33732: * OPTIONS, find_path.c, options.h:
33733: -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
33734: [d05ba5100d28]
33735:
33736: 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
33737:
33738: * INSTALL:
33739: added note about no shadow auto-detect if using alternate auth
33740: schemes
33741: [b425592232a3]
33742:
33743: * configure.in:
33744: don't check for C2 if AFS or DCE (unless they said --with-C2)
33745: [61342962171a]
33746:
33747: * testsudoers.c:
33748: now groks shost
33749: [85dda17303f6]
33750:
33751: * OPTIONS, find_path.c, options.h:
33752: added NO_DOT_PATH
33753: [c261ca1fb196]
33754:
33755: 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
33756:
33757: * find_path.c:
33758: checkdot now works correctly
33759: [3bc4835bb3e9]
33760:
33761: 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
33762:
33763: * configure.in:
33764: can't have DCE and C2 passwords both...
33765: [fb9a8ab7ca66]
33766:
33767: 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
33768:
33769: * parse.yacc, sudo.c, sudo.h, visudo.c:
33770: now uses shost even if not FQDN
33771: [87f7498b3a1f]
33772:
33773: * configure.in:
33774: now looks for skey in /usr/lib and doesn't require libskey to be in
33775: /usr/local/lib just because skey.h is (for my netbsd box :-)
33776: [ceb1763e37d2]
33777:
33778: * aclocal.m4, config.h.in, pathnames.h.in:
33779: _SUDO_PATH_ -> _CONFIG_PATH_
33780: [84d97ad13d75]
33781:
33782: * aclocal.m4, sudo.pod:
33783: /var/run/.odus -> /var/run/sudo
33784: [922da220b8f5]
33785:
33786: * pathnames.h.in:
33787: now uses _SUDO_PATH_TIMEDIR
33788: [5ecab0155fdf]
33789:
33790: * OPTIONS:
33791: udpated FQDN
33792: [361b6f7440c0]
33793:
33794: * aclocal.m4, configure.in:
33795: added SUDO_TIMEDIR
33796: [368c95c8c950]
33797:
33798: * config.h.in:
33799: added _SUDO_PATH_TIMEDIR
33800: [3879864d808c]
33801:
33802: * sudo.pod:
33803: updated wrt /var/run/sudo
33804: [9e14f2a429d3]
33805:
33806: * sudo.c, sudo.h:
33807: added support for shost if FQDN
33808: [51a3f51a09a1]
33809:
33810: * parse.yacc, visudo.c:
33811: now uses shost if FQDN
33812: [d19da2e92b42]
33813:
33814: * check.c:
33815: Now use skeylookup() instead off skeychallenge()
33816: [4c7438bb2ae0]
33817:
33818: 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
33819:
33820: * logging.c:
33821: mail_argv should not contain ALERTMAIL as it includes "-t"
33822: [67ffaaa8f843]
33823:
33824: 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
33825:
33826: * INSTALL, Makefile.in, README, configure.in, version.h:
33827: ++version
33828: [e08fd4a809fc]
33829:
33830: * compat.h:
33831: added more _PASSWD_LEN stuff -- now uses PASS_MAX too
33832: [2f20c3153689]
33833:
33834: * tgetpass.c:
33835: now includes limits.h moved _PASSWD_LEN -> compat.h
33836: [b1ca3cafdacc]
33837:
33838: 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
33839:
33840: * INSTALL, README:
33841: ++version
33842: [3eacf32803f5]
33843:
33844: * Makefile.in:
33845: ++versoin
33846: [3b91c317630a]
33847:
33848: * Makefile.in:
33849: fixed a typo
33850: [3661ac4a7803]
33851:
33852: * configure.in:
33853: ++version
33854: [60e842973745]
33855:
33856: 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
33857:
33858: * RUNSON:
33859: updated
33860: [def2c3c24195]
33861:
33862: * CHANGES:
33863: done for 1.4.1 (I hope)
33864: [2ab543769a40]
33865:
33866: * sudoers.pod:
33867: added info on wildcards
33868: [ce3bd41bc063]
33869:
33870: * sample.sudoers:
33871: added wildcard example
33872: [762feb0577bd]
33873:
33874: * Makefile.in:
33875: now uses *.pod to build *.man and *.cat & *.html
33876: [3ec14962028b]
33877:
33878: * configure.in:
33879: addedSUDO_PROG_BSHELL !ll
33880: [3c80b320bf16]
33881:
33882: * visudo.pod:
33883: fixed up some formatting
33884: [12166c434526]
33885:
33886: * sudoers.pod:
33887: redid section describing sample sudoers stuff
33888: [b8065cceec71]
33889:
33890: * sudo.pod:
33891: fixed some formatting
33892: [aa9a681add0f]
33893:
33894: * getspwuid.c:
33895: now treats "" as bourne shell
33896: [30194a72ad56]
33897:
33898: * Makefile.in:
33899: TESTOBJS nwo includes wildmat.o
33900: [86cc6500f84d]
33901:
33902: * testsudoers.c:
33903: now works with NewArg[cv]
33904: [2f72674ce942]
33905:
33906: * sudo.c:
33907: removed an XXX (fixed it in getspwuid.c)
33908: [e791ee0d1a68]
33909:
33910: * aclocal.m4:
33911: added check for bourne shell
33912: [a2fd51676b8a]
33913:
33914: * pathnames.h.in:
33915: added _PATH_BSHELL
33916: [e7c10011d47b]
33917:
33918: * config.h.in:
33919: added _SUDO_PATH_BSHELL
33920: [6a1182898de9]
33921:
33922: 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
33923:
33924: * visudo.c:
33925: unixware vi returns 256 instead of 0
33926: [234ffc7c6786]
33927:
33928: * INSTALL:
33929: added Linux note
33930: [5f85efcd2b58]
33931:
33932: * logging.c:
33933: fixed up some XXX's. file log format now looks a little more like
33934: real syslog(3) format.
33935: [6df55707bfc3]
33936:
33937: * README, TROUBLESHOOTING:
33938: updated wrt lex/flex
33939: [eb787d69156b]
33940:
33941: * Makefile.in:
33942: commented out rule to build lex.yy.c from parse.lex since we ship
33943: with a pre-flex'd parser
33944: [7507e2ce4a95]
33945:
33946: * parse.c, parse.yacc, visudo.c:
33947: path_matches -> command_matches
33948: [0bd469424f86]
33949:
33950: * logging.c:
33951: eliminated some strcat()'s
33952: [9878a79bc374]
33953:
33954: * configure.in:
33955: no longer checks for lex/flex (now assumes flex)
33956: [a086ccc73798]
33957:
33958: * configure.in:
33959: now checks for $kerb_dir_candidate/krb.h instead of just
33960: kerb_dir_candidate
33961: [9133bc3c5208]
33962:
33963: 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
33964:
33965: * parse.yacc:
33966: now use a 'hook' expression instead of an iffy one :-)
33967: [9560df01b8c0]
33968:
33969: 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
33970:
33971: * visudo.c:
33972: now works with new sudo arg stuff
33973: [310a0d43ddad]
33974:
33975: * parse.yacc:
33976: fixed dereferencing deadbeef
33977: [474ef8a8006b]
33978:
33979: * sudo.c:
33980: changed an occurrence of Argv to NewArgv
33981: [205b012b7691]
33982:
33983: * parse.lex:
33984: took out support for quoted commands since there is no need...
33985: [5c5036d353b1]
33986:
33987: * parse.c:
33988: fixed a typo in a for() loop
33989: [7e8d5283c43b]
33990:
33991: * logging.c:
33992: protected against dereferencing rogue pointers
33993: [56debd517717]
33994:
33995: * sudo.c:
33996: now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
33997: also allows us to eliminate some kludges in parse_args() and
33998: eliminate superfluous code.
33999: [5122f66ad150]
34000:
34001: * logging.c:
34002: no longer uses cmnd_args, now uses NewArgv instead.
34003: [abddd23cf068]
34004:
34005: * sudo.h:
34006: added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
34007: (no longer used)
34008: [78410984fb05]
34009:
34010: * Makefile.in:
34011: added wildmat.c to SRCS & SUDOBJS
34012: [3800efb41794]
34013:
34014: * parse.yacc:
34015: COMMAND is now a struct containing the path and args
34016: [5c32822c5b94]
34017:
34018: * parse.lex:
34019: replaced append() with fill_cmnd() and fill_args. command args from
34020: a sudoers entry are now stored in an arrary for easy matching.
34021: [a981d7f4eb0d]
34022:
34023: * parse.c:
34024: command line args from sudoers file are now in an array like ones
34025: passed in from the command line
34026: [1d9e37e84519]
34027:
34028: 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
34029:
34030: * parse.c:
34031: wildwat stuff now works
34032: [49d16488531f]
34033:
34034: 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
34035:
34036: * version.h:
34037: ++version
34038: [53e55463ef89]
34039:
34040: * Makefile.in:
34041: ++version added wildmat.*
34042: [0508297a4711]
34043:
34044: 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
34045:
34046: * parse.lex:
34047: added support for quoted commands (w/ or w/o args)
34048: [b9a637155673]
34049:
34050: 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
34051:
34052: * sudo.pod, visudo.pod:
34053: cleaned up formatting
34054: [4591d4195437]
34055:
34056: * sudo.pod, visudo.pod:
34057: Initial revision
34058: [7564a8242750]
34059:
34060: 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
34061:
34062: * sudoers.pod:
34063: looks reasonable, could be mroe readable
34064: [a5be2d19d9e0]
34065:
34066: * sudoers.pod:
34067: Initial revision
34068: [957888be31a6]
34069:
34070: 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
34071:
34072: * RUNSON:
34073: updated
34074: [633743aa924b]
34075:
34076: * OPTIONS:
34077: updated NO_ROOT_SUDO entry
34078: [f1c15b1dec9e]
34079:
34080: 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
34081:
34082: * RUNSON:
34083: *** empty log message ***
34084: [5b63de579ff7] [SUDO_1_4_0]
34085:
34086: * sudo.c:
34087: fixed SECURE_PATH
34088: [6002889f606d]
34089:
34090: * RUNSON:
34091: udpa`ted for 1.4
34092: [6014a8592815]
34093:
34094: * configure.in:
34095: AIX aixcrypt.exp now uses $(srcdir)
34096: [b0d57674fef4]
34097:
34098: * TROUBLESHOOTING:
34099: added entry for anal ansi compilers
34100: [4193cec1c6b1]
34101:
34102: 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
34103:
34104: * INSTALL:
34105: added info on libcrypt_i for SCO
34106: [575497d56698]
34107:
34108: * TODO:
34109: *** empty log message ***
34110: [d0aaf67b9913]
34111:
34112: * sample.sudoers:
34113: added comments
34114: [a7773f7eda8d]
34115:
34116: * TODO:
34117: 1.4 release
34118: [1dade29e9fd9]
34119:
34120: * CHANGES:
34121: ++version
34122: [67241be40780]
34123:
34124: * INSTALL, OPTIONS, README, config.h.in, configure.in:
34125: ++version
34126: [2e0a37897f68]
34127:
34128: * BUGS:
34129: ++version and fixed ISC
34130: [78963f01a0e3]
34131:
34132: * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
34133: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
34134: insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
34135: sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
34136: visudo.c:
34137: ++version
34138: [b6227f29b3d9]
34139:
34140: * interfaces.c:
34141: added STUB_LOAD_INTERFACES ++version
34142: [d8150a3fd577]
34143:
34144: * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
34145: version.h:
34146: ++version
34147: [da9e90e69bdc]
34148:
34149: * PORTING:
34150: added info about fd_set in tgetpass added info on interfaces.c
34151: [a39902febd17]
34152:
34153: 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
34154:
34155: * dce_pwent.c:
34156: added sudo header
34157: [fc0f2c48682e]
34158:
34159: * tgetpass.c:
34160: fixed a typo
34161: [43d40b72ee8f]
34162:
34163: * Makefile.in:
34164: tgetpass.o is now only linked in with sudo (not visudo)
34165: [7407c5ff11f8]
34166:
34167: 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
34168:
34169: * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
34170: configure.in:
34171: ++version
34172: [9b82ad805d6b]
34173:
34174: * emul/utime.h:
34175: added copyright notice
34176: [4380f16cd075]
34177:
34178: * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
34179: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
34180: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
34181: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
34182: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
34183: ++version
34184: [32717fdb5d05]
34185:
34186: * tgetpass.c:
34187: minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
34188: [326864428da2]
34189:
34190: * configure.in:
34191: ISC now gets -lcrypt now check for sys/bsdtypes.h
34192: [e064799c054b]
34193:
34194: * config.h.in:
34195: added check for sys/bsdtypes.h
34196: [9adb9533c363]
34197:
34198: 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
34199:
34200: * parse.yacc:
34201: removed debugging stuff (setting freed ptr to NULL)
34202: [02fe8eec63a0]
34203:
34204: * TROUBLESHOOTING:
34205: added 2 entries
34206: [02884e2733e2]
34207:
34208: * Makefile.in:
34209: added FAQ
34210: [074d8dfcf28d]
34211:
34212: * TROUBLESHOOTING:
34213: added section on syslog
34214: [e6bc02a22b86]
34215:
34216: * configure.in:
34217: added AC_ISC_POSIX for better ISC support
34218: [8436b3e12af2]
34219:
34220: * config.h.in:
34221: fixed typo
34222: [f1b3922babf4]
34223:
34224: * config.h.in:
34225: added define for _POSIX_SOURCE
34226: [ded6d92b34f9]
34227:
34228: 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
34229:
34230: * configure.in:
34231: fixed check for lsearch()
34232: [75baa5bc28a3]
34233:
34234: 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
34235:
34236: * interfaces.c:
34237: fixed for AIX now deal if num_interfaces == 0 (should not happen)
34238: [ae450e859227]
34239:
34240: 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
34241:
34242: * configure.in:
34243: now only define HAVE_LSEARCH if there is a corresponding search.h
34244: [8ce645c5d17f]
34245:
34246: * interfaces.c:
34247: works on ISC again
34248: [ccac920d424c]
34249:
34250: 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
34251:
34252: * configure.in:
34253: now define HAVE_LSEARCH if we find lsearch() in libcompat
34254: [7343e4313a87]
34255:
34256: * lsearch.c:
34257: char * -> const char *
34258: [1c0b11c2300a]
34259:
34260: * configure.in:
34261: now looks in -lcompat for lsearch()
34262: [a1cc1d6fcd09]
34263:
34264: * Makefile.in:
34265: remove sudo.core visudo.core for clan target
34266: [b523456a85df]
34267:
34268: * aclocal.m4:
34269: added UID_MAX support in check for MAX_UID_T_LEN
34270: [7ab262b1173f]
34271:
34272: * Makefile.in:
34273: fixed another occurence of sudo_getpwuid.*
34274: [fb5809c07da2]
34275:
34276: * Makefile.in, getspwuid.c:
34277: sudo_getpwuid.c -> getspwuid.c
34278: [875f2ef808b4]
34279:
34280: * configure.in:
34281: moved the "echo"
34282: [ad7b8f966076]
34283:
34284: * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
34285: compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
34286: getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
34287: ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
34288: parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
34289: sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
34290: version.h, visudo.c:
34291: ++version
34292: [ee57c6410ffa]
34293:
34294: * testsudoers.c:
34295: added group support
34296: [54d8097df8bd]
34297:
34298: * sample.sudoers:
34299: added group entry
34300: [50994d31fd49]
34301:
34302: * sudoers.man:
34303: documented group support
34304: [0a16707f8fed]
34305:
34306: * parse.c, parse.lex, parse.yacc, visudo.c:
34307: added group support
34308: [427218c879c8]
34309:
34310: 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
34311:
34312: * check.c:
34313: tkfile was too short and overflowed the kerberos realm
34314: [53823a1ff5af]
34315:
34316: 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
34317:
34318: * sudo.c:
34319: now copy command args directly from Argv
34320: [77408278b6fd]
34321:
34322: * sudo.c:
34323: replaced code to copy cmnd_args so that is does not use realloc
34324: since most realloc()'s really stink
34325: [b29a0ff73fb6]
34326:
34327: 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
34328:
34329: * configure.in:
34330: syslog() fixed in hpux 10.01
34331: [2648e6f0cdb0]
34332:
34333: 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
34334:
34335: * configure.in:
34336: AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
34337: [8f108b8d8711]
34338:
34339: * configure.in:
34340: better error if cannot find skey incs or libs
34341: [5887662ee9d3]
34342:
34343: * aclocal.m4:
34344: now use a temp file for determining max len of uid_t in string form.
34345: the old hacky way broke on netbsd
34346: [b68f470fa9f8]
34347:
34348: * sudo.c:
34349: added set of parens and a space
34350: [8a3d4826d022]
34351:
34352: 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
34353:
34354: * dce_pwent.c:
34355: fixes from Jeff Earickson <jaearick@colby.edu> ,
34356: [bde0f0b756ec]
34357:
34358: * check.c:
34359: modified a comment
34360: [e2a97f1afbbe]
34361:
34362: * Makefile.in:
34363: fixed up testsudoers target
34364: [d39c4e7bb609]
34365:
34366: * configure.in:
34367: DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
34368: SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
34369: [da7a1c433828]
34370:
34371: * Makefile.in:
34372: LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
34373: VISUDO_LDFLAGS
34374: [4b69503e8487]
34375:
34376: 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
34377:
34378: * configure.in:
34379: fix for C2 on hpux 10 now uses -linet if it exists
34380: [8d300112263d]
34381:
34382: * check.c:
34383: LONG_SKEY_PROMPT is less of a klusge /
34384: [dcc144abaac3]
34385:
34386: * configure.in:
34387: fixed typos w/ dce stuff
34388: [f7dfd6d4e149]
34389:
34390: * Makefile.in:
34391: added dce_pwent.c
34392: [79047acdc516]
34393:
34394: 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
34395:
34396: * INSTALL:
34397: amended section on combining authentication mechanisms
34398: [dc5138c7c716]
34399:
34400: * PORTING:
34401: minor updates for 1.3.6
34402: [fe80c13bd994]
34403:
34404: * TROUBLESHOOTING:
34405: added 2 more entries
34406: [c7201439a0f5]
34407:
34408: * BUGS:
34409: updated for 1.3.6
34410: [979b414d2a2d]
34411:
34412: * README:
34413: overhauled
34414: [3af8b60eb594]
34415:
34416: * INSTALL:
34417: rewrote for sudo 1.3.6
34418: [b16027b9c726]
34419:
34420: * TROUBLESHOOTING:
34421: added 3 entries
34422: [934c9ee3f153]
34423:
34424: 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
34425:
34426: * find_path.c, getspwuid.c, sudo.c:
34427: added explict casts for strdup since many includes don't prototype
34428: it. gag me.
34429: [3e19a11f2fcc]
34430:
34431: * sudo.h:
34432: removed prototype for sudo_getpwuid() since convex C compiler choked
34433: on it.
34434: [c3ea74ca67b0]
34435:
34436: * sudo.c:
34437: added prototype for sudo_getpwuid()
34438: [4a8e3cdc2b98]
34439:
34440: * lsearch.c:
34441: now compiles on strict ANSI compilers
34442: [3ce5d72d0b08]
34443:
34444: * check.c:
34445: added LONG_SKEY_PROMPT support
34446: [48a18b8a2332]
34447:
34448: * Makefile.in:
34449: added extra $'s for make to eat up, yum.
34450: [2995b214e12b]
34451:
34452: * OPTIONS, options.h:
34453: added LONG_SKEY_PROMPT
34454: [f23ae799b5a4]
34455:
34456: 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
34457:
34458: * check.c:
34459: s/key support now works with normal s/key as well as logdaemon
34460: [d67573f523bf]
34461:
34462: * OPTIONS, options.h:
34463: added SKEY_ONLY
34464: [bbf07654e0de]
34465:
34466: * compat.h:
34467: set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
34468: [205895b96a36]
34469:
34470: * INSTALL:
34471: added DCE note added more AIX notes
34472: [6345403b3522]
34473:
34474: * sudo.c:
34475: now include pthread.h for DCE support
34476: [6fe02865f679]
34477:
34478: * check.c:
34479: dce_pwent() is ok after all .,
34480: [d26a8746a55d]
34481:
34482: * logging.c:
34483: now uses SYSLOG() macro that equates to either syslog() or
34484: syslog_wrapper
34485: [42ac4cff8045]
34486:
34487: * dce_pwent.c:
34488: minor formatting changes. renamed check() to somthing less generic
34489: [71859f217be1]
34490:
34491: * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
34492: visudo.c:
34493: now uses user_pw_ent and simple macros to get at the contents
34494: [f4cbf3e7145a]
34495:
34496: 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
34497:
34498: * check.c:
34499: simpler dec unix C2 support
34500: [86bc8f75250e]
34501:
34502: * getspwuid.c:
34503: now sets crypt_type for DEC unix C2
34504: [99aeadd18266]
34505:
34506: 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
34507:
34508: * configure.in:
34509: added csops paths for skey
34510: [b8ca672e2117]
34511:
34512: * getspwuid.c:
34513: now includes string.h for strdup() prototype
34514: [3605259c3620]
34515:
34516: * getspwuid.c:
34517: fixed a few typos
34518: [46c97e4ea417]
34519:
34520: * check.c:
34521: now includes skey.h
34522: [11e611ce1b61]
34523:
34524: * getspwuid.c:
34525: fixed up comments
34526: [223dac56f0c8]
34527:
34528: * check.c:
34529: moved a lot of the shadow passwd crap to sudo_getpwuid()
34530: [97d8887fb7d3]
34531:
34532: * sudo.c:
34533: now uses sudo_pw_ent
34534: [d014dadbef48]
34535:
34536: * testsudoers.c:
34537: now uses sudo_pw_ent
34538: [d92936ed7e34]
34539:
34540: * visudo.c:
34541: now sets sudo_pw_ent
34542: [ff75cdfcf8b3]
34543:
34544: * getspwuid.c:
34545: Initial revision
34546: [6deb6df9d7bc]
34547:
34548: * tgetpass.c:
34549: moved dce stuff into compat.h
34550: [1124284396e7]
34551:
34552: * logging.c, sudo.h:
34553: now uses sudo_pw_ent
34554: [404ff20a5067]
34555:
34556: * Makefile.in:
34557: added sudo_getpwuid.c
34558: [6666d0644512]
34559:
34560: * compat.h:
34561: added dce support
34562: [3c3b36a7ce0e]
34563:
34564: * parse.yacc:
34565: now uses sudo_pw_ent
34566: [9f5e8d11bd68]
34567:
34568: 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
34569:
34570: * check.c:
34571: fixed exempt_group stuff for OS's that don't put base gid in group
34572: vector
34573: [003f153bd396]
34574:
34575: * check.c:
34576: S/Key support now works with sunos4 shadow passwords
34577: [1eb64a5efff1]
34578:
34579: * Makefile.in:
34580: fixed clean rule
34581: [5695a2c62816]
34582:
34583: * config.h.in, configure.in:
34584: added DCE support
34585: [f53c766c1947]
34586:
34587: * tgetpass.c:
34588: DCE & KERB support
34589: [904cf436506a]
34590:
34591: * check.c:
34592: first stab at dce support
34593: [aea5ca07b1e3]
34594:
34595: * dce_pwent.c:
34596: now smells like sudo
34597: [8b3d609b49cd]
34598:
34599: * dce_pwent.c:
34600: Initial revision
34601: [b573555f2399]
34602:
34603: * check.c:
34604: skey'd sudo now works w/ normal password as well
34605: [8d038f9f6e94]
34606:
34607: 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
34608:
34609: * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
34610: getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
34611: ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
34612: parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
34613: sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
34614: version.h, visudo.c:
34615: updated version number
34616: [ba7e346d7904]
34617:
34618: * README:
34619: updated to reflect version change
34620: [1d15cf1d8cc8]
34621:
34622: * configure.in:
34623: --with options now line up ++version
34624: [08ebf625fbca]
34625:
34626: * sudo.h:
34627: removed unecesary S/Key stuff
34628: [68188cba90af]
34629:
34630: * configure.in:
34631: fixed S/Key support
34632: [f6d9cbc36618]
34633:
34634: * Makefile.in:
34635: -I stuff now goes in CPPFLAGS
34636: [7b8e53c5b046]
34637:
34638: * check.c:
34639: fixed SKey support
34640: [52c1a5cf4435]
34641:
34642: * README:
34643: updated version
34644: [bed6498a10bb]
34645:
34646: * OPTIONS:
34647: fixed description of EXEMPTGROUP
34648: [cfeead55edc2]
34649:
34650: * sudo.c:
34651: more people use _RLD_ than just alphas...
34652: [6a3c7090a6f6]
34653:
34654: * Makefile.in:
34655: replaced $man_prefix with $mandir
34656: [dc4b36a550e2]
34657:
34658: * configure.in:
34659: fixed a typo
34660: [a38a4acddcaf]
34661:
34662: * Makefile.in:
34663: now use more GNU'ish dir names
34664: [c5498391a520]
34665:
34666: * configure.in:
34667: now set *dir correctly (can override from command line)
34668: [523ff98fd438]
34669:
34670: * sudo.c:
34671: now deal with situations where we getwd() fails
34672: [88a9e61dccbb]
34673:
34674: 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
34675:
34676: * Makefile.in:
34677: added etc_dir, bin_dir, sbin_dir
34678: [75fd08d92842]
34679:
34680: * configure.in:
34681: added sbin_dir
34682: [3cb318c0d8d1]
34683:
34684: * Makefile.in:
34685: now ship a flex-generated lex.yy.c
34686: [4d083ed70dce]
34687:
34688: * Makefile.in:
34689: now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
34690: [4d51dc9c3780]
34691:
34692: * pathnames.h.in:
34693: _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
34694: [773fd163d52f]
34695:
34696: * options.h:
34697: no more error for redefining SUDOERS_OWNER
34698: [4ba336644c6a]
34699:
34700: * OPTIONS:
34701: expanded SUDOERS_OWNER section
34702: [12fae405759e]
34703:
34704: 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
34705:
34706: * visudo.c:
34707: now warn if chown(2) failed
34708: [d0d1db6e3a1f]
34709:
34710: * logging.c:
34711: better default warning for NO_SUDOERS_FILE
34712: [5260b458ac64]
34713:
34714: * sudo.c:
34715: added missing set_perms() no more cryptic message if the sudoers
34716: file is zero length, now just give a parse error
34717: [b81ea724838a]
34718:
34719: * logging.c:
34720: better diagnostics if NO_SUDOERS_FILE
34721: [877e878663c5]
34722:
34723: * sudo.c:
34724: check_sudoers() now catches sudoers files that are not readable (but
34725: are stat'able).
34726: [fea05663b3de]
34727:
34728: 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
34729:
34730: * configure.in:
34731: now add -D__STDC__ for convex cc (not gcc)
34732: [c80fc53ff51b]
34733:
34734: * configure.in:
34735: MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
34736: [fe238226a057]
34737:
34738: * Makefile.in:
34739: now uses exec_prefix & prefix from configure
34740: [f62fca5f56bd]
34741:
34742: * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
34743: parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
34744: utime.c, visudo.c:
34745: options.h is now <> instead of "" so shadow build trees can have a
34746: custom copy of options.h
34747: [e6782676099c]
34748:
34749: * check.c:
34750: user_is_exempt() is no longer a hack, it now uses getgrnam()
34751: [287f8d5356f7]
34752:
34753: * options.h:
34754: EXEMPTGROUP is now "sudo"
34755: [61487304dbe1]
34756:
34757: * configure.in:
34758: MAN_POSTINSTALL now contains a leading space
34759: [eaad4ac34012]
34760:
34761: * Makefile.in:
34762: removed leading tab if @MAN_POSTINSTALL@ not defined now removes
34763: testsudoers in clean:
34764: [e01711baceb8]
34765:
34766: * tgetpass.c:
34767: includes pwd.h to get _PASSWD_LEN definition
34768: [8ec174f263f1]
34769:
34770: 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
34771:
34772: * sudo.c:
34773: unset the KRB_CONF envariable if using kerberos so we don't get
34774: spoofed into using a bogus server
34775: [2561a0274fca]
34776:
34777: 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
34778:
34779: * parse.yacc:
34780: now explicately initialize match[] tp be FALSE
34781: [0e45e5c47766]
34782:
34783: 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
34784:
34785: * sudo.c:
34786: removed unused variable now passes -Wall
34787: [3452508bc16d]
34788:
34789: * parse.yacc:
34790: yyerror and dumpaliases are now void's now passes -Wall
34791: [2769dfb51993]
34792:
34793: * parse.lex:
34794: added prototype for yyerror
34795: [1f3f0c1b4ab4]
34796:
34797: * check.c, logging.c, parse.c:
34798: now passes -Wall
34799: [eab57e5e81d2]
34800:
34801: * interfaces.c:
34802: rmeoved unused cruft now passes -Wall
34803: [7a47e1866f4b]
34804:
34805: * Makefile.in:
34806: fixed headers that moved to emul dir
34807: [e680c1e5049b]
34808:
34809: * logging.c:
34810: fixed deref of nil pointer if no args
34811: [973b9bea432f]
34812:
34813: 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
34814:
34815: * OPTIONS:
34816: added a caveat to FQDN section
34817: [dcf6e2a5fff4]
34818:
34819: 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
34820:
34821: * Makefile.in:
34822: more $srcdir support for install targets
34823: [f6eac78436dd]
34824:
34825: * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
34826: strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
34827: don't include malloc.h if we include stdlib.h
34828: [fca2ff307cd8]
34829:
34830: * parse.yacc:
34831: local search.h now lives in emul
34832: [51c458904424]
34833:
34834: * check.c, utime.c:
34835: local utime.h now lives in emul dir
34836: [f92fc9e8c8de]
34837:
34838: * lsearch.c:
34839: local search.h now lives in emul
34840: [579efc407439]
34841:
34842: * Makefile.in:
34843: added support for building in other than the sourcedir
34844: [2ab53a43f7d4]
34845:
34846: 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
34847:
34848: * OPTIONS:
34849: annotated CSOPS_INSULTS option
34850: [9e57d45a0afa]
34851:
34852: * TROUBLESHOOTING:
34853: updated shadow passwords blurb
34854: [39b785bc7253]
34855:
34856: * sudo.c:
34857: if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
34858: passes along foo as the arguments
34859: [a91077aa8fc5]
34860:
34861: 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
34862:
34863: * parse.lex:
34864: collapsed pathname and dir sections into one -- its now less
34865: expensive
34866: [89caa03bec25]
34867:
34868: * parse.lex:
34869: fixed spacing quoting [,:\\=] now works correctly append() and
34870: fill() now take args to make the above work
34871: [09d023d9ef3a]
34872:
34873: * sudo.c:
34874: fixed a typo that caused commands with no tty on fd 0 but a tty on
34875: fd 1 to erroneously have "none" as their tty
34876: [07d2c0e7977c]
34877:
34878: 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
34879:
34880: * check.c:
34881: timestampfile is now a global static removed decl of timestampfile
34882: in remove_timestamp since we can just use the global one
34883: [f0cbdc6aab1c]
34884:
34885: * check.c:
34886: created touch() to update timestamps added USE_TTY_TICKETS support
34887: (bit of a kludge)
34888: [cee1dd0318f8]
34889:
34890: * compat.h:
34891: added _S_IFDIR and S_ISDIR
34892: [b4a51cc9628e]
34893:
34894: * OPTIONS, options.h:
34895: added USE_TTY_TICKETS
34896: [b4e22f81f25e]
34897:
34898: * parse.yacc:
34899: removed const from casts for lsearch() & lfind() to placate irix 4.x
34900: C compiler
34901: [5003081f76ea]
34902:
34903: 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
34904:
34905: * sudo.c:
34906: now only strip '/dev/' off of a tty if it starts with '/dev/'
34907: [7f62bcd24039]
34908:
34909: * pathnames.h.in:
34910: added _PATH_DEV
34911: [6375f44d1910]
34912:
34913: * configure.in:
34914: AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
34915: have termios.h
34916: [9c60391235fd]
34917:
34918: * tgetpass.c:
34919: fixed incorrect #ifdef termio uses "unsigned short" not int for
34920: c_?flag
34921: [d032e6a29845]
34922:
34923: * parse.lex, parse.yacc:
34924: fixed a spelling error
34925: [cad6a944c7b1]
34926:
34927: * Makefile.in:
34928: fixed typo
34929: [204a65403e7c]
34930:
34931: 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
34932:
34933: * Makefile.in:
34934: fixed a comment
34935: [268f760e57ad]
34936:
34937: * parse.yacc:
34938: added dotcat() to cat 2 strings w/ a dot effeciently now that we
34939: dynamically allocate strings they need to be free()'d
34940: [ec2e2152f415]
34941:
34942: * parse.lex:
34943: dynamically allocates space for strings
34944: [d10ac3533d66]
34945:
34946: * sudo.h:
34947: no more MAXCOMMANDLENGTH
34948: [e2e1219bff8a]
34949:
34950: * sudo.h:
34951: added decl of tty
34952: [c8ae81303ee5]
34953:
34954: * logging.c, sudo.c:
34955: moved tty stuff into sudo.c
34956: [e028abefeb07]
34957:
34958: 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
34959:
34960: * parse.c:
34961: fixed a logic bug. Was denying a command if user gave command line
34962: args but there were none in the sudoers file which is wrong.
34963: [7489a99b8e8a]
34964:
34965: * sudo.h:
34966: MAXCOMMMANDLEN dropped down to 1K
34967: [38ef54ba290b]
34968:
34969: * parse.lex:
34970: return foo; -> return(foo);
34971: [0e8be1b57001]
34972:
34973: * parse.yacc:
34974: fixed netgr_matches() prototype
34975: [e69f15910464]
34976:
34977: * parse.lex:
34978: added support for escaping "termination" characters
34979: [8bd4ef50f35c]
34980:
34981: * parse.c:
34982: buf is now of size MAXPATHLEN+1 since it never holds command args
34983: [2ce4b763058c]
34984:
34985: * sudo.c:
34986: fixed comments
34987: [0c74a3d2ebb0]
34988:
34989: * goodpath.c:
34990: fixed negation problem (doh!)
34991: [782814e3a2d1]
34992:
34993: * parse.yacc:
34994: fixed 2nd parameter to lfind()
34995: [63d7b1623c08]
34996:
34997: * parse.lex:
34998: now do bounds checking in fill() and append()
34999: [54381b563251]
35000:
35001: * sudo.c:
35002: include netdb.h as we should added a missing void cast added
35003: SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
35004: realloc actually moved the string instead of shrinking it
35005: [897ccdec9c06]
35006:
35007: * sample.sudoers:
35008: updated with examples of new features
35009: [9b3ed00e8aa6]
35010:
35011: * goodpath.c:
35012: now set errno to EACCES if not a regular file or not executable
35013: [2d069548a5ea]
35014:
35015: * find_path.c:
35016: if given a fully-qualified or relative path we now check it with
35017: sudo_goodpath() and error out with the appropriate error message if
35018: the file does not exist or is not executable
35019: [590f89dd8dec]
35020:
35021: * emul/search.h, lsearch.c:
35022: now use correct args for lfind
35023: [fccdcdbf020e]
35024:
35025: * logging.c:
35026: added a comment
35027: [fab9f49708ea]
35028:
35029: * insults.h:
35030: added in CSOps insults
35031: [ad8eb1862adc]
35032:
35033: * ins_csops.h:
35034: Initial revision
35035: [de5a475ec018]
35036:
35037: * tgetpass.c:
35038: added RCS id
35039: [c3ffd550a482]
35040:
35041: * sudo.h:
35042: increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
35043: [aba25c90d08a]
35044:
35045: * OPTIONS:
35046: added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
35047: [e27bd62e9ccf]
35048:
35049: * sudo.c:
35050: fixed -k load_interfaces() now gets called if FQDN is set
35051: -p now works with -s
35052: [07ca2a34bae8]
35053:
35054: * parse.c:
35055: don't try to stat() "pseudo commands" like "validate"
35056: [75527045984b]
35057:
35058: * options.h:
35059: added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
35060: [07b157a0eafd]
35061:
35062: * configure.in:
35063: added SecurID support added other insults to --with-csops
35064: [6c992ceb244c]
35065:
35066: * config.h.in:
35067: added HAVE_SECURID
35068: [e734ff617fe8]
35069:
35070: * Makefile.in:
35071: added clobber target added ins_csops.h now gets CFLAGS from
35072: configure
35073: [d1e29c7cec25]
35074:
35075: * aclocal.m4:
35076: relaxed SUDO_FULL_VOID
35077: [fb4084f27406]
35078:
35079: * visudo.c:
35080: function comment blocks are now in same style as rest of code
35081: [04a2931354c5]
35082:
35083: * testsudoers.c:
35084: added support for command line args in /etc/sudoers
35085: [bfe4e1bcc655]
35086:
35087: * sudoers.man:
35088: updated to have command args in the sudoers file
35089: [1cd34355e9ea]
35090:
35091: * sudo.man:
35092: added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
35093: [930b48023b68]
35094:
35095: 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
35096:
35097: * parse.yacc:
35098: PATH renamed to COMMAND
35099: [4e109a6de3cd]
35100:
35101: * parse.lex:
35102: it is now a parse error for directories to have args attached to
35103: them
35104: [2ab10a146b54]
35105:
35106: * logging.c:
35107: now say command args if telling user to buzz off
35108: [933de26ded8b]
35109:
35110: * sudo.c:
35111: -s no longer indicates end of args sped up loading on cmnd_args in
35112: load_cmnd()
35113: [eac99a4da862]
35114:
35115: * parse.c:
35116: removed an unreachable statement
35117: [634302623c49]
35118:
35119: * parse.lex:
35120: made more efficient by pulling out the terminators when in GOTCMND
35121: state and making them their own rule
35122: [80798f1e1166]
35123:
35124: 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
35125:
35126: * sudo.h:
35127: removed MAXLOGLEN since it is no longer used
35128: [102824196b71]
35129:
35130: * parse.lex:
35131: now allows command args
35132: [d29dfa1e5254]
35133:
35134: * parse.c:
35135: now groks command arguments
35136: [6c414cb7f105]
35137:
35138: * logging.c:
35139: now sets tty correctly when piped input
35140: [de46a30c0406]
35141:
35142: * sudo.c:
35143: fixed loading of cmnd_args (was including command name too)
35144: [15319a425ea6]
35145:
35146: * logging.c:
35147: fixed a core dump due to incorrect if construct
35148: [582363c7d7fa]
35149:
35150: 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
35151:
35152: * configure.in:
35153: only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
35154: [da591fe9b931]
35155:
35156: * aclocal.m4:
35157: fixed check for ISC
35158: [52e59f2082a7]
35159:
35160: * sudo.c:
35161: now sets cmnd_args used by log_error() and that will be used by the
35162: parse to check against command args
35163: [c6804389723b]
35164:
35165: * sudo.h:
35166: added cmnd_args
35167: [4d00446b4a8d]
35168:
35169: * logging.c:
35170: now dynamically allocate logline since we can guess at its size
35171: [4bed8c8446aa]
35172:
35173: 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
35174:
35175: * logging.c:
35176: cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
35177: "register" since the compiler knows more than I do now do a
35178: "basename" of the tty
35179: [3b1bbf0b3da1]
35180:
35181: 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
35182:
35183: * configure.in:
35184: ++version
35185: [5ce552f9a5f1]
35186:
35187: * sudo.h:
35188: added shell extern changed MODE_* to be bit masks to allow for
35189: several options together
35190: [06f9dc4f400c]
35191:
35192: * sudo.c:
35193: added -s (shell) option made MODE_* masks so we can do bitwise & and
35194: | to see if multiple flags are set.
35195: [01f8143010ad]
35196:
35197: * check.c:
35198: added securid support
35199: [909e078005fe]
35200:
35201: 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
35202:
35203: * logging.c:
35204: removed a bunch of unnecesary strncpy()'s and replaced with strcat()
35205: [644506b57d61]
35206:
35207: 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
35208:
35209: * Makefile.in, version.h:
35210: ++version
35211: [3cd6f1fbc3d9]
35212:
35213: 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
35214:
35215: * parse.yacc:
35216: fixed free() of an uninitialized pointer (yuck)
35217: [8c404ee502ee]
35218:
35219: * testsudoers.c:
35220: added netgr_matches
35221: [e7c9fa2f774c]
35222:
35223: * parse.c:
35224: cleaned up netgr_matches
35225: [8108f00b810e]
35226:
35227: 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
35228:
35229: * RUNSON:
35230: updated for 1.3.4
35231: [4741704310a1]
35232:
35233: 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
35234:
35235: * Makefile.in:
35236: now installs sudoers.man -- really should clean this up though.
35237: [455631d45a1d]
35238:
35239: * Makefile.in:
35240: added sudoers.cat and sudoers.man
35241: [0bdedd6c7363]
35242:
35243: * sudo.man:
35244: pulled out stuff on the sudoers file format into a separate man page
35245: [de215d999cb9]
35246:
35247: * sudoers.man:
35248: Initial revision
35249: [f25eafbb7095]
35250:
35251: * HISTORY:
35252: fixed up my email address
35253: [254fbf80be74]
35254:
35255: * configure.in:
35256: added checks for innetgr and getdomainname
35257: [24a99cb7e97e]
35258:
35259: * visudo.c:
35260: added dummy netgr_matches function
35261: [1841ff2c01da]
35262:
35263: * parse.c:
35264: added netgr_matches
35265: [ec90db6a97b8]
35266:
35267: * parse.lex, parse.yacc:
35268: added NETGROUP support
35269: [c9dd93e3bc4b]
35270:
35271: * config.h.in:
35272: added HAVE_INNETGR & HAVE_GETDOMAINNAME
35273: [14abd494d875]
35274:
35275: 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
35276:
35277: * sudo.c:
35278: rewrote clean_env() that has rm_env() builtin
35279: [55cb43818a95]
35280:
35281: 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
35282:
35283: * check.c:
35284: now cast uid to long in sprintf
35285: [b549eea40aeb]
35286:
35287: * OPTIONS:
35288: added _INSULTS suffix to HAL & GOONS end
35289: [ed620d0aad30]
35290:
35291: * options.h:
35292: added _INSULTS suffix to HAL & GOONS
35293: [9f72e9b83afd]
35294:
35295: * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
35296: converted to new scheme of insult "unions" end
35297: [2f6d2b412132]
35298:
35299: * sudo.c:
35300: now uses MAX_UID_T_LEN
35301: [c1df79e0f389]
35302:
35303: * configure.in:
35304: added SUDO_UID_T_LEN !l
35305: [195f0b9f5f84]
35306:
35307: * config.h.in:
35308: added MAX_UID_T_LEN
35309: [73f42ae4f14d]
35310:
35311: * check.c:
35312: now use MAX_UID_T_LEN
35313: [df9c063234cb]
35314:
35315: * aclocal.m4:
35316: added check for max len of uid_t fixed sco vs. isc check
35317: [d558f36d2223]
35318:
35319: 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
35320:
35321: * configure.in:
35322: corrected version
35323: [828dd1571e86]
35324:
35325: * configure.in:
35326: added sco support
35327: [af1e2f616638]
35328:
35329: * aclocal.m4:
35330: hack to check for sco
35331: [549ab99a9a43]
35332:
35333: * interfaces.c:
35334: removed #include <net/route.h> since it was hosing some OS's
35335: [ac78a7c04005]
35336:
35337: 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
35338:
35339: * find_path.c:
35340: fixed prreadlink() prototype
35341: [b380fe1f2b11]
35342:
35343: * check.c:
35344: added parens in #if's
35345: [e96ade691b82]
35346:
35347: * configure.in:
35348: added SPW_ prefix
35349: [a302683a1483]
35350:
35351: * sudo.h:
35352: moved SPW_* to config.h.in
35353: [6b3be70e34cf]
35354:
35355: * sudo.c:
35356: added a set of parens
35357: [8188d735d695]
35358:
35359: * config.h.in:
35360: added SPW_*
35361: [5ead6371cf60]
35362:
35363: * sudo.h:
35364: added SPW_* reordered error codes
35365: [dead25b4ed0a]
35366:
35367: * check.c:
35368: moved SPW_* to sudo.h
35369: [ca51fb04caf4]
35370:
35371: 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
35372:
35373: * sudo.c:
35374: SPW_AUTH -> SPW_SECUREWARE
35375: [6b512b2bc5dc]
35376:
35377: * logging.c:
35378: GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
35379: [defdd0944e2f]
35380:
35381: * configure.in:
35382: AUTH -> SECUREWARE
35383: [d1f8a17001dd]
35384:
35385: * check.c:
35386: SPW_AUTH -> SPW_SECUREWARE
35387: [af0e8d8b89b2]
35388:
35389: * check.c:
35390: now uses SHADOW_TYPE to make shadow pw support more readable and
35391: modular. It's a start...
35392: [8c2a59667014]
35393:
35394: * configure.in:
35395: added autodetection of shadow passwords
35396: [85f81fa54b1b]
35397:
35398: * sudo.c:
35399: now uses SHADOW_TYPE define
35400: [355e5dc09b07]
35401:
35402: * config.h.in:
35403: added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
35404: [c0c06e83e483]
35405:
35406: * aclocal.m4:
35407: added SUDO_CHECK_SHADOW
35408: [464301301639]
35409:
35410: 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
35411:
35412: * configure.in:
35413: define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
35414: memmove() since we dno longer use it...
35415: [8aefa87d7d31]
35416:
35417: * CHANGES:
35418: updated
35419: [ce97b3fd7182]
35420:
35421: * logging.c:
35422: added BROKEN_SYSLOG support
35423: [a45c3bca36f6]
35424:
35425: * config.h.in:
35426: added BROKEN_SYSLOG
35427: [6f6abf0a6268]
35428:
35429: * check.c:
35430: now only bitch it timestamp > time_now + 2 * timeout to allow for a
35431: machine udpating its time from a server
35432: [546bc8d35325]
35433:
35434: * sudo.man:
35435: added 2 security notes updated Nieusma's email addr
35436: [616756c56977]
35437:
35438: * lsearch.c:
35439: changed a memmove() to memcpy() since we don't have to worry about
35440: overlapping segments.
35441: [30baa478526b]
35442:
35443: 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
35444:
35445: * interfaces.c:
35446: cleanup up the loop when interfaces are groped in so that it is
35447: readable
35448: [1fa39446bd69]
35449:
35450: * Makefile.in, version.h:
35451: ++version
35452: [b46bd2b1770f]
35453:
35454: 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
35455:
35456: * CHANGES:
35457: annotated 124-126
35458: [b82a2b3ec7ce]
35459:
35460: 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
35461:
35462: * check.c:
35463: fixed permissions check on /tmp/.odus
35464: [cc2431a65468]
35465:
35466: 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
35467:
35468: * check.c:
35469: fixed some comments
35470: [8896d09b4fda]
35471:
35472: * check.c:
35473: now checks owner & mode of timedir also checks for bogus dates on
35474: timestamp file
35475: [a0fad5df5b0a]
35476:
35477: * OPTIONS:
35478: updated TIMEOUT info
35479: [033cc22d9e04]
35480:
35481: * logging.c, sudo.h:
35482: added BAD_STAMPDIR and BAD_STAMPFILE
35483: [31d9ce691101]
35484:
35485: * compat.h:
35486: added definition of S_IRWXU
35487: [ff2dab091a9b]
35488:
35489: * CHANGES:
35490: updated
35491: [a40df90284f1]
35492:
35493: 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
35494:
35495: * interfaces.c:
35496: added #ifdef to make it compile on strange arches
35497: [4a127f12afce]
35498:
35499: 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
35500:
35501: * aclocal.m4:
35502: fixed check for fulkl void impl.
35503: [b6f2a4a361d8]
35504:
35505: * check.c:
35506: added mssing "static"
35507: [520552f2772b]
35508:
35509: * insults.h:
35510: replaced #elif with #else #if constructs for ancient C compilers
35511: [39ab2d365b57]
35512:
35513: * INSTALL:
35514: updated irix c2 & kerb5 info
35515: [ae79b99b4905]
35516:
35517: * configure.in:
35518: added shadow pw support for irix
35519: [632469d9c528]
35520:
35521: 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
35522:
35523: * BUGS, TODO:
35524: updated
35525: [2a96bb18ac30]
35526:
35527: * CHANGES:
35528: last changes for sudo 1.3.3
35529: [c1c0cd1034b8]
35530:
35531: * configure.in:
35532: now calls SUDO_SOCK_SA_LEN
35533: [14ea78159d45]
35534:
35535: * config.h.in:
35536: added HAVE_SA_LEN
35537: [cc2a346aa905]
35538:
35539: * aclocal.m4:
35540: added SUDO_SOCK_SA_LEN
35541: [456a2025644a]
35542:
35543: * interfaces.c:
35544: now works with ip implementations that use sa_len in sockaddr
35545: [90be6e028077]
35546:
35547: * INSTALL:
35548: added note about buggy AIX compiler
35549: [c0f6d427e4e4]
35550:
35551: * interfaces.c:
35552: now include sys/time.h for AIX
35553: [2510858ab38b]
35554:
35555: 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
35556:
35557: * Makefile.in:
35558: getcwd -> getwd
35559: [66085ebca98e]
35560:
35561: * interfaces.c:
35562: now works for ISC and others. yay.
35563: [f336d4ffc927]
35564:
35565: 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
35566:
35567: * Makefile.in, version.h:
35568: version++
35569: [836cffc2078d]
35570:
35571: 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
35572:
35573: * aclocal.m4:
35574: fixed test for full void impl
35575: [fb004107e7b9]
35576:
35577: * sudo.c:
35578: now check to see that st_dev is non-zero before assuming that we are
35579: being spoofed
35580: [1b0e1c30c506]
35581:
35582: 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
35583:
35584: * aclocal.m4, configure.in:
35585: SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
35586: [4953379bfb01]
35587:
35588: 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
35589:
35590: * aclocal.m4:
35591: fixed include file order for SUDO_FUNC_UTIME_POSIX
35592: [ff64ab7df44f]
35593:
35594: * logging.c:
35595: added cast for ttyname()
35596: [444f05f56758]
35597:
35598: * configure.in:
35599: fixed typo
35600: [de068e748431]
35601:
35602: * check.c:
35603: now deal correctly with all known variation of utime() -- yippe
35604: [b778a4195a89]
35605:
35606: * configure.in:
35607: added SUDO_FUNC_UTIME_POSIX
35608: [cf635f2269d6]
35609:
35610: * aclocal.m4:
35611: added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
35612: [d79593be4b73]
35613:
35614: * config.h.in:
35615: added HAVE_UTIME_POSIX
35616: [c67b4ac0dca5]
35617:
35618: * check.c:
35619: fixed a typo
35620: [b14df5680f59]
35621:
35622: * check.c:
35623: no longer assume !HAVE_UTIME_NULL means old BSD utime()
35624: [0aeaf4b2f38b]
35625:
35626: * check.c:
35627: fixed fascist C compiler warning
35628: [c61ddf2f1f93]
35629:
35630: * interfaces.c:
35631: now set strioctl.ic_timout in STRSET() now initialize num_interfaces
35632: to 0 (just to be anal)
35633: [c54cc2ba0052]
35634:
35635: 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
35636:
35637: * sudo.h:
35638: increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
35639: [74cf585a54fb]
35640:
35641: * logging.c:
35642: added tty logging
35643: [e27d8dcfbd78]
35644:
35645: * interfaces.c:
35646: reworked the ISC code
35647: [bcf57ce8ae69]
35648:
35649: * Makefile.in, version.h:
35650: updated version
35651: [032941c9b94d]
35652:
35653: * check.c:
35654: now expect old-style utime(3) if utime() can't take NULL as an arg
35655: [018dd4a73030]
35656:
35657: * configure.in:
35658: added check for utime.h
35659: [0b76e8feb618]
35660:
35661: * config.h.in:
35662: added HAVE_UTIME_H
35663: [62ee42feda46]
35664:
35665: * Makefile.in:
35666: added CPPFLAGS STATIC_FLAGS -> LDFLAGS
35667: [fa3201d294e1]
35668:
35669: * configure.in:
35670: now search for kerb libs and includes
35671: [cc332401e571]
35672:
35673: * check.c:
35674: added support for utime(2)'s that can't take a NULL parameter
35675: [98797fedf69f]
35676:
35677: * utime.c:
35678: moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
35679: [6ce6d825fb44]
35680:
35681: * configure.in:
35682: added utime(s) stuff
35683: [a2afb744403e]
35684:
35685: * check.c:
35686: now use utime()
35687: [48902240a51e]
35688:
35689: * config.h.in:
35690: added HAVE_UTIME and HAVE_UTIME_NULL
35691: [9a56ab65d4f4]
35692:
35693: 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
35694:
35695: * utime.c:
35696: now use HAVE_UTIME_NULL
35697: [e3944de09a92]
35698:
35699: * emul/utime.h, utime.c:
35700: Initial revision
35701: [a2cbf2ef3427]
35702:
35703: * check.c:
35704: need to setuid(0) to make kerb4 stuff work.
35705: [c6cfda4039d7]
35706:
35707: * tgetpass.c:
35708: no more special case for kerberos
35709: [4a5c33145be9]
35710:
35711: * config.h.in:
35712: took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
35713: emulation)
35714: [a607ee43e650]
35715:
35716: * compat.h:
35717: no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
35718: kerberos
35719: [02fb274cc136]
35720:
35721: * check.c:
35722: now use private ticket file for kerberos support to avoid trouncing
35723: on system one
35724: [28d8b6b812c7]
35725:
35726: 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
35727:
35728: * sudo.h:
35729: added SPOOF_ATTEMPT & cmnd_st
35730: [d3b42a1f4d0d]
35731:
35732: * sudo.c:
35733: added anti-spoofing support
35734: [ab1e2aa44a57]
35735:
35736: * parse.c:
35737: now use global cmnd_st
35738: [47018265a1a6]
35739:
35740: * logging.c:
35741: added SPOOF_ATTEMPT suypport
35742: [7bbe9dd2a021]
35743:
35744: * testsudoers.c, visudo.c:
35745: added void casts where appropriate
35746: [f191441ba333]
35747:
35748: * parse.yacc:
35749: fixed up spacing and added void casts where appropriate
35750: [15d886fc809c]
35751:
35752: * sudo.c:
35753: fixed problem with "-p prompt" but no args
35754: [6fc048261a3e]
35755:
35756: 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
35757:
35758: * sudo.man:
35759: added BUGS and annotated -l description
35760: [e5c506de2603]
35761:
35762: * sudo.h:
35763: validate() now takes a flag
35764: [26627becc60a]
35765:
35766: * sudo.c:
35767: validate() now takes a flag added -l
35768: [a4f7bb97fe54]
35769:
35770: * parse.yacc:
35771: added support for -l
35772: [e7a9b10b0ad3]
35773:
35774: * parse.c:
35775: validate() now takes a flag that says whether or not to check the
35776: command
35777: [9e1e67f4e281]
35778:
35779: 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
35780:
35781: * logging.c:
35782: now deals with Argv == 1
35783: [0acb637ab635]
35784:
35785: * sudo.man:
35786: added -p option
35787: [e60382fc0561]
35788:
35789: * sudo.c:
35790: added prompt support reworked parse_args()
35791: [2f605267ed4a]
35792:
35793: * sudo.h:
35794: added prompt
35795: [5ab021bdb419]
35796:
35797: * options.h:
35798: added PASSPROMPT
35799: [614727ff44a2]
35800:
35801: * check.c:
35802: now use BUFSIZ as length of kerb password added kpass so pass is
35803: always a char * now use prompt global when asking for a password
35804: [76be09af784f]
35805:
35806: * tgetpass.c:
35807: now use BUFSIZ as _PASSWD_LEN if using kerberos
35808: [1e907eed312b]
35809:
35810: * OPTIONS:
35811: added PASSPROMPT
35812: [ddb2f405ce40]
35813:
35814: 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
35815:
35816: * configure.in:
35817: only look for -lufc or -lcrypt if crypt() not in libc
35818: [9717d315661f]
35819:
35820: * check.c:
35821: don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
35822: (unknown user) silently fail
35823: [2b48693d4ee9]
35824:
35825: * INSTALL:
35826: added kerb4 note
35827: [986e393f740c]
35828:
35829: * tgetpass.c:
35830: HAVE_KERBEROS -> HAVE_KERB4
35831: [e438bfb5e6aa]
35832:
35833: * check.c:
35834: removed debugging printf
35835: [1cf9f5cbffa5]
35836:
35837: * configure.in:
35838: KERBEROS -> KERB4 added checks for setreuid & setresuid
35839: [01e9945beb1e]
35840:
35841: * config.h.in:
35842: HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
35843: [0e0bb5b8ac3e]
35844:
35845: * compat.h:
35846: added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
35847: with setresuid if applic
35848: [9dae24c47696]
35849:
35850: * check.c:
35851: HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
35852: no setreuid() or a broken one
35853: [1fca642bdb8e]
35854:
35855: 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
35856:
35857: * configure.in:
35858: added kerberos support
35859: [da5639b9b8e7]
35860:
35861: * config.h.in:
35862: added HAVE_KERBEROS
35863: [fcc5be550e65]
35864:
35865: * tgetpass.c:
35866: added KERBEROS support (long passwords)
35867: [303ba6924dd2]
35868:
35869: * check.c:
35870: added kerberos support
35871: [e40afe98fc1d]
35872:
35873: 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
35874:
35875: * sudo.h:
35876: added MODE_BACKGROUND
35877: [9b483c932016]
35878:
35879: * sudo.man:
35880: escaped dashes added -b option
35881: [62e84f1a7714]
35882:
35883: * sudo.c:
35884: added -b option
35885: [7e78aaefeb95]
35886:
35887: * check.c:
35888: added crypt() for osf/1 3.x enhanced secuiry
35889: [e9aa5abdb7d5]
35890:
35891: * configure.in:
35892: now check for -lcrypt
35893: [5cb9c67e9fa2]
35894:
35895: * interfaces.c:
35896: added ENXIO like EADDRNOTAVAIL
35897: [74223bb1ba75]
35898:
35899: 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
35900:
35901: * configure.in:
35902: now emulate getwd(), not getcwd()
35903: [3e5439d9a5f4]
35904:
35905: * sudo.c:
35906: getcwd() -> getwd()
35907: [6392a96a658e]
35908:
35909: * getwd.c:
35910: getcwd -> getwd
35911: [1b0ab9bae11e]
35912:
35913: 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
35914:
35915: * ins_2001.h, ins_classic.h, ins_goons.h:
35916: Initial revision
35917: [86db60d8cf00]
35918:
35919: * insults.h:
35920: broke out insults into separate include files
35921: [0a01993bd38a]
35922:
35923: * OPTIONS, options.h:
35924: added GOONS
35925: [e283203c6515]
35926:
35927: * Makefile.in:
35928: added ins_2001.h ins_classic.h ins_goons.h
35929: [2a39cd6a4cd2]
35930:
35931: * Makefile.in, version.h:
35932: ++version
35933: [05ebf4f5e41a]
35934:
35935: * visudo.c:
35936: moved signal handler setup to setup_signals()
35937: [3dd976c04540]
35938:
35939: * sudo.h:
35940: added load_interfaces()
35941: [af2d473b09e2]
35942:
35943: * sudo.c:
35944: moved load_interfaces to interfaces.c
35945: [5c8c138e5d4c]
35946:
35947: * parse.yacc:
35948: added clearaliases
35949: [aeb4ff301daa]
35950:
35951: * OPTIONS, options.h:
35952: added FAST_MATCH
35953: [f49ea3d1b525]
35954:
35955: * parse.lex:
35956: now uses clearaliases variable
35957: [a2dda415bf61]
35958:
35959: * interfaces.c:
35960: Initial revision
35961: [a1990e3f5c69]
35962:
35963: * Makefile.in:
35964: added interfaces.[co]
35965: [1e8e5984de97]
35966:
35967: * testsudoers.c:
35968: now uses ip addrs and netmasks via load_interfaces()
35969: [54b8f7a6835e]
35970:
35971: * sudo.c:
35972: now remove IFS instead of setting to "sane" value
35973: [ce7eec9f115e]
35974:
35975: 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
35976:
35977: * parse.c:
35978: added FAST_MATCH
35979: [816d4f5fe81a]
35980:
35981: 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
35982:
35983: * Makefile.in:
35984: sudo_goodpath.c-> goodpath.c
35985: [a5072c4e1de2]
35986:
35987: * sudo.c:
35988: added Andy's new ISC changes
35989: [caa6bbee358e]
35990:
35991: 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
35992:
35993: * OPTIONS:
35994: added a sentence to SECURE_PATH info
35995: [cad6e1569d15]
35996:
35997: * BUGS:
35998: added one
35999: [4b35cf699a83]
36000:
36001: * CHANGES:
36002: updated
36003: [5fded9dc62f0]
36004:
36005: * RUNSON:
36006: updated
36007: [33cb993cfd39]
36008:
36009: 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
36010:
36011: * RUNSON:
36012: updated for beta3
36013: [a05dc6a91995]
36014:
36015: * Makefile.in, version.h:
36016: ++version
36017: [54aaf3fadc75]
36018:
36019: * aclocal.m4:
36020: sendmail is now looked for in /usr/ucblib
36021: [231ac1a4662f]
36022:
36023: * sudo.c:
36024: fixed indentation
36025: [fb137400c8c2]
36026:
36027: * aclocal.m4:
36028: fixed a typo
36029: [e03f1acc468b]
36030:
36031: * sudo.c:
36032: updated ISC mods
36033: [070290d4754b]
36034:
36035: * configure.in:
36036: added unixware case
36037: [e90250bae0d9]
36038:
36039: * check.c:
36040: user_is_exempt is no longer hidden
36041: [1a341765b8af]
36042:
36043: * RUNSON:
36044: updated
36045: [a9c4898b26dd]
36046:
36047: * aclocal.m4:
36048: isc and riscos changes
36049: [98b5d86585d1]
36050:
36051: * OPTIONS:
36052: added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
36053: [e1ecc464ce4b]
36054:
36055: * Makefile.in:
36056: fixed a typo and added testsudoers stuff
36057: [435d60e163dc]
36058:
36059: * testsudoers.c:
36060: Initial revision
36061: [6ce14a448662]
36062:
36063: 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
36064:
36065: * parse.yacc:
36066: applied fixed patch from Chris
36067: [cd6144203d13]
36068:
36069: 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
36070:
36071: * Makefile.in:
36072: fixed a typo
36073: [34f8a54ba041]
36074:
36075: * parse.yacc:
36076: added a set of braces for bison
36077: [f0e43b938914]
36078:
36079: * parse.yacc:
36080: merged in Chris' changes to dekludge the parser.
36081: [82d6e373ab1c]
36082:
36083: * logging.c:
36084: send_mail() was calling find_path() which is wrong since find_path()
36085: stores cmnd in a static var. Anyhow, it doesn't make much sense
36086: since MAILER should always be fully qualified
36087: [6eae6a0b8098]
36088:
36089: 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
36090:
36091: * sample.sudoers:
36092: added User_Alias stuff
36093: [aaba8c8e918d]
36094:
36095: * aclocal.m4:
36096: SUDO_NEXT now looks for /usr/lib/NextStep/software_version
36097: [52bd81f34b32]
36098:
36099: * RUNSON:
36100: added DEC UNIX 3.0 w/ gcc
36101: [7daf570775b5]
36102:
36103: * visudo.c:
36104: Exit was being used in places where exit should be used
36105: [6026a89c07ed]
36106:
36107: * sudoers:
36108: added "User alias specification"
36109: [a487b6e234f8]
36110:
36111: * parse.yacc:
36112: fixed probs caused by making nslots and naliases a size_t
36113: [0be919384f3f]
36114:
36115: * RUNSON:
36116: added KSR, upped rev to 1.3.1b2
36117: [ce04ee6faadf]
36118:
36119: * logging.c, parse.yacc:
36120: 1024 -> BUFSIZ
36121: [cd6dda45fa11]
36122:
36123: * parse.yacc:
36124: void * -> VOID * naliases and nslots are now size_t to appease
36125: lsearch on 64-bit machines
36126: [bf2f807c0dc1]
36127:
36128: 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
36129:
36130: * TODO:
36131: did a bunch of things and added a bunch :-)
36132: [42afd957b829]
36133:
36134: * PORTING:
36135: updated
36136: [972f95c85776]
36137:
36138: * visudo.man:
36139: closer to BSD manpage style
36140: [07ae88f50325]
36141:
36142: * sudo.man:
36143: closer to standard BSD man format
36144: [372c28dcc135]
36145:
36146: * compat.h, config.h.in, emul/search.h, insults.h, options.h,
36147: pathnames.h.in, sudo.h, version.h:
36148: added RCS id
36149: [c0ec90b81002]
36150:
36151: * sudo.h:
36152: removed crufty #defines that are no longer used
36153: [35e2b4b477f0]
36154:
36155: * BUGS:
36156: fixed a bug
36157: [5bb3e1bee85e]
36158:
36159: * sudo.man:
36160: updated based on sudo changes
36161: [e65de1cae438]
36162:
36163: * parse.yacc:
36164: now allow ALL keyword in User_Aliases now allow ALL keyword as well
36165: as a NAME or ALIAS
36166: [1fb31404dd0f]
36167:
36168: * CHANGES:
36169: updated
36170: [b24018ac610b]
36171:
36172: * sudo.c:
36173: now sets SUDO_COMMAND and SUDO_GID envariables.
36174: [e9d791557fb7]
36175:
36176: * aclocal.m4:
36177: fixed bug with full void impl check
36178: [35715301023c]
36179:
36180: * parse.yacc:
36181: fixed User_Alias supoprt
36182: [4c30dfbaaa07]
36183:
36184: * parse.yacc:
36185: added stubs for User_Alias support
36186: [f4afbd247edf]
36187:
36188: * sudo.c:
36189: now sets removes # bogus interfaces from num_interfaces
36190: [6f077fac9ab1]
36191:
36192: * parse.lex:
36193: added User_Alias support
36194: [bc7997e5df85]
36195:
36196: 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
36197:
36198: * Makefile.in:
36199: removed extraneous TODO
36200: [bc87a3b14d6d]
36201:
36202: 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
36203:
36204: * visudo.c:
36205: ntwk_matches -> addr_matches
36206: [475044e288b8]
36207:
36208: * parse.yacc:
36209: ntwk_matches -> addr_matches
36210: [dd1f4093fd2d]
36211:
36212: * parse.c:
36213: ntwk_matches -> addr_matches now use inet_addr() not inet_network()
36214: (which expects octet boundaries) fixes for OSF (sizeof(int) !=
36215: sizeof(long))
36216: [acd2f556940f]
36217:
36218: * sudo.c:
36219: took out debugging info
36220: [044023063eca]
36221:
36222: * aclocal.m4:
36223: OS was being set to unknown before non-uname based host checks. This
36224: caused no checks to happen since $OS was not zero-length.
36225: [335a7267479d]
36226:
36227: * sudo.c:
36228: fixed loading of interfaces struct still has debugging info in
36229: though
36230: [2d1a18998c1e]
36231:
36232: * parse.c:
36233: fixed typo
36234: [175674a3a9fa]
36235:
36236: 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
36237:
36238: * Makefile.in:
36239: ++version
36240: [55d191b5daa3]
36241:
36242: * version.h:
36243: ++
36244: [d7d1f115696a]
36245:
36246: * visudo.c:
36247: removed extraneous extern decl of "top
36248: [50355621047d]
36249:
36250: * visudo.c:
36251: now zeros "top"
36252: [4e683210345b]
36253:
36254: * parse.yacc:
36255: removed parser_cleanup (no need for it now)
36256: [afa59f222b6c]
36257:
36258: * parse.lex:
36259: now calls reset_aliases() directly
36260: [3a23cbd60fc0]
36261:
36262: 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
36263:
36264: * OPTIONS:
36265: added a sentence to SECURE_PATH description
36266: [c5bf75b85af0]
36267:
36268: * parse.c:
36269: fixed my stupid bug where I used NAMLEN on something I wanted to
36270: just get the name from. argh.
36271: [111f460f6540]
36272:
36273: 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
36274:
36275: * lsearch.c:
36276: fixed argument order of memmove() that i hosed when converting from
36277: bcopy(). arghh.
36278: [2f5336045c8b]
36279:
36280: * Makefile.in:
36281: finally fixed DISTFILES line
36282: [a1b419e73a63]
36283:
36284: * Makefile.in:
36285: tabs -> spaces
36286: [280fb03e5764]
36287:
36288: * Makefile.in:
36289: added missing files to DISTFILES
36290: [991fc1cd2263]
36291:
36292: * Makefile.in:
36293: SUPPORTED -> RUNSON
36294: [7580e65b05fb]
36295:
36296: 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
36297:
36298: * TODO:
36299: updated
36300: [fe764a29c1cc]
36301:
36302: * RUNSON:
36303: updated for pl5b1 release
36304: [aefc35bd2291]
36305:
36306: * BUGS, TODO:
36307: updated
36308: [8f0ea249b687]
36309:
36310: * check.c:
36311: fixed bug where if you hit return at first sudo prompt it would
36312: still log as a failure
36313: [24539c854692]
36314:
36315: * CHANGES:
36316: updated
36317: [251cc7b3ede4]
36318:
36319: * aclocal.m4:
36320: better test for bogus void * implementation
36321: [efe23180cb88]
36322:
36323: * logging.c:
36324: added PASSWORDS_NOT_CORRECT
36325: [bd12c73f83f7]
36326:
36327: * check.c:
36328: added PASSWORDS_NOT_CORRECT stuff]
36329: [90de391a979f]
36330:
36331: * sudo.h:
36332: added PASSWORDS_NOT_CORRECT
36333: [727fbeb76fc5]
36334:
36335: * tgetpass.c:
36336: moved pathnames.h
36337: [4f910e5a8df7]
36338:
36339: * sudo.c:
36340: removed some unused vars and fixed up uid2str
36341: [70e92c7f9076]
36342:
36343: * putenv.c:
36344: moved compat.h
36345: [b271091586f6]
36346:
36347: * getcwd.c, getwd.c:
36348: added pathnames.h
36349: [6f25218f133f]
36350:
36351: 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
36352:
36353: * parse.yacc:
36354: fixed a typo I introduced in the last checkin :-(
36355: [62c3af75c4fe]
36356:
36357: * parse.lex:
36358: can't have #ifdef's where N is defined so just do this the broken
36359: way for AIX
36360: [c5648a5594e4]
36361:
36362: * parse.yacc:
36363: better hack from Chris (but still a hack)
36364: [6b6d8aed93f3]
36365:
36366: * parse.lex:
36367: stupid hack for broken aix lex
36368: [efc3f9e5280e]
36369:
36370: * tgetpass.c:
36371: now includes compat.h
36372: [401822173f77]
36373:
36374: * visudo.c:
36375: now includes fcntl.h
36376: [63865c2f8ac6]
36377:
36378: * compat.h:
36379: added FD_SET and FD_ZERO for 4.2BSD
36380: [00c5597c0bb0]
36381:
36382: * parse.yacc:
36383: dirty hack to fix parser bug. i don't really like this but it works
36384: for now...
36385: [5b8bbdc81569]
36386:
36387: * sudo.c:
36388: uid2str is now static like the prototype says
36389: [f2a97b5cb870]
36390:
36391: 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
36392:
36393: * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
36394: updated
36395: [6f79c3e92716]
36396:
36397: * RUNSON:
36398: Initial revision
36399: [12a09ef9e884]
36400:
36401: * sudo.c:
36402: check_sudoers now returns an error code and sudo calls inform_user
36403: and log_error based on the return value.
36404: [340eca188d9a]
36405:
36406: * logging.c, sudo.h:
36407: added entries for new errors
36408: [6050d8542e1f]
36409:
36410: * parse.c:
36411: now set uid to that of SUDOERS_OWNER while parsing sudoers file
36412: [3683c42bc9b0]
36413:
36414: * Makefile.in:
36415: took out testsudoers
36416: [65317d49db48]
36417:
36418: * sudo.c:
36419: now explicately checks that it is setuid root
36420: [2fe1be60ef6a]
36421:
36422: * sudo.c:
36423: If a user has no passwd entry sudo would segv (writing to a garbage
36424: pointer). Now allocate space before writing :-)
36425: [d08e7eb5e5ef]
36426:
36427: * configure.in:
36428: reordered AC_CHECK_FUNCS
36429: [4c82e56c6f4f]
36430:
36431: * config.h.in:
36432: fixed memset macro
36433: [77ede6b714ab]
36434:
36435: * tgetpass.c, visudo.c:
36436: bzero -> memset
36437: [1a005bb322c8]
36438:
36439: * logging.c:
36440: bzero -> memset when a parse error is logged the line number of the
36441: error is now logged too
36442: [a42d68047723]
36443:
36444: * INSTALL:
36445: added Sunos to blurb about c2 security
36446: [af750a1d131e]
36447:
36448: * configure.in:
36449: added a SUN4 define for C2 security
36450: [6ad5b23a3eb0]
36451:
36452: * config.h.in:
36453: bcopy -> memmove bzero -> memset
36454: [5494460c8464]
36455:
36456: * lsearch.c:
36457: bcopy -> memmove char * -> VOID *
36458: [a15f5c316e16]
36459:
36460: * check.c:
36461: added support for sunos with C2 security
36462: [03fea5bb21e6]
36463:
36464: * OPTIONS, options.h:
36465: reordered
36466: [1686265af3e1]
36467:
36468: * pathnames.h.in:
36469: _PATH_SUDO_LOGFILE now set based on configure
36470: [5867b58e4a04]
36471:
36472: * configure.in:
36473: added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
36474: [1984d9fd1b5c]
36475:
36476: * config.h.in:
36477: added _SUDO_PATH_LOGFILE
36478: [dd3eebe62580]
36479:
36480: * aclocal.m4:
36481: added SUDO_LOGFILE to find where to put sudo.log added
36482: SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
36483: SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
36484: [c589a515a99a]
36485:
36486: 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
36487:
36488: * TROUBLESHOOTING:
36489: Initial revision
36490: [f42f1baba3a8]
36491:
36492: * sudo.c:
36493: now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
36494: to work around a problem is trusted hpux shadow passwords. yuck.
36495: [ae1f13b54687]
36496:
36497: * parse.yacc:
36498: backed out a change in malloc/realloc
36499: [ab868db0ad69]
36500:
36501: * parse.yacc:
36502: now include stdlib.h
36503: [957eef0631eb]
36504:
36505: * visudo.c:
36506: now do an freopen() of the stmp file so that yyin will always point
36507: to the same thing. This is important for flex since we are doing a
36508: YY_NEWFILE
36509: [44558922fd3e]
36510:
36511: * parse.yacc:
36512: replaced yywrap() with parser_cleanup() since yywrap() needs to be
36513: in parse.lex to be able to use YY_NEW_FILE. sigh.
36514: [12dd09921074]
36515:
36516: * parse.lex:
36517: now have a rule that matches anything that doesn't match an
36518: explicite rule. well, you know what i mean (. matches anything not
36519: yet matched). However, this means that there is input still queued
36520: up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
36521: into parse.lex and it calls parser_cleanup() which is most of the
36522: old yywrap() sigh.
36523: [7f4042bc48d6]
36524:
36525: * SUPPORTED:
36526: no longer used
36527: [8f220be4da94]
36528:
36529: * getcwd.c, getwd.c:
36530: moved compat.h to be the last include file
36531: [9f3a65e2d485]
36532:
36533: * parse.yacc:
36534: fixed type of aliascmp() args
36535: [1c27eb989bdf]
36536:
36537: * find_path.c:
36538: NULL -> '\0'
36539: [5c8d8cf1692e]
36540:
36541: * parse.yacc:
36542: added casts to lfind and lsearch args for irix
36543: [61027ddeecf8]
36544:
36545: * Makefile.in:
36546: bsdinstall -> install-sh
36547: [61de6612c5a5]
36548:
36549: * INSTALL:
36550: added info about make realclean
36551: [29c6324d727f]
36552:
36553: * Makefile.in:
36554: updated VERSION added dependencies for visudo.cat
36555: [09077d7229d4]
36556:
36557: * version.h:
36558: -> pl5b1
36559: [5d21c7ad1a41]
36560:
36561: * sudo.c:
36562: took out -l
36563: [fc1478d81b38]
36564:
36565: * Makefile.in:
36566: now there is a real visudo.man and visudo.cat
36567: [58aeac43a6dd]
36568:
36569: * sudo.man:
36570: took out visudo stuff
36571: [4a6ac4393343]
36572:
36573: * visudo.man:
36574: Initial revision
36575: [cba348843db8]
36576:
36577: * parse.c, parse.lex, parse.yacc:
36578: updated copyright
36579: [ffa16b70944a]
36580:
36581: * README:
36582: updated for pl5
36583: [a26e423e9e5f]
36584:
36585: * sudo.man:
36586: updated Nieusma & Hieb email addresses
36587: [f0083e71989d]
36588:
36589: * INSTALL:
36590: updated to include options.h and OPTIONS
36591: [ee59e2b76c94]
36592:
36593: * CHANGES, TODO:
36594: updated
36595: [51e011ad5220]
36596:
36597: * BUGS:
36598: eliminated bug #1 (yay)
36599: [e7e88515494e]
36600:
36601: * configure.in:
36602: sunos no longer gets linked statically
36603: [2e5b3ff3108f]
36604:
36605: 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
36606:
36607: * parse.lex:
36608: prototype now uses __P()
36609: [68ecdcab4c70]
36610:
36611: * parse.lex:
36612: make fill() non-ansi
36613: [d6509972260b]
36614:
36615: * parse.c:
36616: made -v (validate) work
36617: [13c9d520638c]
36618:
36619: * logging.c:
36620: now gives host
36621: [f04859cdba5a]
36622:
36623: * find_path.c:
36624: don't check for execute/statable if fq or relative path given
36625: [4bbe851f3973]
36626:
36627: * parse.c:
36628: added a cast
36629: [345c308f72f3]
36630:
36631: * visudo.c:
36632: now include ctype.h for islower and tolower macros
36633: [582c0aa332d5]
36634:
36635: * goodpath.c:
36636: moved _S_IFMT & _S_ISREG to compat.h
36637: [828e4ca4e7b4]
36638:
36639: * sudo.c:
36640: moved a set of parens
36641: [5783474ecf37]
36642:
36643: * strdup.c:
36644: now include compat.h
36645: [75e2036b94af]
36646:
36647: * emul/search.h:
36648: void * -> VOID *
36649: [cedcfaf04161]
36650:
36651: * parse.yacc:
36652: now cast malloc & realloc return vals added search for HAVE_LSEARCH
36653: now use strcmp if no strcasecmp available
36654: [d6a42bc3d4ae]
36655:
36656: * lsearch.c:
36657: void * -> VOID *
36658: [886adc44f607]
36659:
36660: * config.h.in:
36661: removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
36662: HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
36663: [3b50d7fb4349]
36664:
36665: * compat.h:
36666: added _S_IFMT, _S_IFREG, and S_ISREG
36667: [73d506c7d53c]
36668:
36669: * aclocal.m4:
36670: took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
36671: to most SUDO_* macros
36672: [8442155f5936]
36673:
36674: * Makefile.in:
36675: no more -I.
36676: [63462f195bd4]
36677:
36678: * configure.in:
36679: various 1.x ro 2.x autoconf changes now check for strcasecmp now use
36680: AC_INSTALL_PROG instead of custom one added check for fully woorking
36681: void implementation
36682: [5ac6b6e6230f]
36683:
36684: * Makefile.in:
36685: added lsearch & search.h visudo links into $(LIBOBJS)
36686: [bc119cda4598]
36687:
36688: * aclocal.m4:
36689: partial 1.x to 2.x changes added SUDO_FULL_VOID
36690: [1194d01fa5c5]
36691:
36692: * visudo.c:
36693: whatnow_help was prototyped to be static be was not declared as such
36694: [0f85489dd426]
36695:
36696: * configure.in:
36697: autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
36698: for dirent/dir/ndir.h
36699: [7408f3854948]
36700:
36701: * parse.c:
36702: now use groovy gnu autoconf macro AC_HEADER_DIRENT
36703: [e465db9f5dfa]
36704:
36705: * getcwd.c, getwd.c:
36706: MAXPATHLEN -> MAXPATHLEN+1
36707: [714d87424e21]
36708:
36709: * emul/search.h, lsearch.c:
36710: Initial revision
36711: [55d79482c535]
36712:
36713: 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
36714:
36715: * parse.yacc:
36716: eliminated bison warnings
36717: [61ca0a96da22]
36718:
36719: * parse.lex:
36720: added missing case
36721: [6be0f849747c]
36722:
36723: * visudo.c:
36724: now iincludes signal.h
36725: [221e0fcc144f]
36726:
36727: * parse.yacc:
36728: only clear data structures on a parse error
36729: [7b1c0f1a4527]
36730:
36731: * visudo.c:
36732: whatnow() now gives help on invalid input
36733: [e5a4cd88c587]
36734:
36735: * visudo.c:
36736: added a whatnow() function (sort of like mh)
36737: [932d9b145f1c]
36738:
36739: * parse.yacc:
36740: kill_aliases -> reset_aliases yywrap() now cleans up by calling
36741: reset_aliases() and clearing top took reset stuff out of yyerror()
36742: since it doesn't beling there (and doesn't work anyway). errorlineno
36743: is now initially set to -1 so we can set it to the first error that
36744: occurrs (it was getting set to the last)
36745: [2f71f95a974c]
36746:
36747: * parse.lex:
36748: added a void cast
36749: [18ae6042dce4]
36750:
36751: * visudo.c:
36752: rewrote from scratch based on 4.3BSD vipw.c
36753: [2f6814f18576]
36754:
36755: 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
36756:
36757: * sudo.c, sudo.h:
36758: removed ocmnd
36759: [a31735f41ad4]
36760:
36761: * sudo.h:
36762: no more sudo_realpath() and find_path() changed params
36763: [8e85c3b39159]
36764:
36765: * sudo.c:
36766: find_path() changed since no more realpath()
36767: [b25366c7f2ee]
36768:
36769: * parse.yacc:
36770: on error, errorlineno is set to the line where the error occurred
36771: added kill_aliases() to free the aliases struct now clean up in
36772: yyerror() so we can reparse cleanly
36773: [2342f578c27a]
36774:
36775: * options.h, parse.c:
36776: no more USE_REALPATH
36777: [cfc59babeaff]
36778:
36779: * logging.c:
36780: changed to use new find_path()
36781: [91c7a38e7751]
36782:
36783: * find_path.c:
36784: removed all the realpath() stuff
36785: [cc21a43a8562]
36786:
36787: * Makefile.in:
36788: sudo_realpath.c -> sudo_goodpath.c
36789: [03a9b1ddec2f]
36790:
36791: * visudo.c:
36792: now works correctly with utk parser
36793: [08aa554a0ce8]
36794:
36795: * goodpath.c:
36796: Initial revision
36797: [1ea607e1ffb2]
36798:
36799: * sudo_realpath.c:
36800: eliminated a compiler warning
36801: [198bcccc55b6]
36802:
36803: * sudo.c:
36804: elinated compiler warning
36805: [e2384f9a878b]
36806:
36807: * sudo_realpath.c:
36808: added sudo_goodpath()
36809: [43878c4cc540]
36810:
36811: * sudo.h:
36812: added prototype for sudo_goodpath
36813: [23e8627a2265]
36814:
36815: * parse.c:
36816: added support for /sys/dir.h
36817: [eca897087741]
36818:
36819: * options.h:
36820: USE_REALPATH turned off
36821: [620ac8b63d85]
36822:
36823: * find_path.c:
36824: added calls to sudo_goodpath()
36825: [ad170904fbcd]
36826:
36827: * configure.in:
36828: added check for dirent.h
36829: [7964a8c26855]
36830:
36831: * config.h.in:
36832: added HAVE_DIRENT_H
36833: [1f785fec7e19]
36834:
36835: * configure.in:
36836: added in linux shadow pass stuff
36837: [e585a5785f50]
36838:
36839: 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
36840:
36841: * visudo.c:
36842: added back host, user, cmnd, parse_error
36843: [0ec19f3d64f4]
36844:
36845: * visudo.c:
36846: added in utk changes plus some minor cosmetic changes
36847: [c5c1921c8a58]
36848:
36849: * sudo.c, sudo_realpath.c:
36850: added void casts for printf's
36851: [9c6ff11c0082]
36852:
36853: * options.h:
36854: added a define of USE_REALPATH
36855: [db3711c9efc5]
36856:
36857: * configure.in:
36858: there is no more visudoers/Makefile
36859: [36e1bc1f78d0]
36860:
36861: * Makefile.in:
36862: added in utk changes (visudo is now built from the toplevel)
36863: [76203d4b345d]
36864:
36865: * find_path.c:
36866: added (void) casts to printf's
36867: [dd5cb1e060ac]
36868:
36869: * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
36870: merged in utk changes
36871: [35563307fd8e]
36872:
36873: 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
36874:
36875: * find_path.c:
36876: now check to see that what we are trying to run is a file (or a link
36877: to a file, we do a stat(2) so there is no diff)
36878: [05889c4bcace]
36879:
36880: 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
36881:
36882: * CHANGES:
36883: updated
36884: [3e8047bb26fb]
36885:
36886: * Makefile.in:
36887: aclocal.m4 -> acsite.m4 make realclean updated for new autoconf
36888: [0bdbaa7c4c7d]
36889:
36890: * sudo.man:
36891: added myself as maintainer
36892: [77a9d75aab84]
36893:
36894: 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
36895:
36896: * sudo.c:
36897: changed setegid -> setgid
36898: [7f4788d73b6f]
36899:
36900: 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
36901:
36902: * configure.in:
36903: fixed the test for irix 5.x to skip bad libs
36904: [bfef896de013]
36905:
36906: * aclocal.m4:
36907: now initialize OS and OSREV
36908: [cc302756e440]
36909:
36910: 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
36911:
36912: * configure.in:
36913: irix5 changes
36914: [ac985b23f5f2]
36915:
36916: * configure.in:
36917: AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
36918: compatibility
36919: [0cf8c92a06d7]
36920:
36921: 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
36922:
36923: * visudo.c:
36924: use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
36925: thing wrt yyrestart (grrrr)
36926: [18e8eabfbb82]
36927:
36928: 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
36929:
36930: * Makefile.in:
36931: added visudoers/compat.h to DISTFILES
36932: [db23b574b034]
36933:
36934: * configure.in:
36935: fixed an echo
36936: [7cbc0462b89d]
36937:
36938: * sudo.c:
36939: added ocmnd declaration adjusted for find_path()'s new parameters
36940: [d929cd156474]
36941:
36942: * sudo.h:
36943: added ocmnd extern adjusted find_path() prototype
36944: [e0004daf5d3c]
36945:
36946: * parse.c:
36947: cmndcmp() now takes 3 arguments and checks against the qualified as
36948: well as the unqualified pathname. more code that should use
36949: cmndcmp() but did not, now does
36950: [6f70a8c17bee]
36951:
36952: * options.h:
36953: added to a comment
36954: [7a78680426b2]
36955:
36956: * logging.c:
36957: changed to use new find_path() parameter passing
36958: [840981d30db4]
36959:
36960: * find_path.c:
36961: find_path() now takes 2 copyout parameters (one for the qualified
36962: pathname and one for the unqualified pathname). The third parameter
36963: may be NULL.
36964: [851503b005e9]
36965:
36966: * configure.in:
36967: no longer munge pathnames.h
36968: [427d8796c5a9]
36969:
36970: * pathnames.h.in:
36971: changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
36972: as a result, pathnames.h does not need to be run through configure
36973: and the user can override the configured values easily.
36974: [2e378f2ebe88]
36975:
36976: * config.h.in:
36977: added _SUDO_PATH_* entries
36978: [0857de7cebab]
36979:
36980: * aclocal.m4:
36981: _PATH* -> _SUDO_PATH_*
36982: [7601193f56cc]
36983:
36984: * Makefile.in:
36985: updated DISTFILES and HDRS .o's now depend on config.h
36986: [39d8601965cf]
36987:
36988: 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
36989:
36990: * compat.h:
36991: removed extraneous #endif
36992: [27d4c5f2ce7e]
36993:
36994: * aclocal.m4:
36995: added SUDO_PROG_MV
36996: [76dda3bdd816]
36997:
36998: * configure.in:
36999: added SUDO_PROG_MV added riscos and isc os types took out
37000: -DSHORT_MESSAGE from --with-csops since it is now the default
37001: [68c206ad976e]
37002:
37003: * sudo.c:
37004: move the include of id.h to compat.h now includes options.h
37005: [45a1eaafb3a8]
37006:
37007: * sudo.h:
37008: moved compatibility #defines to compat.h
37009: [0eee27057698]
37010:
37011: * pathnames.h.in:
37012: added _PATH_MV
37013: [e830797ab320]
37014:
37015: * config.h.in:
37016: move __P to compat.h
37017: [188e12e0ba93]
37018:
37019: * getcwd.c, getwd.c, putenv.c:
37020: now includes compat.h
37021: [c72cb6d73981]
37022:
37023: * compat.h:
37024: Initial revision
37025: [d4d2f359ae03]
37026:
37027: 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
37028:
37029: * sudo.h:
37030: pull user-configurable stuff out and put in options.h
37031: [ef929467b070]
37032:
37033: 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
37034:
37035: * parse.lex, parse.yacc, visudo.c:
37036: now includes options.h
37037: [e36d7c82add1]
37038:
37039: * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
37040: sudo_setenv.c:
37041: now includes options.h
37042: [f186ba03de07]
37043:
37044: * Makefile.in:
37045: added visudoers/options.h
37046: [e5350c476494]
37047:
37048: * OPTIONS, options.h:
37049: Initial revision
37050: [9b6b5001e318]
37051:
37052: * Makefile.in:
37053: added OPTIONS and options.h
37054: [25448341e16a]
37055:
37056: * logging.c:
37057: changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
37058: [5dd6385dd1d3]
37059:
37060: * check.c, sudo.h:
37061: changed PASSWORD_TIMEOUT to minutes
37062: [0ec6aab98738]
37063:
37064: 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
37065:
37066: * visudo.c:
37067: now only do Editor +line_num if line_num != 0
37068: [b69f04b5e3c7]
37069:
37070: 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
37071:
37072: * visudo.c:
37073: now use mv if rename(2) fails
37074: [83210dca1bab]
37075:
37076: * BUGS:
37077: added a visudo bug
37078: [d61a806f9aa7]
37079:
37080: * check.c:
37081: expanded comment
37082: [641f2cba94cb]
37083:
37084: 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
37085:
37086: * check.c:
37087: fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
37088: [7a11135039a8]
37089:
37090: 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
37091:
37092: * sudo.c:
37093: added mips & isc support
37094: [e258dc053119]
37095:
37096: * parse.c:
37097: added support for non-root owned sudoers file
37098: [fea07e65a0fc]
37099:
37100: * check.c:
37101: added exempt group support
37102: [928fb4bd9ad5]
37103:
37104: * sudo.h:
37105: added set_perms() support added SUDOERS_OWNER so can have non-root
37106: own sudoers file added exempt group support added isc support
37107: [61c578d31fc1]
37108:
37109: * visudo.c:
37110: now copy sudoers to temp file via read/write (not stdio) now chown
37111: new sudoers file to SUDOERS_OWNER
37112: [a5176c59df70]
37113:
37114: 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
37115:
37116: * configure.in:
37117: added skey support
37118: [35a8d2fabdb7]
37119:
37120: * sudo_realpath.c:
37121: be_* -> setperms()
37122: [a1631d686e1c]
37123:
37124: * sudo.h:
37125: fixed typo added set_perms support added skey support added
37126: seteuid()/setegid() emulation for AIX
37127: [c0c8d6771406]
37128:
37129: * sudo.c:
37130: be_* -> setperms() now check to make sure sudoers file is owned by
37131: root nread/write by only root
37132: [13ab1e261f1a]
37133:
37134: * logging.c, parse.c:
37135: be_* -> setperms()
37136: [21499d845c8f]
37137:
37138: * check.c:
37139: be_* -> set_perms() added skey support
37140: [df51b56871c1]
37141:
37142: 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
37143:
37144: * Makefile.in:
37145: ++version
37146: [3c1abbe4e43c]
37147:
37148: * version.h:
37149: ++
37150: [1d2f9b540a95]
37151:
37152: 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
37153:
37154: * sudo.c:
37155: now sets IFS
37156: [eabbb41b9f08]
37157:
37158: * insults.h:
37159: fixed typo
37160: [c7997f19216e]
37161:
37162: 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
37163:
37164: * config.h.in:
37165: added HAVE_SKEY
37166: [da948ec4186b]
37167:
37168: 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
37169:
37170: * CHANGES:
37171: updated
37172: [f4b55ab007ea]
37173:
37174: * Makefile.in:
37175: ++version
37176: [0489068b8c95]
37177:
37178: * version.h:
37179: ++
37180: [d189faedf423]
37181:
37182: * sudo.c:
37183: now bail if ARgv[1] > MAXPATHLEN
37184: [0cea8ecc9dc2]
37185:
37186: * configure.in:
37187: added function check for tcgetattr(3)
37188: [e03289b22c2f]
37189:
37190: * config.h.in:
37191: only define HAVE_TERMIOS_H if you have tcgetattr(3)
37192: [757eab83d1a2]
37193:
37194: * config.h.in:
37195: added check for tcgetattr
37196: [c5ae92715930]
37197:
37198: 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
37199:
37200: * CHANGES:
37201: updated
37202: [cbc419883108]
37203:
37204: 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
37205:
37206: * parse.lex:
37207: now only include unistd.h for linux
37208: [e9adeab95ef0]
37209:
37210: 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
37211:
37212: * Makefile.in:
37213: added visudo.8 generation
37214: [d6a3f0f887f8]
37215:
37216: * configure.in:
37217: added -Wl,-bI:./aixcrypt.exp to aix flags
37218: [72594a21edcf]
37219:
37220: 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
37221:
37222: * BUGS:
37223: added one
37224: [9993a349e096]
37225:
37226: * CHANGES:
37227: updated
37228: [297b31ec4cdd]
37229:
37230: * README:
37231: added mailing list info
37232: [10372f94a2b2]
37233:
37234: * parse.yacc:
37235: now use sudolineno instead of yylineno fixed bison warnings
37236: [25a83e62057b]
37237:
37238: * configure.in:
37239: now use -no_library_replacement for osf don't make a static binary
37240: for hpux >= 9.0
37241: [1fa7b892f1a3]
37242:
37243: * tgetpass.c:
37244: added string.h/strings.h inclusion
37245: [71faa98fc0a1]
37246:
37247: * config.h.in:
37248: added ssize_t def
37249: [406284bd1ac0]
37250:
37251: * parse.lex:
37252: added inclusion of string.h/strings.h
37253: [6985b1df5d09]
37254:
37255: * aclocal.m4:
37256: fixed uname | sed (needed to quote the '[')
37257: [4cd2d3415c1a]
37258:
37259: * parse.lex:
37260: replaced yylineno with sudolineno fixed bison syntax errors
37261: [0bd31a5fab26]
37262:
37263: * visudo.c:
37264: changed yylineno to sudolineno since yylineno cannot be counted
37265: upon.
37266: [38c30104d0ae]
37267:
37268: * TODO:
37269: updated
37270: [5d4746f1a752]
37271:
37272: * parse.c:
37273: added code to support command listings
37274: [030172e133fd]
37275:
37276: * sudo.c:
37277: added code for -l flag
37278: [801dbbc82778]
37279:
37280: * sudo.man:
37281: fixed typo added info for -l flag
37282: [8916ca945d65]
37283:
37284: * configure.in:
37285: AC_SSIZE_T -> SUDO_SSIZE_T
37286: [c61f7f47013f]
37287:
37288: * aclocal.m4:
37289: added SUDO_SSIZE_T
37290: [0ccdb77be84d]
37291:
37292: * sudo.h:
37293: added MODE_LIST
37294: [9b2bd844c76c]
37295:
37296: * configure.in:
37297: added AC_SSIZE_T
37298: [35cca208f9b5]
37299:
37300: * find_path.c, sudo_realpath.c:
37301: readlink() is now declared as returning ssize~_t
37302: [0640a08d1407]
37303:
37304: * configure.in:
37305: added -laud for OSF c2
37306: [b7539c905efc]
37307:
37308: 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
37309:
37310: * Makefile.in, visudo.c:
37311: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
37312: [067fd9bcb5e1]
37313:
37314: * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
37315: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
37316: [fc46e7c7110a]
37317:
37318: * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
37319: parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
37320: sudo_setenv.c, tgetpass.c, version.h:
37321: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
37322: [d1d4fbc53a98]
37323:
37324: 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
37325:
37326: * Makefile.in:
37327: ++version
37328: [b7066d97633f]
37329:
37330: * version.h:
37331: ++
37332: [65ec69d88110]
37333:
37334: * logging.c:
37335: added host to alertmail messages
37336: [d973c19ce777]
37337:
37338: * CHANGES, TODO:
37339: udpated
37340: [5a65eb16faeb]
37341:
37342: * logging.c:
37343: fixed logging problem where mail would not say which user it was
37344: [35723edcc5d2]
37345:
37346: * configure.in:
37347: added -laud for gcc if osf & c2
37348: [18f1e0ae5548]
37349:
37350: * check.c:
37351: moved set_auth_parameters to sudo.c
37352: [d23112fe01db]
37353:
37354: * sudo.c:
37355: added set_auth_parameters for osf
37356: [eb70f65214ac]
37357:
37358: * configure.in:
37359: cleaned up -static stuff
37360: [01e9575f0422]
37361:
37362: * Makefile.in:
37363: ++version
37364: [7ac3bff5c770]
37365:
37366: * version.h:
37367: ++
37368: [10a4ff478469]
37369:
37370: * sudo.c:
37371: changed setenv() to sudo_setenv()
37372: [40a78abb9946]
37373:
37374: * check.c:
37375: fixed osf problem
37376: [3d69b118efb8]
37377:
37378: * configure.in:
37379: added OSF C2 stuff
37380: [38cff3ad4093]
37381:
37382: * CHANGES:
37383: updated
37384: [cd341dd0581a]
37385:
37386: * check.c:
37387: added osf auth support & removed some extra spaces
37388: [a448cdd81514]
37389:
37390: * INSTALL, SUPPORTED:
37391: added osf C2 stuff
37392: [f70484796146]
37393:
37394: 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
37395:
37396: * TODO:
37397: added 2 suggestions
37398: [695fbdbd86e6]
37399:
37400: * Makefile.in:
37401: removed README.v1.3.1 and added VERSION stuff
37402: [f69403eb04c6]
37403:
37404: * version.h:
37405: pl1
37406: [21580c0f8cb1]
37407:
37408: 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
37409:
37410: * version.h:
37411: 1.3.1final
37412: [630114970298]
37413:
37414: * Makefile.in:
37415: added HISTORY
37416: [901bff251614]
37417:
37418: * sudo.man:
37419: mention HISTPRY file
37420: [86dbcfd4326e]
37421:
37422: * sudo.c:
37423: use sizeof instead of a constant in 1 place
37424: [d819604c68ca]
37425:
37426: * parse.yacc:
37427: added unistd.h
37428: [6f9500f9fe7e]
37429:
37430: * parse.lex:
37431: added unistd.h
37432: [468b81a276eb]
37433:
37434: * README:
37435: udpated
37436: [7e275618923a]
37437:
37438: * HISTORY:
37439: Initial revision
37440: [5db1b0a3939b]
37441:
37442: 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
37443:
37444: * version.h:
37445: ++
37446: [7dfbb4a810bb] [SUDO_1_3_1]
37447:
37448: * CHANGES:
37449: updated
37450: [7820ee610bf8]
37451:
37452: * sudo_setenv.c:
37453: added unistd.h include
37454: [30cf2b654525]
37455:
37456: 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
37457:
37458: * sudo.c:
37459: added sys/time.h for AIX
37460: [199fc8caf3a3]
37461:
37462: 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
37463:
37464: * configure.in:
37465: added check for -lsocket and sys/sockio.h
37466: [f9abfbb31031]
37467:
37468: * config.h.in:
37469: took out libshadow check and added in sys/sockio.h check
37470: [0c4b0393ac80]
37471:
37472: * sudo.c:
37473: now include sockio.h instead of ioctl.h if it exists "sudo -" now
37474: gets a better error message
37475: [53041bea5483]
37476:
37477: * sample.sudoers:
37478: now has a dir and subnet entry
37479: [56b820f65438]
37480:
37481: 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
37482:
37483: * sudo.c:
37484: removed if_ether.h
37485: [b4f64507493e]
37486:
37487: * TODO:
37488: added an item
37489: [ea2a1bb6922a]
37490:
37491: * sudo.man:
37492: added network and ip addresses to man page
37493: [01c85016511f]
37494:
37495: * sudo.c:
37496: no error if can't get interfaces or netmask since networking may not
37497: be in the kernel.
37498: [50b8890e2134]
37499:
37500: * parse.c:
37501: nwo check for interfaces == NULL
37502: [dc1b3eef0db2]
37503:
37504: * parse.c:
37505: fixed a bug that caused directory specs in a Cmnd_Alias to fail if
37506: the last entry in the spec failed (ie: it was only looking at the
37507: last entry). CLeaned things up by adding the cmndcmp() function--all
37508: neat & tidy
37509: [007e93578e5e]
37510:
37511: * CHANGES:
37512: added one
37513: [40e8a2cef497]
37514:
37515: 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
37516:
37517: * sudo.c:
37518: now do two passes to skip bogus interfaces (lo0, etc)
37519: [465e30aecaf7]
37520:
37521: * parse.lex, parse.yacc, visudo.c:
37522: added include of netinet/in.h
37523: [11e3816ed362]
37524:
37525: * logging.c, sudo_realpath.c, sudo_setenv.c:
37526: added ninclude of netinet/in.h
37527: [daccfa40fe1e]
37528:
37529: * check.c, find_path.c, getcwd.c, getwd.c:
37530: added include of netinet/in.h
37531: [0222f95e06ad]
37532:
37533: * version.h:
37534: ++
37535: [d6b0cfa35a38]
37536:
37537: * sudo.h:
37538: added interfaces global
37539: [ba52fa8ad75e]
37540:
37541: * parse.c:
37542: now uses new interfaces global
37543: [17473ad5ecba]
37544:
37545: * sudo.c:
37546: now ip addresses are gleaned fw/o dns
37547: [8828bb2007e0]
37548:
37549: 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
37550:
37551: * sudo.c:
37552: added load_ip_addrs() to load the ip_addrs global var
37553: [60c825f04238]
37554:
37555: * parse.c:
37556: added hostcmp() to compare hostnames, ip addrs, and network addrs
37557: [ab0e40e37537]
37558:
37559: * sudo.h:
37560: added ip_addrs def added load_ip_addrs prototype
37561: [c41c565d0777]
37562:
37563: 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
37564:
37565: * CHANGES:
37566: updated
37567: [2a128dbe9bcb]
37568:
37569: * Makefile.in:
37570: removed multiple entries in DISTFILES
37571: [2490f4f371e6]
37572:
37573: * visudo.c:
37574: ansified the !STDC_HEADERS decls
37575: [646ba06d17ae]
37576:
37577: * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
37578: don't do malloc decl if gnuc
37579: [f1bad1925f98]
37580:
37581: * sudo.c:
37582: can't use getopt(3) since it munges args to the command to be run as
37583: root don't do malloc decl if gnuc
37584: [38e78f6da14e]
37585:
37586: * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
37587: sudo_realpath.c, sudo_setenv.c:
37588: ansi-fied !STDC_HEADER function prottypes
37589: [51d8cad89976]
37590:
37591: * getcwd.c, getwd.c:
37592: added missing paren
37593: [6a1fae70e27e]
37594:
37595: * Makefile.in:
37596: added putenv.c to DISTFILES
37597: [a5e4523eabbb]
37598:
37599: * sudo_setenv.c:
37600: added params to func decls when STDC_HEADERS is not defined now can
37601: count on putenv() being there
37602: [fd587796189b]
37603:
37604: * sudo_realpath.c:
37605: took out errno decl since sudo.h does it for us fixed up a next cc
37606: warning added params to func decls when STDC_HEADERS is not defined
37607: [70fa5152ace6]
37608:
37609: * sudo.h:
37610: took out environ extern added local declaratio of putenv() if local
37611: version is needed
37612: [a84bae6c020d]
37613:
37614: * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
37615: added params to func decls when STDC_HEADERS is not defined
37616: [f406f0e47ac0]
37617:
37618: * config.h.in:
37619: added memcpy check check to see that ansi vs bsd macros are ntot
37620: already defiend before defining (ie: avoid redefinition)
37621: [879ae026e19f]
37622:
37623: * configure.in:
37624: removed fluff setenv check plus check w/ replace for putenv if also
37625: no setenv
37626: [e3c03814ad4b]
37627:
37628: * putenv.c:
37629: Initial revision
37630: [3cff63e2dc1b]
37631:
37632: 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
37633:
37634: * sudo_setenv.c:
37635: Initial revision
37636: [4d637631fa6b]
37637:
37638: * sudo.h:
37639: rm'd s realp[ath added sudo_realpath and sudo_setenv
37640: [07ba001ff57e]
37641:
37642: * sudo.c:
37643: now use sudo_setenvc
37644: [fd81e04d5ef0]
37645:
37646: * configure.in:
37647: added puteenv and setenv, removed realpath
37648: [27bfacfb513b]
37649:
37650: * config.h.in:
37651: added putenv & setenv
37652: [515f14eaf6e4]
37653:
37654: * Makefile.in:
37655: added sudo_setenv
37656: [217731a717c5]
37657:
37658: * version.h:
37659: ++
37660: [eadb346d7129]
37661:
37662: 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
37663:
37664: * configure.in:
37665: added MAN_POSTINSTALL and /usr/share/catman for irix
37666: [2a9496c1bdba]
37667:
37668: * Makefile.in:
37669: added MAN_POSTINSTALL
37670: [89b0d4695529]
37671:
37672: * CHANGES:
37673: added
37674: [48c021ba8a70]
37675:
37676: * sudo.man:
37677: added SUDO_* plus new options
37678: [c0759cff5683]
37679:
37680: * CHANGES:
37681: added one
37682: [7d44a3922d56]
37683:
37684: * configure.in:
37685: took out shadow lib
37686: [07cf3de18701]
37687:
37688: * TODO:
37689: adde done
37690: [a27a578e8afe]
37691:
37692: * visudo.c:
37693: now use yyrestart() if flex now reset yylineno to 0
37694: [77d67ce0b677]
37695:
37696: * Makefile.in:
37697: support for installing a cat page instead of a man page if no nroff
37698: [44671c0fc0fa]
37699:
37700: * configure.in:
37701: now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
37702: to determine whether or not to install a cat or man page
37703: [0562d069c135]
37704:
37705: * config.h.in:
37706: added HAVE_FLEX
37707: [c5490bae39d3]
37708:
37709: * sudo.c:
37710: not set ret to MODE_RUN initially
37711: [88b4983c195b]
37712:
37713: * find_path.c:
37714: made command (and therefor cmnd dynamically allocated)
37715: [95b82e32b6de]
37716:
37717: * TODO:
37718: did #8
37719: [fb6f41308cdf]
37720:
37721: * version.h:
37722: ++
37723: [14112ecab5ae]
37724:
37725: * sudo_realpath.c:
37726: changed bufs from MAXPATHLEN to MAXPATHLEN+1
37727: [0ad4f34e55c0]
37728:
37729: * sudo.h:
37730: added MODE_ removed validate_only and added remove_timestamp()
37731: [dd5f99c57728]
37732:
37733: * sudo.c:
37734: usage() now takes an int (exit value) added parse_args() to parse
37735: command line arguments moved call to find_path() from load_globals
37736: to new function load_cmnd() removed validate_only global -- now use
37737: the concept of "modes" added -h and -k options
37738: [c3887090b28a]
37739:
37740: * parse.c:
37741: no longer use global validate_only now checks for command called
37742: "validate" removed check for non-fully qualified commands since that
37743: is done by find_path
37744: [7d56fbd26369]
37745:
37746: * find_path.c:
37747: changed MAXPATHLEN r to MAXPATHLEN+1
37748: [a86e8664d971]
37749:
37750: * find_path.c:
37751: fixed off by one error with MAXPATHLEN and fixed a comment
37752: [58adcef8c981]
37753:
37754: * check.c:
37755: check_timestamp no longer runs reminder(), it is implied in the
37756: return val added remove_timestamp()
37757: [42ab5a77066f]
37758:
37759: * CHANGES:
37760: updated
37761: [8e69b31df024]
37762:
37763: 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
37764:
37765: * BUGS:
37766: fixed on
37767: [bc34f1ac4280]
37768:
37769: * sudo_realpath.c:
37770: took out old_errno
37771: [a168d00a0768]
37772:
37773: * CHANGES:
37774: updated
37775: [04ba80922df7]
37776:
37777: 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
37778:
37779: * logging.c:
37780: moved send_mail to after syslog
37781: [4d4188087834]
37782:
37783: * sudo.c:
37784: now set SUDO_ envariables
37785: [e5963f1bd3bb]
37786:
37787: 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
37788:
37789: * version.h:
37790: ++
37791: [2a4534845d8c]
37792:
37793: * sudo_realpath.c:
37794: now print error if chdir fails
37795: [0d75c8973d49]
37796:
37797: * find_path.c:
37798: removed an XXX
37799: [e2077bcb35aa]
37800:
37801: 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
37802:
37803: * CHANGES:
37804: updated
37805: [e30a2b39b41a]
37806:
37807: * configure.in:
37808: no more static binaries for aix
37809: [77a0beb6bd80]
37810:
37811: 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
37812:
37813: * INSTALL:
37814: fixed typo
37815: [ba5e0d391bc4]
37816:
37817: * sudo_realpath.c:
37818: took out stuff not needed for sudo now does be_root/be_user itself
37819: now uses cwd global
37820: [4f6d4641d793]
37821:
37822: * version.h:
37823: +=2
37824: [97da927b297c]
37825:
37826: * logging.c, sudo.c:
37827: be_root/be_user is now down in sudo_realpath()
37828: [f331662fa50f]
37829:
37830: * logging.c, sudo.h:
37831: now works with 4.2BSD syslog (blech)
37832: [98e39d89dd36]
37833:
37834: * find_path.c:
37835: now use sudo_realpath()
37836: [ab436a8ebd02]
37837:
37838: * config.h.in:
37839: took out realpth() stuff since we now use sudo_realpath()
37840: [8de5ef9f6044]
37841:
37842: * configure.in:
37843: ultrix enhanced sec
37844: [815fb7fffcc0]
37845:
37846: * SUPPORTED:
37847: added ultrix enhanced sec.
37848: [6466766c8062]
37849:
37850: * INSTALL:
37851: updated
37852: [d681a634297a]
37853:
37854: * check.c:
37855: ultrix enhanced security suport
37856: [f10c8decbcc2]
37857:
37858: * Makefile.in:
37859: added sudo_realpath.c
37860: [6b9bcd3be022]
37861:
37862: * CHANGES:
37863: updated
37864: [2fa8084c1b53]
37865:
37866: * tgetpass.c:
37867: increased passwd len to 24 for c2 security
37868: [ec64838be62d]
37869:
37870: * BUGS:
37871: updated BUGS
37872: [ca00d8fec2ce]
37873:
37874: 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
37875:
37876: * check.c:
37877: now use user global var
37878: [568769719013]
37879:
37880: * configure.in:
37881: took out -ls
37882: [490a44180d5f]
37883:
37884: 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
37885:
37886: * configure.in:
37887: added AFS libs
37888: [4fb40c8c01ba]
37889:
37890: * sudo.h:
37891: user is now a char * added epasswd
37892: [27a919fafdfb]
37893:
37894: * sudo.c:
37895: added tzset() to load_globals added epasswd (encrypted password)
37896: global made user dynamically allocated
37897: [b99ef9bdbfce]
37898:
37899: * configure.in:
37900: added tzset test
37901: [27592dd1214b]
37902:
37903: * config.h.in:
37904: added HAVE_TZSET
37905: [b13f4213f3d0]
37906:
37907: * check.c:
37908: cleaned up encrypted passwd grab somewhat
37909: [c8ba9a4db38a]
37910:
37911: * configure.in:
37912: fixed AFS typo
37913: [2bfcbce237b6]
37914:
37915: * INSTALL:
37916: added AFS not
37917: [80c67329393c]
37918:
37919: * CHANGES:
37920: udpated
37921: [2f09ecdd5d31]
37922:
37923: * logging.c:
37924: can now log to both syslog & a file
37925: [4d5c0932bc01]
37926:
37927: * sudo.h:
37928: added BOTH_LOGS
37929: [623c539be824]
37930:
37931: * CHANGES:
37932: updated
37933: [a1c7f5ef3616]
37934:
37935: * configure.in:
37936: --with-AFS
37937: [28718d8f5daf]
37938:
37939: * config.h.in:
37940: added HAVE_AFS
37941: [2e32bb4e63e4]
37942:
37943: * check.c:
37944: added afs changes
37945: [fe4d0ff320a2]
37946:
37947: * sudo.h:
37948: removed AFS stuff :-)
37949: [a40387e6fa27]
37950:
37951: * tgetpass.c:
37952: include sys/select for AIX
37953: [f32c5a8f2c84]
37954:
37955: * sudo.h:
37956: added AFS
37957: [da2ab3dd0348]
37958:
37959: * version.h:
37960: ++
37961: [452d4dfe25af]
37962:
37963: 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
37964:
37965: * CHANGES, SUPPORTED:
37966: updated
37967: [e7dfe6f23a37]
37968:
37969: * logging.c:
37970: can now have MAILER undefined
37971: [1d33b98b35e1]
37972:
37973: * INSTALL:
37974: new sub-note about MAILER
37975: [d35c636a0574]
37976:
37977: * sudo.man:
37978: added blurb about password timeout
37979: [70c2ee50de20]
37980:
37981: * configure.in:
37982: convex c2 changes
37983: [367138a6232e]
37984:
37985: * aclocal.m4:
37986: took out duplicate define of _CONVEX_SOURCE
37987: [647182138450]
37988:
37989: * Makefile.in:
37990: added OSDEFS
37991: [7fdcd50602d1]
37992:
37993: * config.h.in:
37994: added spaces
37995: [f2b8a05e48f3]
37996:
37997: * tgetpass.c:
37998: added a goto if fgets fails
37999: [68a6586d9c45]
38000:
38001: * sudo.h:
38002: use __hpux not hpux convex c2 stuff
38003: [5c377a8d5f34]
38004:
38005: * sudo.c:
38006: use __hpux not hpux
38007: [9363bc0f9f9e]
38008:
38009: * logging.c:
38010: convex c2 stuff
38011: [ea5630975ac4]
38012:
38013: * config.h.in:
38014: define ansi-ish cpp os defines if non-ansi are defined for hpux &
38015: convex
38016: [664f53a5e786]
38017:
38018: * INSTALL:
38019: updated to say we support sonvex C2
38020: [5f2f8b87013e]
38021:
38022: * check.c:
38023: added convex c2 support
38024: [9a665d4918fa]
38025:
38026: 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
38027:
38028: * tgetpass.c:
38029: no more ioctl never returns NULL uses fgets() and select() to
38030: timeout
38031: [b333e6d63e97]
38032:
38033: 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
38034:
38035: * configure.in:
38036: things were testing -n "$GCC" instead of -z "$GCC"
38037: [059a9b15ede2]
38038:
38039: * tgetpass.c:
38040: now works + uses fgets()
38041: [353d7ebcb7bb]
38042:
38043: 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
38044:
38045: * tgetpass.c:
38046: select doesn't seem to recognize a single '\n' as input waiting so
38047: we can;t use it, sigh.
38048: [f76e3218b835]
38049:
38050: 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
38051:
38052: * PORTING:
38053: updated tgetpass() blurb
38054: [95baac736b49]
38055:
38056: * configure.in:
38057: added --with-getpass
38058: [42ac0bdf58ed]
38059:
38060: * Makefile.in:
38061: added tgetpass stuff
38062: [e2b38c635663]
38063:
38064: * tgetpass.c:
38065: now uses stdio
38066: [36af8ff66e35]
38067:
38068: * version.h:
38069: ++
38070: [4e81c9db19bd]
38071:
38072: 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
38073:
38074: * PORTING:
38075: updated ,.
38076: [54f523770a05]
38077:
38078: * config.h.in:
38079: added USE_GETPASS && HAVE_C2_SECURITY
38080: [86b355cb2953]
38081:
38082: * configure.in:
38083: fixed a test aded --with-C2 and --with-tgetpass
38084: [abf6181588ef]
38085:
38086: * check.c:
38087: added hpux C2 shit
38088: [20d4177ffa88]
38089:
38090: * Makefile.in:
38091: took out tgetpass.*
38092: [cc82fd9984b4]
38093:
38094: * INSTALL:
38095: added C2 blurb
38096: [1d2bfc35e4b6]
38097:
38098: 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
38099:
38100: * configure.in:
38101: no termio(s) for ultrix since it is broken
38102: [d3e82e835350]
38103:
38104: * check.c:
38105: added a space (yeah, anal)
38106: [05e4b31ca68c]
38107:
38108: * realpath.c, sudo_realpath.c:
38109: fixed it (duh, rtfm)
38110: [f13097cb8cb6]
38111:
38112: 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
38113:
38114: * config.h.in:
38115: took out bsd signal stuff for irix
38116: [e179cdafc97a]
38117:
38118: * visudo.c:
38119: comments in #endif
38120: [e3a629190f5e]
38121:
38122: * configure.in:
38123: don't define BSD signals for irix
38124: [3ce57bffb7f0]
38125:
38126: * TODO:
38127: did some...
38128: [274241cd0f74]
38129:
38130: * CHANGES:
38131: updated
38132: [8f29fc755faf]
38133:
38134: * realpath.c, sudo_realpath.c:
38135: took out unneeded code by changing where a strings was terminated
38136: [b5564d62d30e]
38137:
38138: 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
38139:
38140: * realpath.c, sudo_realpath.c:
38141: fix bug where /dirname would return NULL
38142: [b85f470daf26]
38143:
38144: * sudo.h:
38145: move __P to config.h
38146: [7763c0ff3f28]
38147:
38148: * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
38149: added errno definition
38150: [4cc9d2d9782a]
38151:
38152: * config.h.in:
38153: added __P
38154: [ca06f5aa58f3]
38155:
38156: * config.h.in:
38157: added HAVE_FCHDIR
38158: [206d714641e0]
38159:
38160: * strdup.c:
38161: now include stdio
38162: [0d8458da0e1d]
38163:
38164: * realpath.c, sudo_realpath.c:
38165: now works if no fchdir
38166: [e035911b6722]
38167:
38168: * visudo.c:
38169: define SA_RESETHAND to null if not defined
38170: [afec03e84342]
38171:
38172: * configure.in:
38173: added check & replace
38174: [c1a65481441c]
38175:
38176: * configure.in:
38177: took out -static for nextstep -- it doesn't work
38178: [fa1a1a611743]
38179:
38180: 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
38181:
38182: * logging.c:
38183: moved #endif to where it belongs
38184: [07d3a8972097]
38185:
38186: * SUPPORTED:
38187: correction
38188: [0c1ecba3e5a3]
38189:
38190: * configure.in:
38191: now checks for strdup realpath getcwd bzero
38192: [f029a1917515]
38193:
38194: * config.h.in:
38195: emulate bzero
38196: [d792352e44a3]
38197:
38198: * visudo.c:
38199: added posic signals
38200: [2ed0005f90fc]
38201:
38202: * tgetpass.c:
38203: bzero cast
38204: [6d91b1a1526f]
38205:
38206: * logging.c:
38207: added posix signals
38208: [67ede9c22a05]
38209:
38210: * configure.in:
38211: removed BROKEN_GETPASS added new srcs toreplace missing functions
38212: [cf44274bb1c8]
38213:
38214: * config.h.in:
38215: added posix signal stuff
38216: [a3c1c98fe8ef]
38217:
38218: * Makefile.in:
38219: added new srcs
38220: [b6a079afee47]
38221:
38222: * visudo.c:
38223: updated useag
38224: [589ed091c44f]
38225:
38226: * tgetpass.c:
38227: now uses posix signals
38228: [30f74964074f]
38229:
38230: * PORTING:
38231: updated sto reflect major changes
38232: [bcfc309e017b]
38233:
38234: * CHANGES, TODO:
38235: updated
38236: [23aacbd54278]
38237:
38238: * tgetpass.c:
38239: uses sysconf() if available
38240: [a27431c90bab]
38241:
38242: * sudo.h:
38243: added PASSWORD_TIMEOUT + prototypes for new functions
38244: [d7473c2f77c4]
38245:
38246: * realpath.c, sudo_realpath.c:
38247: for those w/o this in libc
38248: [1e47aa7a9d46]
38249:
38250: * getcwd.c, getwd.c:
38251: Initial revision
38252: [c90dea57a84f]
38253:
38254: * find_path.c:
38255: rewrote to use realpath(3) - nis now all my code
38256: [d2c3bb8fb37d]
38257:
38258: * config.h.in:
38259: added HAVE_REALPATH
38260: [02c10352a8c7]
38261:
38262: * check.c:
38263: now use tgetpass
38264: [b5c021fc179f]
38265:
38266: * Makefile.in:
38267: added LIBOBJS use tgetpass.c
38268: [230a7b3eeaa3]
38269:
38270: 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
38271:
38272: * tgetpass.c:
38273: works now :-)
38274: [025e7a3875ba]
38275:
38276: * tgetpass.c:
38277: Initial revision
38278: [3316ab33b230]
38279:
38280: * pathnames.h.in:
38281: added /dev/tty
38282: [29242585e53f]
38283:
38284: 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
38285:
38286: * version.h:
38287: incremented
38288: [f2e54b48280f]
38289:
38290: * sudo.c:
38291: always use getcwd
38292: [c6068e8a4029]
38293:
38294: * config.h.in:
38295: added check for getwd
38296: [ab1e102ad673]
38297:
38298: * configure.in:
38299: replace strdup & realpath & getcwd if missing
38300: [b0eb14f2a1c3]
38301:
38302: * pathnames.h.in:
38303: added _PATH_PWD
38304: [309d2388f69a]
38305:
38306: * aclocal.m4:
38307: added SUDO_PROG_PWD
38308: [e16e85deb96c]
38309:
38310: * strdup.c:
38311: Initial revision
38312: [810efdc15007]
38313:
38314: * realpath.c, sudo_realpath.c:
38315: Initial revision
38316: [d85eee438e09]
38317:
38318: 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
38319:
38320: * configure.in:
38321: quoted quare brackets
38322: [d0e7ca111d98]
38323:
38324: 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
38325:
38326: * sudo.c:
38327: no need to strdup() a constant
38328: [a8c44712df9a]
38329:
38330: * CHANGES:
38331: updated
38332: [71364129cca0]
38333:
38334: * sudo.man:
38335: added validate
38336: [0bb198095a26]
38337:
38338: * sudo.c:
38339: added -v to usage
38340: [31ea71f11dbb]
38341:
38342: * parse.c, sudo.c, sudo.h:
38343: added validate_only stuff
38344: [9bcd853d3c90]
38345:
38346: 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
38347:
38348: * configure.in:
38349: now finds sed
38350: [6374bb0d3f28]
38351:
38352: * aclocal.m4:
38353: $OSREV is now an int
38354: [ace0666d66cf]
38355:
38356: 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
38357:
38358: * configure.in:
38359: added mtxinu to caser
38360: [73a776887b16]
38361:
38362: * sudo.h:
38363: added EXEC macro
38364: [2e8eb28b710a]
38365:
38366: * sudo.c:
38367: now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
38368: [56afb4f658d5]
38369:
38370: * logging.c:
38371: changed mail_argv[] def now use EXEC() macro
38372: [ddcabd28edb1]
38373:
38374: * check.c:
38375: took out crypt() definition
38376: [0e657724cf5f]
38377:
38378: * version.h:
38379: upped the version
38380: [62c5d66119fc]
38381:
38382: * configure.in:
38383: always look for -lnsl
38384: [d7b594f0313b]
38385:
38386: * aclocal.m4:
38387: added an echo
38388: [1caae3491dc5]
38389:
38390: * sudo.h:
38391: SHORT_MESSAGE is now the default
38392: [cfce35c3119a]
38393:
38394: * config.h.in:
38395: fixed typo
38396: [6499a564bf75]
38397:
38398: * configure.in:
38399: added missing AC_DEFINE(SVR4) for solaris
38400: [feef0b17b94f]
38401:
38402: * sudo.man:
38403: documented the -v flag
38404: [a6429f2bc2cf]
38405:
38406: * SUPPORTED:
38407: updated
38408: [088886e79540]
38409:
38410: * check.c:
38411: proto-ized crypt()
38412: [801e4ff5b121]
38413:
38414: * config.h.in:
38415: added LIBSHADOW undef
38416: [8df588e9ee2b]
38417:
38418: * configure.in:
38419: nwo set OS to be lowercase
38420: [561ebed833e4]
38421:
38422: 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
38423:
38424: * configure.in:
38425: now use SUDO_OSTYPE to set $OS
38426: [0e60aee23098]
38427:
38428: * aclocal.m4:
38429: now use uname to determine os
38430: [99705e58d400]
38431:
38432: * visudo.c:
38433: added prototypes & moved sig handler around
38434: [1f0bc8d23b51]
38435:
38436: * sudo.h:
38437: added prototyppes
38438: [be3935a2b163]
38439:
38440: * check.c, logging.c, sudo.c:
38441: added prototypes
38442: [2079b4605ab8]
38443:
38444: * parse.c:
38445: added comment
38446: [a34d147d8399]
38447:
38448: * config.h.in:
38449: nwo use _BSD_SIGNALS not _BSD_COMPAT
38450: [63663195f047]
38451:
38452: * aixcrypt.exp:
38453: Initial revision
38454: [890aed08357e]
38455:
38456: * Makefile.in:
38457: added aixcrypt.exp
38458: [1005a183105f]
38459:
38460: * parse.lex, parse.yacc:
38461: moved config.h to top of includes
38462: [9569c49aa5f3]
38463:
38464: 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
38465:
38466: * find_path.c:
38467: now don't bitch if get EACCESS (treat like EPERM)
38468: [dbeffb638de4]
38469:
38470: * visudo.c:
38471: added -v flag and usage()
38472: [4d44ed60ed75]
38473:
38474: * version.h:
38475: fixed a typo
38476: [cf3f9347ae41]
38477:
38478: * sudo.c:
38479: cast Argv to a const for exec added -v flag
38480: [d11b6efc0e45]
38481:
38482: * logging.c:
38483: mail_argv is now a const
38484: [93bb5d90bb6f]
38485:
38486: * configure.in:
38487: only set RETSIGTYPE if it is not set already
38488: [c97aac260b77]
38489:
38490: * aclocal.m4:
38491: now defines & STDC_HEADERS for Irix
38492: [9c2b24ad1fc5]
38493:
38494: * Makefile.in:
38495: added version.h
38496: [9f79e880229a]
38497:
38498: * insults.h, sudo.h:
38499: prevent multiple inclusion
38500: [d68c8a9243ce]
38501:
38502: * version.h:
38503: Initial revision
38504: [dbb39c5ef8d9]
38505:
38506: * parse.lex, parse.yacc:
38507: now includes config.h
38508: [f117e036a56b]
38509:
38510: * aclocal.m4:
38511: now talks about sunos 4.x
38512: [c9054aa92d4e]
38513:
38514: * visudo.c:
38515: calls to Exit now pass an arg
38516: [a92104670551]
38517:
38518: 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
38519:
38520: * visudo.c:
38521: signal handler now takes an int argument
38522: [26f480c41523]
38523:
38524: * CHANGES:
38525: updated
38526: [8c166a9d796b]
38527:
38528: * sudo.c:
38529: ok, the getcwd() is now *really* done as the user
38530: [ab86cf85134a]
38531:
38532: * configure.in:
38533: changed AIX STATIC_FLAGS
38534: [b9c0a3ba5663]
38535:
38536: * aclocal.m4:
38537: solaris now defines SVR4
38538: [c3e20cac96f5]
38539:
38540: * sudo.h:
38541: added cwd and fixed stupid core dump that makes no sense. sigh.
38542: [7a9755436dbb]
38543:
38544: * sudo.c:
38545: moved getcwd stuff into load_globals
38546: [ec2bc90df1f3]
38547:
38548: * parse.c:
38549: took out externs that are in suod.h
38550: [93c4b3f856d7]
38551:
38552: * logging.c:
38553: moved cwd into load_globals
38554: [050de754d228]
38555:
38556: * find_path.c:
38557: moved cwd stuff
38558: [22f3f3b4c34d]
38559:
38560: * Makefile.in:
38561: fixed make distclean & realclean
38562: [c9964d89bcef]
38563:
38564: * TODO:
38565: updated .,
38566: [e513581ef0e3]
38567:
38568: * CHANGES:
38569: added solaris changes
38570: [505d930daf27]
38571:
38572: * aclocal.m4:
38573: added solaris changes, need to rework
38574: [33f20fb16c49]
38575:
38576: * configure.in:
38577: cleaned up for solaris
38578: [2fb8cfa05d0f]
38579:
38580: * logging.c:
38581: reinstall reapchild signal handler for non-bsd signals
38582: [3d1dc545113d]
38583:
38584: * sudo.h:
38585: took out getdtablesize() emulation for HP-UX (no longer needed)
38586: [1fc83d170f34]
38587:
38588: * sudo.c:
38589: support for HAVE_SYSCONF
38590: [50ca2a7a224a]
38591:
38592: * visudo.c:
38593: added <fcntl.h> for solaris & reorg'd the includes + minor prettying
38594: up /
38595: [0a570e826dd4]
38596:
38597: * config.h.in:
38598: added HAVE_SYSCONF
38599: [2b9a9f3a4e94]
38600:
38601: 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
38602:
38603: * configure.in:
38604: now tells you what os you are running /.
38605: [06c6332a895b]
38606:
38607: * aclocal.m4:
38608: took out extra ','
38609: [e8c75ce59f4a]
38610:
38611: 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
38612:
38613: * config.h.in:
38614: added _BSD_COMPAT
38615: [73c5099806c2]
38616:
38617: * aclocal.m4:
38618: fixed for irix5
38619: [1047d1f6c0eb]
38620:
38621: * CHANGES:
38622: updated
38623: [1bc4969fee96]
38624:
38625: * sudo.c:
38626: uid seinitialized to -2
38627: [8d7812b1878b]
38628:
38629: 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
38630:
38631: * sudo.c:
38632: now removes LIBPATH for AIX
38633: [075392eb1dd9]
38634:
38635: 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
38636:
38637: * configure.in:
38638: now uses ufc if it finds it
38639: [ab6ce30a5958]
38640:
38641: 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
38642:
38643: * sudo.h:
38644: no longer define yyval & yylval since yacc does it
38645: [09d250aea50a]
38646:
38647: * parse.lex:
38648: now defines yylval as extenr
38649: [8ec2b88952bc]
38650:
38651: * configure.in:
38652: BROKEN_GETPASS is now an OPTION
38653: [3714f4bb8312]
38654:
38655: * config.h.in:
38656: took out BROKEN_GETPASS
38657: [9c4f6aa50137]
38658:
38659: * Makefile.in:
38660: took out big comment
38661: [4c13cff0e556]
38662:
38663: * README:
38664: updated
38665: [b8b9902b620d]
38666:
38667: * Makefile.in:
38668: took out README.beta
38669: [ed2cd861e82b]
38670:
38671: * SUPPORTED:
38672: Initial revision
38673: [2fffc51e6606]
38674:
38675: * INSTALL:
38676: now reference SUPPORTED .,
38677: [d112c30be1f2]
38678:
38679: * config.h.in:
38680: now check for convex OR __convex__
38681: [a0e5701a3069]
38682:
38683: * aclocal.m4:
38684: now check for convex or __convex__
38685: [5dae2bfbe3bc]
38686:
38687: * Makefile.in:
38688: added dist target
38689: [400a54de57db]
38690:
38691: * aclocal.m4:
38692: use __convex__
38693: [58a19470ed0b]
38694:
38695: * find_path.c:
38696: now use _S_* stat stuff to be ansi-like
38697: [28cce560e048]
38698:
38699: * INSTALL:
38700: updated for configure directions
38701: [a034ccc7c30a]
38702:
38703: * Makefile.in:
38704: distclean now removes config.h and pathnames.h
38705: [300f2349b4ab]
38706:
38707: * CHANGES:
38708: updated
38709: [646f7e9430c1]
38710:
38711: * TODO:
38712: fixed typoe
38713: [70fd6361b2bc]
38714:
38715: * visudo.c:
38716: updated version
38717: [cf13d87d789f]
38718:
38719: * Makefile.in:
38720: updated version
38721: [8c5dacc27a7a]
38722:
38723: * config.h.in, pathnames.h.in:
38724: added copyright header
38725: [747ce3d3d6b7]
38726:
38727: * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
38728: parse.yacc, sudo.c, sudo.h:
38729: udpated version
38730: [4751c39bad18]
38731:
38732: * visudo.c:
38733: udpated to use configure + pathnames.h
38734: [d45dff76a1cd]
38735:
38736: * aclocal.m4:
38737: updated
38738: [f05a367a55be]
38739:
38740: * Makefile.in, config.h.in, configure.in:
38741: updated
38742: [524778598879]
38743:
38744: * sudo.h:
38745: now works with configure
38746: [83fc40e533f4]
38747:
38748: * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
38749: updated to work with configure + pathnames.h
38750: [cb67fa6ab52d]
38751:
38752: * Makefile.in:
38753: added LEXLIB
38754: [f43cad4ab0a2]
38755:
38756: 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
38757:
38758: * COPYING:
38759: updated gnu general licence to versio 2
38760: [2b0b56112ddc]
38761:
38762: * config.h.in, pathnames.h.in:
38763: Initial revision
38764: [4b586f39ec2d]
38765:
38766: * sudo.h:
38767: changed to work with configure
38768: [13f3506ddf16]
38769:
38770: 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
38771:
38772: * Makefile.in, aclocal.m4, configure.in:
38773: Initial revision
38774: [a8636ae77371]
38775:
38776: * visudo.c:
38777: now uses defines used by configure
38778: [de438d118993]
38779:
38780: 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
38781:
38782: * find_path.c:
38783: sudo won't bitch about EPERM now, for real
38784: [ce26d9ef7e3f]
38785:
38786: 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
38787:
38788: * logging.c:
38789: renamed exec_argv to eliminate a libc name clash with ksros
38790: [bcb4350d8411]
38791:
38792: * CHANGES:
38793: corrected
38794: [dae68d422efd]
38795:
38796: * logging.c, sudo.c, sudo.h:
38797: execve -> execv
38798: [40cc2c4bdb15]
38799:
38800: * TODO:
38801: upated
38802: [9275a8b8fc45]
38803:
38804: * PORTING:
38805: added 2 mroe items
38806: [6cbb5c56993c]
38807:
38808: * CHANGES:
38809: updated
38810: [73f34f8e571a]
38811:
38812: * sudo.h:
38813: added UMASK and mode_t declaration
38814: [7c2015e1d171]
38815:
38816: * sudo.c:
38817: added UMASK
38818: [d37be7523680]
38819:
38820: * logging.c:
38821: now opens log file with mode 077
38822: [0825cc3ee841]
38823:
38824: * check.c:
38825: saved current umask ans restores it
38826: [659c1aaae8e8]
38827:
38828: * sudo.h:
38829: added MAXLOGFILELEN
38830: [34331c7dee90]
38831:
38832: * logging.c:
38833: split long log lines. FOr syslog, split into multiple entries, for a
38834: log file, indent the extra for readability
38835: [72c9e4cdba6e]
38836:
38837: 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
38838:
38839: * CHANGES:
38840: added changes
38841: [81196833673d]
38842:
38843: * sudo.h:
38844: MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
38845: [1aa69e903840]
38846:
38847: 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
38848:
38849: * TODO:
38850: added input from Brett M Hogden <hogden@rge.com>
38851: [80f01fc88ce9]
38852:
38853: 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
38854:
38855: * sudo.c:
38856: added rmenv() to remove stuff from environ. can now uses execvp() OR
38857: execve() becuase of this.
38858: [e7fc2535bd67]
38859:
38860: * logging.c:
38861: now uses execvp() OR execve()
38862: [56391aa1f99d]
38863:
38864: * sudo.h:
38865: added USE_EXECVE
38866: [f21f38050b95]
38867:
38868: * sudo.h:
38869: added environ
38870: [6b805e23c6f6]
38871:
38872: * find_path.c:
38873: now ignore EPERM
38874: [c8fd7117a1d7]
38875:
38876: * sudo.h:
38877: moved some func decls out of sudo.h and into sudo.c as statics /.
38878: [5f555c267d27]
38879:
38880: * CHANGES:
38881: updated
38882: [431f478af320]
38883:
38884: * sudo.h:
38885: took out Envp
38886: [6f722be7793d]
38887:
38888: 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
38889:
38890: * BUGS:
38891: Initial revision
38892: [4a8ecf0da95c]
38893:
38894: 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
38895:
38896: * CHANGES:
38897: added SECURE_PATH
38898: [1c72cb222609]
38899:
38900: * sudo.c, sudo.h:
38901: added SECURE_PATH
38902: [5bf5357a63c5]
38903:
38904: * sudo.h:
38905: added SECURE_PATH
38906: [3976a74405ac]
38907:
38908: * INSTALL:
38909: added sample.sudoers note
38910: [1b395d29aaeb]
38911:
38912: * sudoers:
38913: Initial revision
38914: [485888d07477]
38915:
38916: 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
38917:
38918: * find_path.c:
38919: fixed typo
38920: [bfc3cc4d41ca]
38921:
38922: * PORTING:
38923: took out SAVED_UID garbage
38924: [b7c2d3469661] [SUDO_1_3_0]
38925:
38926: * INSTALL:
38927: mentioned HAL
38928: [253d6695df90]
38929:
38930: * sudo.h:
38931: added HAL line
38932: [29ec1a4ac6de]
38933:
38934: * insults.h:
38935: added HAL insults
38936: [7d7c96d77c74]
38937:
38938: * TODO:
38939: updated
38940: [aa2ed9790586]
38941:
38942: * logging.c:
38943: more verbose error if mailer not found
38944: [fca47fd00cb6]
38945:
38946: * check.c:
38947: now do getpwent as root for soem shadow password systems (bsdi)
38948: [e0339e110d46]
38949:
38950: 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
38951:
38952: * sudo.h:
38953: took out SAVED_UID garbade
38954: [fcb0e81dcdb5]
38955:
38956: * sudo.c:
38957: took out SAVED_UID garbage since it don't work
38958: [507e9513e9c2]
38959:
38960: 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
38961:
38962: * README:
38963: updated
38964: [d2b6b253dae5]
38965:
38966: * insults.h:
38967: added a missing space :-)
38968: [8940ea991f87]
38969:
38970: * sudo.c, sudo.h:
38971: took out multimax cruft
38972: [c2606b365181]
38973:
38974: * INSTALL:
38975: minor update
38976: [05fb6ee73131]
38977:
38978: * PORTING:
38979: finished
38980: [c4ac47c84dc5]
38981:
38982: * sudo.c:
38983: fixed a typo + indentation
38984: [7eab40aae8fa]
38985:
38986: 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
38987:
38988: * sudo.h:
38989: took outumoved some defines to the config file ,. ,.
38990: [defff05beb52]
38991:
38992: * PORTING:
38993: Initial revision
38994: [c803e9127959]
38995:
38996: * TODO:
38997: did #6
38998: [c6fa1c946c31]
38999:
39000: * sudo.h:
39001: added HAS_SAVED_UID
39002: [6a88a39c0a07]
39003:
39004: * sudo.c:
39005: put back AIX cruft
39006: [a24d2507ddd4]
39007:
39008: 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
39009:
39010: * sudo.c:
39011: aix changes
39012: [1663915f754a]
39013:
39014: 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
39015:
39016: * CHANGES:
39017: updated
39018: [a8cc73747cae]
39019:
39020: * check.c, logging.c, parse.c, sudo.c, sudo.h:
39021: now is only root when abs necesary
39022: [3c9d12c5cdfe]
39023:
39024: * check.c:
39025: added missing %s\n
39026: [609320b72d89]
39027:
39028: 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
39029:
39030: * install-sh:
39031: Initial revision
39032: [b5bba140a175]
39033:
39034: * TODO:
39035: updated
39036: [c9d2eba602af]
39037:
39038: * CHANGES:
39039: updated
39040: [932f1fc3bb14]
39041:
39042: * sudo.c:
39043: now removed _RLD_* for alphas
39044: [54a36e648158]
39045:
39046: * INSTALL:
39047: updated for new config scheme
39048: [61c8ae800444]
39049:
39050: * find_path.c:
39051: more verbose eror messages
39052: [b4fd123db42d]
39053:
39054: 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
39055:
39056: * TODO:
39057: now have solaris
39058: [371002fbf266]
39059:
39060: * sudo.h:
39061: define __svr4__ for SOLARIS
39062: [0b5cf5ed936d]
39063:
39064: * check.c:
39065: added svr4 junk for shadow pws for solaris 2.x
39066: [91ed58f21618]
39067:
39068: * check.c, sudo.c:
39069: took out setuid(0) and setreuid(udi) garbage. Its not needed since
39070: we start out setuid with the correct perms.
39071: [07689e782b0b]
39072:
39073: * check.c, sudo.c, sudo.h:
39074: now use setreuid()
39075: [7d64d685d78e]
39076:
39077: 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
39078:
39079: * sudo.man:
39080: revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
39081: sectoin
39082: [b26967b1e19b]
39083:
39084: * visudo.c:
39085: now uses ENV_EDITOR if you want to use the EDITOR envar
39086: [a4f8fcb9bd1d]
39087:
39088: * sudo.h:
39089: now uses ENV_EDITOR if you want to use the EDITOR envar >> .
39090: [028cc55c4328]
39091:
39092: 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
39093:
39094: * INSTALL:
39095: rewrote most of this
39096: [a6750923f9c9]
39097:
39098: * README:
39099: minor update + spell fix
39100: [a411717a7249]
39101:
39102: * sudo.h:
39103: added all options that are in the Makefile
39104: [6db3b3b841b3]
39105:
39106: * getpass.c:
39107: now use USE_TERMIO #define for sgi & hpux
39108: [b91f89ae6be1]
39109:
39110: * TODO:
39111: todo: posix sigs
39112: [4548a56eb2ef]
39113:
39114: 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
39115:
39116: * check.c, find_path.c:
39117: always include strings.h
39118: [1fc20bda92c0]
39119:
39120: * visudo.c:
39121: added STATICEDITOR
39122: [0596f820716e]
39123:
39124: * sudo.h:
39125: sgi has vi in /usr/bin too
39126: [94203b62bfd9]
39127:
39128: * sudo.man:
39129: added VISUAL
39130: [87c2844c4cac]
39131:
39132: 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
39133:
39134: * sudo.h:
39135: sue /usr/bin/vi on some systems
39136: [e3ad9190f35e]
39137:
39138: * sudo.c:
39139: fixed warning (include strings.h)
39140: [0b896de4d8a0]
39141:
39142: * sudo.man:
39143: added John_Rouillard@dl5000.bc.edu's changes (new features)
39144: [f41b4205a8cf]
39145:
39146: * CHANGES:
39147: changes from John_Rouillard@dl5000.bc.edu
39148: [6bdef8e948d5]
39149:
39150: * visudo.c:
39151: added EDITOR envar
39152: [5c4bf716de21]
39153:
39154: * check.c, find_path.c, parse.c, sudo.c:
39155: added patches from John_Rouillard directory spec uses EDITOR
39156: [f62a435f8c41]
39157:
39158: 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
39159:
39160: * getpass.c:
39161: added flush for hpux
39162: [07cfdd6a7b55]
39163:
39164: 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
39165:
39166: * sudo.c:
39167: no longer assume malloc returns a char *
39168: [7480bd2756f3]
39169:
39170: * sudo.c:
39171: alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
39172: gets removed correctly
39173: [8587166c6ac8]
39174:
39175: * sudo.h:
39176: added STD_HEADERS macro
39177: [480f5a9a516c]
39178:
39179: * sudo.c:
39180: now uses STD_HEADERS macor for ansi
39181: [c5018806fd59]
39182:
39183: * find_path.c:
39184: now uses STD_HEADERS macro
39185: [ad821e0788ea]
39186:
39187: * check.c:
39188: niceties for C compiler bitches -- no real change
39189: [0fc0b1a5fb64]
39190:
39191: 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
39192:
39193: * visudo.c:
39194: now doesn't fclose a file never opened.
39195: [ee888ec9427d]
39196:
39197: 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
39198:
39199: * sudo.man:
39200: added visudo line
39201: [698d51c66407]
39202:
39203: * sudo.man:
39204: added error stuff added me in there...
39205: [d202fd34b906]
39206:
39207: * CHANGES:
39208: noted insults
39209: [998a22c2230c]
39210:
39211: * INSTALL:
39212: added blurb about reading stuff
39213: [e71db100798f]
39214:
39215: * sudo.h:
39216: added insults
39217: [c110431cec56]
39218:
39219: * insults.h:
39220: corrected somments and removed newlines
39221: [493706fd488c]
39222:
39223: * check.c:
39224: now uses insults
39225: [6d23cf06a0ef]
39226:
39227: * insults.h:
39228: Initial revision
39229: [83153c26b4a3]
39230:
39231: * INSTALL:
39232: added dec syslog note
39233: [555437273237]
39234:
39235: * sample.sudoers:
39236: added real stuff in there
39237: [53442a7fba78]
39238:
39239: * TODO:
39240: added a todo
39241: [c630472bd4dc]
39242:
39243: * TODO:
39244: added one
39245: [806464453284]
39246:
39247: 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
39248:
39249: * sample.sudoers:
39250: Initial revision
39251: [7db0a9f1ca8f]
39252:
39253: * sudo.man:
39254: updated with changes
39255: [d9bf254c6c08]
39256:
39257: * sudo.man:
39258: Initial revision
39259: [dd6f11174ac6]
39260:
39261: * indent.pro:
39262: Initial revision
39263: [dbfbb494fad9]
39264:
39265: * CHANGES, COPYING, INSTALL, README, TODO:
39266: Initial revision
39267: [6d98f489a079]
39268:
39269: * visudo.c:
39270: updated version number and took out jeff's old addr since it is no
39271: good
39272: [ee47c24818cb]
39273:
39274: * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
39275: sudo.c, sudo.h:
39276: updated version number and took out jeff's email (since it is
39277: invalid)
39278: [54616458a52e]
39279:
39280: 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
39281:
39282: * check.c:
39283: added fflush()
39284: [145c881f4fb4]
39285:
39286: 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
39287:
39288: * find_path.c:
39289: now return NULL instead pfof exiting for nopnn-fatal errors
39290: [8bc74f8cb1ae]
39291:
39292: 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
39293:
39294: * check.c:
39295: new banner
39296: [5387ab2af516]
39297:
39298: * parse.lex:
39299: now sudo.h gets included first
39300: [2acb01c18e18]
39301:
39302: 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
39303:
39304: * parse.lex:
39305: now can use flex
39306: [164d3839adf0]
39307:
39308: * sudo.h:
39309: linux patch
39310: [f1b6b1b1a2ca]
39311:
39312: * sudo.c:
39313: hpux 9 fix, removes SHLIB_PATH linux patch
39314: [67611dc1737f]
39315:
39316: * check.c:
39317: linux diff
39318: [c24536682397]
39319:
39320: 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
39321:
39322: * find_path.c:
39323: stat now ignores EINVAL
39324: [c7761a5dc642]
39325:
39326: 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
39327:
39328: * find_path.c, sudo.c:
39329: now declare strdup as extern
39330: [6b7d6f8784b5]
39331:
39332: 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
39333:
39334: * visudo.c:
39335: reformatted with indent + by hand
39336: [9d43084e4990]
39337:
39338: * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
39339: used indent to "fix" coding style
39340: [489ffacbdc70]
39341:
39342: * find_path.c:
39343: now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
39344: move the code that does this into the loop body. makes it messier
39345: tho. hmmm.
39346: [c4d22b48da9a]
39347:
39348: 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
39349:
39350: * find_path.c:
39351: redid the fix for non-executable files in an easier to read way plus
39352: some minor aethetic changes
39353: [84fe337f1426]
39354:
39355: * find_path.c:
39356: fixed bug with non-executable tings of same name in path introduced
39357: by checkig errno after stat(2).
39358: [c2a812cfcbc1]
39359:
39360: 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
39361:
39362: * sudo.c:
39363: fixed off by one error
39364: [fabb7cee0041]
39365:
39366: * find_path.c:
39367: now handles decending below '/' correctly
39368: [5d2ddfc0b220]
39369:
39370: * sudo.c:
39371: now actually builds Envp instead of munging envp
39372: [bdc4b08f6898]
39373:
39374: 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
39375:
39376: * parse.yacc:
39377: now includes sys/param.h
39378: [efbb494ab4de]
39379:
39380: * visudo.c:
39381: now includes sys/param.h
39382: [ad6c91d59958]
39383:
39384: * sudo.h:
39385: fixed ifndef -> ifdef
39386: [7aebe822d863]
39387:
39388: * qualify.c:
39389: make more like find_path.c
39390: [853b2dab2e03]
39391:
39392: * find_path.c:
39393: rewritten by millert
39394: [c6a043cc11b3]
39395:
39396: * sudo.h:
39397: fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
39398: about new defines in the comment
39399: [39ffefce3aec]
39400:
39401: * logging.c:
39402: now uses USE_CWD
39403: [fa0f3b118bb3]
39404:
39405: * sudo.h:
39406: added delc for clean_envp() and Envp
39407: [a12034e300c2]
39408:
39409: * sudo.c:
39410: now rips LD_* env vars out of envp and passed sanitized Envp to exec
39411: [d201a218e056]
39412:
39413: * logging.c:
39414: now uses execve()
39415: [f3e01032cd33]
39416:
39417: * find_path.c:
39418: ENOTDIR is ok now too (in case part of the path is bogus)
39419: [b5cbbb201bb5]
39420:
39421: * qualify.c:
39422: now works correctly (ttaltotal rewrite)
39423: [0c25d64a5c68]
39424:
39425: * parse.lex:
39426: now includes sys/param.h didn't match trailing / -- fix from
39427: rouilj@cs.umb.edu
39428: [b6363ba110af]
39429:
39430: 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
39431:
39432: * sudo.c:
39433: moved around the #ifndef _AIX
39434: [7d4330950c20]
39435:
39436: * check.c, logging.c, parse.c:
39437: Initial revision
39438: [c101e9572d7f]
39439:
39440: 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
39441:
39442: * qualify.c:
39443: Initial revision
39444: [5a5f21d0e0bf]
39445:
39446: 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
39447:
39448: * find_path.c:
39449: now works if you do sudo bin/test
39450: [07835120ce43]
39451:
39452: * find_path.c:
39453: works
39454: [c3da8b5efa20]
39455:
39456: 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
39457:
39458: * sudo.h:
39459: Initial revision
39460: [28a1caa38b72]
39461:
39462: * visudo.c:
39463: Initial revision
39464: [0e5cd7c3cdbe]
39465:
39466: * parse.lex, parse.yacc:
39467: Initial revision
39468: [5f2d0cccb06b]
39469:
39470: 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
39471:
39472: * sudo.c:
39473: took out errno.h
39474: [7466431a2655]
39475:
39476: * sudo.c:
39477: now spews error if exec fails and exits with -1
39478: [e5c41ea725c1]
39479:
39480: * sudo.c:
39481: Initial revision
39482: [8aeabe39a0c2]
39483:
39484: * find_path.c:
39485: now only execs files with (an) executable bit set.
39486: [0a451f9c0e58]
39487:
39488: * find_path.c:
39489: Initial revision
39490: [02a534891a35]
39491:
39492: 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
39493:
39494: * getpass.c:
39495: added nice comment
39496: [ea8b2aaa9389]
39497:
39498: * getpass.c:
39499: now works on sgi's
39500: [bf2b7c6d0960]
39501:
39502: * getpass.c:
39503: Initial revision
39504: [9f4de251c1b5]
39505:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>